Generate DigitalOcean API token for ACME challenge

Choose any supported DNS provider

All examples in this book use DigitalOcean as the DNS provider. You may choose any DNS service that provides a programmatic API supported by go-acme LEGO.

Sign up for a DigitalOcean account (using this referral link helps support this site), and follow along to create the required API token.

DNS is also a part of the TLS certificate request process with Let’s Encrypt (via ACME DNS-01 challenge). Traefik interacts with Let’s Encrypt on your behalf, automatically requesting TLS certificates to be created for your services. To allow this, you will need to procure a DigitalOcean Personal Access Token, which grants programatic control of your DigitalOcean account’s DNS settings:

Login to the DigitalOcean console.
Click on API in the left hand menu, near the bottom of the list.
On the Tokens tab, click Generate New Token.
Enter a descriptive name indicating the owner of the token (e.g., a subdomain), and its purpose (e.g., ACME): pi.example.com ACME.
Set the expiration period you want to use. Use No expire if you just want to set it and forget it, otherwise you will need to update the token periodically.
Select Custom Scopes so you can choose the fine-grained permissions.
The only permission that needs to be selected is domain.
Click Generate Token.
Copy the generated token to a temporary buffer/notepad. You will need to reference this token in the next section, when it asks for the DO_AUTH_TOKEN variable.

You will also need to generate an API token for the sentry droplet.

Create the second token named sentry.example.com ACME or similar.
Set a Custom scope = domain.
Copy this token to the same temporary buffer/notepad as before, you’ll need it when setting up the sentry droplet.

Tip

You could reuse the same API token on both Pi and sentry, but its reccomended to create a unique token for each host.

Next steps

Set up Rasbperry Pi.
Set up sentry Droplet.
Configure WireGuard VPN.
Set up public SSH.
Install core services
Install apps.