Skip to main content

yeil DNS Authenticator plugin for Certbot

Project description

certbot-dns-yeil

yeil DNS Authenticator plugin for Certbot.

Authenticates to the yeil public DNS API (https://api.yeil.app/v1/dns) with a yeil App key (yk_...) sent as a Bearer token, then adds/removes TXT records to satisfy ACME DNS-01 challenges. Works for any yeil team with an App that has DNS record-write permission; the certbot host just needs HTTPS reachability to api.yeil.app.

Wildcard certs require DNS-01, so this plugin (or another DNS authenticator) is needed for *.example.com.

Full API docs: https://docs.yeil.app/dns.

Installation

pip install certbot-dns-yeil

Configuration

In your yeil team settings, open Apps, create an App, grant it DNS record-write permission on the zone(s) you'll issue certs for, and mint a key. Drop the key (yk_...) into a credentials INI:

dns_yeil_api_key = yk_xxxxxxxx_yyyyyyyyyyyyyyyyyyyyyyyy

chmod 600 it.

Migrating from 2.x: the old dns_yeil_email / dns_yeil_app_password login was retired with personal app passwords. Replace those two lines with a single dns_yeil_api_key.

Optional override if you're testing against a non-production API base:

dns_yeil_base_url = https://api.staging.example/v1/dns

Usage

certbot certonly \
  --authenticator dns-yeil \
  --dns-yeil-credentials /etc/letsencrypt/yeil.ini \
  -d smtp.yeil.org \
  --preferred-challenges dns

For wildcards:

certbot certonly \
  --authenticator dns-yeil \
  --dns-yeil-credentials /etc/letsencrypt/yeil.ini \
  -d yeil.org -d '*.yeil.org'

How it works

The plugin sends the App key as a Bearer token on every request to https://api.yeil.app/v1/dns. For each requested name it asks the API which of the App's zones covers the FQDN (GET /zones?suffix_of=<fqdn>), creates a TXT at _acme-challenge.<rel> (POST /zones/{id}/records), waits for propagation, and on cleanup deletes the record by id (DELETE /zones/{id}/records/{recordId}).

Revoking the App key (or disabling the App) in your team settings cuts off access cleanly. The key only carries the DNS permissions you granted the App, so scope it to record-write on just the zones you need.

License

MIT. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certbot_dns_yeil-3.1.0.tar.gz (5.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

certbot_dns_yeil-3.1.0-py3-none-any.whl (6.4 kB view details)

Uploaded Python 3

File details

Details for the file certbot_dns_yeil-3.1.0.tar.gz.

File metadata

  • Download URL: certbot_dns_yeil-3.1.0.tar.gz
  • Upload date:
  • Size: 5.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for certbot_dns_yeil-3.1.0.tar.gz
Algorithm Hash digest
SHA256 cbc36ec2376d7c9efbe931d12bba520ac278f778caac526599fd5f5a8a7c56b1
MD5 2aeb10d43eb649f7e7a9927083ba4e3c
BLAKE2b-256 390c78d4934dfc2f3d13075733a25482fb365499fdacaa6823ce22f1410ae963

See more details on using hashes here.

File details

Details for the file certbot_dns_yeil-3.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for certbot_dns_yeil-3.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d007b76d6df76243107f11c74f56012700674b792ec8ecc0c36eee535b70e9e3
MD5 df1dffff458e41a22d9e35d1f8bb6632
BLAKE2b-256 e1878adf23b1f19b278a41323408ab54ddcd6876cb483502e372acab270057bb

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page