dropped support for python 3.6;

added support got dns01-challange delegation by CNAME;
fixed more info method

certbot_dns_porkbun/cert/client.py

@@ -1,7 +1,10 @@
+import logging
+
 import tldextract
 import zope.interface
 from certbot import errors, interfaces
 from certbot.plugins import dns_common
+from dns import resolver
 from pkb_client.client import PKBClient
 
 DEFAULT_PROPAGATION_SECONDS = 60
@@ -36,16 +39,15 @@ def add_parser_arguments(cls, add: callable) -> None:
         add("key", help="Porkbun API key (overwrites credentials file)")
         add("secret", help="Porkbun API key secret (overwrites credentials file)")
 
-    @staticmethod
-    def more_info() -> str:
+    def more_info(self) -> str:
         """
         Get more information about this plugin.
         This method is used by certbot to show more info about this plugin.
 
         :return: string with more information about this plugin
         """
 
-        return "This plugin configures a DNS TXT record to respond to a DNS-01 challenge using the Porkbun API."
+        return "This plugin configures a DNS TXT record to respond to a DNS-01 challenge using the Porkbun DNS API."
 
     def _setup_credentials(self) -> None:
         """
@@ -81,6 +83,8 @@ def _perform(self, domain: str, validation_name: str, validation: str) -> None:
 
         tld = tldextract.TLDExtract(suffix_list_urls=None)
 
+        domain = Authenticator._resolve_canonical_name(domain)
+
         extracted_domain = tld(domain)
 
         subdomains = extracted_domain.subdomain
@@ -103,6 +107,31 @@ def _perform(self, domain: str, validation_name: str, validation: str) -> None:
         except Exception as e:
             raise errors.PluginError(e)
 
+    @staticmethod
+    def _resolve_canonical_name(domain: str) -> str:
+        """
+        Resolve canonical name (CNAME) for the provided domain with the acme txt prefix.
+
+        :param domain: the domain to resolve
+        :raise PluginError:  if something goes wrong when following CNAME
+        :return: the final resolved domain
+        """
+
+        # ipv4
+        try:
+            return resolver.resolve(f"{ACME_TXT_PREFIX}.{domain}", 'A').canonical_name.to_text().rstrip('.')
+        except resolver.NXDOMAIN as e:
+            raise errors.PluginError(e)
+        except resolver.NoAnswer as e:
+            # only logging and give a second try with ipv6
+            logging.warning(e)
+
+        # ipv6
+        try:
+            return resolver.resolve(f"{ACME_TXT_PREFIX}.{domain}", "AAAA").canonical_name.to_text().rstrip('.')
+        except (resolver.NoAnswer, resolver.NXDOMAIN) as e:
+            raise errors.PluginError(e)
+
     def _cleanup(self, domain: str, validation_name: str, validation: str) -> None:
         """
         Delete the TXT record of the provided Porkbun domain.

requirements.txt

@@ -3,3 +3,4 @@ requests>=2.20.0
 certbot>=1.7.0
 pkb_client>=1.1
 tldextract>=3.1.0
+dnspython~=2.2

setup.py

@@ -17,23 +17,24 @@
     classifiers=[
         "Development Status :: 4 - Beta",
         "Programming Language :: Python :: 3",
-        "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
         "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
         "License :: OSI Approved :: MIT License",
         "Topic :: Security",
         "Topic :: Internet :: WWW/HTTP",
         "Topic :: Utilities",
         "Topic :: System :: Systems Administration"
     ],
     packages=find_packages(),
-    python_requires=">=3.6",
+    python_requires=">=3.7",
     install_requires=[
         "setuptools>=39.0.1",
         "zope.interface>=5.0.0",
         "certbot>=1.7.0",
-        "pkb_client>=1.1"
+        "pkb_client>=1.1",
+        "dnspython~=2.2"
     ],
     entry_points={
         "certbot.plugins": [