Hurricane Electric dynamic DNS Authenticator plugin for Certbot.
This plugin automates the process of completing a dns-01 challenge
by updating, and subsequently clearing, TXT records using the
Hurricane Electric dynamic DNS API.
This method allows limiting access to specific records.
pip install certbot-dns-he-ddns
Alternatively, you can use
git+https://github.com/mafredri/certbot-dns-he-ddns.git.
This plugin can only complete challenges for pre-existing
_acme-challenge.* DNS records that are of the TXT type and have
the dynamic DNS feature enabled. To configure multiple domains they must
share the same password.
- Add a new
TXTrecord:- Name:
_acme-challenge.example.com - Text data:
empty - TTL: 300
- Enable entry for dynamic DNS must be checked.
- Name:
- Set the dynamic DNS key for the new record by pressing 🔃, it should match the password configured for this plugin.
An example credentials.ini file:
dns_he_ddns_password = verysecurepasswordTo acquire a single certificate for both example.com and
*.example.com, waiting 60 seconds for DNS propagation:
certbot certonly \
--authenticator dns-he-ddns \
--dns-he-ddns-credentials /etc/letsencrypt/.secrets/dns-he-ddns.ini \
--dns-he-ddns-propagation-seconds 60 \
--server https://acme-v02.api.letsencrypt.org/directory \
--preferred-challenges dns \
--agree-tos \
--rsa-key-size 4096 \
-d 'example.com' \
-d '*.example.com'