Create Let’s Encrypt SSL certificates using DNS-01 challenge

SSL Certificates

Using Let’s Encrypt to create an SSL certificate at no cost is an excellent resource for home labs. Use this walkthrough to create SSL certs for your home lab.

Official documentation for using the certbot-dns-digital ocean plugin is located at

I recommend starting with a minimal installation of RHEL or CentOS Stream.

Install pip, create a virtual environment, install certbot and the digitalocean plugin, then add Cerbot to your path using the following commands:

sudo dnf install python3-pip
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install certbot certbot-dns-digitalocean certbot
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Create a configuration file with your DigitalOcean API credentials.

vi ~/digitalocean.ini
chmod 600 ~/digitalocean.ini

To acquire a wildcard certificate, modify the following command for your domain name:

sudo certbot certonly --dns-digitalocean --dns-digitalocean-credentials ~/digitalocean.ini -d '*'

Copy the certs and key generated by Certbot to your home directory and update the permissions.

sudo cp -r /etc/letsencrypt/archive/ ~/
sudo chown -R crobinson: ~/

To transfer the files over ssh from the client machine, run the following:

scp [email protected]:~/* ./

Apply the certs as needed to your environment.

Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *