CDmon DNS Authenticator plugin for Certbot
Project description
Certbot DNS CDmon Plugin 
Table of Contents
- Overview
- Requirements
- Installation
- Configuration
- Usage
- Troubleshooting
- Development
- Contributing
- License
Overview
DNS authentication plugin for Certbot that uses the CDmon API to handle dns-01 challenges, specifically designed for wildcard certificate management.
Key features:
- Automated TXT record management via CDmon API (api-domains.cdmon.services)
- Support for multiple domain validation
- Integration with Certbot's renewal workflow
- Default TTL of 60 seconds for DNS records
- Default propagation delay of 90 seconds
Requirements
Core Dependencies
- Certbot: ≥1.1.0 (verified with 3.3.0+)
- Python: 3.6+
- Requests: Required for API communication
- OS: Linux (Debian/Ubuntu/CentOS), macOS 10.15+
- See requirements.txt for full package dependencies
Service Requirements
- CDmon account with API access
- API key with DNS record management permissions
Installation
Package Installation
pip install certbot-dns-cdmon
From Source
git clone https://github.com/rascazzione/certbot-dns-cdmon.git
cd certbot-dns-cdmon
pip install -e .
Security Note: For production deployments:
- Use environment variables for credential management
- Implement secret vault integration
- Rotate API keys regularly
Configuration
1. API Key Setup
- Log in to your CDmon control panel
- Navigate to API/Developer settings
- Generate API key with DNS record management permissions
2. Credential Management
Create credentials file in one of these locations:
- System-wide:
/etc/letsencrypt/cdmon-credentials.ini - User-specific:
$HOME/.config/certbot/cdmon-credentials.ini
Example configuration:
# CDmon API credentials
dns_cdmon_api_key = your_api_key_here
dns_cdmon_domain = your_domain_here # Optional: Only needed if you want to override automatic domain detection
Security best practices:
chmod 600 /path/to/credentials.ini
Usage
Basic Certificate Request
certbot certonly \\
--authenticator dns-cdmon \\
--dns-cdmon-credentials /path/to/credentials.ini \\
--dns-cdmon-propagation-seconds 180 \\
-d example.com \\
-d *.example.com
Virtual Environment Setup
# Using venv
python -m venv venv
source venv/bin/activate
pip install -e .
# Using Conda
conda create -n certbot-env python=3.8
conda activate certbot-env
pip install -e .
Non-root User Setup
certbot certonly \\
--authenticator dns-cdmon \\
--dns-cdmon-credentials ~/certbot/credentials.ini \\
--dns-cdmon-propagation-seconds 90 \\
-d example.com \\
-d *.example.com \\
--config-dir ~/certbot/config \\
--work-dir ~/certbot/work \\
--logs-dir ~/certbot/logs
Automatic Renewal
Certbot will remember the plugin used. The renewal will be automatic without needing to reconfigure the plugin.
Troubleshooting
Common Issues
1. Permission Errors
- Solution A: Use sudo with full path to certbot:
sudo /path/to/certbot certonly [options...]
- Solution B: Specify writable directories:
certbot certonly \\ --config-dir ~/certbot/config \\ --work-dir ~/certbot/work \\ --logs-dir ~/certbot/logs
2. API Authentication Errors
- Verify API key has DNS management permissions
- Check credentials file format:
dns_cdmon_api_key = your_api_key dns_cdmon_domain = yourdomain.com # Optional
3. Propagation Issues
- Increase propagation seconds (default: 90)
- Verify DNS propagation using tools like WhatsMyDNS
4. API Response Codes
- 200: Success
- 401: Invalid API key
- 404: Domain not found
- 500: Server error
Development
Authentication Flow
graph TD
A[Certbot DNS Challenge] --> B[CDmon Plugin]
B --> C{API Credentials}
C -->|Valid| D[Create/Update TXT Record]
C -->|Invalid| E[Error: Authentication Failed]
D --> F[Wait Propagation]
F --> G[Verify DNS]
G -->|Success| H[Cleanup TXT Record]
G -->|Failure| I[Error: Verification Failed]
Setup
git clone https://github.com/rascazzione/certbot-dns-cdmon.git
cd certbot-dns-cdmon
python -m venv venv
source venv/bin/activate
pip install -e .
Testing
python -m unittest discover
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Contributions are welcome. Please open an issue or pull request on GitHub.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file certbot_dns_cdmon-0.4.1.tar.gz.
File metadata
- Download URL: certbot_dns_cdmon-0.4.1.tar.gz
- Upload date:
- Size: 7.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d28579b8194a32e0a906d6bb794fffd1e2b23aeaa9859aa928dc397a3bf806d0
|
|
| MD5 |
3a7d204cc53eefdcb030aa3864788ab1
|
|
| BLAKE2b-256 |
c33edd5e92f1d93fcaadb0a7539b10f530ff9297123119a85e98415f9d3935e1
|
File details
Details for the file certbot_dns_cdmon-0.4.1-py3-none-any.whl.
File metadata
- Download URL: certbot_dns_cdmon-0.4.1-py3-none-any.whl
- Upload date:
- Size: 6.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2e71d021f1c69741fdc16162d4478c94f6444ea4ce2af21f0a27bd500d716634
|
|
| MD5 |
222ea9d25f5b0279a2f688f356817ba4
|
|
| BLAKE2b-256 |
1e564ed9c77198a694d8b95b007fc31ea0cd89e328ca1d200d6b97aa3f952321
|
