Is it possible to assign SSL to DNS similar to Cloudflare?

I want to use ISPConfig as an authoritative DNS server and was wondering if it supports Let's Encrypt / SSL certificates the way that Cloudflare does, where the website doesn't have to be hosted on the same machine in order to receive the benefits of SSL. My ISPConfig setup is installed on a separate machine than my other websites (which are all isolated as well from one another)

 

I am using Cloudflare and ISPConfig3 server. I enable Let´s Encrypt on Ipsconfig and configure Cloudflare as normal with nothing related to SSL.
Make sure that you have latest version of Ispconfig. Some of the previous has had some issues related to SSL and Let´s Encrypt.

 

When you use acme.sh instead of certbot it is possible, but you should know what you are doing because it is more a hack and not officially supported. The ispc api for dns challenge is built in into acme.sh: https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_ispconfig.sh
Be aware that changing from certbot to acme.sh has some difficulties. I have done it and would suggest a clean new install

 

What are the difficulties?

 

• Find all installations of certbot (I had a package installed and certbot-auto in /opt/eff, which was not even in the PATH variable, so I missed that)
• You have to remove the links in /var/www/domain.com/ssl prior to installing certs with acme.sh
• Then if you restart apache during that time, it will throw an error. Solution would be to first deactivate SSL for all domains
• With the above points, you cannot reactivate all domains at once, because apache won't come up. Instead install letsencypt one ater the other for all domains
• Make sure you do not hit the letsencryt rate limit when getting all certificates at once (50/domain/week). Certificates for subdomains count to the main domain!

If you have only a small bunch of domains there is no problem.