GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → pan-net-security → certbot-dns-acmedns

pan-net-security / certbot-dns-acmedns

Licence: Apache-2.0 license
Certbot ACME-DNS DNS01 plugin for Certbot

Programming Languages

python
139335 projects - #7 most used programming language
shell
77523 projects
Dockerfile
14818 projects

Labels

x509pkicertbotacme-dnscertbot-dns-acmedns

Projects that are alternatives of or similar to certbot-dns-acmedns

certgrinder
Certgrinder is a client/server system for getting LetsEncrypt certificates for your infrastructure. ACME challenges are handled by the Certgrinder server, making it possible to get certificates in highly isolated environments, since only an SSH connection to the Certgrinder server is needed.
Stars: ✭ 24 (+0%)
Mutual labels:  x509, pki, certbot
certbot-dns-powerdns
PowerDNS DNS Authenticator plugin for Certbot
Stars: ✭ 22 (-8.33%)
Mutual labels:  x509, pki, certbot
pki-manager
IT Freelancers : Manage small PKI for multiple projects (or clients) with 2 bash scripts
Stars: ✭ 36 (+50%)
Mutual labels:  x509, pki
Pebble
A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority. Let's Encrypt is hiring! Work on Pebble with us.
Stars: ✭ 359 (+1395.83%)
Mutual labels:  x509, pki
Certspotter
Certificate Transparency Log Monitor
Stars: ✭ 497 (+1970.83%)
Mutual labels:  x509, pki
ocaml-x509
X509 (RFC5280) handling in OCaml
Stars: ✭ 40 (+66.67%)
Mutual labels:  x509, pki
Certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Stars: ✭ 3,693 (+15287.5%)
Mutual labels:  x509, pki
Django X509
Reusable django app implementing x509 PKI certificates management
Stars: ✭ 326 (+1258.33%)
Mutual labels:  x509, pki
X509
Elixir package for working with X.509 certificates, Certificate Signing Requests (CSRs), Certificate Revocation Lists (CRLs) and RSA/ECC key pairs
Stars: ✭ 68 (+183.33%)
Mutual labels:  x509, pki
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (+462.5%)
Mutual labels:  x509, pki
Phpasn1
A PHP library to encode and decode arbitrary ASN.1 structures using ITU-T X.690 encoding rules.
Stars: ✭ 136 (+466.67%)
Mutual labels:  x509, pki
kmgm
🔐🔗 Generate certs for your cluster, easy way
Stars: ✭ 22 (-8.33%)
Mutual labels:  x509, pki
pki
Certificate Authority management suite
Stars: ✭ 23 (-4.17%)
Mutual labels:  x509, pki
Openxpki
OpenXPKI Code
Stars: ✭ 304 (+1166.67%)
Mutual labels:  x509, pki
x509sak
X.509 Swiss Army Knife is a toolkit atop OpenSSL to ease generation of CAs and aid white-hat pentesting
Stars: ✭ 23 (-4.17%)
Mutual labels:  x509, pki
ct-woodpecker
A tool to monitor a certificate transparency log for operational problems
Stars: ✭ 136 (+466.67%)
Mutual labels:  x509, pki
Certlint
X.509 certificate linter, written in Go
Stars: ✭ 60 (+150%)
Mutual labels:  x509, pki
Pspki
PowerShell PKI Module
Stars: ✭ 189 (+687.5%)
Mutual labels:  x509, pki
rfc3161timestampingserver
This project offers a rfc 3161 compliant timestamping authority/server
Stars: ✭ 30 (+25%)
Mutual labels:  x509, pki
laravel-x509-auth
Client certificate authentication middleware for Laravel 5
Stars: ✭ 34 (+41.67%)
Mutual labels:  x509
View All Similar Projects ➔

Build Status Coverage Status Libraries.io dependency status for latest release Quality Gate Status PyPI - Status PyPI - Python Version

certbot-dns-acmedns

ACME-DNS DNS Authenticator plugin for Certbot.

ACME-DNS is a simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Explaining details of ACME-DNS is not part of this repo, we assume you have running ACME-DNS server. To understand what ACME-DNS is and for details on how to run/use ACME-DNS server see ACME-DNS repo.

This plugin is built from the ground up and follows the development style and life-cycle of other certbot-dns-* plugins found in the individual directories of the Official Certbot Repository.

For general information about Certbot plugin development see Certbot developer documentation.

Installation

pip install --upgrade certbot
pip install certbot-dns-acmedns

Verify:

$ certbot plugins --text

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* certbot-dns-acmedns:dns-acmedns
Description: Obtain certificates using a DNS TXT record (if you are using
ACME-DNS for DNS.)
Interfaces: IAuthenticator, IPlugin
Entry point: dns-acmedns = certbot_dns_acmedns.dns_acmedns:Authenticator

...
...

Configuration

The (certbot) credentials file e.g. acmedns-credentials.ini should look like this:

# cat acmedns-credentials.ini
certbot_dns_acmedns:dns_acmedns_api_url = http://acmedns-server/
certbot_dns_acmedns:dns_acmedns_registration_file = /etc/certbot/acme-registration.json

This plugin does not do ACME-DNS registration and you are responsible to make sure /etc/certbot/acme-registration.json (in the example above) contains the registration data in the following format:

# cat /etc/certbot/acme-registration.json
{
  "something.acme.com": {
    "username": "6e14735c-2c6a-447e-b63d-a23ac4438bd7",
    "password": "dd6gnYS-IxrQfDLbdPRX3hrFhS_SLrwbS0kSl_i8",
    "fulldomain": "3b750a0e-c627-423f-9966-4799c6a9533b.auth.example.org",
    "subdomain": "3b750a0e-c627-423f-9966-4799c6a9533b",
    "allowfrom": []
  }
}

This format is the same as the one used in some other tools, e.g. cert-manager ACME-DNS plugin

Usage

certbot ... \
        --authenticator certbot-dns-acmedns:dns-acmedns  \
        --certbot-dns-acmedns:dns-acmedns-credentials /etc/certbot/acmedns-credentials.ini \
        certonly

FAQ

Why such long name for a plugin?

This follows the upstream nomenclature: certbot-dns-<dns-provider>.

Why do I have to use : separator in the name? And why are the configuration file parameters so weird?

This is a limitation of the Certbot interface towards third-party plugins.

For details read the discussions:

Development

Create a virtualenv, install the plugin (editable mode), spawn the environment and run the test:

Prepare the support environment:

docker-compose up -d

You can also omit -d if you wish to see backend server logs side-by-side with the client.

Run certbot client

docker build -t certbot_acmedns_client -f test/Dockerfile test/
docker run -it --rm --network certbot-dns-acmedns_default --dns "10.151.40.100" -v $PWD:/certbot-dns-acmedns certbot_acmedns_client sh -c 'pip3 install -e /certbot-dns-acmedns && /certbot-dns-acmedns/test/e2e_test.sh'

License

Apache License Version 2.0, January 2004

Authors

DT Pan-Net s.r.o

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].