Skip to main content

Certbot SSH authenticator plugin

Project description

Certbot-ssh - Certbot SSH authenticator plugin

Certbot-ssh is a plugin for the Certbot ACME client that performs HTTP01 challenge validation on a remote computer through a SSH connection.

Rationale

The Certbot client assumes it runs on the machine that serves web pages for the requested domain.

That is not always desirable or even possible.

The manual authenticator (--manual) allows to run the client on a separate machine; it is then up to the system administrator to make sure the web server responds appropriately to the HTTP01 challenge, by putting a specific value into a specific file under the .well-known/acme-challenge directory of the web server. This can be quite tedious, especially if you require a cert for many domains.

This plugin provides an automatized version of the “manual” process. Upon receiving the challenge data from the ACME server, it will execute a script on a remote machine through a SSH connexion, and feed it with the challenge data. It is then up to the script to write the challenge tokens at the appropriate place.

A sample script is provided. This script assumes the webroot of a requested domain is under a /var/www/domain directory; you will probably need to adjust it according to the layout of your own web server.

Usage

Install the package:

$ python setup.py install --user

Tweak the acme-challenge.sh script if needed, then upload it to your server. Put it somewhere in the PATH of the user account you use for SSH connection. Remove the .sh extension and make sure the script is executable.

Then you may call Certbot:

certbot certonly \
  --authenticator incenp.certbot.ssh:ssh \
  --incenp.certbot.ssh:ssh-server user@server.example.com \
  ...

Note that the client will attempt to write to some system directories on the local machine (/etc/letsencrypt, /var/lib/letsencrypt). Use the --config-dir, --work-dir, and --logs-dir options to specify other directories if you want to run the client from a non-root account.

Copying

Certbot-ssh is distributed under the same terms as Certbot itself, that is, the Apache License version 2.0. The full license is included in the LICENSE file of the source distribution.

Homepage and repository

The project is located at https://incenp.org/dvlpt/certbot-ssh.html. The latest source code is available at https://git.incenp.org/damien/certbot-ssh.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

incenp.certbot.ssh-0.2.3.tar.gz (8.0 kB view details)

Uploaded Source

Built Distribution

incenp.certbot.ssh-0.2.3-py3-none-any.whl (9.5 kB view details)

Uploaded Python 3

File details

Details for the file incenp.certbot.ssh-0.2.3.tar.gz.

File metadata

  • Download URL: incenp.certbot.ssh-0.2.3.tar.gz
  • Upload date:
  • Size: 8.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.7.5

File hashes

Hashes for incenp.certbot.ssh-0.2.3.tar.gz
Algorithm Hash digest
SHA256 39cf1f86fe102214c63930b4af718bb0b06d021108d6a7f6fc6b8b3a578c44c2
MD5 f6bf502898ff0a36d366a9eab8aace3f
BLAKE2b-256 d039cf37a0fe95e97d9e1988184072be72b9f84707e2889790ed9fff1c99c0f8

See more details on using hashes here.

File details

Details for the file incenp.certbot.ssh-0.2.3-py3-none-any.whl.

File metadata

  • Download URL: incenp.certbot.ssh-0.2.3-py3-none-any.whl
  • Upload date:
  • Size: 9.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.7.5

File hashes

Hashes for incenp.certbot.ssh-0.2.3-py3-none-any.whl
Algorithm Hash digest
SHA256 eb4cf75a54b311f56618803e02eef3b388d59bf7e7e95502665d9296f6edd40f
MD5 b35dd2d8bba5d0fac3a6e6ebd2b5e3c4
BLAKE2b-256 e263a65a984034915dd869b646a59c7a4263ad98b40d09b3e860a94a8dbf878a

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page