Code Monkey home page Code Monkey logo

certbot-pdns's Introduction

certbot-pdns

Authenticator plugin for certbot (https://certbot.eff.org/).

Perform a DNS-01 challenge using TXT record in a PowerDNS (https://doc.powerdns.com/md/)

The advantages are:

  • No need to configure your web server to serve challenges
  • Web server not even needed
  • Can generate certificate for internal hosts that are not exposed to the Internet
  • A or CNAME record not even needed. Only the TXT record added by certbot-pdns matters.

Installation

Install or upgrade certbot:

pip2 install -U certbot

Install certbot-pdns:

#Install from pip
pip2 install certbot-pdns
#Install from sources
python2 setup.py install

Check that certbot-pdns:auth is listed when executing certbot --text plugins

Configuration

An example file is provided in /usr/local/etc/letsencrypt/certbot-pdns.json:

{
  "api-key": "change_it",
  "base-url": "http://127.0.0.1:34022/api/v1",
  "axfr-time": 5,
  "http-auth": ["user", "secret_pass"],
  "verify-cert": "False"
}

Configuration file must be placed in /etc/letsencrypt/certbot-pdns.json or be specified with argument certbot-pdns-config.

Configuration keys:

  • api-key: Your PowerDNS API Key as specified in property api-key in file /etc/powerdns/pdns.conf
  • base-url: The base URL for PowerDNS API. Require api=yes and api-readonly=no in file /etc/powerdns/pdns.conf
  • axfr-time: The time in seconds to wait for AXFR in slaves. Can be set to 0 if there is only one authoritative server for the zone.

The following two keys are optional and added in case a (nginx) reverse proxy is used to secure access to the api:

  • http-auth (optional): A list of two strings containing the Username and Password for a http-basic-authentication
  • verify-cert (optional): defines whether the SSL-certificate provided by the reverse proxy shall be verified. Possible options are True/False or a string containing the path to a local certificate which can be used to verify the one provided by the proxy.

Usage

Use certbot as usual but specify --authenticator certbot-pdns:auth:

certbot --agree-tos --text --renew-by-default --authenticator certbot-pdns:auth certonly -d example.com -d www.example.com

certbot-pdns's People

Contributors

kostich avatar loweagle avatar robin-thoni avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.