Since I’m using Proxmox I wanted to be able to have an internal system/container that had the purpose of managing my SSL certificates for the domains I have.
I am using IBM NSOne for my domain’s DNS and there is no currently freely available ‘hook’ for managing the creation of wildcard SSL certificates via Let’s Encrypt.
I have used a ‘dehydrated’, a BASH script system for managing SSL certificate renewal and it is very extensible.
Using my IBM NSOne updater scripts from here I was able to write a suitable ‘domain hook’ for dehydrated.
The deploy_challenge() function in /etc/dehydrated/domain-hook.sh should have this line:
/root/dns/updatensonerecord ${DOMAIN} _acme-challenge TXT ${TOKEN_VALUE} appendassuming the path of the DNS zone editing script is set to that path.
Also adding to the clean_challenge() function:
/root/dns/removensonerecord ${DOMAIN} _acme-challenge TXTThen when you run dehydrated to manage your domain SSL, you should be able to have them generated via DNS Hook from an internal system requiring no outside access. From there, you can distribute them to the systems of your choice, or have other systems pull from your ‘ssl management system’.
