Comment by telotortium
2 days ago
Speaking of the topic of automation, does anyone know of a domain registry that is suitable for issuing Let's Encrypt certificates for a machine behind a firewall (which requires using the DNS challenge)? I currently use Namecheap, but they started requiring you to manually whitelist the client IP address to use their API, which is annoying when your residential ISP changes your IP address.
Edit: seems like using Cloudflare as the DNS host is the way to go here. Thanks everyone!
If you are not allergic to Cloudflare, they work very well with the DNS-01 challenge and they provide both registrar services as well as DNS. Of course, you can use Namecheap domains with Cloudflare or any other DNS provider and that should solve your problem too.
> Speaking of the topic of automation, does anyone know of a domain registry that is suitable for issuing Let's Encrypt certificates for a machine behind a firewall (which requires using the DNS challenge)?
Here's a utility (and library) that can talk to several dozen APIs for DNS updates (use it as a hook in your ACME client):
* https://github.com/dns-lexicon/dns-lexicon
* Previously at: https://github.com/AnalogJ/lexicon
Cloudflare has worked quite well for me as a DNS host. You don't need to have the registrar host the DNS records.
I use DNSimple.com - it's working well, and has a stable API that can let you do anything.
Digital ocean can be used as name servers without paying and they have an API. No clue how compatible.
I use Digital Ocean via Caddy and acme.sh with no problems
OVH works fine too