Obtain certificates using a DNS TXT record for DuckDNS domains
Project description
Certbot DNS DuckDNS Plugin
Plugin for certbot for a DNS-01 challenge with a DuckDNS domain.
Table of Contents
About
certbot_dn_duckdns is a plugin for certbot to create the DNS-01 challenge for a DuckDNS domain. The plugin takes care of setting and deleting the TXT entry via the DuckDNS API.
Installation
Prerequirements
If you want to use the docker image, then you don't need any requirements other than a working docker installation and can proceed directly to the usage
If you prefer the local installation, then you need at least version 3.6 of Python installed. If you want to install this plugin with pip, then you also need pip3 installed.
If you already have certbot installed, make sure you have at least version 1.7.0 installed.
You can check what version of certbot is installed with this command:
certbot --version
If you don't have certbot installed yet, then the PyPI version of certbot will be installed automatically during the installation.
Note: If you want to run certbot with root privileges, then you need to install the plugin with root privileges too. Otherwise certbot cannot find the plugin.
With pip (recommend)
Use the following command to install certbot_dns_duckdns with pip:
pip install certbot_dns_duckdns
You can also very easily update to a newer version:
pip install certbot_dns_duckdns -U
From source
git clone https://github.com/infinityofspace/certbot_dns_duckdns
cd certbot_dns_duckdns
pip install .
Usage
Local installation usage
To check if the plugin is installed correctly and detected properly by certbot, you can use the following command:
certbot plugins
Below are some examples of how to use the plugin:
Generate a certificate for a DNS-01 challenge of the domain "example.duckdns.org":
certbot certonly \
--non-interactive \
--agree-tos \
--email <your-email> \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "example.duckdns.org"
Generate a wildcard certificate for a DNS-01 challenge of all subdomains "*.example.duckdns.org":
certbot certonly \
--non-interactive \
--agree-tos \
--email <your-email> \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "*.example.duckdns.org"
Generate a certificate for a DNS-01 challenge of the domain "example.duckdns.org" without an account (i.e. without an email address):
certbot certonly \
--non-interactive \
--agree-tos \
--register-unsafely-without-email \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "example.duckdns.org"
Generate a staging certificate (i.e. temporary testing certificate) for a DNS-01 challenge of the domain " example.duckdns.org":
certbot certonly \
--non-interactive \
--agree-tos \
--email <your-email> \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "example.duckdns.org" \
--staging
You can find al list of all available certbot cli options in the official documentation of certbot.
Docker usage
You can simply start a new container to obtain a new certificate:
docker run \
-e EMAIL="<your-email>" \
-e DOMAIN="<your-full-duckdns-domain>" \
-e DUCKDNS_TOKEN="<your-duckdns-token>" \
-v mycerts:/etc/letsencrypt \
infinityofspace/certbot_dns_duckdns:latest
You will find the certificate after a moment in the folder "mycerts" on your host system in the current execution directory.
You can also let the certificate renew automatically:
docker run \
-e EMAIL="<your-email>" \
-e DOMAIN="<your-full-duckdns-domain>" \
-e DUCKDNS_TOKEN="<your-duckdns-token>" \
-e AUTORENEW=true \
-v mycerts:/etc/letsencrypt \
infinityofspace/certbot_dns_duckdns:latest
You can find an example docker compose file here.
There are the following environment variables:
environment variable | description | required |
---|---|---|
DOMAIN | The DuckDNS domain for which you want to get the certificate | yes |
DUCKDNS_TOKEN | Your DuckDNS API Token | yes |
Your email address with which the Letsencrypt account should be created. If it is not specified, then no account will be created. |
no | |
STAGING | Use the staging environment of Letsencrypt. Default value is false | no |
AUTORENEW | Renew the certificate automatically. Default value is false | no |
RECREATE | Delete all previous certificate data data. Default value is false | no |
ADDITIONAL_CERTBOT_ARGS | A string with additional certbot arguments. For example: "--deploy-hook ./hooks/my_cert_hook.sh" |
no |
FAQ
You can the FAQ in the wiki.
Third party notices
All modules used by this project are listed below:
Name | License |
---|---|
certbot | Apache 2.0 |
requests | Apache 2.0 |
zope.interface | ZPL-2.1 |
setuptools | MIT |
Furthermore, this readme file contains embeddings of Shields.io.
License
MIT - Copyright (c) 2021 Marvin Heptner
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for certbot_dns_duckdns-0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ab668b20551db9d4fee526337ce0c10cbe2a3ff1162c1440accbe59ee9cc9643 |
|
MD5 | f4cfc9bfcf0b4c400d7bbd96d8d6157d |
|
BLAKE2b-256 | 17c9555b09d480607346717258a4ed00d01530b6453729111111a201d7538474 |