Dns-01 ISPConfig support

Is it possible to have ISPConfig3 API integration to update record directly without using custom script?

Thank you so much!

Hi, our newest DNS API providers comes from the Posh-ACME project and our currently policy for developing DNS providers outside of that is to only focus on major cloud providers. Really there are many thousands of different DNS API and while we do try to implement common ones we just aren’t able to support them all.

If you need a cert for the service that ISPConfig is hosting, it can do it’s own certificates: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/

If you don’t want to do the scripting yourself (which I think would involve a login API call, then the API call to create/update the TXT record) you should consider using either http validation or DNS validation using acme-dns. I would personally recommend using acme-dns anyway as it is a ‘least-privilege’ way of doing DNS validation.

Thank you for reply.

I have a plenty of private (without public IP or nat) Windows server that I need to certificate, and the only method is DNS.
I’ve just written a custom script that speak with ISPConfig API (where my domain is hosted), but this requires to install a plenty of software (such as PHP or Node) that I prefer to not install in Windows server…

Please, reconsider to implement direct support for ISPConfig3 and more (such as CPanel or Plesk).
I think you will make a lot of very happy techincians…

Thanks, yes we will consider this a vote for ISPConfig support :slight_smile:

In the meantime if you do want to script your dns updates you could use powershell or .bat/cmd (with curl) to avoid having to install any other software.

Regards dns validation in general, your DNS entry does have to be public for Let’s Encrypt etc to be able to validate it (it has to be on a nameserver they can query) however the IP of hosts etc don’t have to resolve to public addresses, it’s just the DNS records that have to exist. So you can use acme-dns etc as an alternative validation method.

Hello,
I’ve kindly asked to Ryan Bolger (developer of Posh-ACME library) to implement the new plugin for ISPConfig and he had developed it as he wrote in https://github.com/rmbolger/Posh-ACME/issues/380

:slight_smile: :slight_smile: :slight_smile:
Thank you so much Ryan!

Thanks, there are significant differences between the version of Posh-ACME we use and the current version this plugin is written for, so including this in Certify will be delayed until be migrate to the newer version Posh-ACME.

You are free to write your own script to integrate this plugin using DNS scripting: DNS Scripting | Certify The Web Docs

In the meantime also check out Certify DNS (CNAME delegation of DNS challenges to a dedicated challenge response service: certifydns | Certify The Web Docs), which can be used with any DNS system.

Here is a similar discussion with an example script to call into Posh-ACME: https://github.com/webprofusion/certify/issues/570#issuecomment-916612507