ACME-DNS DNS Authenticator plugin for Certbot
Project description
certbot-dns-acmedns
ACME-DNS DNS Authenticator plugin for Certbot.
This plugin is built from the ground up and follows the development style and life-cycle
of other certbot-dns-* plugins found in the
Official Certbot Repository.
Installation
pip install --upgrade certbot
pip install certbot-dns-acmedns
Verify:
$ certbot plugins --text
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* certbot-dns-acmedns:dns-acmedns
Description: Obtain certificates using a DNS TXT record (if you are using
ACME-DNS for DNS.)
Interfaces: IAuthenticator, IPlugin
Entry point: dns-acmedns = certbot_dns_acmedns.dns_acmedns:Authenticator
...
...
Configuration
The (certbot) credentials file e.g. acmedns-credentials.ini should look like this:
# cat acmedns-credentials.ini
certbot_dns_acmedns:dns_acmedns_api_url = http://acmedns-server/
certbot_dns_acmedns:dns_acmedns_registration_file = /etc/certbot/acme-registration.json
This plugin does not do ACME-DNS registration and you are responsible to make
sure /etc/certbot/acme-registration.json (in the example above) contains
the registration data in the following format:
# cat /etc/certbot/acme-registration.json
{
"something.acme.com": {
"username": "6e14735c-2c6a-447e-b63d-a23ac4438bd7",
"password": "dd6gnYS-IxrQfDLbdPRX3hrFhS_SLrwbS0kSl_i8",
"fulldomain": "3b750a0e-c627-423f-9966-4799c6a9533b.auth.example.org",
"subdomain": "3b750a0e-c627-423f-9966-4799c6a9533b",
"allowfrom": []
}
}
This format is the same as the one used in some other tools, e.g. cert-manager ACME-DNS plugin
Usage
certbot ... \
--authenticator certbot-dns-acmedns:dns-acmedns \
--certbot-dns-acmedns:dns-acmedns-credentials /etc/certbot/acmedns-credentials.ini \
certonly
FAQ
Why such long name for a plugin?
This follows the upstream nomenclature: certbot-dns-<dns-provider>.
Why do I have to use : separator in the name? And why are the configuration file parameters so weird?
This is a limitation of the Certbot interface towards third-party plugins.
For details read the discussions:
- https://github.com/certbot/certbot/issues/6504#issuecomment-473462138
- https://github.com/certbot/certbot/issues/6040
- https://github.com/certbot/certbot/issues/4351
- https://github.com/certbot/certbot/pull/6372
Development
Create a virtualenv, install the plugin (editable mode),
spawn the environment and run the test:
Prepare the support environment:
docker-compose up -d
You can also omit -d if you wish to see backend server logs side-by-side with
the client.
Run certbot client
docker build -t certbot_acmedns_client -f test/Dockerfile test/
docker run -it --rm --network certbot-dns-acmedns_default --dns "10.151.40.100" -v $PWD:/certbot-dns-acmedns certbot_acmedns_client sh -c 'pip3 install -e /certbot-dns-acmedns && /certbot-dns-acmedns/test/e2e_test.sh'
License
Copyright (c) 2020 DT Pan-Net s.r.o
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file certbot-dns-acmedns-0.1.0.tar.gz.
File metadata
- Download URL: certbot-dns-acmedns-0.1.0.tar.gz
- Upload date:
- Size: 6.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/45.2.0 requests-toolbelt/0.9.1 tqdm/4.42.1 CPython/3.5.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fa3b0787a5716a35be7c8773347ef9508757af025755fd00d22a3431c893bb77 |
|
| MD5 | 950c64783800b40ba0ac9ed3f32bb5d0 |
|
| BLAKE2b-256 | 33f072f5595c2a2135488a2c4a7b443cd8e9d928ab24d6ed0c29edf349929ee1 |
