{"id":13585881,"url":"https://github.com/EnigmaBridge/certbot-external-auth","last_synced_at":"2025-04-07T10:32:02.259Z","repository":{"id":39705944,"uuid":"72003727","full_name":"EnigmaBridge/certbot-external-auth","owner":"EnigmaBridge","description":"Certbot external DNS, HTTP, TLSSNI domain validation plugin with JSON output and scriptable hooks, with Dehydrated compatibility","archived":false,"fork":false,"pushed_at":"2020-10-07T19:50:29.000Z","size":149,"stargazers_count":109,"open_issues_count":6,"forks_count":14,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-04-14T11:15:01.111Z","etag":null,"topics":["certbot","configurator","dns-validation","json","json-output","plugin"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EnigmaBridge.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-26T13:03:56.000Z","updated_at":"2024-03-14T06:59:11.000Z","dependencies_parsed_at":"2022-08-24T04:51:16.574Z","dependency_job_id":null,"html_url":"https://github.com/EnigmaBridge/certbot-external-auth","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnigmaBridge%2Fcertbot-external-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnigmaBridge%2Fcertbot-external-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnigmaBridge%2Fcertbot-external-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnigmaBridge%2Fcertbot-external-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EnigmaBridge","download_url":"https://codeload.github.com/EnigmaBridge/certbot-external-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247636877,"owners_count":20971021,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certbot","configurator","dns-validation","json","json-output","plugin"],"created_at":"2024-08-01T15:05:12.122Z","updated_at":"2025-04-07T10:32:01.968Z","avatar_url":"https://github.com/EnigmaBridge.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# External authenticator for Certbot\n\n\n[![Build Status](https://travis-ci.org/EnigmaBridge/certbot-external-auth.png?branch=master)](https://travis-ci.org/EnigmaBridge/certbot-external-auth})\n\n\nAutomation - the main goal of letsencrypt is to make certificate\nmanagement hassle-free. It works like that in most situations but each\nuser has to deal with its own network configuration (NAT, firewalls,\nDNS, proxy, ...). The more mechanisms we have for verifying domain\ncontrol, the easier the letsencrypt use becomes.\n\nThe biggest hassle with letsencrypt is verification of domain control as\nit requires your server to talk to letsencrypt servers and respond to\nchallenges provided (changing DNS records, or adding files to certain\nlocations). This process is necessary is it prevents random people\ngetting certificates for your own domain. This plugin helps with domain\nverification process. It offers three modes:\n\n1. JSON mode - its output is in JSON format that can be processed by the\n   certbot caller (e.g., Ansible).\n2. Handler mode - when it provides data for external authentication\n   programs - e.g., [Dehydrated](https://github.com/lukas2511/dehydrated)\n   that\n   supports DNS updates for a number of registrars - here is the\n   [list](https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks).\n3. Manual mode - a fallback option when no automation is available and\n   users have to do some changes (e.g., DNS updates) by hand.\n\nWe also support challenges for all three verification protocols:\n\n-  DNS\n-  HTTP\n\nThis plugin does not communicate with letsencrypt but it provides data\nfor letsencrypt clients in the correct format so the domain control\nverification can be automated.\n\n## Installation - pip\ns\n\n    pip install certbot\n    pip install certbot-ext-auth\n\n## Usage\n\nHere is an example of a typical use:\n\n    certbot --text --agree-tos --email you@example.com \\\n            --expand --renew-by-default \\\n            --configurator certbot-external-auth:out \\\n            --certbot-external-auth:out-public-ip-logging-ok \\\n            -d example.com certonly\n\nThere are 3 main modes of operation:\n\n-  JSON mode (default)\n-  Text mode - fallback to the ``manual.py`` operation\n-  Handler mode - auth performed by an external program. Supports\n   [Dehydrated](https://github.com/lukas2511/dehydrated) and\n   augmented mode.\n\nIf you want it to use as Authenticator and Installer, use\n``--configurator certbot-external-auth:out`` certbot flag, for\nAuthenticator only use ``-a certbot-external-auth:out``\n\nIn authenticator mode one can use certbot actions ``certonly`` or\n``renew``. If installer mode is enabled too use ``run`` action - typical\nfor [Dehydrated](https://github.com/lukas2511/dehydrated) hooks.\n\n### JSON Mode\n\nJSON mode produces one-line JSON objects (``\\n`` separated) with a\nchallenge to process by the invoker on the STDOUT.