[dnsdist] dnsdist and Let's Encrypt (ACME)

Stephane Bortzmeyer bortzmeyer at nic.fr
Sun Sep 15 14:44:43 UTC 2019

On Sun, Sep 15, 2019 at 12:20:46PM +0200,
 Andrew Nimmo <andrew.nimmo at gmail.com> wrote 
 a message of 72 lines which said:

> The acme.sh script has a standalone mode, if you have port 80 open:

Thanks, I forgot about that (and, indeed, port 80 was available).

So I did:

certbot certonly --standalone --domain doh.bortzmeyer.fr

to have the initial certificate.

Then, I configured dnsdist to use
/etc/letsencrypt/live/doh.bortzmeyer.fr/fullchain.pem and then I set
up this for the future renewals:

certbot renew --standalone --deploy-hook /usr/local/sbin/restart-dnsdist

Thanks again.

More information about the dnsdist mailing list