INWX DNS authenticator plugin for certbot
- certbot (>=0.15)
For older Ubuntu distributions check out this PPA: ppa:certbot/certbot
- First install the plugin:
- Without dependencies (if using certbot from your distribution repository):
python3 setup.py develop --no-deps
- With dependencies (not recommended if using certbot from your distribution repositories):
python3 setup.py install
- With certbot-auto (needs to be reinstalled after every certbot-auto update):
/opt/eff.org/certbot/venv/bin/pip install .
Configure it with your INWX API Login Details:
Make sure the file is only readable by root! Otherwise all your domains might be in danger:
chmod 0600 /etc/letsencrypt/inwx.cfg
Request new certificates via a certbot invocation like this:
certbot certonly -a certbot-dns-inwx:dns-inwx -d sub.domain.tld -d *.wildcard.tld
Renewals will automatically be performed using the same authenticator and credentials by certbot.
Command Line Options
--certbot-dns-inwx:dns-inwx-propagation-seconds CERTBOT_DNS_INWX:DNS_INWX_PROPAGATION_SECONDS The number of seconds to wait for DNS to propagate before asking the ACME server to verify the DNS record. (default: 60) --certbot-dns-inwx:dns-inwx-credentials CERTBOT_DNS_INWX:DNS_INWX_CREDENTIALS Path to INWX account credentials INI file (default: /etc/letsencrypt/inwx.cfg)
certbot --help certbot-dns-inwx:dns-inwx for further information.
This plugin supports redirections on the DNS-01 validation records using CNAME records.
For example, you can have a domain
a.tld which is not necessarily managed by INWX and possibly may not be automated via certbot. Additionally, you have a domain
b.tld which is managed by INWX.
An easy solution to automate certificate retrieval for
a.tld is to add a CNAME record for the name
a.tld which is pointing to i.e.
_a_validation.b.tld in your providers web interface.
A command like
certbot -a certbot-dns-inwx:dns-inwx -d a.tld will then make certbot place its validation token at
_a_validation.b.tld via INWX and your validation for
NOTE: This is an optional feature and requires dnspython to be installed. To install it use your distribution repository or i.e.
pip install dnspython.