Certbot的SafeDNS身份验证程序插件
certbot-dns-safedns的Python项目详细描述
Certbot的SafeDNS身份验证程序插件
快速启动
docker run -it -v $(pwd)/safedns.ini:/safedns.ini -v /etc/letsencrypt:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt ukfast/certbot-dns-safedns:latest <certbot args>
设置
^{pr2}$执行
certbot certonly --authenticator certbot-dns-safedns:dns_safedns
Warning: certbot might tell you that it doesn't have permissions to write to its log file. However, if you run certbot as sudo, you won't have access to the safedns plugin if you didn't install the plugin as sudo.
这将导致certbot出现以下错误:
Could not choose appropriate plugin: The requested dns_safedns plugin does not appear to be installed
要解决这个问题,只需:
sudo pip3 install certbot-dns-safedns sudo certbot certonly --authenticator certbot-dns-safedns:dns_safedns
如果遇到任何python加密错误,例如:
ContextualVersionConflict: ...
只要确保升级你的pyopenssl。在
sudo pip install --upgrade pyopenssl
凭证和配置选项
使用此插件需要一个包含SafeDNS API凭据的配置文件,该文件从MyUKFastaccount page获得。另请参阅SafeDNS API文档。在
示例credentials.ini
文件:
certbot_dns_safedns:dns_safedns_auth_token=0123456789abcdef0123456789abcdef01234567certbot_dns_safedns:dns_safedns_propagation_seconds=20
可以交互方式或使用--certbot-dns-safedns:dns_safedns-credentials
命令行参数提供此文件的路径。Certbot记录此文件的路径,以便在续订期间使用,但不存储文件的内容。在
CAUTION: You should protect these API credentials as you would the password to your MyUKFast account. Users who can read this file can use these credentials to issue arbitrary API calls on your behalf. Users who can cause Certbot to run using these credentials can complete a
dns-01
challenge to acquire new certificates or revoke existing certificates for associated domains, even if those domains aren't being managed by this server.
如果Certbot检测到您系统上的其他用户可以访问凭据文件,它将发出警告。警告显示“凭据配置文件上的不安全权限”,后跟凭据文件的路径。每次Certbot使用凭据文件(包括续订)时都会发出此警告,并且除非通过解决该问题(例如,通过使用chmod 600
之类的命令来限制对该文件的访问),否则无法使其静音。在
示例
要获取example.com
和*.example.com
的单一证书,请等待900秒进行DNS传播:
certbot certonly \ --authenticator certbot-dns-safedns:dns_safedns \ --certbot-dns-safedns:dns_safedns-credentials ~/.secrets/certbot/safedns.ini \ --certbot-dns-safedns:dns_safedns-propagation-seconds 900\ --server https://acme-v02.api.letsencrypt.org/directory \ -d 'example.com'\ -d '*.example.com'
建造
safedns插件的包托管在pypi上:https://pypi.org/project/certbot-dns-safedns/
要从源代码构建和上载包,请首先确保在setup.py
中增加了版本号。在
删除build
dist
和{
然后运行:
python3 setup.py sdist bdist_wheel
部署
python3 -m twine upload dist/*
Warning: Use the username:
__token__
, along with the token registered on pypi.
- 项目
标签: