https://github.com/runfalk/certbot-dns-loopia
Loopia DNS authentication plugin for Certbot
https://github.com/runfalk/certbot-dns-loopia
letsencrypt letsencrypt-plugin loopia maintainer-wanted ssl unmaintained
Last synced: about 1 month ago
JSON representation
Loopia DNS authentication plugin for Certbot
- Host: GitHub
- URL: https://github.com/runfalk/certbot-dns-loopia
- Owner: runfalk
- License: other
- Created: 2016-11-03T01:57:10.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2022-06-20T08:21:28.000Z (over 3 years ago)
- Last Synced: 2024-12-30T01:41:56.553Z (9 months ago)
- Topics: letsencrypt, letsencrypt-plugin, loopia, maintainer-wanted, ssl, unmaintained
- Language: Python
- Size: 49.8 KB
- Stars: 37
- Watchers: 4
- Forks: 11
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Loopia DNS Authenticator for Certbot
This allows automatic completion of
[Certbot's](https://github.com/certbot/certbot) DNS01 challenge for
domains managed on [Loopia](https://www.loopia.se/) DNS.
## Installing
```shell
$ sudo pip install certbot-dns-loopia
```
Note that you should normally install this as `root`, unless you know
what you are doing.
## Preconditions
### Loopia API user
The plugin requires the following permissions enabled for your Loopia API user:
- `addZoneRecord`
- `getZoneRecords`
- `removeSubdomain`
- `removeZoneRecord`
### Credentials file
An INI file with `user` and `password` for your Loopia API user needs to be created. `user`
normally has the format `user@loopiaapi`.
The credentials file must have the following format:
```INI
dns_loopia_user = user@loopiaapi
dns_loopia_password = passwordgoeshere
```
For safety reasons the file must not be world readable. You can solve
this by running:
```shell
$ chmod 600 credentials.ini
```
## Usage
### Parameters
When using `certbot` with `certbot-dns-loopia`, aside from the usual parameters accepted by `certbot`, the following
parameters may be used:
| Parameter | Required? | Default | Description |
|---------------------------------------------|----------------------------|---------|-------------------|
|`--dns-loopia-credentials ` | :heavy_check_mark:️ | - | The path of the INI file containing your Loopia API user credentials |
|`--dns-loopia-propagation-seconds ` | | 900 | Determines how many seconds to wait before contacting the ACME server after adding the zone record to Loopia DNS
### Examples
To obtain a certificate for `domain.com`, run `certbot` using:
```shell
$ sudo certbot certonly \
--authenticator dns-loopia \
--dns-loopia-credentials credentials.ini \
-d domain.com
```
To obtain a wildcard certificate for all subdomains of `domain.com`:
```shell
$ sudo certbot certonly \
--authenticator dns-loopia \
--dns-loopia-credentials credentials.ini \
-d *.domain.com
```
To obtain a certificate valid for multiple domains using [SAN](https://en.wikipedia.org/wiki/Subject_Alternative_Name),
in this example for `foo.com` and `bar.com`:
```shell
$ sudo certbot certonly \
--authenticator dns-loopia \
--dns-loopia-credentials credentials.ini \
-d foo.com \
-d bar.com
```
## Known issues
- Due to caching on Loopia's side it can take up to 15 minutes before
changes propagate. Therefore, the plugin will wait 15 minutes before
contacting the ACME server.
It has been known to work with as little as 90 seconds and sometimes
less. If you want to try something other than 15 minutes, use
`--dns-loopia-propagation-seconds 90` for 90 seconds
or however many seconds you want.
Contributing
------------
How to set up a dev environment, test and publish new versions of the
project is described on the [DEVELOP page](DEVELOP.md).
Disclaimer
----------
This plugin is neither affiliated with nor endorsed by Loopia AB.