certbot-dns-powerdns

certbot-dns-powerdns

PowerDNS DNS Authenticator plugin for Certbot.

This plugin is built from the ground up and follows the development style and life-cycle of other certbot-dns-* plugins found in the Official Certbot Repository.

Installation

pip install --upgrade certbot
pip install certbot-dns-powerdns

Verify:

$ certbot plugins --text

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* certbot-dns-powerdns:dns-powerdns
Description: Obtain certificates using a DNS TXT record (if you are using
PowerDNS for DNS.)
Interfaces: IAuthenticator, IPlugin
Entry point: dns-powerdns = certbot_dns_powerdns.dns_powerdns:Authenticator

...
...

Configuration

The credentials file e.g. ~/pdns-credentials.ini should look like this:

certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34

Usage

certbot ... \
        --authenticator certbot-dns-powerdns:dns-powerdns  \
        --certbot-dns-powerdns:dns-powerdns-credentials ~/pdns-credentials.ini \
        certonly

FAQ

Why such long name for a plugin?

This follows the upstream nomenclature: certbot-dns-<dns-provider>.

Why do I have to use : separator in the name? And why are the configuration file parameters so weird?

This is a limitation of the Certbot interface towards third-party plugins.

For details read the discussions:

• https://github.com/certbot/certbot/issues/6504#issuecomment-473462138
• https://github.com/certbot/certbot/issues/6040
• https://github.com/certbot/certbot/issues/4351
• https://github.com/certbot/certbot/pull/6372

Development

Create a virtualenv, install the plugin (editable mode), spawn the environment and run the test:

virtualenv -p python3 .venv
. .venv/bin/activate
pip install -e .
docker-compose up -d
./test/run_certonly.sh test/pdns-credentials.ini

License

Copyright (c) 2019 DT Pan-Net s.r.o