Sectigo.com
Shop Enterprise Partners Resources

Installing DNS connectors

Installation requirements

To install a DNS connector, the following requirements must be satisfied:

  • An SCM account and MRAO administrator permissions

  • Microsoft Windows Server 2016, 2019, or 2022 (64-bit) and local admin permissions to install the DNS connector

  • Hardware:

    • CPU — 1.4GHz 64-bit or 32-bit (minimum)

    • RAM — 2 GB (minimum)

  • Internet access:

    • Outbound network access to https://cbcc.enterprise.sectigo.com on TCP port 443

    • Outbound network access to https://dist.sectigo.com on TCP port 443

    • Outbound network access to the appropriate SCM instance on TCP port 443:

      • https://cert-manager.com

      • https://hard.cert-manager.com

      • https://eu.cert-manager.com

DNS provider requirements

In addition to the general prerequisites, there are additional requirements that must be met depending on which DNS provider you are using.

  • Cloudflare

  • OVHcloud

The following requirements must be met before using a DNS connector with Cloudflare:

  • You have an active Cloudflare account.

  • You have outbound network access to the Cloudflare API endpoint.

  • You have created or obtained a Cloudflare API token provided with at least the following permissions:

    • Zone.Zone:Read

    • Zone.DNS:Edit

      For information about Cloudflare API tokens, see Create an API token.

The following requirements must be met before using a DNS connector with OVHcloud:

  • You have an active OVHcloud account.

  • You have outbound network access to the OVHcloud API endpoint.

  • You have created or obtained the following OVHcloud API keys:

Add a DNS connector to SCM

  1. Navigate to Integrations  DNS Connectors and click the Add icon.

    DNS Connector Add icon

  2. In the Add DNS Connector dialog, provide a name to help identify the connector.

  3. (Optional) Provide comments with additional details about the connector.

  4. Specify the Delegation Mode based on the information in the following table.

    Field Description

    General

    When selected, the DNS connector is available for all organizations and departments.

    Customized

    When selected, the DNS connector is available for only the selected organizations and departments.

  5. Click Next.

  6. Copy the installation token for use during installation.

    DNS connector Installation Token
    If your installation fails, subsequent attempts require the use of a new registration token.

  7. Click the Windows installation package link.

  8. Click Save.

The connector should now be listed on the DNS Connectors page with a status of Pending.

Install a DNS connector

  • Windows

  • Windows ( CLI )

  1. (Optional) If required, move the SectigoDCS.msi file to the DNS connector machine.

  2. Right-click SectigoDCS.msi and click Install.

  3. In the setup wizard, click Next.

  4. Read the EULA, select I accept the terms in the License Agreement, and click Next.

  5. (Optional) Specify an installation location.

    If no destination folder is selected, the DNS connector and library will be installed in C:\Program Files\Sectigo Limited\SectigoDCS.

  6. Click Next, and paste the connector installation token.

    If needed, you can retrieve the installation token from the Edit DNS Connector dialog for your connector.

  7. Click Next.

  8. In the Proxy Settings window, select Direct Internet connection (no proxy), or select Manual proxy configuration and enter your configuration details based on the information provided in the following table.

    Field Description

    Address

    The IP address or the DNS name of the proxy server.

    Port

    The listening port of the proxy server.

    Username

    The username used to connect to the proxy server.

    Password

    The password used to connect to the proxy server.
    Click Test Connection to confirm your connection.

  9. Click Install.

  10. Click Yes to allow the installation to complete on the server.

  11. Click Finish.

The application’s configuration and log files are stored in C:\ProgramData\Sectigo Limited\SectigoDCS.

The connector should now be listed on the DNS Connectors page with a status of Connected.

  1. Open the Windows command prompt.

  2. In the command line, navigate to the download location of the installation package.

  3. Modify the installation command as needed.

    msiexec.exe /i /q SectigoDCS.msi TOKEN= PROXY_TYPE= PROXY_ADDR= PROXY_PORT= PROXY_USER= PROXY_PASSWORD=
    Unused options must be removed from the command.

    The command options are outlined in the following table.

    Option Description

    /i

    Initiates installation of the agent through the bootstrap application.

    /q

    Runs the installation in silent mode so no interaction is required.

    TOKEN

    The mandatory installation token.

    PROXY_TYPE

    Indicates whether you are using a proxy server.

