Blog

Hetzner w/ TransIP DNS & LE Wildcard

A Let’s Encrypt Wildcard Certificate requires DNS verification. Ploi does not offer TransIP as DNS provider for the generation of LE SSL wildcards. Installing TransIP Certbot Plugin is possible using pip install certbot-dns-transip , but does not work together with snap installed Certbot. And latter is setup done with Ploi. So in the end I had to install Docker with 

sudo apt install docker.io
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker $USER

and run

docker run -ti --rm \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -w /etc/letsencrypt \
    hsmade/certbot-transip \
    certonly -n \
    -d '*.site.com' -d 'site.com' \
    -a dns-transip \
    --dns-transip-credentials /etc/letsencrypt/transip.ini \
    --dns-transip-propagation-seconds 240 \
    -m admin@site.com \
    --agree-tos \
    --eff-email

Did have to run command twice for some reason as first round there was an error about registration of email address.

For a renewal shell script we now have

#!/bin/bash

# Log file location
LOG_FILE="/var/log/letsencrypt/renew.log"

# Run the Docker command to renew certificates
docker run -ti --rm \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -w /etc/letsencrypt \
    hsmade/certbot-transip \
    certonly -n \
    -d '*.domain.com' -d 'domain.com' \
    -a dns-transip \
    --dns-transip-credentials /etc/letsencrypt/transip.ini \
    --dns-transip-propagation-seconds 240 \
    -m admin@domain.com \
    --agree-tos \
    --eff-email >> $LOG_FILE 2>&1

# Check the exit code of the Docker command
if [ $? -eq 0 ]; then
    echo "[$(date)] Certificate renewal successful. Reloading Nginx..." >> $LOG_FILE
    # Use systemctl reload command
    systemctl reload nginx >> $LOG_FILE 2>&1
else
    echo "[$(date)] Certificate renewal failed. Check the logs for more details." >> $LOG_FILE
    # Collect additional system info
    echo -e "\nSystem Info:" >> $LOG_FILE
    uname -a >> $LOG_FILE
    df -h >> $LOG_FILE
    free -m >> $LOG_FILE
    
    # Send an email notification on failure with detailed information
    SUBJECT="Certbot Renewal Failed for domain.com"
    EMAIL="admin@domain.com"
    BODY="The automatic renewal of the SSL certificate for domain.com has failed.\n\nLog Details:\n$(cat $LOG_FILE)"
    echo -e $BODY | mail -s "$SUBJECT" $EMAIL
fi

But that is still work in progress. Added the shell script to crontab as root so logs could be written away and so reload would work

Jasper Frumau

Jasper has been working with web frameworks and applications such as Laravel, Magento and his favorite CMS WordPress including Roots Trellis and Sage for more than a decade. He helps customers with web design and online marketing. Services provided are web design, ecommerce, SEO, content marketing. When Jasper is not coding, marketing a website, reading about the web or dreaming the internet of things he plays with his son, travels or run a few blocks.

Related Articles

Add a SFTP user to CentOS

Add a SFTP user to CentOS

Leave a Comment