Let's Encrypt SSL Certificates
Support for Automating Let's Encrypt SSL Certificates
Joker.com offers a simple tool to automate the process of using Let's Encrypt certificates.
With this tool, you can easily request Let's Encrypt certificates without the need to expose your domain through an HTTP web server or make any special configurations to existing web services.
The method used to obtain the certificates is 'dns-01', where a special TXT record must be added to your domain. To use this method, your domain must be using the free Joker.com nameservice, which is the default option.
Setting a TXT record is a straightforward process:
- On your Joker.com dashboard, click "DNS" button next to the domain you want to add a Let's Encrypt certificate for.
- If 'Dynamic DNS' is not already active, activate it. This will not affect any other existing DNS records for the domain.
- Take note of the 'Dynamic DNS Authentication' credentials shown (username and password) - only once per domain.
The following explains the technical details - you may skip this and simply use the attached files which you find below. They do work with the commonly used tool dehydrated. Where to place these files, and how to configure your domains or host names, is documented in the file config.sh
For the use of the certbot, github-user dhull kindly provides another solution:
- GitHub: https://github.com/dhull/certbot-dns-joker
- PyPI: https://pypi.org/project/certbot-dns-joker/
This can easily be installed by "pip install certbot-dns-joker" - see the Github page above for details.
To set a TXT record, you may now do this using a single cURL request:
curl -X POST https://svc.joker.com/nic/replace -d \
'username=your-username&password=your-password&zone=your-domain.com&label=_acme-challenge&type=TXT&value=the-TXT-content-to-insert'
This will create a TXT record for "_acme-challenge" in zone "your-domain.com".
It responds with 200 and "OK: n# inserted, n# deleted" if everything went OK, and appropriate status and text if not.
Some additional notes regarding this:
- only POST method is supported
- only type=TXT is supported (and must be provided) for now
- "label" could be anything within the zone (including "@" and "*")
- this request will replace all TXT records for the specified label with the provided content
- "value" must be printable ASCII only, without double quotes
- if "value" is empty ("value="), all existing records for specified label are deleted
- multiple TXT records with the same label can be added by using multiple "value" parameters in the URL