\n\nAfter the challenge is processed, the invoker is supposed to send a new\nline ``\\n`` character to the STDIN to continue with the process.\n\n*Note JSON mode produces also another JSON objects besides challenges,\ne.g., cleanup and reports. The ``\\n`` is expected only for challenges\n(perform/validate step).*\n\nIf plugin is installed also as an Installer (or Configurator), it\nprovides also commands related to the certificate installation.\n\nReporter was substituted to produce JSON logs so STDOUT is JSON only.\n\n## Arguments\n\n\n    --certbot-external-auth:out-public-ip-logging-ok\n            Skips public IP query check, required for JSON mode\n\n    --certbot-external-auth:out-text-mode\n            Defaults to manual.py text stdout, no JSON\n\n    --certbot-external-auth:out-handler\n            If set, enables handler mode. Commands are \n            sent to the handler script for processing. \n            Arguments are sent in ENV.\n            \n    --certbot-external-auth:out-dehydrated-dns\n            If handler mode is enabled, compatibility \n            with dehydrated-dns hooks is enabled\n\n## Errors\n\n\nProcessing errors are indicated by non-zero return codes returned by\nthis plugin.\n\n## Examples\n\nThe particular examples of verification methods and handler follows. At\nfirst the JSON mode examples are given, then handler examples follow.\n\nPlease note there is a ``--staging`` argument in the following commands, meaning you will get just testing LetsEncrypt certificate.\nOnce this works for you, remove this argument so you get proper valid LetsEncrypt certificate.\n\n### DNS\n\nRun the certbot with the following command:\n\n    certbot --staging \\\n            --text --agree-tos --email you@example.com \\\n            --expand --renew-by-default \\\n            --configurator certbot-external-auth:out \\\n            --certbot-external-auth:out-public-ip-logging-ok \\\n            -d \"bristol3.pki.enigmabridge.com\" \\\n            -d \"bs3.pki.enigmabridge.com\" \\\n            --preferred-challenges dns \\\n            certonly 2\u003e/dev/null\n\nStderr contains string log / report, not in JSON format.\n\nStdout:\n\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"txt_domain\": \"_acme-challenge.bristol3.pki.enigmabridge.com\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"txt_domain\": \"_acme-challenge.bs3.pki.enigmabridge.com\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n\n    {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"report\", \"messages\": [{\"priority\": 1, \"on_crash\": true, \"lines\": [\"Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem. Your cert will expire on 2017-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run \\\"certbot renew\\\"\"]}]}\n\nAfter ``{\"cmd\": \"validate\"}`` message the client waits on ``\\n`` on the\nstandard input to continue with the validation.\n\n### DNS installer\n\n\nCertbot is running with action ``run`` which causes also Installer\nplugin part to work. The installer is the same for all validation modes\nso it is demonstrated only once.\n\n    certbot --staging \\\n            --text --agree-tos --email you@example.com \\\n            --expand --renew-by-default \\\n            --configurator certbot-external-auth:out \\\n            --certbot-external-auth:out-public-ip-logging-ok \\\n            -d \"bristol3.pki.enigmabridge.com\" \\\n            -d \"bs3.pki.enigmabridge.com\" \\\n            --preferred-challenges dns \\\n            run 2\u003e/dev/null\n\nStdout:\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"txt_domain\": \"_acme-challenge.bristol3.pki.enigmabridge.com\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"txt_domain\": \"_acme-challenge.bs3.pki.enigmabridge.com\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n\n    {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"deploy_cert\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"cert_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/cert.pem\", \"key_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/privkey.pem\", \"chain_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/chain.pem\", \"fullchain_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem\", \"timestamp\": 1477582237, \"cert_timestamp\": 1477582245.9930167}\n    {\"cmd\": \"save\", \"title\": null, \"temporary\": false}\n    {\"cmd\": \"deploy_cert\", \"domain\": \"bs3.pki.enigmabridge.com\", \"cert_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/cert.pem\", \"key_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/privkey.pem\", \"chain_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/chain.pem\", \"fullchain_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem\", \"timestamp\": 1477582237, \"cert_timestamp\": 1477582245.9930167}\n    {\"cmd\": \"save\", \"title\": null, \"temporary\": false}\n    {\"cmd\": \"save\", \"title\": \"Deployed ACME Certificate\", \"temporary\": false}\n    {\"cmd\": \"restart\"}\n    {\"cmd\": \"report\", \"messages\": [{\"priority\": 1, \"on_crash\": true, \"lines\": [\"Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem. Your cert will expire on 2017-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the \\\"certonly\\\" option. To non-interactively renew *all* of your certificates, run \\\"certbot renew\\\"\"]}]}\n\n### HTTP\n\nRun the certbot with the following command (just\n``preferred-challenges`` changed):\n\n    certbot --staging \\\n            --text --agree-tos --email you@example.com \\\n            --expand --renew-by-default \\\n            --configurator certbot-external-auth:out \\\n            --certbot-external-auth:out-public-ip-logging-ok \\\n            -d \"bristol3.pki.enigmabridge.com\" \\\n            -d \"bs3.pki.enigmabridge.com\" \\\n            --preferred-challenges http \\\n            certonly 2\u003e/dev/null\n\nStdout:\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"http-01\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"validation\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"uri\": \"http://bristol3.pki.enigmabridge.com/.well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"command\": \"mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge\\ncd /tmp/certbot/public_html\\nprintf \\\"%s\\\" oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0 \u003e .well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\\n# run only once per server:\\n$(command -v python2 || command -v python2.7 || command -v python2.6) -c \\\\\\n\\\"import BaseHTTPServer, SimpleHTTPServer; \\\\\\ns = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \\\\\\ns.serve_forever()\\\" \", \"key_auth\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"http-01\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"validation\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"uri\": \"http://bs3.pki.enigmabridge.com/.well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"command\": \"mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge\\ncd /tmp/certbot/public_html\\nprintf \\\"%s\\\" L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0 \u003e .well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\\n# run only once per server:\\n$(command -v python2 || command -v python2.7 || command -v python2.6) -c \\\\\\n\\\"import BaseHTTPServer, SimpleHTTPServer; \\\\\\ns = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \\\\\\ns.serve_forever()\\\" \", \"key_auth\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n\n    {\"cmd\": \"cleanup\", \"type\": \"http-01\", \"status\": \"pending\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"validation\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"key_auth\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"cleanup\", \"type\": \"http-01\", \"status\": \"pending\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"validation\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"key_auth\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"report\", \"messages\": [{\"priority\": 1, \"on_crash\": true, \"lines\": [\"Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem. Your cert will expire on 2017-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run \\\"certbot renew\\\"\"]}]}\n\n## Example - Dehydrated\n\nThe following section demonstrates usage of the plugin with\n[Dehydrated](https://github.com/lukas2511/dehydrated) DNS hooks.\n\nNote the certbot is run with action ``run`` so deployment callbacks are\ncalled too.\n\nIn this repository there is\n[dehydrated-example.sh](https://github.com/EnigmaBridge/certbot-external-auth/blob/master/dehydrated-example.sh)\nwhich is a hook stub used in this example. When using your own handler\nplease make sure the file is executable (has ``x`` flag,\n``chmod +x handler-file``).\n\n    certbot --staging \\\n            --text --agree-tos --email you@example.com \\\n            --expand --renew-by-default \\\n            --configurator certbot-external-auth:out \\\n            --certbot-external-auth:out-public-ip-logging-ok \\\n            -d \"bristol3.pki.enigmabridge.com\" \\\n            -d \"bs3.pki.enigmabridge.com\" \\\n            --preferred-challenges dns \\\n            --certbot-external-auth:out-handler ./dehydrated-example.sh \\\n            --certbot-external-auth:out-dehydrated-dns \\\n            run 