Let's Encrypt DNS API configuration¶
WordOps use acme.sh to handle SSL certificates, which supports domain validation using DNS API. This feature is optional to issue domain and subdomain certificates, but is required to issue wildcard certificates.
DNS API configuration¶
WordOps use the Acme client acme.sh to handle Let's Encrypt SSL certificates. It support DNS API with the most part of popular DNS providers, including Cloudflare, DigitalOcean, OVH, Amazon Route53, Linode, Gandi and many others.
In this example, we will configure Cloudflare DNS API, but configuration will be pretty similar with other DNS providers.
DNS providers list and configurations are available in acme.sh wiki
Step 1: get your API credentials¶
- your Cloudflare account email address
- your Global API Key available in your Cloudflare profile
Step 2: set your credentials with acme.sh variables¶
Before issuing your first SSL certificate with DNS API, you have to define your API credentials with the command
Example for Cloudflare:
export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" export CF_Email="firstname.lastname@example.org"
- CF_Key: Cloudflare Global API key available in your Cloudflare profile
- CF_Email: Your Cloudflare account email address
Example with DigitalOcean:
Example with GoDaddy:
export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
DNS providers list and configurations are available in Acme.sh Wiki
Step 3: issue your certificate¶
For a new site secured with a wildcard SSL certificates with Cloudflare DNS API
If you are using
sudo to run wo commands, you need to use
sudo -E to keep DNS API crendentials variables available for acme.sh
So just put
sudo -E before the following commands instead of just
wo site create site.tld --wp --letsencrypt=wildcard --dns=dns_cf
--letsencrypt=wildcard: issue a wildcard certificate
--dns=dns_cf: enable DNS API mode with Cloudflare.
For an existant secured with a simple SSL certificate (site + www.site.tld) with DigitalOcean DNS API
wo site update site.tld -le --dns=dns_dgon
-le: issue a certificate for
--dns=dns_dgon: enable DNS API mode with DigitalOcean
- You can also use DNS API to issue domain and subdomain certificates.
--dns=dns_cfdefine the DNS provider to use. With DigitalOcean, it would be
- After issuing a first certificate using DNS API, your API credentials will be saved in
/etc/letsencrypt/config/account.conf. You do not need to define them anymore.