Add documentation about DNS plugins and Docker (#5710)

* make binding port optional * Add DNS docker docs * add basic DNS plugin docs * Add link to DNS plugin docs from Docker docs * Shrink table size
certbot · Mar 13, 2018 · 1d0e3b1 · 1d0e3b1
1 parent d310ad1
commit 1d0e3b1
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 4 deletions.
diff --git a/docs/install.rst b/docs/install.rst
@@ -115,13 +115,17 @@ these make much sense to you, you should definitely use the
 certbot-auto_ method, which enables you to use installer plugins
 that cover both of those hard topics.
 
-If you're still not convinced and have decided to use this method,
-from the server that the domain you're requesting a certficate for resolves
-to, `install Docker`_, then issue the following command:
+If you're still not convinced and have decided to use this method, from
+the server that the domain you're requesting a certficate for resolves
+to, `install Docker`_, then issue a command like the one found below. If
+you are using Certbot with the :ref:`Standalone` plugin, you will need
+to make the port it uses accessible from outside of the container by
+including something like ``-p 80:80`` or ``-p 443:443`` on the command
+line before ``certbot/certbot``.
 
 .. code-block:: shell
 
-   sudo docker run -it --rm -p 443:443 -p 80:80 --name certbot \
+   sudo docker run -it --rm --name certbot \
                -v "/etc/letsencrypt:/etc/letsencrypt" \
                -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
                certbot/certbot certonly
@@ -131,6 +135,16 @@ Running Certbot with the ``certonly`` command will obtain a certificate and plac
 within Docker, you must install the certificate manually according to the procedure
 recommended by the provider of your webserver.
 
+There are also Docker images for each of Certbot's DNS plugins available
+at https://hub.docker.com/u/certbot which automate doing domain
+validation over DNS for popular providers. To use one, just replace
+``certbot/certbot`` in the command above with the name of the image you
+want to use. For example, to use Certbot's plugin for Amazon Route 53,
+you'd use ``certbot/dns-route53``. You may also need to add flags to
+Certbot and/or mount additional directories to provide access to your
+DNS API credentials. See the :ref:`DNS plugin documentation
+<dns_plugins>`  for more info.
+
 For more information about the layout
 of the ``/etc/letsencrypt`` directory, see :ref:`where-certs`.
 

diff --git a/docs/using.rst b/docs/using.rst
@@ -54,12 +54,19 @@ standalone_ Y    N    | Uses a "standalone" webserver to obtain a certificate.
                       | Requires port 80 or 443 to be available. This is useful on    tls-sni-01_ (443)
                       | systems with no webserver, or when direct integration with
                       | the local webserver is not supported or not desired.
+|dns_plugs| Y    N    | This category of plugins automates obtaining a certificate by dns-01_ (53)
+                      | modifying DNS records to prove you have control over a
+                      | domain. Doing domain validation in this way is
+                      | the only way to obtain wildcard certificates from Let's
+                      | Encrypt.
 manual_     Y    N    | Helps you obtain a certificate by giving you instructions to  http-01_ (80),
                       | perform domain validation yourself. Additionally allows you   dns-01_ (53) or
                       | to specify scripts to automate the validation task in a       tls-sni-01_ (443)
                       | customized way.
 =========== ==== ==== =============================================================== =============================
 
+.. |dns_plugs| replace:: :ref:`DNS plugins <dns_plugins>`
+
 Under the hood, plugins use one of several ACME protocol challenges_ to
 prove you control a domain. The options are http-01_ (which uses port 80),
 tls-sni-01_ (port 443) and dns-01_ (requiring configuration of a DNS server on
@@ -141,6 +148,8 @@ the ``--nginx`` flag on the commandline.
 
    certbot --nginx
 
+.. _standalone:
+
 Standalone
 ----------
 
@@ -164,6 +173,33 @@ the Internet on the specified port using each requested domain name.
 .. note:: The ``--standalone-supported-challenges`` option has been
    deprecated since ``certbot`` version 0.9.0.
 
+.. _dns_plugins:
+
+DNS Plugins
+-----------
+
+If you'd like to obtain a wildcard certificate from Let's Encrypt or run
+``certbot`` on a machine other than your target webserver, you can use one of
+Certbot's DNS plugins.
+
+These plugins are still in the process of being packaged
+by many distributions and cannot currently be installed with ``certbot-auto``.
+If, however, you are comfortable installing the certificates yourself,
+you can run these plugins with :ref:`Docker <docker>`.
+
+Once installed, you can find documentation on how to use each plugin at:
+
+* `certbot-dns-cloudflare <https://certbot-dns-cloudflare.readthedocs.io>`_
+* `certbot-dns-cloudxns <https://certbot-dns-cloudxns.readthedocs.io>`_
+* `certbot-dns-digitalocean <https://certbot-dns-digitalocean.readthedocs.io>`_
+* `certbot-dns-dnsimple <https://certbot-dns-dnsimple.readthedocs.io>`_
+* `certbot-dns-dnsmadeeasy <https://certbot-dns-dnsmadeeasy.readthedocs.io>`_
+* `certbot-dns-google <https://certbot-dns-google.readthedocs.io>`_
+* `certbot-dns-luadns <https://certbot-dns-luadns.readthedocs.io>`_
+* `certbot-dns-nsone <https://certbot-dns-nsone.readthedocs.io>`_
+* `certbot-dns-rfc2136 <https://certbot-dns-rfc2136.readthedocs.io>`_
+* `certbot-dns-route53 <https://certbot-dns-route53.readthedocs.io>`_
+
 Manual
 ------