Joker DNS Authenticator plugin for Certbot
Certbot DNS Authenticator plugin for Joker.
For each of your domains hosted using the Joker DNS server that would would like to obtain certificates for you must enable Dynamic DNS for the domain in the Joker web console. Do this by visiting your Joker Dashboard, clicking the "DNS" action for the domain you want to enable Dynamic DNS for, then ensuring that the "Dynamic DNS active" slider is turned on. A dialog should appear with the DynDNS username and password for that domain. These will be used in the credentials file described below.
pip install certbot-dns-joker
To use Joker DNS authentication, pass the following arguments on certbot's command line:
||Select the Joker authenticator plugin. (required)|
||Full path to config file containing domain credentials.|
||Delay between setting DNS TXT record and asking the ACME server to verify it. Default: 120|
If you don't supply the credentials file on the certbot command line you will be prompted for its location.
You need to create a configuration file on your system (for example
/etc/letsencrypt/secrets/DOMAIN.ini) that contains the per-domain secrets
that you obtained when you enabled DynDNS for your domain.
certbot_dns_joker:dns_joker_username = USERNAME certbot_dns_joker:dns_joker_password = PASSWORD certbot_dns_joker:dns_joker_domain = DOMAIN
certbot certonly \ --authenticator certbot-dns-joker:dns-joker \ --certbot-dns-joker:dns-joker-credentials /etc/letsencrypt/secrets/example.com.ini \ -d example.com -d '*.example.com'
Alternate Deployment Methods
This project has a PyPI page at https://pypi.org/project/certbot-dns-joker/.
I have built an RPM for CentOS 8, which is the platform I use. The Makefile
rpm target that builds the RPM, but this has only been tested on
CentOS 8. In addition, the GitHub release contains an SRPM from which is
should be possible to build a new RPM on other RPM-based Linux distributions,
but again I have not tested this.
The Makefile has a
docker-image target to create a certbot docker image with
the certbot-dns-joker plugin installed. In addition if you set the
DOCKER_OTHER_PLUGINS makefile variable to a (space-separated) list of plugins
those plugins will also be installed.
Once the docker image is built you can run it with a command such as the following.
docker run --rm \ -v /var/lib/letsencrypt:/var/lib/letsencrypt \ -v /etc/letsencrypt:/etc/letsencrypt \ -v /var/log/letsencrypt:/var/log/letsencrypt \ --cap-drop=all \ certbot-joker \ certonly \ --authenticator certbot-dns-joker:dns-joker \ --certbot-dns-joker:dns-joker-propagation-seconds 900 \ --certbot-dns-joker:dns-joker-credentials /etc/letsencrypt/secrets/example.com.ini \ --no-self-upgrade \ --keep-until-expiring --non-interactive --expand \ --server https://acme-v02.api.letsencrypt.org/directory \ -d example.com -d '*.example.com'
Then you can run a command such as the following from cron to renew your certificates.
docker run --rm \ -v /var/lib/letsencrypt:/var/lib/letsencrypt \ -v /etc/letsencrypt:/etc/letsencrypt \ -v /var/log/letsencrypt:/var/log/letsencrypt \ --cap-drop=all \ certbot-joker \ renew
Note that plugins that attempt to do operations outside of the container (such as the apache plugin, which wants to run apachectl) will fail.
This plugin is based in large part on Matthias Bilger's certbot-dns-ispconfig plugin and the certbot-dns-dnsimple plugin.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Hashes for certbot_dns_joker-1.1.0-py2.py3-none-any.whl