Let's Encrypt Support

 

Support for automating Let's Encrypt SSL Certificates

 

Joker.com is working on a new API to allow for all customers making changes to the <abbr class="glossary" title="Domain Name Server">DNSabbr> of their domains wihout having to use the web portal.

 

Until this new API is ready, we want to provide a simple tool to provide immediate support of automated usage of <a title="Let's Encrypt" href="https://letsencrypt.org">Let's Encrypt certificatesa>.

Of course, we will support this solution also in the future, after the more generic new API will has become available.

 

Using this method, you will be able to request certificates from Let's Encrypt without having to expose the domain using HTTP running a web server, or to add special configurations to existing web services.

Instead, the Let's Encrypt method used is '<abbr class="glossary" title="Domain Name Server">dnsabbr>-01', where a special TXT record needs to be inserted into your domain. Please note that this domain must be using the free Joker.com nameservice (which is default).

 

Setting a TXT record is pretty straight forward:

  1. please login at Joker.com, visit 'My Domains', find the domain you want to add a  Let's Encrypt certificate for, and chose "<abbr class="glossary" title="Domain Name Server">DNSabbr>" in the menu
  2. on the top right, you will find the setting for '<a class="intfaqlink" href="/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html">Dynamic <abbr class="glossary" title="Domain Name Server">DNSabbr>a>'. If not already active, please activate it. It will not affect any other already existing <abbr class="glossary" title="Domain Name Server">DNSabbr> records of this domain.
  3. please take a note of the credentials which are now shown as 'Dynamic <abbr class="glossary" title="Domain Name Server">DNSabbr> Authentication', consisting of a 'username' and a 'password'.
  4. this is all you have to do here - and only once per domain.

 

The following explains the technical details - you may skip this and simply use the attached files which you find below. Theydo work with the commonly used tool <a title="dehydrated - make Let's Encrypt easy" href="https://github.com/lukas2511/dehydrated">dehydrateda>. Where to place these files, and how to configure your domains or host names is documented in the file 'config.sh'.

 


 

To set a TXT record, you may now do this using a single cURL request:

 

curl -X POST https://svc.joker.com/nic/replace -d \
'username=your-username&amp;password=your-password&amp;zone=your-domain.com&amp;label=_acme-challenge&amp;type=TXT&amp;value=the-TXT-content-to-insert'

 

This will create a TXT record for "_acme-challenge" in zone "your-domain.com".
It responds with 200 and "OK: n# inserted, n# deleted" if everything went OK, and appropriate status and text if not.

Some additional notes regarding this:

  • only POST method is supported
  • only type=TXT is supported (and must be provided) for now
  • "label" could be anything within zone (including "@" and "*")
  • this request will replace all TXT records for the specified label by the provided content
  • "value" must be printable ascii only, without double quotes
  • if "value" is empty ("value="), all existing records for specified label are deleted

 

 

 

attached files: hook.sh, config.sh

Tags: DNS, Domain-Modification

Related entries:

You cannot comment on this entry