Skip to main content

ClouDNS DNS Authenticator plugin for Certbot

Project description

The certbot-dns-clounds plugin automates the process of completing a dns-01 challenge (acme.challenges.DNS01) by creating, and subsequently removing, TXT records using the ClouDNS API.

Named Arguments

--dns-cloudns-credentials

ClouDNS credentials INI file. (Required)

--dns-cloudns-propagation-seconds

The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (Default: 60)

--dns-cloudns-nameserver

Nameserver used to resolve CNAME aliases. (See the Challenge Delegation section below.) (Default: System default)

Credentials

Use of this plugin requires a configuration file containing the ClouDNS API credentials.

# Target user ID (see https://www.cloudns.net/api-settings/)
dns_cloudns_auth_id=1234
# Alternatively, one of the following two options can be set:
# dns_cloudns_sub_auth_id=1234
# dns_cloudns_sub_auth_user=foobar

# API password
dns_cloudns_auth_password=password1

The path to this file can be provided interactively or using the --dns-cloudns-credentials command-line argument. Certbot records the path to this file for use during renewal, but does not store the file’s contents.

Certbot will emit a warning if it detects that the credentials file can be accessed by other users on your system. The warning reads “Unsafe permissions on credentials configuration file”, followed by the path to the credentials file. This warning will be emitted each time Certbot uses the credentials file, including for renewal, and cannot be silenced except by addressing the issue (e.g., by using a command like chmod 600 to restrict access to the file).

Challenge Delegation

The dns-cloudns plugin supports delegation of dns-01 challenges to other DNS zones through the use of CNAME records.

As stated in the Let’s Encrypt documentation:

Since Let’s Encrypt follows the DNS standards when looking up TXT records for DNS-01 validation, you can use CNAME records or NS records to delegate answering the challenge to other DNS zones. This can be used to delegate the _acme-challenge subdomain to a validation-specific server or zone. It can also be used if your DNS provider is slow to update, and you want to delegate to a quicker-updating server.

This allows the credentials provided to certbot to be limited to either a sub-zone of the verified domain, or even a completely separate throw-away domain. This idea is further discussed in this article by the Electronic Frontier Foundation.

To resolve CNAME aliases properly, Certbot needs to be able to access a public DNS server. In some setups, especially corporate networks, the challenged domain might be resolved by a local server instead, hiding configured CNAME and TXT records from Certbot. In these cases setting the --dns-cloudns-nameserver option to any public nameserver (e.g. 1.1.1.1) should resolve the issue.

Installation

Install the plugin using pip:

pip install certbot-dns-cloudns

Examples

certbot certonly \
  --authenticator dns-cloudns \
  --dns-cloudns-credentials ~/.secrets/certbot/cloudns.ini \
  -d example.com
certbot certonly \
  --authenticator dns-cloudns \
  --dns-cloudns-credentials ~/.secrets/certbot/cloudns.ini \
  -d example.com \
  -d www.example.com
certbot certonly \
  --authenticator dns-cloudns \
  --dns-cloudns-credentials ~/.secrets/certbot/cloudns.ini \
  --dns-cloudns-propagation-seconds 30 \
  -d example.com

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certbot_dns_cloudns-0.5.0.tar.gz (7.4 kB view details)

Uploaded Source

Built Distribution

certbot_dns_cloudns-0.5.0-py3-none-any.whl (10.9 kB view details)

Uploaded Python 3

File details

Details for the file certbot_dns_cloudns-0.5.0.tar.gz.

File metadata

  • Download URL: certbot_dns_cloudns-0.5.0.tar.gz
  • Upload date:
  • Size: 7.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.5.1 CPython/3.11.4 Darwin/21.6.0

File hashes

Hashes for certbot_dns_cloudns-0.5.0.tar.gz
Algorithm Hash digest
SHA256 a51db7afc3507611d2da8cc96e87f4eb9faf9f7305cf116911b32cf2caa85502
MD5 457b0cb12374526caed0f1f0ef074517
BLAKE2b-256 8ecbf4c2cc390fdeb06f2571361856b270381e6b3d531a97d7d17051a6eb64c7

See more details on using hashes here.

File details

Details for the file certbot_dns_cloudns-0.5.0-py3-none-any.whl.

File metadata

File hashes

Hashes for certbot_dns_cloudns-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8bab6d1a2fa0f5c168a43708dfe89a093d2508cfc192c0fd279b7a5831928bc5
MD5 48109017b8317da498272128e201e27a
BLAKE2b-256 de593ed38c815b98ba627ce6af5ee587df0d7885b19daf0930d1f84e6fac1d27

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page