Skip to main content

ClouDNS DNS Authenticator plugin for Certbot

Project description

The certbot-dns-clounds plugin automates the process of completing a dns-01 challenge (acme.challenges.DNS01) by creating, and subsequently removing, TXT records using the ClouDNS API.

Named Arguments

--dns-cloudns-credentials

ClouDNS credentials INI file. (Required)

--dns-cloudns-propagation-seconds

The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (Default: 60)

--dns-cloudns-nameserver

Nameserver used to resolve CNAME aliases. (See the Challenge Delegation section below.) (Default: System default)

Credentials

Use of this plugin requires a configuration file containing the ClouDNS API credentials.

# Target user ID (see https://www.cloudns.net/api-settings/)
dns_cloudns_auth_id=1234
# Alternatively, one of the following two options can be set:
# dns_cloudns_sub_auth_id=1234
# dns_cloudns_sub_auth_user=foobar

# API password
dns_cloudns_auth_password=password1

The path to this file can be provided interactively or using the --dns-cloudns-credentials command-line argument. Certbot records the path to this file for use during renewal, but does not store the file’s contents.

Certbot will emit a warning if it detects that the credentials file can be accessed by other users on your system. The warning reads “Unsafe permissions on credentials configuration file”, followed by the path to the credentials file. This warning will be emitted each time Certbot uses the credentials file, including for renewal, and cannot be silenced except by addressing the issue (e.g., by using a command like chmod 600 to restrict access to the file).

Challenge Delegation

The dns-cloudns plugin supports delegation of dns-01 challenges to other DNS zones through the use of CNAME records.

As stated in the Let’s Encrypt documentation:

Since Let’s Encrypt follows the DNS standards when looking up TXT records for DNS-01 validation, you can use CNAME records or NS records to delegate answering the challenge to other DNS zones. This can be used to delegate the _acme-challenge subdomain to a validation-specific server or zone. It can also be used if your DNS provider is slow to update, and you want to delegate to a quicker-updating server.

This allows the credentials provided to certbot to be limited to either a sub-zone of the verified domain, or even a completely separate throw-away domain. This idea is further discussed in this article by the Electronic Frontier Foundation.

To resolve CNAME aliases properly, Certbot needs to be able to access a public DNS server. In some setups, especially corporate networks, the challenged domain might be resolved by a local server instead, hiding configured CNAME and TXT records from Certbot. In these cases setting the --dns-cloudns-nameserver option to any public nameserver (e.g. 1.1.1.1) should resolve the issue.

Installation

Install the plugin using pip:

pip install certbot-dns-cloudns

Examples

certbot certonly \
  --authenticator dns-cloudns \
  --dns-cloudns-credentials ~/.secrets/certbot/cloudns.ini \
  -d example.com
certbot certonly \
  --authenticator dns-cloudns \
  --dns-cloudns-credentials ~/.secrets/certbot/cloudns.ini \
  -d example.com \
  -d www.example.com
certbot certonly \
  --authenticator dns-cloudns \
  --dns-cloudns-credentials ~/.secrets/certbot/cloudns.ini \
  --dns-cloudns-propagation-seconds 30 \
  -d example.com

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certbot_dns_cloudns-0.6.0.tar.gz (7.4 kB view details)

Uploaded Source

Built Distribution

certbot_dns_cloudns-0.6.0-py3-none-any.whl (10.9 kB view details)

Uploaded Python 3

File details

Details for the file certbot_dns_cloudns-0.6.0.tar.gz.

File metadata

  • Download URL: certbot_dns_cloudns-0.6.0.tar.gz
  • Upload date:
  • Size: 7.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.7.1 CPython/3.12.1 Darwin/21.6.0

File hashes

Hashes for certbot_dns_cloudns-0.6.0.tar.gz
Algorithm Hash digest
SHA256 82105c9a0baf3f6ddd3cbfd35532214912c11c00cdcec14ae09b03b8a739cc50
MD5 2e091429a787dac51a9b220446c59a15
BLAKE2b-256 38ad6438916bac6249971e1acdc6ebd28e6711da7fd26e11266c47022647a3d4

See more details on using hashes here.

File details

Details for the file certbot_dns_cloudns-0.6.0-py3-none-any.whl.

File metadata

File hashes

Hashes for certbot_dns_cloudns-0.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e1ac50d10b758a3eea018e2b95362e1f7d4978d6f313c3f360dce73862067c23
MD5 402881adc0e87fe685155d0f4e5d9180
BLAKE2b-256 583cf2dbf3b729b565bb9931d1d4d924cdd5b14fdf6f0be0552a32818b7013a9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page