Lexicon 2.4.4 has an "online" provider for certbot dns challenge


#1

Hi there, the “online” provider for lexicon is part of their 2.4.4 release.

The whole point of lexicon is to allow one to hook into certbot for provider-dependent acme DNS challenge, which in turn allows one to use the acmev2 letsencrypt endpoint - the one providing free wildcard ssl certificates ! Yeah !

  1. install lexicon using pip, apt, …
  2. setup a certbot hook as described in lexicon examples/ directory. You will need your online api token. Keep it private.
  3. generate wildcard certificate ! But use the staging endpoint until you’re not sure what you’re doing:
certbot certonly -m your@mail.dd \
--manual-public-ip-logging-ok --no-eff-email --agree-tos \
--server https://acme-staging-v02.api.letsencrypt.org/directory \
-d *.yourdomain.com -d yourdomain.com \
--preferred-challenges dns \
--manual --manual-auth-hook "/path/to/certbot.default.sh auth" \
--manual-cleanup-hook "/path/to/certbot.default.sh cleanup"
  1. install the certificate. certbot has ways to do that automagically, check the manual
  2. once finished testing, switch to letsencrypt production endpoint (remove -staging from the server url)

Enjoy !