pan-net-security / certbot-dns-acmedns, Hacker News

)

ACME-DNS DNS Authenticator plugin for Certbot .

This plugin is built from the ground up and follows the development style and life-cycle of other certbot-dns - plugins found in the Official Certbot Repository . Installation pip install –upgrade certbot pip install certbot-dns-acmedns

Verify: $ certbot plugins –text – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – certbot-dns-acmedns: dns-acmedns Description: Obtain certificates using a DNS TXT record (if you are using ACME-DNS for DNS.) Interfaces: IAuthenticator, IPlugin Entry point: dns-acmedns=certbot_dns_acmedns.dns_acmedns: Authenticator … … (Configuration)

The (certbot) credentials file e.g. acmedns-credentials.ini should look like this: # cat acmedns-credentials.ini certbot_dns_acmedns: dns_acmedns_api_url=http: // acmedns-server / certbot_dns_acmedns: dns_acmedns_registration_file=/etc/certbot/acme-registration.json


 This plugin does not do ACME -DNS registration  and you are responsible to make sure  / etc / certbot / acme-registration.json  (in the example above) contains the registration data in the following format:  # cat /etc/certbot/acme-registration.json {   "something.acme.com": {     "username": "6e (c-2c6a -  (eb  da (ac) bd7 ",     "password": "dd6gnYS-IxrQfDLbdPRX3hrFhS_SLrwbS0kSl_i8",     "fulldomain": "3b (a0e-c) (-) f - - (c6a) b.auth.example.org ",     "subdomain": "3b (a0e-c) (-) f - - (c6a) b ",     "allowfrom": []   } }  

 This format is the same as the one used in some other tools, e.g. cert-manager ACME-DNS plugin 

     Usage  certbot ...         --authenticator certbot-dns-acmedns: dns-acmedns         --certbot-dns-acmedns: dns-acmedns-credentials /etc/certbot/acmedns-credentials.ini         certonly    (FAQ  Why such long name for a plugin? 
 This follows the upstream nomenclature:  certbot-dns - .  ()

Why do I have to use

: separator in the name? And why are the configuration file parameters so weird?

This is a limitation of the Certbot interface towards (third-party) plugins.

For details read the discussions: () https://github.com/certbot/certbot/issues/ (# issuecomment – https://github.com/certbot/certbot/issues/

https://github.com/certbot/certbot/issues/ () https://github.com/certbot/certbot/pull/

Development

Create a virtualenv, install the plugin ( editable (mode), spawn the environment and run the test: Prepare the support environment:


 docker-compose up -d  
 You can also omit  - d  If you wish to see backend server logs side-by-side with the client. 
  ()  Run certbot client 

 docker build -t certbot_acmedns_client -f test / Dockerfile test / docker run -it --rm --network certbot-dns-acmedns_default --dns "  . 485 "-v $ PWD: / certbot-dns-acmedns certbot_acmedns_client sh -c 'pip3 install -e / certbot-dns-acmedns && / certbot-dns-acmedns /test/e2e_test.sh '      License 

 Copyright (c)