win-acme (wacs) を使って value domain で Let's Encrypt の証明書発行・更新の DNS 検証を自動化するスクリプト

準備

DNS 設定をバックアップ

【重要】
VDAPI の DNS 設定の変更は全件上書きなので、万一に備えて DNS 設定をバックアップしてください。

python3 が使えるように準備する

venv 環境作成

git clone https://github.com/suisui/vd-update-dns-txt
cd vd-update-dns-txt
python3 -m venv .venv
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt

設定ファイル作成

vdapi の　api_key を作成しておく。

app-config.ini ファイルを作成

app-config.ini

[valudomain]
  api_key=***********************

フォルダ作成

.sh

mkdir certs

wacs-sample.ps1 を参考に wacs を呼び出す

• ドメイン名（--host）
• メールアドレス（--emailaddress）

を変更する

ドメイン名は、*.example.com のようにするとワイルドカードになり、複数指定する場合はカンマ(,)で区切る

実行イメージ

> PS .\wacs-call.ps1
 Error creating event logger: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security, State.

 A simple Windows ACMEv2 client (WACS)
 Software version 2.2.9.1701 (release, pluggable, standalone, 64-bit)
 Connecting to https://acme-v02.api.letsencrypt.org/...
 Connection OK!
 Running without administrator credentials, some options disabled
 Scheduled task not configured yet
 Please report issues at https://github.com/win-acme/win-acme
 Running in mode: Unattended
 Source generated using plugin Manual: *.example.com

 Plugin Manual generated source *.example.com with 1 identifiers
 Plugin Single created 1 order
 [*.example.com] Authorizing...
 [*.example.com] Authorizing using dns-01 validation (DnsScript)
 Script .\vd-dns.ps1 starting with parameters  "app-config.ini" "example.com" "_acme-challenge.example.com" "************************"
 Script finished
 [*.example.com] Record ************************ successfully created
 [*.example.com] Preliminary validation succeeded
 [*.example.com] Authorization result: valid
 No delete script configured, validation record remains
 [*.example.com] Record ************************ deleted
 Downloading certificate [Manual] *.example.com
 Store with PemFiles...
 Exporting .pem files to .\certs
 Adding Task Scheduler entry with the following settings
 - Name win-acme renew (acme-v02.api.letsencrypt.org)
 - Path c:\tools\win-acme
 - Command wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/"
 - Start at 09:00:00
 - Random delay 04:00:00
 - Time limit 02:00:00
 Unable to register scheduled task, please run as administrator or equivalent
 Adding renewal for [Manual] *.example.com
 Next renewal due after 2026/1/12
 Certificate [Manual] *.example.com created