Fabio/certbot-dns-ionos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update and rename README.rst to README.md

Browse source
This commit is contained in:
DorianCoding 2024-10-14 20:35:08 +02:00 committed by GitHub
parent fd7a3f5b6c
commit 8d34261163
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 40 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
README.rst → README.md
View file

@ -1,13 +1,13 @@
certbot-dns-ionos # certbot-dns-ionos
=====================
IONOS_ DNS Authenticator plugin for Certbot_ IONOS DNS Authenticator plugin for Certbot
![Ionos](https://www.ionos.co.uk/newsroom/wp-content/uploads/sites/7/2021/12/LOGO_IONOS_Blue_RGB-1.png)
This plugin automates the process of completing a ``dns-01`` challenge by This plugin automates the process of completing a ``dns-01`` challenge by
creating, and subsequently removing, TXT records using the IONOS Remote API. creating, and subsequently removing, TXT records using the IONOS Remote API.
Configuration of IONOS ## Configuration of IONOS
---------------------------
In the `System -> Remote Users` you have to have a user, with the following rights In the `System -> Remote Users` you have to have a user, with the following rights
@ -19,52 +19,48 @@ In the `System -> Remote Users` you have to have a user, with the following righ
.. _IONOS: https://www.ionos.de/ .. _IONOS: https://www.ionos.de/
.. _Certbot: https://certbot.eff.org/ .. _Certbot: https://certbot.eff.org/
Installation ## Installation
------------
:: ### Snap
pip install certbot-dns-ionos [![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/certbot-dns-ionos)
Named Arguments ### Pip
---------------
`pip install certbot-dns-ionos`
## Named Arguments
To start using DNS authentication for ionos, pass the following arguments on To start using DNS authentication for ionos, pass the following arguments on
certbot's command line: certbot's command line:
| Command args | Command definition |
=============================================== =============================================== | --- | --- |
``--authenticator dns-ionos`` select the authenticator plugin (Required) |``--authenticator dns-ionos`` | select the authenticator plugin (Required) |
|``--dns-ionos-credentials`` |ionos Remote User credentials INI file. (Required) |
``--dns-ionos-credentials`` ionos Remote User credentials |``--dns-ionos-propagation-seconds``|waiting time for DNS to propagate before asking the ACME server to verify the DNS record. (Default: 10, Recommended: >= 600) |
INI file. (Required)
``--dns-ionos-propagation-seconds`` waiting time for DNS to propagate before asking
the ACME server to verify the DNS record.
(Default: 10, Recommended: >= 600)
=============================================== ===============================================
Credentials ## Credentials
-----------
An example ``credentials.ini`` file: An example ``credentials.ini`` file:
.. code-block:: ini ```ini
dns_ionos_prefix = myapikeyprefix dns_ionos_prefix = myapikeyprefix
dns_ionos_secret = verysecureapikeysecret dns_ionos_secret = verysecureapikeysecret
dns_ionos_endpoint = https://api.hosting.ionos.com dns_ionos_endpoint = https://api.hosting.ionos.com
```
The key can be managed under the following link: https://developer.hosting.ionos.de/?source=IonosControlPanel The key can be managed under the following link: https://developer.hosting.ionos.de/?source=IonosControlPanel
The path to this file can be provided interactively or using the The path to this file can be provided interactively or using the
``--dns-ionos-credentials`` command-line argument. Certbot `--dns-ionos-credentials` command-line argument. Certbot
records the path to this file for use during renewal, but does not store the records the path to this file for use during renewal, but does not store the
file's contents. file's contents.
**CAUTION:** You should protect these API credentials as you would the > [!CAUTION]
> You should protect these API credentials as you would the
password to your ionos account. Users who can read this file can use these password to your ionos account. Users who can read this file can use these
credentials to issue arbitrary API calls on your behalf. Users who can cause credentials to issue arbitrary API calls on your behalf. Users who can cause
Certbot to run using these credentials can complete a ``dns-01`` challenge to Certbot to run using these credentials can complete a ``dns-01`` challenge to
@ -80,14 +76,12 @@ including for renewal, and cannot be silenced except by addressing the issue
``chmod 700`` to restrict access to the folder). ``chmod 700`` to restrict access to the folder).
Examples ## Examples
--------
To acquire a single certificate for both ``example.com`` and To acquire a single certificate for both ``example.com`` and
``*.example.com``, waiting 900 seconds for DNS propagation: ``*.example.com``, waiting 900 seconds for DNS propagation:
.. code-block:: bash ```bash
certbot certonly \ certbot certonly \
--authenticator dns-ionos \ --authenticator dns-ionos \
--dns-ionos-credentials /etc/letsencrypt/.secrets/domain.tld.ini \ --dns-ionos-credentials /etc/letsencrypt/.secrets/domain.tld.ini \
@ -97,25 +91,25 @@ To acquire a single certificate for both ``example.com`` and
--rsa-key-size 4096 \ --rsa-key-size 4096 \
-d 'example.com' \ -d 'example.com' \
-d '*.example.com' -d '*.example.com'
```
## Docker
Docker
------
In order to create a docker container with a certbot-dns-ionos installation, In order to create a docker container with a certbot-dns-ionos installation,
create an empty directory with the following ``Dockerfile``: create an empty directory with the following ``Dockerfile``:
.. code-block:: docker ```docker
FROM certbot/certbot FROM certbot/certbot
RUN pip install certbot-dns-ionos RUN pip install certbot-dns-ionos
```
Proceed to build the image:: Proceed to build the image
```docker
docker build -t certbot/dns-ionos . docker build -t certbot/dns-ionos .
```
Once that's finished, the application can be run as follows:: Once that's finished, the application can be run as follows::
```docker
docker run --rm \ docker run --rm \
-v /var/lib/letsencrypt:/var/lib/letsencrypt \ -v /var/lib/letsencrypt:/var/lib/letsencrypt \
-v /etc/letsencrypt:/etc/letsencrypt \ -v /etc/letsencrypt:/etc/letsencrypt \
@ -129,15 +123,15 @@ Once that's finished, the application can be run as follows::
--keep-until-expiring --non-interactive --expand \ --keep-until-expiring --non-interactive --expand \
--server https://acme-v02.api.letsencrypt.org/directory \ --server https://acme-v02.api.letsencrypt.org/directory \
-d example.com -d '*.example.com' -d example.com -d '*.example.com'
```
It is suggested to secure the folder as follows:: It is suggested to secure the folder as follows
```bash
chown root:root /etc/letsencrypt/.secrets chown root:root /etc/letsencrypt/.secrets
chmod 700 /etc/letsencrypt/.secrets chmod 700 /etc/letsencrypt/.secrets
```
The file 'domain.tld.ini' must be replaced with the version of the example 'credentials.ini' adapted to your provider. The file 'domain.tld.ini' must be replaced with the version of the example 'credentials.ini' adapted to your provider.
Changelog ## Changelog
=========
- 2024.01.08 - 2024.01.08