certbot-dns-stackit

Release 0.1.0

STACKIT DNS Authenticator plugin for Certbot

Homepage PyPI Python

Keywords
automation, certbot-plugin, cloud-services, devops, dns-01-challenge, lets-encrypt, python, security, ssl-certificates, stackit
License
Apache-2.0
Install
pip install certbot-dns-stackit==0.1.0

Documentation

Certbot DNS-STACKIT Authenticator Plugin

License GitHub Release Python Version Downloads Code Size Contributors

The Certbot DNS-STACKIT Authenticator Plugin facilitates the procurement of SSL/TLS certificates from Let's Encrypt utilizing the DNS-01 challenge methodology in conjunction with STACKIT as the designated DNS service provider. This document elucidates the procedural steps for the installation and operational utilization of this plugin.

Installation

To initialize the Certbot DNS-STACKIT Authenticator Plugin, deploy the following pip command:

pip install certbot-dns-stackit

Usage

Upon successful integration of the plugin, it becomes viable to employ it with Certbot for the retrieval of SSL/TLS certificates. The subsequent section delineates the pertinent arguments and their respective examples:

Arguments

Argument Example Value Description
--authenticator dns-stackit Engages the STACKIT authenticator mechanism. This must be configured as dns-stackit. (Mandatory)
--dns-stackit-project-id '8a4c68b1-586a-4534-aa0c-9f8c12334a76' Sets the STACKIT project id if the service account authentication is used. (Recommended)
--dns-stackit-service-account ./service-account.pem Denotes the directory path to the STACKIT service account file. (Recommended)
--dns-stackit-credentials ./credentials.ini Denotes the directory path to the credentials file for STACKIT DNS. This document must encapsulate the dns_stackit_auth_token and dns_stackit_project_id variables.
--dns-stackit-propagation-seconds 900 Configures the delay prior to initiating the DNS record query. A 900-second interval (equivalent to 15 minutes) is recommended. (Default: 900)
Either the --dns-stackit-credentials flag or the --dns-stackit-service-account and --dns-stackit-project-id flags are mandatory.

Example

Below is a structured example detailing the application of Certbot in conjunction with the DNS-STACKIT Authenticator Plugin to retrieve a certificate:

certbot certonly \
  --authenticator dns-stackit \
  --dns-stackit-credentials ./credentials.ini \
  --dns-stackit-propagation-seconds 900 \
  --server https://acme-v02.api.letsencrypt.org/directory \
  --agree-tos \
  --rsa-key-size 4096 \
  -d 'example.runs.onstackit.cloud' \
  -d '*.example.runs.onstackit.cloud'

For this example, example.runs.onstackit.cloud represents the designated domain (zone) for certificate procurement.

Example of credentials.ini

To operationalize the plugin, it's imperative to curate a credentials.ini file encompassing your STACKIT DNS credentials:

dns_stackit_auth_token = "your_token_here"
dns_stackit_project_id = "your_project_id_here"

It's crucial to replace "your_token_here" and "your_project_id_here" placeholders with the genuine STACKIT authentication token and project ID. The token's associated service account necessitates project membership privileges for record set creation.

Authentication via STACKIT service account

The service account allows the user to use a long lived authentication which generates short lived tokens. To setup a service account refer to the service account documentation. It's important to also set the --dns-stackit-project-id flag to the corresponding STACKIT project when using a service account.

Test Procedures

  • Unit Testing:

    make test

  • Linting:

    make lint

Contribute

See CONTRIBUTING.md

Stats

Dependencies
16
Dependent packages
0
Dependent repositories
0
Total releases
3
Latest release
First release
Stars
0
Forks
0
Watchers
4
Contributors
5
Repository size
60.5 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.2
0.1.1
0.1.0

Contributors

Patrick Koss renovate[bot] Florian Sandel Simon Stier Marius Galm


See all contributors

Login to resync this project