Skip to content
ACME Let's Encrypt client for opensrs DNS
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore ini Jan 26, 2019
LICENSE latest state Feb 11, 2019 Update Feb 16, 2019
_config.yml Set theme jekyll-theme-slate Feb 18, 2019
config Update config Feb 11, 2019
crt.cnf latest state Feb 11, 2019 Rename to May 10, 2019 latest state Feb 11, 2019


let's encrypt client to automate issuing and reissuing wildcard [Let's Encrypt] ( certificates with opensrs API DNS , this script will retreive challenge from Let's Encrypt and will update it , in opensrs DNS , and the will ask Let's Encrypt to verify the challenge.


for this script to work , you have to use opensrs nameservers

How to use this script

First you have to generate a private key to use it as account key for ACME using openssl

openssl genrsa 4096 > le-opensrs/account.key

make modification to crt.cnf that fits your needs

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no
[ req_distinguished_name ]
countryName                 = SD
stateOrProvinceName         = KH
localityName               = KH
organizationName           = Organization
commonName                 =
[ req_ext ]
subjectAltName = @alt_names
DNS.1   =
DNS.2   = *

then you have to genrate the CSR for you desired domain

openssl req -out le-opensrs/domain.csr -newkey rsa:2048 -nodes -keyout le-opensrs/domain.key -config le-opensrs/crt.cnf

edit config file with your settings

Contacts =
#your opensrs reseller username
reseller_username = example

#remember to whitelist the public ip to acess the API
# connection configuration for opensrs .. default is live connection parameter
api_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
api_host_port =

Finally run the main script in le-opensrs ./

This will generate the certificate in PEM format

  • Tip: Use cronjob to run the script periodcly for certs renewal
You can’t perform that action at this time.