Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Certbot plugin for authentication using Gandi LiveDNS

License

NotificationsYou must be signed in to change notification settings

obynio/certbot-plugin-gandi

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

76 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

This is a plugin forCertbot that uses the GandiLiveDNS API to allowGandicustomers to prove control of a domain name.

Important

In order to match the naming convention for certbot plugin, the plugin has been repackaged under a new namecertbot-dns-plugin and legacy users of the previous package will receive the new package as a dependency.

Usage

  1. Obtain a Gandi API token (seeGandi LiveDNS API)

  2. Install the plugin and ensure the old plugin name variant is not present:

    pip uninstall certbot-plugin-gandipip install certbot-dns-gandi>=1.6.0
  3. Create a/etc/letsencrypt/gandi.ini config file with the following contents:

    # Gandi Tokendns_gandi_token=TOKEN# optional organization id, remove it if not useddns_gandi_sharing_id=SHARINGID

    ReplacePERSONAL_ACCESS_TOKEN with your Gandi personal access token.You can also use a Gandi LiveDNS API Key instead, see FAQ below.

  4. Ensure permissions are set to disallow access from other users, e.g., usingchmod 0600 gandi.ini

  5. Runcertbot and direct it to use the plugin for authentication with the config file:

    certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini -d example.com# orcertbot renew --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini

Please note that this solution is usually not relevant if you're using Gandi's web hosting services as Gandi offers free automated certificates for all simplehosting plans having SSL in the admin interface.

Be aware that the plugin configuration must be provided by CLI, configuration for third-party plugins incli.ini is not supported by certbot for the moment. Please refer to#4351,#6504 and#7681 for details.

Distribution

PyPI is the upstream distribution channel, other channels are not maintained by me.

pip uninstall certbot-plugin-gandipip install certbot-dns-gandi>=1.6.0

Installing this plugin from PyPI usingpip will also install a recent version of certbot itself, which may conflict with any other certbot already installed on your system. See the providedDockerfile on how to containerize certbot + the plugin to run together.

Wildcard certificates

This plugin is particularly useful when you need to obtain a wildcard certificate using dns challenges:

certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini -d domain.com -d \*.domain.com --server https://acme-v02.api.letsencrypt.org/directory

Automatic renewal

You can setup automatic renewal usingcrontab with the following job for weekly renewal attempts:

0 0 * * 0 certbot renew -q --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini --server https://acme-v02.api.letsencrypt.org/directory

Reading material

FAQ

What'scertbot-plugin-gandi andcertbot-dns-gandi ?

Decision was taken to adapt the name of the plugin to the common DNS plugin naming conventioncertbot-dns-* so the legacy packagecertbot-plugin-gandi will be deprecated in favor ofcertbot-dns-gandi.

I don't have a personal access token, only a Gandi LiveDNS API Key

Live DNS API keys are deprecated and now unusable.

I have a warning telling mePlugin legacy name certbot-plugin-gandi:dns may be removed in a future version. Please use dns instead.

Certbot had moved to remove 3rd party plugins prefixes since v1.7.0. Please switch to the new configuration format and remove any used prefix-based configuration.

Why do you keep this plugin a third-party plugin ? Just merge it with certbot ?

This Gandi plugin is a third-party plugin mainly because this plugin is not officially backed by Gandi and because Certbotdoes not accept new plugin submissions.

no_submission

Credits

Huge thanks to Michael Porter for itsoriginal work !


[8]ページ先頭

©2009-2025 Movatter.jp