Let's Encrypt DNS-01 Validation with GoDaddy

Step 1: Install Required Software

Update your system and install Certbot and the GoDaddy DNS plugin:

sudo apt update
sudo apt install -y certbot python3-certbot-dns-godaddy

Step 2: Configure API Access for GoDaddy

Log in to your GoDaddy account and create API credentials for your DNS zone:

• Go to GoDaddy Developer Portal.
• Create an API key and secret with "Read/Write" permissions for the DNS zone.
• Save the API key and secret; you will need them later.

Store the GoDaddy API credentials securely on your server:

sudo nano /etc/letsencrypt/godaddy.ini

Add the following content:

dns_godaddy_api_key = YOUR_GODADDY_API_KEY
dns_godaddy_api_secret = YOUR_GODADDY_API_SECRET

Replace YOUR_GODADDY_API_KEY and YOUR_GODADDY_API_SECRET with the actual values.

Secure the credentials file:

sudo chmod 600 /etc/letsencrypt/godaddy.ini

Step 3: Obtain an SSL Certificate

Use Certbot to obtain a certificate for your domain using the DNS-01 challenge:

sudo certbot certonly \
    --dns-godaddy \
    --dns-godaddy-credentials /etc/letsencrypt/godaddy.ini \
    -d private-server-1.pri.smortler.com

Certbot will create the required DNS TXT records in your GoDaddy account for verification. Once verified, Let's Encrypt will issue the certificate.

After a successful issuance, the certificate and private key will be stored at:

Certificate: /etc/letsencrypt/live/private-server-1.pri.smortler.com/fullchain.pem
Private Key: /etc/letsencrypt/live/private-server-1.pri.smortler.com/privkey.pem

Step 4: Configure Apache for HTTPS

Enable the SSL module:

sudo a2enmod ssl

Edit the SSL configuration file:

sudo nano /etc/apache2/sites-available/default-ssl.conf

Update the configuration to use your Let's Encrypt certificate:

<VirtualHost *:443>
    ServerName private-server-1.pri.smortler.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/private-server-1.pri.smortler.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/private-server-1.pri.smortler.com/privkey.pem

    <Directory /var/www/html>
        AllowOverride All
    </Directory>
</VirtualHost>

Enable the SSL site configuration:

sudo a2ensite default-ssl
sudo systemctl reload apache2

Step 5: Automate Certificate Renewal

Test the renewal process:

sudo certbot renew --dry-run

Create a cron job to renew the certificate automatically:

sudo crontab -e

Add the following line to check for renewal and reload Apache daily:

0 2 * * * certbot renew --quiet && systemctl reload apache2

Step 6: Verify HTTPS

Open a browser and navigate to https://private-server-1.pri.smortler.com. Ensure the connection is secure, and the certificate is issued by Let's Encrypt.