certbot-dns-wedos 2.4

Wedos DNS Authenticator plugin for Certbot

CertBot DNS plugin

This plugin uses certbot's dns-01 challenge to create and delete TXT records on a Wedos domain server, thanks to the API interface called WAPI provided by Wedos. With this plugin you can make wildcard ssl.

Installation

Prerequirements

For the functionality of this plugin, you will need to install these programs/softwares.

Name	Install	Version
python	Link	>= 3.9.0
pip	Link	>= 24.1
certbot	Link	>= 3.0.0

Note that in theory, even an older version should work, but it has not been tested.

WAPI

You will also need to have WAPI activated for communication between Wedos and the plugin. To activate WAPI, you can read the article from Wedos, available at this link WAPI activation and settings.

CAUTION: Please note that the IP address of the server where Certbot with the plugin will be located must be allowed on WAPI, otherwise it will not work.

The Install

With snap (recommend)

snap install certbot-dns-wedos
sudo snap set certbot trust-plugin-with-root=ok
sudo snap connect certbot:plugin certbot-dns-wedos

---

With pip

sudo pip install certbot-dns-wedos

---

From source

git clone https://github.com/clazzor/certbot-dns-wedos.git
sudo pip install ./certbot-dns-wedos

After installation, the created folders may be deleted.

rm -r certbot-dns-wedos

Setup

Arguments

Name	Required	Description
--dns-wedos-propagation-seconds	❌	Seconds to wait for DNS propagation before verifying DNS record with ACME server.
--dns-wedos-credentials	✅	The complete path to the INI file for credentials containing data for authorization.

The default value of propagation-seconds is 450, if there is a problem with validation, increase the number. The lower limit is 300.

Command example

The basic structure of the command is the same as with all other cerbot plugins, we define which plugin to use, propagation-seconds, credentials file and domains, like this:

certbot certonly \
--authenticator dns-wedos \
--dns-wedos-propagation-seconds 450 \
--dns-wedos-credentials /path/to/the/file.ini \
-d example.com -d *.example.com

Credentials file

Name	Required	Description
dns_wedos_user	✅	The user (email) for WAPI.
dns_wedos_auth	✅	The auth (password) for WAPI.

This is what the credentials file for wedos plugin should look like.

dns_wedos_user=user@example.com
dns_wedos_auth=examplepassword

• Values are written after an equal sign =. For values with spaces, such as hello world, a space can be used.
• For the ini file you should apply permission: chmod 600 file.ini for security reason.

Reloading certificates on services

Usually services like haproxy, nginx, apache and more need to restart to retrieve a new certificate. For this is used the deploy hook.

Errors

If an error occurs, Certbot will display the type of error that has occurred.

• If you get this error "Certbot failed to authenticate some domains (authenticator: dns-wedos)", increase the number in the --dns-wedos-propagation-seconds argument.
• If you encounter an HTTP error related to communication with WAPI, you will receive an HTTP error.
• If it is an error related to communication between the plugin and WAPI, you will receive a return code. Wedos has a list of error codes on their website, which you can access through this link WAPI list of return codes.

Used Modules/Libraries

I just want to mention which modules/libraries this plugin uses for better debugging of errors in the future, in case any occur.

Name	License
certbot	Apache 2.0
datetime	PSF
hashlib	PSF
json	PSF
logging	PSF
pytz	MIT
re	PSF
requests	Apache 2.0
setuptools	MIT
typing	PSF