This is a plugin for Certbot that uses the Njalla API to allow customers to prove control of a domain name.
Use this method if you have also installed certbot via pip.
Install the plugin using
pip3 install certbot-dns-njalla
If you are using sudo with certbot use sudo -H pip3 install certbot-dns-njalla instead.
Use this method if you have also installed certbot via snap.
snap install certbot-dns-njalla
Now connect the certbot installation with the njalla plugin installation.
snap set certbot trust-plugin-with-root=ok
snap connect certbot:plugin certbot-dns-njalla
Make sure the plugin is installed and connected. You can verify this by running certbot plugins. The list should contain dns-njalla.
Obtain an Njalla API token (found in the settings).
For optimal security you can set these token settings:
| Setting | Value |
|---|---|
| API Methods |
|
| API Record Prefixes |
|
| API Record Types |
|
Create a njalla.ini config file with the following contents:
dns_njalla_token=<token>
Replace <token> with your Njalla API key and ensure permissions are set
to disallow access to other users by running
chmod 600 njalla.ini
Run certbot and direct it to use the plugin for authentication and to use
the config file previously created:
certbot -a dns-njalla --dns-njalla-credentials njalla.ini -d your-domain.com
Use *.your-domain.com if you want to generate it as a wildcard certificate.
Add additional options as required to specify an installation plugin etc.
You can use --dns-njalla-propagation-seconds 30 to reduce the time it waits for DNS propagation to e.g. 30.
Remember to use the -i flag if you want to use an additional installer plugin, like -i apache or -i nginx.
Run the following command in the repository root (so you are in the folder containing the setup.py):
pip3 install -e .[test]
Run the following command in the repository root (so you are in the folder containing the setup.py):
# Ensure latest versions of "build" and "twine" are installed
python3 -m pip install --upgrade build twine
python3 -m build
# Publish to PyPi
twine upload dist/*
By default a snap is built automatically by snapcraft if there are changes in the git repo. But here is what to do to test the build locally.
Do the basic setup described in the certbot snap readme. (Mainly installing setting up lxd)
Run the following command in the repository root (so you are in the folder containing the setup.py):
sh generate-snapcraft.sh ./
snapcraft clean --use-lxd
snapcraft --debug --use-lxd
Execute the following command inside the root-directory
python -m unittest discover -p '*_test.py'
FAQs
Njalla DNS Authenticator plugin for Certbot
We found that certbot-dns-njalla demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.