Skip to content

Manually entering dns+txt to issue a wildcard certificate #9

New issue
New issue
Open
Open
Manually entering dns+txt to issue a wildcard certificate#9
@shoutmarble

Description

@shoutmarble
shoutmarble
opened on Feb 27, 2025

I'm using Hostinger.com for my VPS provider.

I've been using Lego and getting acme certs doing a manual dns txt entry.

./lego -a --pem --email "xxxxx@gmail.com" --domains "landingdev.xyz" --domains "*.landingdev.xyz" --dns manual run

The process appears the same with acme.sh

9-use-dns-manual-mode

Add the following txt record:
Domain:_acme-challenge.example.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c

Add the following txt record:
Domain:_acme-challenge.www.example.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Please add those txt records to the domains. Waiting for the dns to take effect.

Is there a way to issue a cert manually using a dns+txt entry?

services:
  haproxy-acme:
    image: ghcr.io/flobernd/haproxy-acme-dns01:latest
    container_name: haproxy-acme-dns01
    restart: unless-stopped
    environment:
      - "ACME_MAIL=mail@domain.com"
      - "ACME_DOMAIN=domain.com *.domain.com"
      - "ACME_DNS_API=dns_cf"
      - "CF_Token=<redacted>"
      - "CF_Zone_ID=<redacted>"
    volumes:
      - ./acme:/var/lib/acme:rw  # <-- point to my manual acme.sh
    ports:
      - 80:80
      - 43:443

Can I point docker-haproxy-acme ./acme to my acme.sh folder?

acme/
├── landingdev.xyz.crt
├── landingdev.xyz.issuer.crt
├── landingdev.xyz.json
├── landingdev.xyz.key
└── landingdev.xyz.pem

1 directory, 5 files

Right now, docker-haproxy-acme is looking for my ACME_DNS_API=dns_cf" when I leave it out of my compose.yml

root@server:~/haproxy# cat compose.yml 
services:
    haproxy-acme:
        image: ghcr.io/flobernd/haproxy-acme-dns01:latest
        container_name: haproxy-acme-dns01
        restart: unless-stopped
        environment:
            - "ACME_MAIL=xxxxxx@gmail.com"
            - "ACME_DOMAIN=landingdev.xyz *.landingdev.xyz"
            # - "ACME_DNS_API=dns_cf"
            # - "CF_Token=<redacted>"
            # - "CF_Zone_ID=<redacted>"
        volumes:
            - ./acme:/var/lib/acme:rw
        ports:
            - 80:80
            - 43:443

    whoami:
        image: traefik/whoami
        container_name: whoami
        restart: unless-stopped

root@server:~/haproxy# docker compose up
[+] Running 26/26
 ✔ haproxy-acme Pulled                                                                                                                      2.3s 
   ✔ fd674058ff8f Already exists                                                                                                            0.0s 
   ✔ 977e469d6fdf Already exists                                                                                                            0.0s 
   ✔ c0ac7277bc9a Already exists                                                                                                            0.0s 
   ✔ 2f4cde61b32c Already exists                                                                                                            0.0s 
   ✔ 0b752342150f Already exists                                                                                                            0.0s 
   ✔ 4f4fb700ef54 Already exists                                                                                                            0.0s 
   ✔ f6f1e3594711 Already exists                                                                                                            0.0s 
   ✔ 158f580c2430 Already exists                                                                                                            0.0s 
   ✔ e2d1b1af2ed7 Already exists                                                                                                            0.0s 
   ✔ fac4983d9ac9 Already exists                                                                                                            0.0s 
   ✔ 1f0887bdf49c Already exists                                                                                                            0.0s 
   ✔ 513facb4061b Already exists                                                                                                            0.0s 
   ✔ 6465cd62df7d Already exists                                                                                                            0.0s 
   ✔ bb7a032486eb Already exists                                                                                                            0.0s 
   ✔ 6f1509c3ccaa Already exists                                                                                                            0.0s 
   ✔ 9d68929bc302 Already exists                                                                                                            0.0s 
   ✔ 66edf08f61f1 Already exists                                                                                                            0.0s 
   ✔ 8e440b4f860b Already exists                                                                                                            0.0s 
   ✔ 129d5ef36066 Already exists                                                                                                            0.0s 
   ✔ 6ce21e8cfdfd Already exists                                                                                                            0.0s 
   ✔ 8419eb835103 Pull complete                                                                                                             0.4s 
   ✔ da81c075557b Pull complete                                                                                                             0.4s 
   ✔ a306e47ce03d Pull complete                                                                                                             0.5s 
   ✔ 0db668c8f6ee Pull complete                                                                                                             0.9s 
   ✔ 832324656fb3 Pull complete                                                                                                             0.9s 
[+] Running 2/2
 ✔ Container whoami               Running                                                                                                   0.0s 
 ✔ Container haproxy-acme-http01  Recreated                                                                                                 0.1s 
Attaching to haproxy-acme-dns01, whoami
haproxy-acme-dns01  | Missing mandatory environment variable: 'ACME_DNS_API'
haproxy-acme-dns01  | Missing mandatory environment variable: 'SERVER_ADDRESS'
haproxy-acme-dns01 exited with code 0
haproxy-acme-dns01  | Missing mandatory environment variable: 'ACME_DNS_API'
haproxy-acme-dns01  | Missing mandatory environment variable: 'SERVER_ADDRESS'
haproxy-acme-dns01 exited with code 1
haproxy-acme-dns01  | Missing mandatory environment variable: 'ACME_DNS_API'
haproxy-acme-dns01  | Missing mandatory environment variable: 'SERVER_ADDRESS'
haproxy-acme-dns01 exited with code 1
haproxy-acme-dns01  | Missing mandatory environment variable: 'ACME_DNS_API'
haproxy-acme-dns01  | Missing mandatory environment variable: 'SERVER_ADDRESS'
haproxy-acme-dns01 exited with code 1
haproxy-acme-dns01  | Missing mandatory environment variable: 'ACME_DNS_API'
haproxy-acme-dns01  | Missing mandatory environment variable: 'SERVER_ADDRESS'
haproxy-acme-dns01 exited with code 1
haproxy-acme-dns01  | Missing mandatory environment variable: 'ACME_DNS_API'
haproxy-acme-dns01  | Missing mandatory environment variable: 'SERVER_ADDRESS'
haproxy-acme-dns01 exited with code 1
Gracefully stopping... (press Ctrl+C again to force)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions