Code Monkey home page Code Monkey logo

amest / dotnetcertbot Goto Github PK

View Code? Open in Web Editor NEW
14.0 3.0 3.0 59 KB

certbot issue certificate for tk, ml, cf (freenom) domains by freenom or cloudflare dns challenge. Freenom DNS. Cloudflare DNS ACME challenge

Home Page: https://certbot.nb-47.ml

License: The Unlicense

Shell 0.69% Batchfile 0.74% Dockerfile 1.32% C# 97.25%
ssl ssl-certificates ssl-certificate freenom cloudflare-dns cloudflare csharp dotnet selenium selenium-webdriver

dotnetcertbot's Introduction

Certbot Build hub.docker.com GitHub release (latest by date) GitHub

!!!NOTICE: Clouflare DNS challenge temporary not working. Cloudflare add reCaptcha on login page and are now looking for ways to bypass the restrictions.!!!

DotNetCertBot with cloudflare (and freenom) DNS challenge for Freenom (tk/ml) domains

Links

Description

The app was written in connection with CloudFlare's restrictions on using its api to manage DNS records .tk .ml .cf and other free domain names from Freenom.

Under the hood is a regular client up to Let's encrypt and the code for the selenium driver, where the application automatically, emulating the behavior of the login user in cloudflare, selects the desired zone, adds an entry for the DNS Challenge and after the request is validated by the certification authority, saves the certificate and deletes the entry from the DNS

Also added the ability to issue certificates for domains issued through Freenom and continue to use the standard dns provided by Freenom. To do this, you need to specify the required provider: --provider freenom

Download

  1. Shell:
    1. Windows x86 binaries
    2. Linux x64 binaries
  2. Docker container

How to use

Available providers

Available DNS providers for acme dns challenge:

  1. Cloudflare - Used headless chrome, for issue certificate for free freenom domains. Also suitable for another domains who use cloudflare dns
  2. Freenom - suitable for issuing certificates for domains that have been registered through Freenom or using freenom dns

CommandLine arguments:

Argument Description
-e Required. Email for cloudflare (and it use for let's enctypt)
-p Required. Password for cloudflare account
-z Required. Zone name in cloudflare (main domain name)
-d Required. Domain name for which the certificate is issued (is a subdomain of the zone)
--provider (Default: cloudflare) DNS provider through which the dns record will be added for validation through ACME. Providers: Cloudflare, freenom
-h (Default: true) Selenium driver headless mode
-o (Default: app directory) Directory where saved generated certificates
--noop (Default: None) Noop mode start half functional or test mode for tesing sctipts or schedules. NoOp modes (full,acme, none)

Windows cmd or Linux bash

For issue certificate in shell (not in container), on pc should be installed chrome 87.xx version. In prepared assemblies for windows and linux, chromedriver is already included. If chrome installed and app downloaded, you can run next command for automatic issue certificate.
Windows:

DotNetCertBot.Host.exe -e example@gmail.com -p VerySecretCloudflarePass -z example.tk -d subdomain.example.tk

Linux:

./DotNetCertBot.Host -e [email protected] -p VerySecretCloudflarePass -z example.tk -d subdomain.example.tk

When success issue certificate, in DotNetCertBot.Host app folder will appear two files:

  1. subdomain.example.tk.pem - Full chain certificate file
  2. subdomain.example.tk.key - Private Key

Docker container (linux)

To issue a certificate in a container, you need to mount the directory where the certificates will appear.
Because chrome will run inside the container, the host must have at least 200 MB of free RAM. For start container and issue certificate, run next command:

docker run -v /tmp/certbot:/certbot/certs \
           --rm \ 
           -it \
           eluki/freenom-cloudflare-certbot \
            -e [email protected] \
            -p VerySecretCloudflarePass \
            -z example.tk \
            -d subdomain.example.tk \
            -o certs

How to build

Build binaries

Two scripts are prepared for the build, after running which, the compiled application with all dependencies, including chromedriver, will appear in the published folder. Scripts:

  1. Build-linux.sh - start build application for linux-x64
  2. Build-winx86.bat - start build application for win-x86

Build docker container

docker build -t certbot .

dotnetcertbot's People

Contributors

amest avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

00mjk ken2190

dotnetcertbot's Issues

Still Working?

Just wondering if this program is still working. I tried to run it many times both in docker and on windows however both resulted in the program ending on the line last url cloudflare login page or something to that effect.

Error while adding txt record

I'm running it in docker

Unhandled exception. OpenQA.Selenium.WebDriverTimeoutException: Timed out after 40 seconds
 ---> OpenQA.Selenium.NoSuchElementException: no such element: Unable to locate element: {"method":"xpath","selector":"//div[@data-testid = 'zone-cards']"}
  (Session info: headless chrome=97.0.4692.99)
   at OpenQA.Selenium.Remote.RemoteWebDriver.UnpackAndThrowOnError(Response errorResponse)
   at OpenQA.Selenium.Remote.RemoteWebDriver.Execute(String driverCommandToExecute, Dictionary`2 parameters)
   at OpenQA.Selenium.Remote.RemoteWebDriver.FindElement(String mechanism, String value)
   at OpenQA.Selenium.Support.UI.DefaultWait`1.Until[TResult](Func`2 condition)
   --- End of inner exception stack trace ---
   at OpenQA.Selenium.Support.UI.DefaultWait`1.ThrowTimeoutException(String exceptionMessage, Exception lastException)
   at OpenQA.Selenium.Support.UI.DefaultWait`1.Until[TResult](Func`2 condition)
   at DotNetCertBot.CloudFlareUserApi.CloudFlareServiceSelenium.<>c__DisplayClass11_0.<<GoToZoneDns>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at DotNetCertBot.CloudFlareUserApi.CloudFlareServiceSelenium.GoToZoneDns(String zone)
   at DotNetCertBot.CloudFlareUserApi.CloudFlareServiceSelenium.AddChallenge(DnsChallenge challenge, String zoneName)
   at DotNetCertBot.Host.CertificateService.Issue()
   at DotNetCertBot.Host.Program.<Main>(String[] args)

Alternative Cloudflare IDnsProviderService implementation

An alternative implementation of IDnsProviderService to the cloudflare dns api based on the official library, for better and easier work with non-free domains from Freenom on cloudflare (i.e. to all other domains).

Selenium-based cloudflow client implementation is only needed to manage recording for free Freenom domains. This was the only way to get around the prohibition of installing cloudflare to automate the management of such domains. But it is not correct to use this provider for other domains. the speed and stability of this implementation is not 100% and is unnecessary.

Certificate output providers

To simplify the integration of the client for issuing certificates (as well as for automating the issuance of certificates), it would be convenient to choose where and in what way the certificate will be sent.
For example, upon completion of the client's work, he could send ready-made certificates to the gitlab repository, where ci-cd rolled out this certificate across servers, or he himself would put these certificates on sftp to the right place on the server.

Road map:

  1. Abstraction of certificate output
  2. Implementation for saving to local file system (default)
  3. Implementation for saving to the repository in gitlab
  4. Implementation for saving via sftp

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.