LetsEncrypt - DNS Request

  • would like to know if you guys might add or possibly show a way to use cli to request a cert based on cloudflare / other api for dns registrars.

    PFSense implemented thier ACME one based on this with a complete gui - would love to see this. (still a request but here is what theirs looks like)

    they use both normal as well as DNS-01
    Screenshot attached of their implementation. - if I understood the way to manually do via cli i would also do that.


    NGINX for the panel to do this while using external DNS is different from what I understand to implement but with the DNS method it allows securing sites that don't use standard 80-443 and gives a good alternative for setting up LE for those sites as well.

    if doing via cli would still need to make sure the gui reports SSL is enabled - just not sure how that would work either or if it would need to be reporting that.

    just fun things while you guys are working towards 1.6.x releases.

  • @viper_iii

    Our Let's Encrypt plugin doesn't implement the DNS-01 challenge. We only make use of the HTTP-01 challenge for now. The reason behind this is that most of people make use of an external DNS server and thus, i-MSCP cannot add the required TXT DNS record in the DNS zone file. This is a requirement for usage of the DNS-01 challenge.

    Of course, we plan to add support for the DNS-01 challenge as it will be required for wildcard SSL certificates but there will be restrictions as explained above.

    Regarding Cloudflare, that is another story. the PFSense firewall implement API calls for many DNS server providers as I can see in your screenshot, including CloudFlare. This is not really the purpose of our Let's Encrypt plugin which is made for i-MSCP managed DNS server, not for an external DNS server. What you're asking is a big work. I'll see if we can provide a plugin for Cloudflare integration in i-MSCP but you'll have to be a bit patient.