Generating SSL/TLS certificates via DNS Challenge

Owned by Sudhamsh Kandukuri
Last updated: Aug 12, 2023 by Gurpreet Luthra
1 min read

(Feb-2023) YouTube Training video on how to setup SSL Certificates for Bahmni:


Generating certificates can be achieved in two ways

  • Manual
  • Automated

Manual 

Please follow the steps mentioned below to generate the certificates manually

Install acme.sh

curl https://get.acme.sh | sh

DNS manual mode


acme.sh --issue --dns -d aa.com -d www.aa.com

Please make sure that you get an output like the one below:

Add the following txt record:
Domain:_acme-challenge.aa.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c

Add the following txt record:
Domain:_acme-challenge.www.aa.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Please add those txt records to the domains. Waiting for the dns to take effect.

Rerun acme.sh with renew argument:

acme.sh --renew -d aa.com


Automated

Lego can be used to automate the process of generating certificates. Currently it comes with multiple optional DNS providers.

1.Download the latest version from releases 

Download link

Download from https://github.com/xenolf/lego/releases


2.Install golang -> https://golang.org/doc/install

Install golang from https://golang.org/doc/install


3.Obtain a certificate using the DNS challenge and AWS Route 53

AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run

For other ways to obtain certificate as mentioned in above step, refer DNS providers





On this page

Related Reading

Configure Valid SSL Certificates

Free SSL/TLS Certificates using LetsEncrypt

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)