Skip to content
/ porkbun_certbot_auth Public
forked from mmsaffari/porkbun_certbot_auth

Certbot authenticator and cleanup scripts for Porkbun DNS challenge

License

Unlicense license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

alexbcberio/porkbun_certbot_auth

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

.env.example

.env.example

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

porkbun_auth.sh

porkbun_auth.sh

 
 

porkbun_cleanup.sh

porkbun_cleanup.sh

 
 

renew_certs.sh

renew_certs.sh

 
 

Repository files navigation

Porkbun scripts for certbot

Issuing wildcard domain certificates with certbot, when your dns server is not one of the famous ones like CloudFlare, DigitalOcean, etc., can be a cumbersome task. Here I will try to provide a walkthrough for when you are managing your domain's DNS records on https://porkbun.com. There are plugins for PorkBunäs DNS challenge on snap or PyPI but connecting certbot to those plugins didn't really work for me, and moreover, why should I install more beta or RC packages when it can be solved using a couple of script files? Let's get our hands dirty!

Prerequisites

These scripts use jq to get porkbun's record_id of the challenge record.

apt install jq -y

Configure porkbun's API

  1. Log into your porkbun account.
  2. From the top-right "ACCOUNT" menu, select "API Access".
  3. At the bottom of the page, just the footer section, there is a text box that reads "API Key Title". Write something meaningful, like "CertbotDnsToken", in the box.
  4. On success you'll see a green box with two significant pieces of information. Take a note of your token's "API KEY" and "Secret Key".
  5. From the "ACCOUNT" menu on the top right, navigate to "Domain Management".
  6. Find your domain and open its "Details" pane.
  7. Enable "API ACCESS" (Green is enabled. Red is disabled.)

Configure Certbot

  1. Create a folder like /usr/local/etc/certbot
  2. Copy porkbun_cleanup.sh and porkbun_auth.sh into that folder. They should already be executable, if they are not run chmod a+x /usr/local/etc/certbot/porkbun_*.
  3. Make a copy of .env.example and set up your API_KEY and SECRET_API_KEY to the values you received when you created a porkbun API token in the previous section.

Note: if you encounter errors of the type Incorrect TXT record "<random token>" at _acme-challenge.example.com try increasing AUTH_SLEEP in .env.

Get your certificates

That's all! You should be able to fetch a new wildcard certificate for you domain as easy as running the following command. Remeber to replace your email and domain names before running it.

certbot certonly \
    --manual \
    --preferred-challenges dns \
    --manual-auth-hook /usr/local/etc/certbot/porkbun_auth.sh \
    --manual-cleanup-hook /usr/local/etc/certbot/porkbun_cleanup.sh \
    --agree-tos \
    -m youremail@yourdomain.tld \
    -d example.com \
    -d *.example.com

Since you've provided those hooks, certbot will auto-renew your certificates for you.

Viel Spaß!

Referrences:

  1. https://eff-certbot.readthedocs.io/en/stable/using.html#hooks
  2. https://porkbun.com/api/json/v3/documentation

About

Certbot authenticator and cleanup scripts for Porkbun DNS challenge

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%