DNS/Domain Validation for LetsEncrypt/ACME client?

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
JohnEDee
-


Joined: 30 Jan 2019
Posts: 6

PostPosted: Wed Mar 13, 2019 12:28 am    Post subject: DNS/Domain Validation for LetsEncrypt/ACME client? Reply with quote

I'm trying my first LetsEncrypt implementation and got everything configured, but the Abyss ACME client seems to be going straight to the option of provisioning an HTTP resource, rather than giving the choice of a DNS record. I guess that's likely because Abyss assumes it's serving the web pages, so might as well just use only the HTTP option, but in my case I'm just using Abyss to do redirecting to the actual page, and I'd rather do the DNS method (in this case I have control of the DNS but a separate consultant is the web developer.

Is there any way currently to tell Abyss to use DNS rather than HTTP provisioning?

If not, I'd like to request that be added at some point (and I can transfer this request to the Suggestions forum).

Thanks!
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 873

PostPosted: Thu Mar 21, 2019 4:26 pm    Post subject: Re: DNS/Domain Validation for LetsEncrypt/ACME client? Reply with quote

JohnEDee wrote:
Is there any way currently to tell Abyss to use DNS rather than HTTP provisioning?


This is possible and even required when requesting certificates for wildcard host names (*.example.com).

To do so, open the console, select "Configure" associated with the host you'd like to change the way certificates are issued for. Select "General" and then press "Edit" in front of "Advanced Parameters".

Now press "Edit" in front of "SSL/TLS parameters" and set the challenge type to DNS-01 in "ACME parameters". More about that section in the console is available in https://aprelium.com/data/doc/2/abyssws-win-doc-html/hosts-configuration.html#HOSTS-GENERAL-ADVANCED-SECURELAYER .

When using DNS-01, you'll have to check the ACME-Bot status in the console and perform the required challenge (it will be displayed in clear text.) Once the challenge performed, you should go back to the ACME-Bot status and press a button there to ask the certification authority to proceed. It's an interactive process contrarily to the HTTP validation which is all automatic.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group