Installing DNS connectors
Installation requirements
To install a DNS connector, the following requirements must be satisfied:
-
An SCM account and MRAO administrator permissions
-
Microsoft Windows Server 2016, 2019, or 2022 (64-bit) and local admin permissions to install the DNS connector
-
Hardware:
-
CPU — 1.4GHz 64-bit or 32-bit (minimum)
-
RAM — 2 GB (minimum)
-
-
Internet access:
-
Outbound network access to
https://cbcc.enterprise.sectigo.com
on TCP port443
-
Outbound network access to
https://dist.sectigo.com
on TCP port443
-
Outbound network access to the appropriate SCM instance on TCP port
443
:-
https://cert-manager.com
-
https://hard.cert-manager.com
-
https://eu.cert-manager.com
-
-
DNS provider requirements
In addition to the general prerequisites, there are additional requirements that must be met depending on which DNS provider you are using.
The following requirements must be met before using a DNS connector with Cloudflare:
-
You have an active Cloudflare account.
-
You have outbound network access to the Cloudflare API endpoint.
-
You have created or obtained a Cloudflare API token provided with at least the following permissions:
-
Zone.Zone:Read
-
Zone.DNS:Edit
For information about Cloudflare API tokens, see Create an API token.
-
The following requirements must be met before using a DNS connector with OVHcloud:
-
You have an active OVHcloud account.
-
You have outbound network access to the OVHcloud API endpoint.
-
You have created or obtained the following OVHcloud API keys:
-
app-key
-
app-secret
-
consumer-key
For information about OVHcloud APIs, see First Steps with the OVHcloud APIs.
-
Add a DNS connector to SCM
-
Navigate to
and click the Add icon. -
In the Add DNS Connector dialog, provide a name to help identify the connector.
-
(Optional) Provide comments with additional details about the connector.
-
Specify the Delegation Mode based on the information in the following table.
Field Description General
When selected, the DNS connector is available for all organizations and departments.
Customized
When selected, the DNS connector is available for only the selected organizations and departments.
-
Click Next.
-
Copy the installation token for use during installation.
If your installation fails, subsequent attempts require the use of a new registration token. -
Click the Windows installation package link.
-
Click Save.
The connector should now be listed on the DNS Connectors page with a status of Pending.
Install a DNS connector
-
(Optional) If required, move the
SectigoDCS.msi
file to the DNS connector machine. -
Right-click
SectigoDCS.msi
and click Install. -
In the setup wizard, click Next.
-
Read the EULA, select I accept the terms in the License Agreement, and click Next.
-
(Optional) Specify an installation location.
If no destination folder is selected, the DNS connector and library will be installed in C:\Program Files\Sectigo Limited\SectigoDCS
. -
Click Next, and paste the connector installation token.
If needed, you can retrieve the installation token from the Edit DNS Connector dialog for your connector. -
Click Next.
-
In the Proxy Settings window, select Direct Internet connection (no proxy), or select Manual proxy configuration and enter your configuration details based on the information provided in the following table.
Field Description Address
The IP address or the DNS name of the proxy server.
Port
The listening port of the proxy server.
Username
The username used to connect to the proxy server.
Password
The password used to connect to the proxy server.
Click Test Connection to confirm your connection. -
Click Install.
-
Click Yes to allow the installation to complete on the server.
-
Click Finish.
The application’s configuration and log files are stored in C:\ProgramData\Sectigo Limited\SectigoDCS
.
The connector should now be listed on the DNS Connectors page with a status of Connected.
-
Open the Windows command prompt.
-
In the command line, navigate to the download location of the installation package.
-
Modify the installation command as needed.
msiexec.exe /i /q SectigoDCS.msi TOKEN= PROXY_TYPE= PROXY_ADDR= PROXY_PORT= PROXY_USER= PROXY_PASSWORD=
Unused options must be removed from the command. The command options are outlined in the following table.
Option Description /i
Initiates installation of the agent through the bootstrap application.
/q
Runs the installation in silent mode so no interaction is required.
TOKEN
The mandatory installation token.
PROXY_TYPE
Indicates whether you are using a proxy server.
-
1
(Yes) -
0
(No)
PROXY_ADDR
The hostname or IP address of your proxy server.
This option is required if you are using a proxy server.
PROXY_PORT
The port number used by your proxy server.
This option is required if you are using a proxy server.
PROXY_USER
The username for accessing the proxy server.
This option is required if your proxy server is configured to use credentials.
PROXY_PASSWORD
The password for accessing the proxy server if configured to use credentials.
This option is required if your proxy server is configured to use credentials.
-
-
Run the modified installation command.
The application’s configuration and log files are stored in C:\ProgramData\Sectigo Limited\SectigoDCS
.
The connector should now be listed on the DNS Connectors page with a status of Connected.
Configure a DNS connector
Once installed, DNS connectors must be configured to connect to your DNS provider. Multiple DNS providers can be connected to a single connector.
-
In a command prompt window, navigate to the DNS connector install location.
-
Add the Cloudflare provider.
sectigo-dcs.exe provider add -type cloudflare -name <yourProviderName> -token "<yourCloudflareToken>"
The command options are outlined in the following table.
Option Description type
The type of DNS provider that is being added.
For Cloudflare, the value must be
cloudflare
.name
The name used to represent the DNS provider in SCM.
token
The authentication token specific to your Cloudflare account. This token is required to authorize the DNS connector to interact with Cloudflare’s API on behalf of your account.
-
Verify the provider is added.
sectigo-dcs.exe debug provider ping -name <yourProviderName>
-
In a command prompt window, navigate to the DNS connector install location.
-
Add the OVHcloud provider.
sectigo-dcs.exe provider add -type ovh -name <yourProviderName> -endpoint <yourOVHendpoint> -app-key "<yourAPIkey>" -app-secret "<yourAppSecret>" -consumer-key "<yourConsumerKey>"
The command options are outlined in the following table.
Option Description type
The type of DNS provider that is being added.
For OVHcloud, the value must be
ovh
.name
The name used to represent the DNS provider in SCM.
endpoint
The OVH region ID indicating where your services are hosted.
Some examples of OVHcloud region IDs include
ovh-eu
,ovh-ca
, andovh-us
.app-key
The Application Key (AK) provided by OVHcloud when you register your application. It is used to identify your application in API requests.
app-secret
The Application Secret (AS) provided by OVHcloud alongside the Application Key. It is a confidential key used in conjunction with the Application Key to authenticate and secure communication with the OVHcloud API.
consumer-key
The Consumer Key (CK) obtained after authenticating your application with OVHcloud’s API using your Application Key and Application Secret. It grants your application permission to make API requests on behalf of a user’s account.
-
Verify the provider is added.
sectigo-dcs.exe debug provider ping -name <yourProviderName>
You can view additional CLI commands with the sectigo-dcs provider help |
Restore a DNS connector
DNS connectors that are offline for over 30 days may lose the ability to connect to SCM. In most cases, this connectivity can be restored by doing the following:
-
Log in to SCM.
-
Navigate to
. -
Select the connector to be restored, and click Restore.
-
Click OK.
-
Save the displayed token, and close the Restore Connector dialog.
-
In a command prompt window, navigate to the DNS connector install location.
-
Restore the connector.
register -token <registration_token> -force
Update a DNS connector
-
Log in to SCM.
-
From the left-hand menu, select About.
-
Click the Download DNS Connector icon.
-
(Optional) If required, move the
SectigoDCS.msi
file to the DNS connector machine. -
Right-click
SectigoDCS.msi
and click Install.The package automatically recognizes that there’s an existing version of the DNS connector and initiates an update instead of a new install.
-
Read the EULA, select I accept the terms in the License Agreement, and click Next.
-
(Optional) Specify an installation location.
-
Click Next, Install, and Close.
Uninstall a DNS connector
-
In Windows, navigate to
. -
Search for Sectigo.
-
Select the Sectigo DNS Connector and click Uninstall.
-
(Optional) Delete the files and logs associated with the DNS connector.
-
Navigate to
C:\ProgramData\Sectigo Limited
. -
Delete the
SectigoDCS
folder.This cannot be undone. Only delete this folder if you want to completely remove all files and logs related to the DNS Connector.
-
-
In SCM, navigate to
. -
Select the connector you want to delete.
-
Click the Delete icon.
-
Click Delete.