Tencent Cloud DNS Authenticator plugin for Certbot
Project description
certbot-dns-tencentcloud
This package provides a Certbot authenticator plugin that can complete the DNS-01 challenge using the Tencent Cloud API.
Installation
Only Tested on python 3.8, should work on python 3.7 too.
- no plan to support python2
- dataclasses is used, so python 3.6 and down will not work. However you can try installing
dataclasses
from pypi.
Use pip to install this package:
sudo pip3 install certbot-dns-tencentcloud
Verify the installation with Certbot:
sudo certbot plugins
You should see certbot-dns-tencentcloud:dns-tencentcloud
in the output.
Usage
To use this plugin, set the authenticator to certbot-dns-tencentcloud:dns-tencentcloud
via the -a
or --authenticator
flag.
You may also set this using Certbot's configuration file (defaults to /etc/letsencrypt/cli.ini
).
You will also need to provide a credentials file with your Tencent Cloud API key id and secret, like the following:
certbot_dns_tencentcloud:dns_tencentcloud_secret_id = TENCENT_CLOUD_SECRET_ID
certbot_dns_tencentcloud:dns_tencentcloud_secret_key = TENCENT_CLOUD_SECRET_KEY
The path to this file can be provided interactively or via the --certbot-dns-tencentcloud:dns-tencentcloud-credentials
argument.
CAUTION: Protect your API key as you would the password to your account. Anyone with access to this file can make API calls on your behalf. Be sure to read the security tips below.
Arguments
--certbot-dns-tencentcloud:dns-tencentcloud-credentials
path to Tencent Cloud credentials INI file (Required)--certbot-dns-tencentcloud:dns-tencentcloud-propagation-seconds
seconds to wait before verifying the DNS record (Default: 10)
NOTE: Due to a limitation in Certbot, these arguments cannot be set via Certbot's configuration file.
Example
certbot certonly \
-a certbot-dns-tencentcloud:dns-tencentcloud \
--certbot-dns-tencentcloud:dns-tencentcloud-credentials ~/.secrets/certbot/tencentcloud.ini \
-d example.com
Security Tips
Restrict access of your credentials file to the owner.
You can do this using chmod 600
.
Certbot will emit a warning if the credentials file
can be accessed by other users on your system.
Use a separate key from your account's primary API key. Make a separate user under your account, and limit its access to only allow DNS access and the IP address of the machine(s) that will be using it.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for certbot-dns-tencentcloud-1.0.4.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5a8bba56722db75b3239214b5fba205572aa9bdc271edfbdef0be148e639999f |
|
MD5 | b0614db95c193742a191cecd20fe3bc3 |
|
BLAKE2b-256 | 3c09d3853a013facee86bb41f15851bbc7f5e6d90af7500e632857dd43e0c45d |
Hashes for certbot_dns_tencentcloud-1.0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a74724064a50105d873828b5c64857ad3908d64b7fa6b4f986f9ff5b953e3d1c |
|
MD5 | 46e4c24afd4df2fb9a757a79e9f1913a |
|
BLAKE2b-256 | 93995bb887a388823790addd09241c2e786b784775883d58bd35f925e0652eb7 |