-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
- Loading branch information
Showing
6 changed files
with
799 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -38,3 +38,5 @@ repos: | |
rev: v1.5.1 | ||
hooks: | ||
- id: mypy | ||
additional_dependencies: | ||
- types-requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,35 @@ | ||
# Certbot DNS Authenticator for PowerDNS | ||
|
||
PowerDNS DNS Authenticator plugin for [Certbot](https://certbot.eff.org). | ||
|
||
# Usage | ||
|
||
Create a credentials file to use with this plugin: | ||
|
||
`~/pdns-credentials.ini` | ||
|
||
```ini | ||
dns_pdns_endpoint = https://pdns-api.example.com | ||
dns_pdns_api_key = <Your API Key> | ||
dns_pdns_server_id = localhost # see https://doc.powerdns.com/authoritative/http-api/server.html | ||
dns_pdns_disable_notify = false # Disable notification of secondaries after record changes | ||
``` | ||
|
||
The available configuration options correspond to the [DNS-Lexicon settings for the PowerDNS provider](https://dns-lexicon.readthedocs.io/en/latest/configuration_reference.html#powerdns). | ||
|
||
Run Certbot using the plugin as the authenticator: | ||
|
||
```shell | ||
certbot certonly \ | ||
--authenticator dns-pdns \ | ||
--dns-pdns-credentials ~/pdns-credentials.ini \ | ||
... | ||
``` | ||
|
||
# License | ||
|
||
Apache License 2.0 | ||
|
||
# Maintainer | ||
|
||
- Felix Kaechele <felix@kaechele.ca> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
"""DNS Authenticator for PowerDNS.""" | ||
import logging | ||
from collections.abc import Callable | ||
from typing import Any | ||
|
||
from certbot import errors | ||
from certbot.plugins import dns_common_lexicon | ||
from requests import HTTPError | ||
|
||
logger = logging.getLogger(__name__) | ||
|
||
|
||
class Authenticator(dns_common_lexicon.LexiconDNSAuthenticator): | ||
"""DNS Authenticator for PowerDNS | ||
This Authenticator uses the PowerDNS API to fulfill a dns-01 challenge. | ||
""" | ||
|
||
description = ( | ||
"Obtain certificates using a DNS TXT record (if you are using PowerDNS for" | ||
" DNS)." | ||
) | ||
|
||
def __init__(self, *args: Any, **kwargs: Any) -> None: | ||
super().__init__(*args, **kwargs) | ||
self._add_provider_option("endpoint", "PowerDNS API endpoint", "pdns_server") | ||
self._add_provider_option( | ||
"api-key", | ||
"API Key used for authentication with the PowerDNS API", | ||
"auth_token", | ||
) | ||
self._add_provider_option("server-id", "PowerDNS Server ID", "pdns_server_id") | ||
self._add_provider_option( | ||
"disable-notify", | ||
"whether to disable notification of secondaries after record changes", | ||
"pdns_disable_notify", | ||
) | ||
|
||
@classmethod | ||
def add_parser_arguments( | ||
cls, add: Callable[..., None], default_propagation_seconds: int = 30 | ||
) -> None: | ||
super().add_parser_arguments(add, default_propagation_seconds) | ||
add("credentials", help="PowerDNS API credentials INI file.") | ||
|
||
def more_info(self) -> str: | ||
return ( | ||
"This plugin configures a DNS TXT record to respond to a dns-01 challenge" | ||
" using the PowerDNS API." | ||
) | ||
|
||
@property | ||
def _provider_name(self) -> str: | ||
return "powerdns" | ||
|
||
def _handle_http_error(self, e: HTTPError, domain_name: str) -> errors.PluginError: | ||
hint = None | ||
logger.warning("HTTPError: %s", e) | ||
|
||
hint_disp = f" ({hint})" if hint else "" | ||
|
||
return errors.PluginError( | ||
f"Error determining zone identifier for {domain_name}: {e}.{hint_disp}" | ||
) |
Empty file.
Oops, something went wrong.