内容简介:ACME-DNS DNS Authenticator plugin forThis plugin is built from the ground up and follows the development style and life-cycle of otherVerify:
certbot-dns-acmedns
ACME-DNS DNS Authenticator plugin for Certbot .
This plugin is built from the ground up and follows the development style and life-cycle
of other certbot-dns-*
plugins found in the Official Certbot Repository
.
Installation
pip install --upgrade certbot pip install certbot-dns-acmedns
Verify:
$ certbot plugins --text - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - * certbot-dns-acmedns:dns-acmedns Description: Obtain certificates using a DNS TXT record (if you are using ACME-DNS for DNS.) Interfaces: IAuthenticator, IPlugin Entry point: dns-acmedns = certbot_dns_acmedns.dns_acmedns:Authenticator ... ...
Configuration
The (certbot) credentials file e.g. acmedns-credentials.ini
should look like this:
# cat acmedns-credentials.ini certbot_dns_acmedns:dns_acmedns_api_url = http://acmedns-server/ certbot_dns_acmedns:dns_acmedns_registration_file = /etc/certbot/acme-registration.json
This plugin does not do ACME-DNS registration
and you are responsible to make
sure /etc/certbot/acme-registration.json
(in the example above) contains
the registration data in the following format:
# cat /etc/certbot/acme-registration.json
{
"something.acme.com": {
"username": "6e14735c-2c6a-447e-b63d-a23ac4438bd7",
"password": "dd6gnYS-IxrQfDLbdPRX3hrFhS_SLrwbS0kSl_i8",
"fulldomain": "3b750a0e-c627-423f-9966-4799c6a9533b.auth.example.org",
"subdomain": "3b750a0e-c627-423f-9966-4799c6a9533b",
"allowfrom": []
}
}
This format is the same as the one used in some other tools, e.g. cert-manager ACME-DNS plugin
Usage
certbot ... \
--authenticator certbot-dns-acmedns:dns-acmedns \
--certbot-dns-acmedns:dns-acmedns-credentials /etc/certbot/acmedns-credentials.ini \
certonly
FAQ
Why such long name for a plugin?
This follows the upstream nomenclature: certbot-dns-<dns-provider>
.
Why do I have to use :
separator in the name? And why are the configuration file parameters so weird?
This is a limitation of the Certbot interface towards third-party plugins.
For details read the discussions:
- https://github.com/certbot/certbot/issues/6504#issuecomment-473462138
- https://github.com/certbot/certbot/issues/6040
- https://github.com/certbot/certbot/issues/4351
- https://github.com/certbot/certbot/pull/6372
Development
Create a virtualenv, install the plugin ( editable
mode),
spawn the environment and run the test:
Prepare the support environment:
docker-compose up -d
You can also omit -d
if you wish to see backend server logs side-by-side with
the client.
Run certbot client
docker build -t certbot_acmedns_client -f test/Dockerfile test/ docker run -it --rm --network certbot-dns-acmedns_default --dns "10.151.40.100" -v $PWD:/certbot-dns-acmedns certbot_acmedns_client sh -c 'pip3 install -e /certbot-dns-acmedns && /certbot-dns-acmedns/test/e2e_test.sh'
License
Copyright (c) 2020 DT Pan-Net s.r.o
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
宇宙涟漪中的孩子
谢云宁 / 四川科学技术出版社 / 2017-11 / 28.00元
近未来。日冕科技公司通过建造围绕太阳的光幕搜集了近乎无穷的能源,这些能源主要用于地球上的网络空间建设。随着全球网络时间频率的不断提升,越来越多的人选择接驳进虚拟空间,体验现实中难以经历的丰富人生。 网络互动小说作者宁天穹一直自认为是这些人中普通的一员,有一天却被一名读者带进反抗组织,了解到日冕公司的各种秘密,并被告知自己的小说将在抵抗运动中起到重要作用。 起初他拒绝参与,但看到地球被笼......一起来看看 《宇宙涟漪中的孩子》 这本书的介绍吧!
