iway-certbot-dns-auth

IWAY-CERTBOT-DNS-AUTH

Certbot hook for DNS challenge using iWay Portal API.

Dependencies

To use this module the certbot is required of course :-)

You can install certbot directly by your OS (e.g. Debian) and install iway_certbot_dns_auth globally with sudo pip install iway_certbot_dns_auth.

Or, better install certbot in a Python virtual environment together with iway_certbot_dns_auth.

Config

The hook default config file is /etc/iway-certbot-dns-auth.yml but can be change with the environment variable IWAY_CERTBOT_DNS_AUTH_CFG.

IWAY_CERTBOT_DNS_AUTH_CFG=/etc/my-config.yml

The file have to contain a account section with username and password. Further it can contain a logging section with:

• syslog - enable Syslog (default false)
• level - log level (default "INFO")
• address - Syslog address (default /dev/log)
• facility - Syslog facility (default local0)
• format - log format (default "%(asctime)s %(levelname)s %(name)s: %(message)s")

Example /etc/iway-certbot-dns-auth.yml:

account:
  username: 12345
  password: 'changeme'
logging:
  syslog: true

Usage

Create a new cert for your domain my-domain.com with:

PATH=$PATH:/usr/local/lib/python3.8/dist-packages/scripts \
certbot \
  certonly \
  --email me@gmail.com \
  --no-eff-email \
  --agree-tos \
  --preferred-challenges 'dns' \
  --manual \
  --manual-auth-hook iway-certbot-auth-hook \
  --manual-cleanup-hook iway-certbot-cleanup-hook \
  --manual-public-ip-logging-ok \
  --domain my-domain.com

Renew cert with:

PATH=$PATH:/usr/local/lib/python3.8/dist-packages/scripts \
certbot \
  renew \
  --force-renewal

Note: PATH depends from your local Python version. Checkout python -V.