Using DNS Validation With AutoInstall SSL

Before a certificate authority can issue an SSL certificate, it must verify that you control the domain name. This is commonly done by uploading a file, adding a DNS record, or clicking a link in an email. AutoInstall SSL uses the file validation method as default because it is the simplest way to complete validation and issue your SSL certificate.

In certain cases, you’ll need to use DNS validation instead (for example, if your domain has multiple servers behind a load balancer or if your server is not yet accessible to the internet). AutoInstall SSL integrates with several popular DNS providers to automate the DNS validation process.

Tip: If you’re not sure who your DNS provider is, you can find out by running a Nameserver lookup on your domain at https://dnschecker.org/ns-lookup.php

For step-by-step instructions on how to use DNS validation with AutoInstall SSL, please select your DNS provider:

Table of Contents

Each DNS provider uses different types of credentials to connect to their API–we’ve provided the needed arguments and a sample command for each provider. You can copy the example command and just replace the placeholders in brackets [] with your values (remove the brackets).

Cloudflare

Use these arguments with the AutoInstall SSL installcertificate command to complete DNS validation using Cloudflare:

ArgumentValue
–validationtypedns
–validationprovidercloudflare
–cloudflareapitokenYour Cloudflare API token (see below)

Example commands:

Windows: 

AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider cloudflare --cloudflareapitoken [APIToken]

Linux:

sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider cloudflare --cloudflareapitoken [APIToken]

How to setup API credentials in your Cloudflare account:

  1. Go to your account profile page (https://dash.cloudflare.com/profile)
  2. Click on API Tokens
  3. Click Create Token
  4. Next to “Edit zone DNS” click Use template
  5. Under Zone Resources, select “All zones”
  6. Under Permissions, click Add more and select User + User Details + Read.
  7. Click Continue to summary
  8. Click Create Token
  9. Copy the token

Note: the above permissions are required so that AutoInstall SSL can enumerate the zones in your account and choose the correct zone for a parent or sub-domain.

GoDaddy

Please note that GoDaddy only enables API access for accounts that meet certain minimums. Use these arguments with AutoInstall SSL to complete DNS validation using GoDaddy:

ArgumentValue
–validationtypedns
–validationprovidergodaddy
–apikeyYour GoDaddy API key (see below)
–apisecretYour GoDaddy API secret (see below)

Example commands:

Windows: 

AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider godaddy --apikey [APIKey] --apisecret [APISecret]

Linux: 

sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider godaddy --apikey [APIKey] --apisecret [APISecret]

How to setup API credentials in your GoDaddy account:

You can generate/manage your API keys at https://developer.godaddy.com/keys

DNS Made Easy

Use these arguments with the AutoInstall SSL installcertificate command to complete DNS validation using DNS Made Easy:

ArgumentValue
–validationtypedns
–validationproviderdnsmadeeasy
–apikeyYour DNS Made Easy API key (see below)
–apisecretYour DNS Made Easy API secret key (see below)

Example commands:

Windows:

AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider dnsmadeeasy --apikey [APIKey] --apisecret [APISecret]

Linux: 

sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider dnsmadeeasy --apikey [APIKey] --apisecret [APISecret]

How to setup API credentials in your DNS Made Easy account:

  • Log into https://cp.dnsmadeeasy.com and go to Config > Account Information.
  • You must be the primary user on the account to be able to see API keys.
  • If you’ve already generated API credentials, they’ll be displayed. If the credentials are not displayed, check the box to “Generate New API Credentials” and click Save.

Microsoft Azure DNS

Use these arguments with the AutoInstall SSL installcertificate command to complete DNS validation using Microsoft Azure DNS:

ArgumentValue
–validationtypedns
–validationproviderazure
–azuretenantidYour Tenant ID in Microsoft Entra ID
–azureclientidThe Application (client) ID for your AutoInstall SSL application in Microsoft Entra ID
–azuresecretThe Secret for your AutoInstall SSL application in Microsoft Entra ID
–azuresubscriptionidThe Azure Subscription ID associated with your domain’s DNS zone
–azureresourcegroupnameThe Resource group name associated with your domain’s DNS zone
–azurehostedzoneAzurehostedzone Name

Example commands:

Windows: 

AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider azure --azuretenantid [TenantId] --azureclientid [ClientID] --azuresecret [Secret] --azuresubscriptionid [SubscriptionID] --azureresourcegroupname [ResourceGroupName] --azurehostedzone [HostedZone]

Linux: 

sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider azure --azuretenantid [TenantId] --azureclientid [ClientID] --azuresecret [Secret] --azuresubscriptionid [SubscriptionID] --azureresourcegroupname [ResourceGroupName] --azurehostedzone [HostedZone]

How to setup API credentials in your Azure portal:

  • In Microsoft Entra ID, click on App Registration and create a new application named “AutoInstall SSL”. Redirect URI can be blank.
  • Give the new application DNS Zone Contributor level access to the subscription your domain’s DNS zone is in.

AWS Route 53

Use these arguments with the AutoInstall SSL installcertificate command to complete DNS validation using AWS Route 53:

ArgumentValue
–validationtypedns
–validationproviderroute53
–route53accesskeyidYour AWS Access key (see below)
–route53secretaccesskeyYour AWS Secret access key (see below)

Example commands:

Windows: 

AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider route53 --route53accesskeyid [AccessKeyID] --route53secretaccesskey [SecretAccessKey]

Linux: 

sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider route53 --route53accesskeyid [AccessKeyID] --route53secretaccesskey [SecretAccessKey]

How to setup API credentials in your AWS console:

  • Go to the AWS management console
  • Click on your profile name at the top right, then click on Security credentials
  • Under Access Keys, select Create New Access Key
  • Click Show Access Key and save/download your credentials

Updating DNS Credentials

If your DNS provider credentials change, you can update the credentials used by AutoInstall SSL:

  1. Run the main AutoInstall SSL command:
    • Linux: sudo runautoinstallssl.sh
    • Windows: AutoInstallSSL.exe
  2. Select menu option 4, Settings & Credentials
  3. Select Manage DNS provider credentials

Related posts:

  1. Troubleshooting “Certificate Is Pending Validation” in AutoInstall SSL
  2. Getting Started with AutoInstall SSL: Install an SSL Certificate on Linux
  3. Getting Started with AutoInstall SSL: Install an SSL Certificate on Windows
  4. Configuring AutoInstall SSL to Automatically Renew SSL Certificates