SSL certificates via DNS: automating Let’s Encrypt issuance

2025-10-06

Introduction

Let’s Encrypt is the standard for obtaining free TLS certificates. Most often certificates are issued via the HTTP-01 method, which requires a reachable web server on port 80. However, for internal services or wildcard certificates (for example, *.example.com) it is more convenient to use DNS-01, which verifies domain ownership via TXT records in DNS and does not require open ports.

This article covers:

• Issuing certificates via the Cloudflare API,
• Issuing certificates via Amazon Route 53 (AWS),
• Integration with web servers Nginx, HAProxy and Traefik,
• Automation of certificate renewal.

Note: Instructions are relevant for Certbot 2.x, acme.sh 3.x, Nginx 1.18+, HAProxy 2.4+, Traefik 2.x on Linux (Ubuntu/Debian). For other OSes or tool versions adjustments may be required.

Moving or restoring a website for beginners: don't be afraid, it's easier than it seems

2025-10-05

Moving a website to a new server or restoring it after a failure can sound like a scary task, especially if you’re new to web development or administration. But don’t panic. With the right approach and a step-by-step plan you can handle it without stress. Below is a breakdown of the whole process: from backup to functionality checks, including ISPmanager and FreePanel panels and local testing via hosts without changing public DNS.