2\u003e/dev/null\n\nStdout:\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"txt_domain\": \"_acme-challenge.bristol3.pki.enigmabridge.com\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"txt_domain\": \"_acme-challenge.bs3.pki.enigmabridge.com\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"deploy_cert\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"cert_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/cert.pem\", \"key_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/privkey.pem\", \"chain_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/chain.pem\", \"fullchain_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem\", \"timestamp\": 1477582423, \"cert_timestamp\": 1477582428.9469378}\n    {\"cmd\": \"save\", \"title\": null, \"temporary\": false}\n    {\"cmd\": \"deploy_cert\", \"domain\": \"bs3.pki.enigmabridge.com\", \"cert_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/cert.pem\", \"key_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/privkey.pem\", \"chain_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/chain.pem\", \"fullchain_path\": \"/etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem\", \"timestamp\": 1477582423, \"cert_timestamp\": 1477582428.9469378}\n    {\"cmd\": \"save\", \"title\": null, \"temporary\": false}\n    {\"cmd\": \"save\", \"title\": \"Deployed ACME Certificate\", \"temporary\": false}\n    {\"cmd\": \"restart\"}\n    {\"cmd\": \"report\", \"messages\": [{\"priority\": 1, \"on_crash\": true, \"lines\": [\"Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem. Your cert will expire on 2017-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the \\\"certonly\\\" option. To non-interactively renew *all* of your certificates, run \\\"certbot renew\\\"\"]}]}\n\nStderr:\n\n    Saving debug log to /var/log/letsencrypt/letsencrypt.log\n    Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org\n    Renewing an existing certificate\n    Performing the following challenges:\n    dns-01 challenge for bristol3.pki.enigmabridge.com\n    dns-01 challenge for bs3.pki.enigmabridge.com\n    Handler output (deploy_challenge):\n\n    -----BEGIN DEPLOY_CHALLENGE-----\n    add _acme-challenge.bristol3.pki.enigmabridge.com. 300 in TXT \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\"\\n\\n\n    -----BEGIN DEPLOY_CHALLENGE-----\n\n    Self-verify of challenge failed.\n    Handler output (deploy_challenge):\n\n    -----BEGIN DEPLOY_CHALLENGE-----\n    add _acme-challenge.bs3.pki.enigmabridge.com. 300 in TXT \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\"\\n\\n\n    -----BEGIN DEPLOY_CHALLENGE-----\n\n    Self-verify of challenge failed.\n    Waiting for verification...\n    Cleaning up challenges\n    Handler output (clean_challenge):\n\n    -----BEGIN CLEAN_CHALLENGE-----\n    delete _acme-challenge.. 300 in TXT \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\"\n\n    -----END CLEAN_CHALLENGE-----\n\n    Handler output (clean_challenge):\n\n    -----BEGIN CLEAN_CHALLENGE-----\n    delete _acme-challenge.. 300 in TXT \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\"\n\n    -----END CLEAN_CHALLENGE-----\n\n    Generating key (2048 bits): /etc/letsencrypt/keys/0246_key-certbot.pem\n    Creating CSR: /etc/letsencrypt/csr/0246_csr-certbot.pem\n    Handler output (deploy_cert):\n\n    -----BEGIN DEPLOY_CERT-----\n    domain: bristol3.pki.enigmabridge.com\n    key_file: /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/privkey.pem\n    cert_file: /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/cert.pem\n    fullchain_file: /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem\n    chain_file: /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/chain.pem\n    timestamp: 1477582423\n    -----END DEPLOY_CERT-----\n\n    Handler output (deploy_cert):\n\n    -----BEGIN DEPLOY_CERT-----\n    domain: bs3.pki.enigmabridge.com\n    key_file: /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/privkey.pem\n    cert_file: /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/cert.pem\n    fullchain_file: /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem\n    chain_file: /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/chain.pem\n    timestamp: 1477582423\n    -----END DEPLOY_CERT-----\n\n\n    -------------------------------------------------------------------------------\n    Your existing certificate has been successfully renewed, and the new certificate\n    has been installed.\n\n    The new certificate covers the following domains:\n    https://bristol3.pki.enigmabridge.com and https://bs3.pki.enigmabridge.com\n\n    You should test your configuration at:\n    https://www.ssllabs.com/ssltest/analyze.html?d=bristol3.pki.enigmabridge.com\n    https://www.ssllabs.com/ssltest/analyze.html?d=bs3.pki.enigmabridge.com\n    -------------------------------------------------------------------------------\n\n## Example - Handler\n\n### DNS\n\nIn this repository there is a default\n[handler-example.sh](https://github.com/EnigmaBridge/certbot-external-auth/blob/master/handler-example.sh)\nwhich can be used as a handler. When using your own handler please make\nsure the file is executable (has ``x`` flag, ``chmod +x handler-file``).