Using Let's Encrypt with DNS-01 Challenge in Cablecast

August 19, 2024

Video Overview

Summary

This article explains how to use the DNS-01 challenge in Cablecast 7.8 to generate HTTPs certificates using Let's Encrypt. Using DNS-01 challenge allows organizations the ability to automatically generate HTTPs certificates even when the Cablecast system is geofenced, or has HTTP port 80 disabled on the firewall preventing HTTP-01 challenges.

Ability To Create DNS Records Is Required

In order to utalize DNS-01 challenges you must be able to make a CNAME record at _acme-challenge-<your-domain>.

Open Public Connectivity Screen

Navigate to Public Connectivity by clicking the gear icon in the left hand navigation menu. Then choose System Settings and Public Connectivity.

Configure Public Connectivity Settings For DNS-01 Challenge

  1. Verify Hostname is Correct
  2. Check the "SSL Box"
  3. Check the box "Use Lets Encrypt"
  4. Use the dropdown menu to select challenge type "DNS-01"
  5. Hit Save

Create Required CNAME Records

After accepting the configuration changes click back into Public Connectivity to view the required CNAME records. Create these records, or communicate the required records to your IT department.

Cablecast will monitor the DNS and move on with certificate challenge once it sees the required DNS records are present.

The entire process can take 5-30 minutes depending on DNS propagation.

Your DNS Provider Will Look Different

Note the screenshot below is using AWS Route53 DNS services. Your settings will look different depending what DNS provider you use.

Wait For Certificate Generation

Processing Could Take Time

Because the DNS-01 challenge relies on DNS propagation, it can take a few minutes up to an hour for the DNS to available to both Cablecast and Let's Encrypt in order to allow for certificate creation. Cablecast will continue to function normally until the DNS records are available.

  • Depending on the amount of time it takes for the CNAME to propagate, it may take up to an hour to process the DNS challenge.
  • The status at the bottom should change from "Waiting for CNAME" to "Processing Challenge" and then eventually force the page to reload
  • When the setup is complete the status should change to "Valid" and Cablecast will begin using the newly generated certificate.

Certificate Renewals

There is nothing required for certificate renewels as long as the CNAME created earlier remains in place. Cablecast will manage rotating DNS-01 challenges and generating renewed certificates with Let's Encrypt. Certificate renewal typically happens every 30 to 45 days.