This plugin uses certbot's dns-01 challenge to create and delete TXT records on a Wedos domain server, thanks to the API interface called WAPI provided by Wedos. With this plugin you can make wildcard ssl.
For the functionality of this plugin, you will need to install these programs/softwares.
| Name | Install | Version |
|---|---|---|
| python | Link | >= 3.8.0 |
| pip | Link | >= 19.2.3 |
| certbot | Link | >= 2.8.0 |
Note that in theory, even an older version should work, but it has not been tested.
You will also need to have WAPI activated for communication between Wedos and the plugin. To activate WAPI, you can read the article from Wedos, available at this link WAPI activation and settings.
CAUTION: Please note that the IP address of the server where Certbot with the plugin will be located must be allowed on WAPI, otherwise it will not work.
snap install certbot-dns-wedos
sudo pip install certbot-dns-wedos
git clone https://github.com/clazzor/certbot-dns-wedos.git
sudo pip install ./certbot-dns-wedos
After installation, the created folders may be deleted.
rm -r certbot-dns-wedos
| Name | Required | Description |
|---|---|---|
| --dns-wedos-propagation-seconds | ❌ | Seconds to wait for DNS propagation before verifying DNS record with ACME server. |
| --dns-wedos-credentials | ✅ | The complete path to the INI file for credentials containing data for authorization. |
The default value of
propagation-secondsis 420, if there is a problem with validation, increase the number. The lower limit is 300.
The basic structure of the command is the same as with all other cerbot plugins, we define which plugin to use, propagation-seconds, credentials file and domains, like this:
certbot certonly \
--authenticator dns-wedos \
--dns-wedos-propagation-seconds 420 \
--dns-wedos-credentials /path/to/the/file.ini \
-d example.com -d *.example.com
| Name | Required | Description |
|---|---|---|
| dns_wedos_user | ✅ | The user (email) for WAPI. |
| dns_wedos_auth | ✅ | The auth (password) for WAPI. |
This is what the credentials file for wedos plugin should look like.
dns_wedos_user=user@example.com
dns_wedos_auth=examplepassword
- Values are written after an equal sign
=. For values with spaces, such ashello world, a space can be used. - For the ini file you should apply permission:
chmod 600 file.inifor security reason.
Usually services like haproxy, nginx, apache and more need to restart to retrieve a new certificate.
For this is used the deploy hook.
More information on this repository: Load a new certificate after a successful renewal
If an error occurs, Certbot will display the type of error that has occurred.
- If you get this error "Certbot failed to authenticate some domains (authenticator: dns-wedos)", increase the number in the
--dns-wedos-propagation-secondsargument. - If you encounter an HTTP error related to communication with WAPI, you will receive an HTTP error.
- If it is an error related to communication between the plugin and WAPI, you will receive a return code. Wedos has a list of error codes on their website, which you can access through this link WAPI list of return codes.
I just want to mention which modules/libraries this plugin uses for better debugging of errors in the future, in case any occur.
| Name | License |
|---|---|
| certbot | Apache 2.0 |
| datetime | PSF |
| hashlib | PSF |
| json | PSF |
| logging | PSF |
| pytz | MIT |
| re | PSF |
| requests | Apache 2.0 |
| setuptools | MIT |
| typing | PSF |
