Robin Thoni 00b2d174a0 updated readme | 6 年之前 | |
---|---|---|
.idea | 7 年之前 | |
certbot_pdns | 6 年之前 | |
.gitignore | 8 年之前 | |
README.md | 6 年之前 | |
certbot-pdns.json | 6 年之前 | |
setup.cfg | 7 年之前 | |
setup.py | 6 年之前 |
Authenticator plugin for certbot (https://certbot.eff.org/).
Perform a DNS-01 challenge using TXT record in a PowerDNS (https://doc.powerdns.com/md/)
The advantages are:
Install or upgrade certbot:
pip2 install -U certbot
Install certbot-pdns:
#Install from pip
pip2 install certbot-pdns
#Install from sources
python2 setup.py install
Check that certbot-pdns:auth
is listed when executing certbot --text plugins
An example file is provided in /usr/local/etc/letsencrypt/certbot-pdns.json
:
{
"api-key": "change_it",
"base-url": "http://127.0.0.1:34022/api/v1",
"axfr-time": 5,
"http-auth": ["user", "secret_pass"],
"verify-cert": "False"
}
Configuration file must be placed in /etc/letsencrypt/certbot-pdns.json
or be specified with argument certbot-pdns-config
.
Configuration keys:
api-key
in file /etc/powerdns/pdns.conf
api=yes
and api-readonly=no
in file /etc/powerdns/pdns.conf
The following two keys are optional and added in case a (nginx) reverse proxy is used to secure access to the api:
Use certbot as usual but specify --authenticator certbot-pdns:auth
:
certbot --agree-tos --text --renew-by-default --authenticator certbot-pdns:auth certonly -d example.com -d www.example.com
#Activate venv
. venv/bin/activate
python2 build
pip2 uninstall certbot-pdns
python2 install
certbot --config-dir /tmp --work-dir /tmp --agree-tos --text --renew-by-default --authenticator certbot-pdns:auth certonly --certbot-pdns:auth-certbot-pdns-config certbot-pdns-rt.json -d test.rthoni.com
./setup.py build
./setup.py sdist upload