Plugin for certbot for a DNS-01 challenge with a DuckDNS domain.
certbot_dn_duckdns is a plugin for certbot to create the DNS-01 challenge for a DuckDNS domain. The plugin takes care of setting and deleting the TXT entry via the DuckDNS API.
If you want to use the docker image, then you don't need any requirements other than a working docker installation and can proceed directly to the usage
If you prefer the local installation, then you need at least version 3.6 of Python installed. If you want to install this plugin with pip, then you also need pip3 installed.
If you already have certbot installed, make sure you have at least version 1.7.0 installed.
You can check what version of certbot is installed with this command:
certbot --version
If you don't have certbot installed yet, then the PyPI version of certbot will be installed automatically during the installation.
Note: If you want to run certbot with root privileges, then you need to install the plugin with root privileges too. Otherwise certbot cannot find the plugin.
Use the following command to install certbot_dns_duckdns with pip:
pip install certbot_dns_duckdns
You can also very easily update to a newer version:
pip install certbot_dns_duckdns -U
git clone https://github.com/infinityofspace/certbot_dns_duckdns
cd certbot_dns_duckdns
pip install .
To check if the plugin is installed correctly and detected properly by certbot, you can use the following command:
certbot plugins
Below are some examples of how to use the plugin:
Generate a certificate for a DNS-01 challenge of the domain "example.duckdns.org":
certbot certonly \
--non-interactive \
--agree-tos \
--email <your-email> \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "example.duckdns.org"
Generate a wildcard certificate for a DNS-01 challenge of all subdomains "*.example.duckdns.org":
certbot certonly \
--non-interactive \
--agree-tos \
--email <your-email> \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "*.example.duckdns.org"
Generate a certificate for a DNS-01 challenge of the domain "example.duckdns.org" without an account (i.e. without an email address):
certbot certonly \
--non-interactive \
--agree-tos \
--register-unsafely-without-email \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "example.duckdns.org"
Generate a staging certificate (i.e. temporary testing certificate) for a DNS-01 challenge of the domain " example.duckdns.org":
certbot certonly \
--non-interactive \
--agree-tos \
--email <your-email> \
--preferred-challenges dns \
--authenticator dns-duckdns \
--dns-duckdns-token <your-duckdns-token> \
--dns-duckdns-propagation-seconds 60 \
-d "example.duckdns.org" \
--staging
You can find al list of all available certbot cli options in the official documentation of certbot.
You can simply start a new container to obtain a new certificate:
docker run \
-e EMAIL="<your-email>" \
-e DOMAIN="<your-full-duckdns-domain>" \
-e DUCKDNS_TOKEN="<your-duckdns-token>" \
-v mycerts:/etc/letsencrypt \
infinityofspace/certbot_dns_duckdns:latest
You will find the certificate after a moment in the folder "mycerts" on your host system in the current execution directory.
You can also let the certificate renew automatically:
docker run \
-e EMAIL="<your-email>" \
-e DOMAIN="<your-full-duckdns-domain>" \
-e DUCKDNS_TOKEN="<your-duckdns-token>" \
-e AUTORENEW=true \
-v mycerts:/etc/letsencrypt \
infinityofspace/certbot_dns_duckdns:latest
You can find an example docker compose file here.
There are the following environment variables:
environment variable | description | required |
---|---|---|
DOMAIN | The DuckDNS domain for which you want to get the certificate | yes |
DUCKDNS_TOKEN | Your DuckDNS API Token | yes |
Your email address with which the Letsencrypt account should be created. If it is not specified, then no account will be created. |
no | |
STAGING | Use the staging environment of Letsencrypt. Default value is false | no |
AUTORENEW | Renew the certificate automatically. Default value is false | no |
RECREATE | Delete all previous certificate data data. Default value is false | no |
ADDITIONAL_CERTBOT_ARGS | A string with additional certbot arguments. For example: "--deploy-hook ./hooks/my_cert_hook.sh" |
no |
You can the FAQ in the wiki.
All modules used by this project are listed below:
Name | License |
---|---|
certbot | Apache 2.0 |
requests | Apache 2.0 |
zope.interface | ZPL-2.1 |
setuptools | MIT |
Furthermore, this readme file contains embeddings of Shields.io.
MIT - Copyright (c) 2021 Marvin Heptner