2025-10-07 19:48:00
A few weeks ago I set up a locally hosted Mailcow instance, with proper TLS certificates from Let's Encrypt. Good stuff.
At the time I'd put off automating certificate renewal, because I wasn't ready to deal with my DNS provider's API yet. Turns out that TransIP is dead simple to use with the official Acme.sh solution!
There's a ready-to-run implementation of Acme.sh for TransIP DNS. Here's the documentation for it.
All you need is to follow TransIP's documentation of opening up and securing the API for your account.
The script I'd showed before only needs a tiny adjustment to work:
#!/bin/bash
#
# Documentation:
# https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_transip
if [[ ($# -gt 0) && ($1 == "--force") ]]
then
Force="--force"
else
Force=""
fi
export TRANSIP_Username="break524"
export TRANSIP_Key_File="./api.pem"
acme.sh --set-default-ca --server https://acme-v02.api.letsencrypt.org/directory
acme.sh --issue --dns dns_transip --dnssleep 300 -d mail.${Domain} ${Force}
acme.sh --install-cert -d mail.broehaha.nl \
--cert-file data/assets/ssl/nochain.pem \
--key-file data/assets/ssl/key.pem \
--fullchain-file data/assets/ssl/cert.pem
kilala.nl tags: work, sysadmin,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.