SSL certificates via DNS: automating Let’s Encrypt issuance

2025-10-06

SSL certificates via DNS: automating Let’s Encrypt issuance

Introduction

Let’s Encrypt is the standard for obtaining free TLS certificates. Most often certificates are issued via the HTTP-01 method, which requires a reachable web server on port 80. However, for internal services or wildcard certificates (for example, *.example.com) it is more convenient to use DNS-01, which verifies domain ownership via TXT records in DNS and does not require open ports.

This article covers: