SECURING


Preparing to request certificates using DNS-01 challenges

Before you can request a certificate from the Let's Encrypt CA using DNS-01 challenges, you first need to create a DNS Provider Configuration and a DNS Provider Account.

Before you begin


About this task

The DNS Provider Configuration document created in this procedure contains code that is specific to a DNS provider API to automate storing the challenge received from Let's Encrypt servers to a TXT record in your registered DNS domain.

This procedure provides steps to automatically configure DNS Provider Configurations documents for two specific DNS providers. This configuration is done by importing a DXL file available through the HCL Support article at the beginning of this procedure. The DXL file contains provider-specific API code.

However, if your DNS provider is not one of the reference providers available through the DXL file, there is support for developing your own DNS Provider Configuration document according to the requirements of your DNS provider API. More information about this approach is also found through the Support article.

The DNS Provider Account document created in this procedure is used to associate your domain with the DNS Provider in certstore.nsf. Later, when you create a TLS Credentials document to request a certificate for a host name within this domain, CertMgr knows to use DNS-01challenges.

Procedure

1. Create a DNS Configuration document with a reference implementation:

2. Create the DNS Provider Account. Typically you create one account per DNS provider.
What to do next

Complete the procedure, Configuring the ACME account profiles.

Parent topic: Preparing a Domino server to request certificates from the Let's Encrypt CA