Generating SSL/TLS certificates via DNS Challenge

Generating certificates can be achieved in two ways

  • Manual
  • Automated

Manual 

Please follow the steps mentioned below to generate the certificates manually

Install acme.sh

curl https://get.acme.sh | sh		

DNS manual mode


acme.sh --issue --dns -d aa.com -d www.aa.com

Please make sure that you get an output like the one below:

Add the following txt record:
Domain:_acme-challenge.aa.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c

Add the following txt record:
Domain:_acme-challenge.www.aa.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Please add those txt records to the domains. Waiting for the dns to take effect.

Rerun acme.sh with renew argument:

acme.sh --renew -d aa.com


Automated

Lego can be used to automate the process of generating certificates. Currently it comes with multiple optional DNS providers.

1.Download the latest version from releases 

Download link


2.Install golang -> https://golang.org/doc/install

Install golang from https://golang.org/doc/install


3.Obtain a certificate using the DNS challenge and AWS Route 53

AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run

For other ways to obtain certificate as mentioned in above step, refer DNS providers