Skip to main content

Certbot plugin for authentication using Gandi LiveDNS

Project description

Certbot plugin for authentication using Gandi LiveDNS

[!CAUTION] This plugin is now deprecated and has been repackaged into a new name certbot-dns-plugin to follow the common naming convention for dns plugins. The new plugin has been added as a dependency of this one for smooth transition.

Usage

/!\ Certbot 1.7.0 imposed breaking changes on this plugin, make sure to remove any prefix-based configuration

  1. Obtain a Gandi API token (see Gandi LiveDNS API)

  2. Install the plugin using pip install certbot-plugin-gandi

  3. Create a gandi.ini config file with the following contents and apply chmod 600 gandi.ini on it:

    # Gandi personal access token
    dns_gandi_token=PERSONAL_ACCESS_TOKEN
    

    Replace PERSONAL_ACCESS_TOKEN with your Gandi personal access token and ensure permissions are set to disallow access to other users. You can also use a Gandi LiveDNS API Key instead, see FAQ below.

  4. Run certbot and direct it to use the plugin for authentication and to use the config file previously created:

    certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini -d domain.com
    

    Add additional options as required to specify an installation plugin etc.

Please note that this solution is usually not relevant if you're using Gandi's web hosting services as Gandi offers free automated certificates for all simplehosting plans having SSL in the admin interface.

Be aware that the plugin configuration must be provided by CLI, configuration for third-party plugins in cli.ini is not supported by certbot for the moment. Please refer to #4351, #6504 and #7681 for details.

Distribution

PyPI is the upstream distribution channel, other channels are not maintained by me.

Latests builds are also available on Launchpad: https://launchpad.net/ubuntu/+source/python-certbot-dns-gandi

Be careful, installing this plugin with PyPI will also install certbot via PyPI which may conflict with any other certbot already installed on your system.

Wildcard certificates

This plugin is particularly useful when you need to obtain a wildcard certificate using dns challenges:

certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini -d domain.com -d \*.domain.com --server https://acme-v02.api.letsencrypt.org/directory

Automatic renewal

You can setup automatic renewal using crontab with the following job for weekly renewal attempts:

0 0 * * 0 certbot renew -q --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini --server https://acme-v02.api.letsencrypt.org/directory

Reading material

FAQ

I don't have a personal access token, only a Gandi LiveDNS API Key

Use the following configuration in your gandi.ini file instead:

# live dns v5 api key
dns_gandi_api_key=APIKEY

# optional organization id, remove it if not used
dns_gandi_sharing_id=SHARINGID

Replace APIKEY with your Gandi API key and ensure permissions are set to disallow access to other users.

I have a warning telling me Plugin legacy name certbot-plugin-gandi:dns may be removed in a future version. Please use dns instead.

Certbot had moved to remove 3rd party plugins prefixes since v1.7.0. Please switch to the new configuration format and remove any used prefix-based configuration. For the time being, you can still use prefixes, but if you do so and keep using prefix-based cli arguments, stay consistent and use prefix-based configuration in the ini file.

New post-prefix configuration for certbot>=1.7.0

  • --authenticator dns-gandi --dns-gandi-credentials
  • gandi.ini
# live dns v5 api key
dns_gandi_api_key=APIKEY

# optional organization id, remove it if not used
# if you use certbot<1.7.0 please use certbot_plugin_gandi:dns_sharing_id=SHARINGID
dns_gandi_sharing_id=SHARINGID

Legacy prefix-based configuration for certbot<1.7.0

  • -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials
  • gandi.ini
 # live dns v5 api key
certbot_plugin_gandi:dns_api_key=APIKEY

# optional organization id, remove it if not used
certbot_plugin_gandi:dns_sharing_id=SHARINGID

See certbot/8131 and certbot-plugin-gandi/23 for details. Please make sure to update the configuration file to the new format.

I get a Property "certbot_plugin_gandi:dns_api_key" not found (should be API key for Gandi account).. Skipping.

See above.

Why do you keep this plugin a third-party plugin ? Just merge it with certbot ?

This Gandi plugin is a third party plugin mainly because this plugin is not officially backed by Gandi and because Certbot does not accept new plugin submissions.

no_submission

Credits

Huge thanks to Michael Porter for its original work !

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certbot_plugin_gandi-1.5.2.tar.gz (7.2 kB view details)

Uploaded Source

Built Distribution

certbot_plugin_gandi-1.5.2-py3-none-any.whl (7.6 kB view details)

Uploaded Python 3

File details

Details for the file certbot_plugin_gandi-1.5.2.tar.gz.

File metadata

  • Download URL: certbot_plugin_gandi-1.5.2.tar.gz
  • Upload date:
  • Size: 7.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.2

File hashes

Hashes for certbot_plugin_gandi-1.5.2.tar.gz
Algorithm Hash digest
SHA256 e826dbfed1330ea4f01830bdfcce7b54f40e74d0ab52188f1462e5ede4dde579
MD5 7f2cca0bee3e97d4d9493ca3e732e24d
BLAKE2b-256 00459edd9929fb23c305bf0a66e0b4d411f4226806f5c70c23f85f1d9f7784a8

See more details on using hashes here.

File details

Details for the file certbot_plugin_gandi-1.5.2-py3-none-any.whl.

File metadata

File hashes

Hashes for certbot_plugin_gandi-1.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 ef8d8df0fb61906d7d46538ccf5b90c370693ac5eb442e6689bdd8623a6f30b3
MD5 27b4c2df77c6328ca8b77528ae279c0e
BLAKE2b-256 a6aa5a7d159dbc530b865231b046482a02ff054d966e53d0fba97a6c3ae7beb5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page