hendrik-hog/certbot-dns-corenetworks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
f62c10aa52d0d1e022bd1154990051cda2f24bf8
certbot-dns-corenetworks/README.md
Hendrik Hogertz f62c10aa52 Update README.md
2025-11-20 04:00:34 +01:00

109 lines
4.1 KiB
Markdown
Raw Blame History

# certbot-dns-corenetworks
Core Networks DNS Authenticator plugin for Certbot
This plugin automates the process of completing a `dns-01` challenge by creating, and subsequently removing, TXT records using the Core Networks beta API.
## Requirements
- Python >= 3.10
- certbot >= 2.0.0
## Configuration of Core Networks
In the `Allgemein -> Profil -> API-Benutzer` you have to have a user with a login name and password.
See [Core Networks API Documentation](https://beta.api.core-networks.de/doc/) for more information.
## Installation
### From source
```bash
pip3 install git+https://git.hogertz.eu/hendrik-hog/certbot-dns-corenetworks.git
```
## Named Arguments
To start using DNS authentication for Core Networks, pass the following arguments on certbot's command line:
| Argument | Description |
| ---------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
| `--authenticator dns-corenetworks` | Select the authenticator plugin (Required) |
| `--dns-corenetworks-credentials` | Core Networks credentials INI file (Required) |
| `--dns-corenetworks-propagation-seconds` | Waiting time for DNS to propagate before asking the ACME server to verify the DNS record (Default: 30, Recommended: >= 60) |
## Credentials
An example `credentials.ini` file:
```ini
dns_corenetworks_username = myremoteuser
dns_corenetworks_password = verysecureremoteuserpassword
```
The path to this file can be provided interactively or using the `--dns-corenetworks-credentials` command-line argument. Certbot records the path to this file for use during renewal, but does not store the file's contents.
**CAUTION:** You should protect these API credentials as you would the password to your Core Networks account. Users who can read this file can use these credentials to issue arbitrary API calls on your behalf. Users who can cause Certbot to run using these credentials can complete a `dns-01` challenge to acquire new certificates or revoke existing certificates for associated domains, even if those domains aren't being managed by this server.
Certbot will emit a warning if it detects that the credentials file can be accessed by other users on your system. The warning reads "Unsafe permissions on credentials configuration file", followed by the path to the credentials file. This warning will be emitted each time Certbot uses the credentials file, including for renewal, and cannot be silenced except by addressing the issue (e.g., by using a command like `chmod 600` to restrict access to the file).
## Examples
### Acquire a certificate for a domain
To acquire a single certificate for `example.com`:
```bash
certbot certonly \
--authenticator dns-corenetworks \
--dns-corenetworks-credentials /etc/letsencrypt/.secrets/corenetworks.ini \
--dns-corenetworks-propagation-seconds 60 \
--agree-tos \
-d example.com
```
### Acquire a wildcard certificate
To acquire a certificate for both `example.com` and `*.example.com`, waiting 60 seconds for DNS propagation:
```bash
certbot certonly \
--authenticator dns-corenetworks \
--dns-corenetworks-credentials /etc/letsencrypt/.secrets/corenetworks.ini \
--dns-corenetworks-propagation-seconds 60 \
--agree-tos \
-d 'example.com' \
-d '*.example.com'
```
## Development
### Setup development environment
```bash
# Clone the repository
git clone https://git.hogertz.eu/hendrik-hog/certbot-dns-corenetworks.git
cd certbot-dns-corenetworks
uv sync --all-extras
```
### Running tests
```bash
# Run tests with pytest
pytest
# Run tests with coverage
pytest --cov=certbot_dns_corenetworks --cov-report=html
```
## License
Apache License 2.0 - See LICENSE.txt for details
## Credits
Original author: Masin Al-Dujaili
Maintainer: Hendrik Hogertz
Reference in New Issue View Git Blame Copy Permalink