Skip to content

Mordred/certbot-plugin-websupport

Repository files navigation

Certbot plugin for authentication using Websupport REST API

This is a plugin for Certbot that uses the Websupport REST API to allow Websupport customers to prove control of a domain name.

Usage

  1. Obtain an API key and API secret (see Account Page)

  2. Install the plugin using pip install certbot-plugin-websupport

  3. Create a websupport.ini config file with the following contents and apply chmod 600 websupport.ini on it:

    dns_websupport_api_key = APIKEY
    dns_websupport_api_secret = SECRET
    

    Replace APIKEY with your Websupport API key, SECRET with your API secret and ensure permissions are set to disallow access to other users.

  4. Run certbot and direct it to use the plugin for authentication and to use the config file previously created:

    certbot certonly -a dns-websupport --dns-websupport-credentials websupport.ini -d domain.com
    

    Add additional options as required to specify an installation plugin etc.

Please note that this solution is usually not relevant if you're using Websupport's web hosting services as Websupport offers free automated certificates for all simplehosting plans having SSL in the admin interface.

Updates

This plugin can be updated by running:

pip install certbot-plugin-websupport --upgrade

Wildcard certificates

This plugin is particularly useful when you need to obtain a wildcard certificate using dns challenges:

certbot certonly -a dns-websupport --dns-websupport-credentials websupport.ini -d domain.com -d \*.domain.com

Automatic renewal

You can setup automatic renewal using crontab with the following job for weekly renewal attempts:

0 0 * * 0 certbot renew -q -a dns-websupport --dns-websupport-credentials /etc/letsencrypt/websupport.ini

Docker

You can use Dockerfile to build a image:

FROM certbot/certbot
RUN pip3 install certbot-plugin-websupport

E.g:

docker build -t certbot/dns-websupport .

Then you can generate certificate using:

docker run -it --rm \
    -v /var/lib/letsencrypt:/var/lib/letsencrypt \
    -v /etc/letsencrypt:/etc/letsencrypt \
    certbot/dns-websupport \
    certonly \
    --authenticator dns-websupport \
    --dns-websupport-credentials "/etc/letsencrypt/.secrets/credentials.ini" \
    --email full.name@example.com \
    --agree-tos \
    --non-interactive \
    --rsa-key-size 4096 \
    -d *.example.com

And renewal:

docker run -it --rm \
    -v /var/lib/letsencrypt:/var/lib/letsencrypt \
    -v /etc/letsencrypt:/etc/letsencrypt \
    certbot/dns-websupport \
    certonly renew \
    --authenticator dns-websupport \
    --dns-websupport-credentials "/etc/letsencrypt/.secrets/credentials.ini"

About

Certbot plugin for DNS using Websupport service.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages