Hi there, the “online” provider for lexicon is part of their 2.4.4 release.
The whole point of lexicon is to allow one to hook into certbot for provider-dependent acme DNS challenge, which in turn allows one to use the acmev2 letsencrypt endpoint - the one providing free wildcard ssl certificates ! Yeah !
- install lexicon using pip, apt, …
- setup a certbot hook as described in lexicon examples/ directory. You will need your online api token. Keep it private.
- generate wildcard certificate ! But use the staging endpoint until you’re not sure what you’re doing:
certbot certonly -m firstname.lastname@example.org \ --manual-public-ip-logging-ok --no-eff-email --agree-tos \ --server https://acme-staging-v02.api.letsencrypt.org/directory \ -d *.yourdomain.com -d yourdomain.com \ --preferred-challenges dns \ --manual --manual-auth-hook "/path/to/certbot.default.sh auth" \ --manual-cleanup-hook "/path/to/certbot.default.sh cleanup"
- install the certificate. certbot has ways to do that automagically, check the manual
- once finished testing, switch to letsencrypt production endpoint (remove -staging from the server url)