Dns-01 ISPConfig support

Is it possible to have ISPConfig3 API integration to update record directly without using custom script?

Thank you so much!

Hi, our newest DNS API providers comes from the Posh-ACME project and our currently policy for developing DNS providers outside of that is to only focus on major cloud providers. Really there are many thousands of different DNS API and while we do try to implement common ones we just aren’t able to support them all.

If you need a cert for the service that ISPConfig is hosting, it can do it’s own certificates: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/

If you don’t want to do the scripting yourself (which I think would involve a login API call, then the API call to create/update the TXT record) you should consider using either http validation or DNS validation using acme-dns. I would personally recommend using acme-dns anyway as it is a ‘least-privilege’ way of doing DNS validation.

Thank you for reply.

I have a plenty of private (without public IP or nat) Windows server that I need to certificate, and the only method is DNS.
I’ve just written a custom script that speak with ISPConfig API (where my domain is hosted), but this requires to install a plenty of software (such as PHP or Node) that I prefer to not install in Windows server…

Please, reconsider to implement direct support for ISPConfig3 and more (such as CPanel or Plesk).
I think you will make a lot of very happy techincians…

Thanks, yes we will consider this a vote for ISPConfig support :slight_smile:

In the meantime if you do want to script your dns updates you could use powershell or .bat/cmd (with curl) to avoid having to install any other software.

Regards dns validation in general, your DNS entry does have to be public for Let’s Encrypt etc to be able to validate it (it has to be on a nameserver they can query) however the IP of hosts etc don’t have to resolve to public addresses, it’s just the DNS records that have to exist. So you can use acme-dns etc as an alternative validation method.