posted on Sun, Aug 05 '18 under tag: devops

How to get around the DNS challenge automatically

If you wanted to get wildcard certificate for your domain from letsencrypt you are bound to use DNS challenge. But, how do you then automate this for renewal?

That’s where acme-dns comes in.


Follow installation steps in the acme-dns repo.

We are going to make it systemd service, so move executable into /usr/local/bin and all that.

Copy paste config in the readme file of and change values. (Mostly chaning to your server)

Make sure you point sqlite connection to /var/lib/acme-dns/acme-dns.db and ensure chown -R acme-dns:acme-dns /var/lib/acme-dns

ACME-DNS certbot

Now we need certbot to automatically do stuff.

That’s where comes in.

Follow the instructions there, edit the hook file to amend the ACMEDNS_URL


All this will work only if we set our current DNS to point to ACME.

Use the values in the acme-dns configuration to put the same values in our dns.

Like what you are reading? Subscribe (by RSS, email, twitter, or telegram)!