Certbot plugin for authentication using Gandi LiveDNS
Project description
Certbot plugin for authentication using Gandi LiveDNS
This is a plugin for Certbot that uses the Gandi LiveDNS API to allow Gandi customers to prove control of a domain name.
Usage
-
Obtain a Gandi API token (see Gandi LiveDNS API)
-
Install the plugin using
pip install certbot-plugin-gandi -
Create a
gandi.iniconfig file with the following contents and applychmod 600 gandi.inion it:# live dns v5 api key dns_gandi_api_key=APIKEY # optional organization id, remove it if not used dns_gandi_sharing_id=SHARINGIDReplace
APIKEYwith your Gandi API key and ensure permissions are set to disallow access to other users. -
Run
certbotand direct it to use the plugin for authentication and to use the config file previously created:certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini -d domain.comAdd additional options as required to specify an installation plugin etc.
Please note that this solution is usually not relevant if you're using Gandi's web hosting services as Gandi offers free automated certificates for all simplehosting plans having SSL in the admin interface. Huge thanks to Michael Porter for its original work !
Be aware that the plugin configuration must be provided by CLI, configuration for third-party plugins in cli.ini is not supported by certbot for the moment. Please refer to #4351, #6504 and #7681 for details.
Distribution
- PyPI: https://pypi.org/project/certbot-plugin-gandi/
- Archlinux: https://aur.archlinux.org/packages/certbot-dns-gandi-git/
Wildcard certificates
This plugin is particularly useful when you need to obtain a wildcard certificate using dns challenges:
certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini -d domain.com -d \*.domain.com --server https://acme-v02.api.letsencrypt.org/directory
Automatic renewal
You can setup automatic renewal using crontab with the following job for weekly renewal attempts:
0 0 * * 0 certbot renew -q --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini --server https://acme-v02.api.letsencrypt.org/directory
FAQ
I have a warning telling me
Plugin legacy name certbot-plugin-gandi:dns may be removed in a future version. Please use dns instead.
Certbot had moved to remove 3rd party plugins prefixes. Please use --authenticator dns-gandi --dns-gandi-credentials. See certbot/8131 and certbot-plugin-gandi/23 for details. Please make sure to update the configuration file to the new format.
Why do you keep this plugin a third-party plugin ? Just merge it with certbot ?
This Gandi plugin is a third party plugin mainly because this plugin is not officially backed by Gandi and because Certbot does not accept new plugin submissions.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size | File type | Python version | Upload date | Hashes |
|---|---|---|---|---|
| Filename, size certbot_plugin_gandi-1.3.2-py3-none-any.whl (6.6 kB) | File type Wheel | Python version py3 | Upload date | Hashes View |
| Filename, size certbot-plugin-gandi-1.3.2.tar.gz (4.9 kB) | File type Source | Python version None | Upload date | Hashes View |
Hashes for certbot_plugin_gandi-1.3.2-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b3c86fb9715c05e48b75d439c48b3ee710637d0442e809f72c6ae8eede7b98f1 |
|
| MD5 | 9291ace8821fe2b9f2f79178e469aedb |
|
| BLAKE2-256 | 8ece626ae4fb24e793ce987be6c08fd3ad2a37da6b921d0d59c08308018ee68a |
Hashes for certbot-plugin-gandi-1.3.2.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2b6d191fb9be0db8a7657b8028b7690d2ce56cb939c9eda20b9080bff6742b9b |
|
| MD5 | 92253d2924ad098e5747131fb2ecf6bc |
|
| BLAKE2-256 | 04b2649072265cfde0dd5cac597d0a76a1634cea82169329da0527a23e4e4a78 |