Acmedns Authenticator Plugin for Certbot

栏目: IT技术 · 发布时间: 4年前

内容简介:ACME-DNS DNS Authenticator plugin forThis plugin is built from the ground up and follows the development style and life-cycle of otherVerify:

certbot-dns-acmedns

ACME-DNS DNS Authenticator plugin for Certbot .

This plugin is built from the ground up and follows the development style and life-cycle of other certbot-dns-* plugins found in the Official Certbot Repository .

Installation

pip install --upgrade certbot
pip install certbot-dns-acmedns

Verify:

$ certbot plugins --text

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* certbot-dns-acmedns:dns-acmedns
Description: Obtain certificates using a DNS TXT record (if you are using
ACME-DNS for DNS.)
Interfaces: IAuthenticator, IPlugin
Entry point: dns-acmedns = certbot_dns_acmedns.dns_acmedns:Authenticator

...
...

Configuration

The (certbot) credentials file e.g. acmedns-credentials.ini should look like this:

# cat acmedns-credentials.ini
certbot_dns_acmedns:dns_acmedns_api_url = http://acmedns-server/
certbot_dns_acmedns:dns_acmedns_registration_file = /etc/certbot/acme-registration.json

This plugin does not do ACME-DNS registration and you are responsible to make sure /etc/certbot/acme-registration.json (in the example above) contains the registration data in the following format:

# cat /etc/certbot/acme-registration.json
{
  "something.acme.com": {
    "username": "6e14735c-2c6a-447e-b63d-a23ac4438bd7",
    "password": "dd6gnYS-IxrQfDLbdPRX3hrFhS_SLrwbS0kSl_i8",
    "fulldomain": "3b750a0e-c627-423f-9966-4799c6a9533b.auth.example.org",
    "subdomain": "3b750a0e-c627-423f-9966-4799c6a9533b",
    "allowfrom": []
  }
}

This format is the same as the one used in some other tools, e.g. cert-manager ACME-DNS plugin

Usage

certbot ... \
        --authenticator certbot-dns-acmedns:dns-acmedns  \
        --certbot-dns-acmedns:dns-acmedns-credentials /etc/certbot/acmedns-credentials.ini \
        certonly

FAQ

Why such long name for a plugin?

This follows the upstream nomenclature: certbot-dns-<dns-provider> .

Why do I have to use : separator in the name? And why are the configuration file parameters so weird?

This is a limitation of the Certbot interface towards third-party plugins.

For details read the discussions:

Development

Create a virtualenv, install the plugin ( editable mode), spawn the environment and run the test:

Prepare the support environment:

docker-compose up -d

You can also omit -d if you wish to see backend server logs side-by-side with the client.

Run certbot client

docker build -t certbot_acmedns_client -f test/Dockerfile test/
docker run -it --rm --network certbot-dns-acmedns_default --dns "10.151.40.100" -v $PWD:/certbot-dns-acmedns certbot_acmedns_client sh -c 'pip3 install -e /certbot-dns-acmedns && /certbot-dns-acmedns/test/e2e_test.sh'

License

Copyright (c) 2020 DT Pan-Net s.r.o


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Mastering JavaServer Faces

Mastering JavaServer Faces

Bill Dudney、Jonathan Lehr、Bill Willis、LeRoy Mattingly / Wiley / 2004-6-7 / USD 40.00

Harness the power of JavaServer Faces to create your own server-side user interfaces for the Web This innovative book arms you with the tools to utilize JavaServer Faces (JSF), a new standard that wi......一起来看看 《Mastering JavaServer Faces》 这本书的介绍吧!

在线进制转换器
在线进制转换器

各进制数互转换器

SHA 加密
SHA 加密

SHA 加密工具

html转js在线工具
html转js在线工具

html转js在线工具