yeil DNS Authenticator plugin for Certbot
Project description
certbot-dns-yeil
yeil DNS Authenticator plugin for Certbot.
Authenticates to the yeil public DNS API (https://api.yeil.app/v1/dns)
with a yeil App key (yk_...) sent as a Bearer token, then
adds/removes TXT records to satisfy ACME DNS-01 challenges. Works for any
yeil team with an App that has DNS record-write permission; the certbot
host just needs HTTPS reachability to api.yeil.app.
Wildcard certs require DNS-01, so this plugin (or another DNS
authenticator) is needed for *.example.com.
Full API docs: https://docs.yeil.app/dns.
Installation
pip install certbot-dns-yeil
Configuration
In your yeil team settings, open Apps, create an App, grant it DNS
record-write permission on the zone(s) you'll issue certs for, and
mint a key. Drop the key (yk_...) into a credentials INI:
dns_yeil_api_key = yk_xxxxxxxx_yyyyyyyyyyyyyyyyyyyyyyyy
chmod 600 it.
Migrating from 2.x: the old
dns_yeil_email/dns_yeil_app_passwordlogin was retired with personal app passwords. Replace those two lines with a singledns_yeil_api_key.
Optional override if you're testing against a non-production API base:
dns_yeil_base_url = https://api.staging.example/v1/dns
Usage
certbot certonly \
--authenticator dns-yeil \
--dns-yeil-credentials /etc/letsencrypt/yeil.ini \
-d smtp.yeil.org \
--preferred-challenges dns
For wildcards:
certbot certonly \
--authenticator dns-yeil \
--dns-yeil-credentials /etc/letsencrypt/yeil.ini \
-d yeil.org -d '*.yeil.org'
How it works
The plugin sends the App key as a Bearer token on every request to
https://api.yeil.app/v1/dns. For each requested name it asks the API
which of the App's zones covers the FQDN (GET /zones?suffix_of=<fqdn>),
creates a TXT at _acme-challenge.<rel> (POST /zones/{id}/records),
waits for propagation, and on cleanup deletes the record by id
(DELETE /zones/{id}/records/{recordId}).
Revoking the App key (or disabling the App) in your team settings cuts off access cleanly. The key only carries the DNS permissions you granted the App, so scope it to record-write on just the zones you need.
License
MIT. See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file certbot_dns_yeil-3.1.0.tar.gz.
File metadata
- Download URL: certbot_dns_yeil-3.1.0.tar.gz
- Upload date:
- Size: 5.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cbc36ec2376d7c9efbe931d12bba520ac278f778caac526599fd5f5a8a7c56b1
|
|
| MD5 |
2aeb10d43eb649f7e7a9927083ba4e3c
|
|
| BLAKE2b-256 |
390c78d4934dfc2f3d13075733a25482fb365499fdacaa6823ce22f1410ae963
|
File details
Details for the file certbot_dns_yeil-3.1.0-py3-none-any.whl.
File metadata
- Download URL: certbot_dns_yeil-3.1.0-py3-none-any.whl
- Upload date:
- Size: 6.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d007b76d6df76243107f11c74f56012700674b792ec8ecc0c36eee535b70e9e3
|
|
| MD5 |
df1dffff458e41a22d9e35d1f8bb6632
|
|
| BLAKE2b-256 |
e1878adf23b1f19b278a41323408ab54ddcd6876cb483502e372acab270057bb
|