\n\n    certbot --staging \\\n            --text --agree-tos --email you@example.com \\\n            --expand --renew-by-default \\\n            --configurator certbot-external-auth:out \\\n            --certbot-external-auth:out-public-ip-logging-ok \\\n            -d \"bristol3.pki.enigmabridge.com\" \\\n            -d \"bs3.pki.enigmabridge.com\" \\\n            --preferred-challenges dns \\\n            --certbot-external-auth:out-handler ./handler-example.sh \\\n            certonly 2\u003e/dev/null\n\nStdout:\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"txt_domain\": \"_acme-challenge.bristol3.pki.enigmabridge.com\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"txt_domain\": \"_acme-challenge.bs3.pki.enigmabridge.com\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"report\", \"messages\": [{\"priority\": 1, \"on_crash\": true, \"lines\": [\"Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem. Your cert will expire on 2017-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run \\\"certbot renew\\\"\"]}]}\n\nStderr:\n\n    Saving debug log to /var/log/letsencrypt/letsencrypt.log\n    Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org\n    Renewing an existing certificate\n    Performing the following challenges:\n    dns-01 challenge for bristol3.pki.enigmabridge.com\n    dns-01 challenge for bs3.pki.enigmabridge.com\n    Handler output (pre-perform):\n\n    -----BEGIN PRE-PERFORM-----\n    -----END PRE-PERFORM-----\n\n    Handler output (perform):\n\n    -----BEGIN PERFORM-----\n    cmd: perform\n    type: dns-01\n    domain: bristol3.pki.enigmabridge.com\n    uri: \n    validation: 667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\n    key-auth: _QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\n    z_domain: \n    cert_path: \n    key_path: \n    port: \n    json: {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"txt_domain\": \"_acme-challenge.bristol3.pki.enigmabridge.com\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    -----END PERFORM-----\n\n    Self-verify of challenge failed.\n    Handler output (perform):\n\n    -----BEGIN PERFORM-----\n    cmd: perform\n    type: dns-01\n    domain: bs3.pki.enigmabridge.com\n    uri: \n    validation: ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\n    key-auth: 3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\n    z_domain: \n    cert_path: \n    key_path: \n    port: \n    json: {\"cmd\": \"perform_challenge\", \"type\": \"dns-01\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"txt_domain\": \"_acme-challenge.bs3.pki.enigmabridge.com\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    -----END PERFORM-----\n\n    Self-verify of challenge failed.\n    Handler output (post-perform):\n\n    -----BEGIN POST-PERFORM-----\n    -----END POST-PERFORM-----\n\n    Waiting for verification...\n    Cleaning up challenges\n    Handler output (pre-cleanup):\n\n    -----BEGIN PRE-CLEANUP-----\n    -----END PRE-CLEANUP-----\n\n    Handler output (cleanup):\n\n    -----BEGIN CLEANUP-----\n    cmd: cleanup\n    type: dns-01\n    domain: bristol3.pki.enigmabridge.com\n    status: pending\n    token: _QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\n    error: None\n    json: {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU\", \"validation\": \"667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc\", \"key_auth\": \"_QLSFTRw6qbQaN7gTglBYZuU1L7KAP-bXB_41CAnAvU.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    -----END CLEANUP-----\n\n    Handler output (cleanup):\n\n    -----BEGIN CLEANUP-----\n    cmd: cleanup\n    type: dns-01\n    domain: bs3.pki.enigmabridge.com\n    status: pending\n    token: 3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\n    error: None\n    json: {\"cmd\": \"cleanup\", \"type\": \"dns-01\", \"status\": \"pending\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4\", \"validation\": \"ejEDZXYEeYHUxqBAiX4csh8GKkeVX7utK6BBOBshZ1Y\", \"key_auth\": \"3gJ87yANDpmuuKVL2ktfQ0_qURQ3mN0IfqgbTU_AGS4.