Differences

This shows you the differences between two versions of the page.

--- blocks:server:nginx:dns01_challenge [2025-09-17 06:30] – [Step by step examples] mattias
+++ blocks:server:nginx:dns01_challenge [2025-09-17 06:50] (current) – [DNS-01 Challenge for renewal of HTTPS certificates] mattias
@@ Line 4: / Line 4: @@
 There are three main ways to prove for the certificate provider that you are the legal owner in control of a domain name. HTTP-01 challenge, DNS-01 challenge, TLS-ALPN-01.
 We will not bother about the TLS-ALPN-01, it has rather specific purposes, HTTP-01 will work if the server is published to the internet, e.g. a cloud server.
-To allow for automatic renewal on server that is not exposed to the internet the DNS-01 challenge is useful.  All it need is a dns provider with an api and a cert-bot plug in for Let's Encrypt that can automatically renew the certificates when required.
+To allow for automatic renewal on server that is not exposed but can access the internet DNS-01 challenge is useful.  All it need is a dns provider with an api and a cert-bot plug in for Let's Encrypt that can automatically renew the certificates when required.
+==== Available plugins ====
+The officical certbot plugins maintained by Certbot can be found [[https://github.com/certbot/certbot|here]]
+rd party plugins can be found [[https://pypi.org/search/?q=certbot-dns-|here]].
 ====Outline of the steps involved for DNS-Challange====
@@ Line 11: / Line 14: @@
   -   Configure the domain at the registrar to use your DNS provider's name servers.
   -   Create an account at a dns provider unless you already have one.
   -   Create an api token with the dns provider that the certbot can use to make its api calls. :!: Make its permissions as restricted as possible, we only need control over dns!
   - Create a file to store the api token or secret. Typically stored in an .ini file under /etc/letsencrypt/
   - make sure the necessary cert-bot plugin is installed. Follow the dns providers instructions.