Skip to main content

Certbot HTTP authenticator that works with any web server.

Project description

certbot-standalone-nfq

certbot-standalone-nfq

HTTP authenticator plugin for Certbot which is compatible with any web server! (Linux only and root is required.)

How?

It works by asking the Linux kernel to temporarily divert incoming port 80 HTTP traffic into a queue. The Certbot plugin then picks out the Let's Encrypt validation requests from the queue and responds to them. All other traffic reaches its original destination, totally unchanged. This all happens very quickly and no traffic disruptions occur.

Why?

  • Avoids messing about with any webserver configuration, meaning that it can work well with tricky webservers like Apache Tomcat.
  • Avoids having a proxy in front of your normal webserver, which means all source addresses (and indeed every network packet) are totally preserved!

It is inspired by this community thread.

Installation

via snap

Using the certbot snap is the easiest way to use this plugin. See here for instructions on installing Certbot via snap.

sudo snap install certbot-standalone-nfq
sudo snap set certbot trust-plugin-with-root=ok
sudo snap connect certbot:plugin certbot-standalone-nfq

via pip

A source tarball is available.

How did you install Certbot? How to install the plugin
From snap Don't use pip! Use the snap instructions above.
Using the official Certbot pip instructions sudo /opt/certbot/bin/pip install certbot-standalone-nfq
From apt, yum, dnf or any other distro package manager. (Requires Certbot 1.25.0 or newer.) pip install certbot-standalone-nfq

Usage

certbot-standalone-nfq should just work without having to configure anything:

certbot certonly -a standalone-nfq \
-d "example.com" -d "www.example.com" \
--dry-run

If (for some reason, like port forwarding shenanigans) your web server is listening on a port other than 80, you can use the --http-01-port argument of Certbot to change the port that the plugin will divert the traffic from.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certbot-standalone-nfq-0.1.3.tar.gz (14.8 kB view details)

Uploaded Source

File details

Details for the file certbot-standalone-nfq-0.1.3.tar.gz.

File metadata

File hashes

Hashes for certbot-standalone-nfq-0.1.3.tar.gz
Algorithm Hash digest
SHA256 73c88c0756c8f857af9f8ac9cc9f00c04f991c79d2a118f78d262d639c0823bb
MD5 8d4f9f1200889f36e896d649acfd29b0
BLAKE2b-256 19f901057bfca6a64d1a1be93a88ce873d759f14adeab26b01781d28d417ebad

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page