Obtain certificates using a DNS TXT record for ISPConfig domains with DDNS module tokens
Project description
certbot-dns-ispconfig-ddns
ISPConfig DNS Authenticator plugin for Certbot using tokens from the ISPConfig DDNS module
This plugin automates the process of completing a dns-01
challenge by
creating, and subsequently removing, TXT records.
Configuration of ISPConfig
In the DNS -> Dynamic DNS -> Tokens
you need to have a token with the following rights:
- Allowed zones: all DNS zones for which you want to create ssl certificates
- Allowed record types:
TXT
- Limit records:
_acme-challenge
If you want to create certificates for subdomains, they must be included in the Limit records:
_acme-challenge,_acme-challenge.subdomain1,_acme-challenge.subdomain2
Installation
pip install certbot-dns-ispconfig-ddns
Usage
Credentials file or cli parameters
You can either use cli parameters to pass authentication information to certbot:
...
--dns-ispconfig-ddns-endpoint <your-ispconfig-url (e.g. https://server.example.com:8080>
--dns-ispconfig-ddns-token <your-ddns-token>
Or to prevent your credentials from showing up in your bash history, you can also create a
credentials-file ispconfig-ddns.ini
(the name does not matter) with the following content:
dns_ispconfig_ddns_endpoint=<your-ispconfig-url (e.g. https://server.example.com:8080>
dns_ispconfig_ddns_token=<your-ddns-token>
And then instead of using the --dns-ispconfig-ddns-*
parameters above, you can use
...
--dns-ispconfig-ddns-credentials </path/to/your/ispconfig-ddns.ini>
You can also mix these usages, though the cli parameters always take precedence over the ini file.
Examples
To acquire a single certificate for both example.com
and *.example.com
:
certbot certonly \
--non-interactive \
--agree-tos \
--email <your-email> \
--preferred-challenges dns \
--authenticator dns-ispconfig-ddns \
--dns-ispconfig-ddns-endpoint <https://server.example.com:8080> \
--dns-ispconfig-ddns-token <your-ddns-token> \
--dns-ispconfig-ddns-propagation-seconds 60 \
-d 'example.com' \
-d '*.example.com'
Docker
In order to create a docker container with a certbot-dns-ispconfig installation,
create an empty directory with the following Dockerfile
:
FROM certbot/certbot
RUN pip install certbot-dns-ispconfig-ddns
Proceed to build the image::
docker build -t certbot/dns-ispconfig-ddns .
Once that's finished, the application can be run as follows::
docker run --rm \
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
-v /etc/letsencrypt:/etc/letsencrypt \
--cap-drop=all \
certbot/dns-ispconfig-ddns certonly \
--non-interactive \
--agree-tos \
--authenticator dns-ispconfig-ddns \
--dns-ispconfig-ddns-propagation-seconds 60 \
--dns-ispconfig-ddns-credentials /etc/letsencrypt/.secrets/domain.tld.ini \
-d example.com -d '*.example.com'
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for certbot_dns_ispconfig_ddns-1.0.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3e8840e05213e84d78bb0e3b2dec018598296bed96f528b4545b10513f998abb |
|
MD5 | 669a7447d0104baec56fbbe3fc3ec799 |
|
BLAKE2b-256 | aa4458bd7394e224ee586d914933c337b462de7e56b0bb03b5cae32b898612fc |
Hashes for certbot_dns_ispconfig_ddns-1.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 26da9be93060aecc1f64be72aa6d228122e8eaa8709a7e7dad1b7a11f200da79 |
|
MD5 | 663127aaebf28b14c609540ad43ebfbd |
|
BLAKE2b-256 | bd7996f64537d59cc76c4206926b70bc73c3b969956c7d81d15bb01094429a9c |