Let’s Encrypt
How to automatically renew Let’s Encrypt wildcard certificates with Certbot
IONOS API
Getting Started with the IONOS APIs
IONOS authentication hook
This hook is executed before certbot creates the DNS record.
It creates a temporary file containing a JSON payload with the DNS record data,
then uses the curl command to send a PUT request to the IONOS API to create the record.
/home/wildw1ng/bin/ionos-auth-hook
#!/bin/bash
IONOS_PUBLICPREFIX="YOUR_API_KEY"
IONOS_SECRET="YOUR_API_SECRET"
echo "{ \"data\": \"\$CERTBOT_VALIDATION\" }" > /tmp/ionos_payload.json
curl -s -X PUT -H "Content-Type: application/json" -H "Authorization: Basic \$(echo -n "$IONOS_PUBLICPREFIX:$IONOS_SECRET" | base64 -w 0)" -d @/tmp/ionos_payload.json "https://api.hosting.ionos.com/dns/v1/zones/\$CERTBOT_DOMAIN." -o /dev/null
chmod +x /home/wildw1ng/bin/ionos-auth-hook
IONOS cleanup hook
This hook is executed after certbot removes the DNS record.
It creates a temporary file containing a JSON payload with the DNS record data,
then uses the curl command to send a DELETE request to the IONOS API to delete the record.
/home/wildw1ng/bin/ionos-cleanup-hook
#!/bin/bash
IONOS_PUBLICPREFIX="YOUR_API_KEY"
IONOS_SECRET="YOUR_API_SECRET"
echo "{ \"data\": \"\$CERTBOT_VALIDATION\" }" > /tmp/ionos_payload.json
curl -s -X DELETE -H "Content-Type: application/json" -H "Authorization: Basic \$(echo -n "$IONOS_PUBLICPREFIX:$IONOS_SECRET" | base64 -w 0)" -d @/tmp/ionos_payload.json "https://api.hosting.ionos.com/dns/v1/zones/\$CERTBOT_DOMAIN." -o /dev/null
chmod +x /home/wildw1ng/bin/ionos-cleanup-hook
Note
Make sure to replace YOUR_API_KEY and YOUR_API_SECRET with your actual IONOS API credentials.
Renew Let’s Encrypt certificates with Certbot
/home/wildw1ng/bin/wildcard-renewal
#!/bin/bash
# Domain to renew
DOMAIN="wildw1ng.com"
# Check if certbot is installed
if ! command -v certbot &> /dev/null
then
echo "Certbot could not be found. Please install it first."
exit
fi
# Renew wildcard certificate
sudo certbot certonly \
--non-interactive \
--no-eff-email \
--agree-tos \
--staple-ocsp \
--manual \
--preferred-challenges=dns \
--manual-auth-hook /home/wildw1ng/bin/ionos-auth-hook \
--manual-cleanup-hook /home/wildw1ng/bin/ionos-cleanup-hook \
-d "$DOMAIN" \
-d "*.$DOMAIN" \
-d "*.cozy.$DOMAIN"
chmod +x /home/wildw1ng/bin/wildcard-renewal
Service and timer for automatic renewal
/etc/systemd/system/certbot.service
[Unit]
Description=Let's Encrypt renewal
[Service]
Type=oneshot
ExecStart=/home/wildw1ng/bin/wildcard-renewal
/etc/systemd/system/certbot.timer
[Unit]
Description=Twice daily renewal of Let's Encrypt's certificates
[Timer]
OnCalendar=0/12:00:00
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.target
Enable renewal service
systemctl enable certbot.timer