Generating SSL/TLS certificates via DNS Challenge

(Feb-2023) YouTube Training video on how to setup SSL Certificates for Bahmni:

Generating certificates can be achieved in two ways

  • Manual
  • Automated


Please follow the steps mentioned below to generate the certificates manually


curl | sh		

DNS manual mode --issue --dns -d -d

Please make sure that you get an output like the one below:

Add the following txt record:
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c

Add the following txt record:
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Please add those txt records to the domains. Waiting for the dns to take effect.

Rerun with renew argument: --renew -d


Lego can be used to automate the process of generating certificates. Currently it comes with multiple optional DNS providers.

1.Download the latest version from releases 

Download link

2.Install golang ->

Install golang from

3.Obtain a certificate using the DNS challenge and AWS Route 53

AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="" --domains="" --dns="route53" run

For other ways to obtain certificate as mentioned in above step, refer DNS providers

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)