Lexicon 2.4.4 has an "online" provider for certbot dns challenge


Hi there, the “online” provider for lexicon is part of their 2.4.4 release.

The whole point of lexicon is to allow one to hook into certbot for provider-dependent acme DNS challenge, which in turn allows one to use the acmev2 letsencrypt endpoint - the one providing free wildcard ssl certificates ! Yeah !

  1. install lexicon using pip, apt, …
  2. setup a certbot hook as described in lexicon examples/ directory. You will need your online api token. Keep it private.
  3. generate wildcard certificate ! But use the staging endpoint until you’re not sure what you’re doing:
certbot certonly -m your@mail.dd \
--manual-public-ip-logging-ok --no-eff-email --agree-tos \
--server https://acme-staging-v02.api.letsencrypt.org/directory \
-d *.yourdomain.com -d yourdomain.com \
--preferred-challenges dns \
--manual --manual-auth-hook "/path/to/certbot.default.sh auth" \
--manual-cleanup-hook "/path/to/certbot.default.sh cleanup"
  1. install the certificate. certbot has ways to do that automagically, check the manual
  2. once finished testing, switch to letsencrypt production endpoint (remove -staging from the server url)

Enjoy !