DirectAdmin / cPanel and Let's Encrypt

Hi guys! :slightly_smiling_face:
It seems cPanel and DirectAdmin(?) creates some _acme-challenge.something TXT records in DNS. I assume they’re used with the Let’s Encrypt module to request/renew SSL certificates.

I’m considering moving from the shared webhost DNS’es to an external DNS. My question is if that would just keep working if I duplicate/transfer those record as is, or if those records might need to be manually changed, or if it in some other way might break? :thinking:

Mind if I ask who? @Jarland and I love ClouDNS. I know others like Cloudflare.

For what it’s worth I haven’t made any modifications to DA or cPanel to use the old method and it seems to be working fine without being responsible for managing anyone’s DNS.

I think they’re using the TXT records for wildcard certificates? Since that’s one of the requirements in order to get wildcards.

As for cPanel / DirectAdmin and Let’s Encrypt, I can confirm that both panels will work if your DNS is hosted elsewhere. I don’t know whether that is because TXT’s are only used for wildcards or if they use a fallback scenario.

As long as those TXT records doesn’t need to change on every update, it shouldn’t be a problem, then … :slightly_smiling_face:

 
(Had to use wildcard cert to get around some bug in DA, it seems. As in this:

Error: http://my-crappy.domain/.well-known/acme-challenge/letsencrypt_1570173301 is not reachable. Aborting the script.
dig output for my-crappy.domain:
Please make sure /.well-known alias is setup in WWW server.

(it was defined as a CNAME, and had a working site)
Wild card cert worked.

Wildcards require DNS validation and I do believe it changes every time. Are you sure you need a wildcard cert?

That’s odd. I’ve only touched DA once or twice, but didn’t run into a single issue with SSL certificates. Probably best if you give it another shot the regular way and pull your webserver access logs to determine what’s happening.

2 Likes

Should work yep as it uses the well known folder. :slight_smile:

1 Like

On the contrary, I’m quite sure I don’t need a wildcard cert. It just happened to be the only workaround I found for that bug at the moment. Will debug that some more … :sweat_smile:

Well, there was another quite recent Let’s Encrypt bug also recently (as you’ll see in the DA forum). Will definitively check logs and retry, yes. (Currently waiting for some DNS propagation for some other domains I’ll test this on.) :slightly_smiling_face:

Hopefully will figure out why it ain’t soon enough. :+1: :slightly_smiling_face:

2 Likes

Still considering ClouDNS vs. Cloudflare vs. my registrar’s self developed solution. :slightly_smiling_face:

dns.he.net :slight_smile:

Honestly, ClouDNS’s anycast is a complete shitstorm, so don’t bother paying for that.
It seems they don’t actually have any clue about how to operate one, and it turns out buying servers at random locations doesn’t magically make it work.

Try a top notch DNS provider for free… generous offer

https://ns1.com/signup

1 Like

I noticed that one, but seems I have to complete some ipv6 something to test it/sign up.

I must admit I never looked in anycast DNS, no idea if/why I want it or not … :laughing:

My registrar’s DNS solution seems to automate DNSSEC stuff. That might be nice …

Interesting, thanks! Wondering about the free plan limit of “50 Records”, though. Is that per zone, or total? (Zones migrated from old cPanel accounts often has 30-40 records, of which most are not needed anymore.) :grin:

You can simply signup and use the DNS portion :slight_smile:

I just use Cloudflare. It works awesomely well. Granted it can also break. But what cant? I know something but its NSFW but even that… Shh

Looks like I need to sign up for tunnelbroker or something:

The Open Beta has been expanded and now includes our IPv6 certification or tunnelbroker account holders, Colocation customers and those with Transit services from us.

Free service. Use or not it is your call :slight_smile:

Will give it a try. What’s the main benefits/pros in your opinion? :smile:

I happen to find it a Ted bit faster than others. Simple and easy. Nothing fancy like cloudflare of course but Hurricane Electeic is a major player in the industry.

1 Like