Certbot plugin for obtaining SSL/TLS certificates using Technitium DNS Server DNS-01 challenges
Project description
certbot-dns-technitium
Certbot DNS Authenticator plugin for Technitium DNS Server.
This plugin allows you to use Certbot with the Technitium DNS Server to automatically obtain SSL/TLS certificates from Let's Encrypt using DNS-01 challenges.
Installation
pip install certbot-dns-technitium
Prerequisites
- Certbot installed on your system
- Technitium DNS Server running and accessible
- API token configured in Technitium DNS Server
Configuration
Create a credentials file (e.g., /etc/letsencrypt/technitium.ini) with your Technitium DNS Server API credentials:
dns_technitium_api_url = http://localhost:5380
dns_technitium_api_token = your-api-token-here
Note: The credentials file uses underscores (dns_technitium_api_url) while command-line arguments use hyphens (--dns-technitium-api-url).
Note: You must create the API token in Technitium DNS Server before using this plugin. See the "Getting an API Token" section below.
Security Note: Make sure to set appropriate file permissions on the credentials file:
chmod 600 /etc/letsencrypt/technitium.ini
Usage
Obtaining a Certificate
To obtain a certificate for a domain:
certbot certonly \
--authenticator dns-technitium \
--dns-technitium-credentials /etc/letsencrypt/technitium.ini \
-d example.com \
-d *.example.com
Wildcard Certificates
This plugin supports wildcard certificates:
certbot certonly \
--authenticator dns-technitium \
--dns-technitium-credentials /etc/letsencrypt/technitium.ini \
-d example.com \
-d *.example.com
Automatic Renewal
Certbot will automatically renew certificates before they expire. The plugin will automatically handle DNS record creation and cleanup during renewal.
To test renewal:
certbot renew --dry-run
How It Works
- Certbot initiates a DNS-01 challenge for your domain
- The plugin authenticates with Technitium DNS Server API
- The plugin finds the appropriate DNS zone for your domain
- A TXT record is created at
_acme-challenge.yourdomain.comwith the challenge value - Let's Encrypt verifies the TXT record
- The plugin automatically removes the TXT record after validation
API Configuration
Getting an API Token
- Log in to your Technitium DNS Server web interface
- Navigate to Administration → Sessions → Create Token
- Generate an API token
- Use this token in your credentials file
API URL
- Default:
http://localhost:5380(for local HTTP connections) - For remote servers:
http://your-server-ip:53443orhttps://your-server:53443 - For HTTPS:
https://your-server:53443(recommended for remote servers)
Troubleshooting
Zone Not Found
If you get an error about the zone not being found:
- Ensure the zone exists in Technitium DNS Server
- Verify the zone name matches your domain (e.g., for
example.com, the zone should beexample.com) - Check that your API credentials have permission to manage the zone
Authentication Errors
- Verify your API token is correct
- Check that the API URL is accessible from your system
- Ensure the API is enabled in Technitium DNS Server settings
- Make sure the API token was created in Technitium DNS Server before use
DNS Propagation
The plugin waits 10 seconds by default after creating the TXT record to allow for DNS propagation. You can adjust this using the --dns-technitium-propagation-seconds option. If Let's Encrypt cannot verify the record:
- Check that the TXT record appears in Technitium DNS Server
- Verify DNS propagation (may take a few minutes)
- Ensure your Technitium DNS Server is authoritative for the domain
- Consider increasing the propagation seconds if your DNS has slower propagation times
Repository
- GitHub Repository: https://github.com/pprugger/certbot-dns-technitium
- PyPI Package: https://pypi.org/project/certbot-dns-technitium/
Contributing
Contributions are welcome! Please feel free to submit a Pull Request on GitHub.
License
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
Acknowledgments
- Certbot - The ACME client
- Technitium DNS Server - The DNS server
Support
For issues and questions:
- GitHub Issues: https://github.com/pprugger/certbot-dns-technitium/issues
- Technitium DNS Server Documentation: https://github.com/TechnitiumSoftware/DnsServer
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file certbot_dns_technitium-0.1.1.tar.gz.
File metadata
- Download URL: certbot_dns_technitium-0.1.1.tar.gz
- Upload date:
- Size: 14.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c9708699f9b0fdaef6bf4d99e8a174a32e4297bbf1c2197a5e84704192d11a1d
|
|
| MD5 |
98a89d743a6e01edc293ca30b41c36e7
|
|
| BLAKE2b-256 |
ebb487b309fb524e84afc404fba82db4eeda4c3374d13e3ad54b9c88401ebfd9
|
File details
Details for the file certbot_dns_technitium-0.1.1-py3-none-any.whl.
File metadata
- Download URL: certbot_dns_technitium-0.1.1-py3-none-any.whl
- Upload date:
- Size: 13.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a342a4db1bb66e1ff6c690e7052e0528fcae2141e3d16322a7c5a029df78685e
|
|
| MD5 |
48bb252c7961bd89a78d266d6dafefeb
|
|
| BLAKE2b-256 |
967a19091870a73b8e6b373958a2dd1deb1f1c2e9d7b68b8416c87e5f773812a
|