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    -----END CLEANUP-----\n\n    Handler output (post-cleanup):\n\n    -----BEGIN POST-CLEANUP-----\n    -----END POST-CLEANUP-----\n\n    Generating key (2048 bits): /etc/letsencrypt/keys/0240_key-certbot.pem\n    Creating CSR: /etc/letsencrypt/csr/0240_csr-certbot.pem\n\n### HTTP\n\nRun the certbot with the following command (just\n``preferred-challenges`` changed):\n\n    certbot --staging \\\n            --text --agree-tos --email you@example.com \\\n            --expand --renew-by-default \\\n            --configurator certbot-external-auth:out \\\n            --certbot-external-auth:out-public-ip-logging-ok \\\n            -d \"bristol3.pki.enigmabridge.com\" \\\n            -d \"bs3.pki.enigmabridge.com\" \\\n            --preferred-challenges http \\\n            --certbot-external-auth:out-handler ./handler-example.sh \\\n            certonly 2\u003e/dev/null\n\nStdout:\n\n    {\"cmd\": \"perform_challenge\", \"type\": \"http-01\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"validation\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"uri\": \"http://bristol3.pki.enigmabridge.com/.well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"command\": \"mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge\\ncd /tmp/certbot/public_html\\nprintf \\\"%s\\\" oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0 \u003e .well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\\n# run only once per server:\\n$(command -v python2 || command -v python2.7 || command -v python2.6) -c \\\\\\n\\\"import BaseHTTPServer, SimpleHTTPServer; \\\\\\ns = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \\\\\\ns.serve_forever()\\\" \", \"key_auth\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    {\"cmd\": \"perform_challenge\", \"type\": \"http-01\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"validation\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"uri\": \"http://bs3.pki.enigmabridge.com/.well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"command\": \"mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge\\ncd /tmp/certbot/public_html\\nprintf \\\"%s\\\" L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0 \u003e .well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\\n# run only once per server:\\n$(command -v python2 || command -v python2.7 || command -v python2.6) -c \\\\\\n\\\"import BaseHTTPServer, SimpleHTTPServer; \\\\\\ns = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \\\\\\ns.serve_forever()\\\" \", \"key_auth\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    {\"cmd\": \"cleanup\", \"type\": \"http-01\", \"status\": \"pending\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"validation\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"key_auth\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"cleanup\", \"type\": \"http-01\", \"status\": \"pending\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"validation\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"key_auth\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    {\"cmd\": \"report\", \"messages\": [{\"priority\": 1, \"on_crash\": true, \"lines\": [\"Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/bristol3.pki.enigmabridge.com/fullchain.pem. Your cert will expire on 2017-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run \\\"certbot renew\\\"\"]}]}\n\nStderr:\n\n    Saving debug log to /var/log/letsencrypt/letsencrypt.log\n    Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org\n    Renewing an existing certificate\n    Performing the following challenges:\n    http-01 challenge for bristol3.pki.enigmabridge.com\n    http-01 challenge for bs3.pki.enigmabridge.com\n    Handler output (pre-perform):\n\n    -----BEGIN PRE-PERFORM-----\n    -----END PRE-PERFORM-----\n\n    Handler output (perform):\n\n    -----BEGIN PERFORM-----\n    cmd: perform\n    type: http-01\n    domain: bristol3.pki.enigmabridge.com\n    uri: http://bristol3.pki.enigmabridge.com/.well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\n    validation: oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\n    key-auth: oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\n    z_domain: \n    cert_path: \n    key_path: \n    port: \n    json: {\"cmd\": \"perform_challenge\", \"type\": \"http-01\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"validation\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"uri\": \"http://bristol3.pki.enigmabridge.com/.well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"command\": \"mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge\\ncd /tmp/certbot/public_html\\nprintf \\\"%s\\\" oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0 \u003e .well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\\n# run only once per server:\\n$(command -v python2 || command -v python2.7 || command -v python2.6) -c \\\\\\n\\\"import BaseHTTPServer, SimpleHTTPServer; \\\\\\ns = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \\\\\\ns.serve_forever()\\\" \", \"key_auth\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    -----END PERFORM-----\n\n    Starting new HTTP connection (1): bristol3.pki.enigmabridge.com\n    Unable to reach http://bristol3.pki.enigmabridge.com/.well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY: HTTPConnectionPool(host='bristol3.pki.enigmabridge.com', port=80): Max retries exceeded with url: /.well-known/acme-challenge/oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY (Caused by NewConnectionError('\u003crequests.packages.urllib3.connection.HTTPConnection object at 0x7ff5bc837d90\u003e: Failed to establish a new connection: [Errno 111] Connection refused',))\n    Self-verify of challenge failed.