    • 1 (Yes)

    • 0 (No)

    PROXY_ADDR

    The hostname or IP address of your proxy server.

    This option is required if you are using a proxy server.

    PROXY_PORT

    The port number used by your proxy server.

    This option is required if you are using a proxy server.

    PROXY_USER

    The username for accessing the proxy server.

    This option is required if your proxy server is configured to use credentials.

    PROXY_PASSWORD

    The password for accessing the proxy server if configured to use credentials.

    This option is required if your proxy server is configured to use credentials.

  4. Run the modified installation command.

The application’s configuration and log files are stored in C:\ProgramData\Sectigo Limited\SectigoDCS.

The connector should now be listed on the DNS Connectors page with a status of Connected.

Configure a DNS connector

Once installed, DNS connectors must be configured to connect to your DNS provider. Multiple DNS providers can be connected to a single connector.

  • Cloudflare

  • OVHcloud

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the Cloudflare provider.

    sectigo-dcs.exe provider add -type cloudflare -name <yourProviderName> -token "<yourCloudflareToken>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Cloudflare, the value must be cloudflare.

    name

    The name used to represent the DNS provider in SCM.

    token

    The authentication token specific to your Cloudflare account. This token is required to authorize the DNS connector to interact with Cloudflare’s API on behalf of your account.

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name <yourProviderName>

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the OVHcloud provider.

    sectigo-dcs.exe provider add -type ovh -name <yourProviderName> -endpoint <yourOVHendpoint> -app-key "<yourAPIkey>" -app-secret "<yourAppSecret>" -consumer-key "<yourConsumerKey>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For OVHcloud, the value must be ovh.

    name

    The name used to represent the DNS provider in SCM.

    endpoint

    The OVH region ID indicating where your services are hosted.

    Some examples of OVHcloud region IDs include ovh-eu, ovh-ca, and ovh-us.

    app-key

    The Application Key (AK) provided by OVHcloud when you register your application. It is used to identify your application in API requests.

    app-secret

    The Application Secret (AS) provided by OVHcloud alongside the Application Key. It is a confidential key used in conjunction with the Application Key to authenticate and secure communication with the OVHcloud API.

    consumer-key

    The Consumer Key (CK) obtained after authenticating your application with OVHcloud’s API using your Application Key and Application Secret. It grants your application permission to make API requests on behalf of a user’s account.

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name <yourProviderName>

You can view additional CLI commands with the help command.

sectigo-dcs provider help

Restore a DNS connector

DNS connectors that are offline for over 30 days may lose the ability to connect to SCM. In most cases, this connectivity can be restored by doing the following:

  1. Log in to SCM.

  2. Navigate to Integrations  DNS Connectors.

  3. Select the connector to be restored, and click Restore.

  4. Click OK.

  5. Save the displayed token, and close the Restore Connector dialog.

  6. In a command prompt window, navigate to the DNS connector install location.

  7. Restore the connector.

    register -token <registration_token> -force

Update a DNS connector

  1. Log in to SCM.

  2. From the left-hand menu, select About.

  3. Click the Download DNS Connector icon.

  4. (Optional) If required, move the SectigoDCS.msi file to the DNS connector machine.

  5. Right-click SectigoDCS.msi and click Install.

    The package automatically recognizes that there’s an existing version of the DNS connector and initiates an update instead of a new install.

  6. Read the EULA, select I accept the terms in the License Agreement, and click Next.

  7. (Optional) Specify an installation location.

  8. Click Next, Install, and Close.

Uninstall a DNS connector

  1. In Windows, navigate to Settings  Apps & features.

  2. Search for Sectigo.

  3. Select the Sectigo DNS Connector and click Uninstall.

  4. (Optional) Delete the files and logs associated with the DNS connector.

    1. Navigate to C:\ProgramData\Sectigo Limited.

    2. Delete the SectigoDCS folder.

      This cannot be undone. Only delete this folder if you want to completely remove all files and logs related to the DNS Connector.

  5. In SCM, navigate to Integrations  DNS Connectors.

  6. Select the connector you want to delete.

  7. Click the Delete icon.

  8. Click Delete.

DNS connector service commands

Command Description

Start

Start a DNS connector:

sc start SectigoDCS

Stop

Stop a DNS connector:

sc stop SectigoDCS

Query

Query the status of a DNS connector:

sc query SectigoDCS