\n    Handler output (perform):\n\n    -----BEGIN PERFORM-----\n    cmd: perform\n    type: http-01\n    domain: bs3.pki.enigmabridge.com\n    uri: http://bs3.pki.enigmabridge.com/.well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\n    validation: L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\n    key-auth: L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\n    z_domain: \n    cert_path: \n    key_path: \n    port: \n    json: {\"cmd\": \"perform_challenge\", \"type\": \"http-01\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"validation\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"uri\": \"http://bs3.pki.enigmabridge.com/.well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"command\": \"mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge\\ncd /tmp/certbot/public_html\\nprintf \\\"%s\\\" L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0 \u003e .well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\\n# run only once per server:\\n$(command -v python2 || command -v python2.7 || command -v python2.6) -c \\\\\\n\\\"import BaseHTTPServer, SimpleHTTPServer; \\\\\\ns = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \\\\\\ns.serve_forever()\\\" \", \"key_auth\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\"}\n    -----END PERFORM-----\n\n    Starting new HTTP connection (1): bs3.pki.enigmabridge.com\n    Unable to reach http://bs3.pki.enigmabridge.com/.well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0: HTTPConnectionPool(host='bs3.pki.enigmabridge.com', port=80): Max retries exceeded with url: /.well-known/acme-challenge/L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0 (Caused by NewConnectionError('\u003crequests.packages.urllib3.connection.HTTPConnection object at 0x7ff5bc837f10\u003e: Failed to establish a new connection: [Errno 111] Connection refused',))\n    Self-verify of challenge failed.\n    Handler output (post-perform):\n\n    -----BEGIN POST-PERFORM-----\n    -----END POST-PERFORM-----\n\n    Waiting for verification...\n    Cleaning up challenges\n    Handler output (pre-cleanup):\n\n    -----BEGIN PRE-CLEANUP-----\n    -----END PRE-CLEANUP-----\n\n    Handler output (cleanup):\n\n    -----BEGIN CLEANUP-----\n    cmd: cleanup\n    type: http-01\n    domain: bristol3.pki.enigmabridge.com\n    status: pending\n    token: oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\n    error: None\n    json: {\"cmd\": \"cleanup\", \"type\": \"http-01\", \"status\": \"pending\", \"domain\": \"bristol3.pki.enigmabridge.com\", \"token\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY\", \"validation\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"key_auth\": \"oRezdno4N00Cfp2bLqJe45Ad3mwJ0q3xqIr7HML7RcY.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    -----END CLEANUP-----\n\n    Handler output (cleanup):\n\n    -----BEGIN CLEANUP-----\n    cmd: cleanup\n    type: http-01\n    domain: bs3.pki.enigmabridge.com\n    status: pending\n    token: L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\n    error: None\n    json: {\"cmd\": \"cleanup\", \"type\": \"http-01\", \"status\": \"pending\", \"domain\": \"bs3.pki.enigmabridge.com\", \"token\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0\", \"validation\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"key_auth\": \"L1xK8bOfybszr3MSJpf0oNZkxCDLLY1qzCKUwSwDYj0.tRQM98JsABZRm5-NiotcgD212RAUPPbyeDP30Ob_7-0\", \"validated\": null, \"error\": null}\n    -----END CLEANUP-----\n\n    Handler output (post-cleanup):\n\n    -----BEGIN POST-CLEANUP-----\n    -----END POST-CLEANUP-----\n\n    Generating key (2048 bits): /etc/letsencrypt/keys/0242_key-certbot.pem\n    Creating CSR: /etc/letsencrypt/csr/0242_csr-certbot.pem\n\n## Future work\n\n-  Add compatibility with\n   [Dehydrated](https://github.com/lukas2511/dehydrated) DNS hooks\n-  Communicate challenges via named pipes\n-  Communicate challenges via sockets\n\n## Manual Installation\n\nTo install, first install certbot (either on the root or in a\nvirtualenv), then:\n\n    python setup.py install\n\n## Credits\n\nThe plugin is based on the\n\n-  Let's Encrypt nginx plugin\n-  [certbot-external](https://github.com/marcan/certbot-external)\n-  ``manual.py`` certbot plugin.\n\nOnce ticket [2782](https://github.com/certbot/certbot/issues/2782) is\nresolved this won't be needed.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEnigmaBridge%2Fcertbot-external-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEnigmaBridge%2Fcertbot-external-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEnigmaBridge%2Fcertbot-external-auth/lists"}