Metadata-Version: 2.1
Name: certbot-dns-zoneedit
Version: 0.3.2
Summary: A Certbot plugin that implements LetsEncrypt DNS-01 challenge via ZoneEdit
Home-page: https://github.com/zlaski/certbot-dns-zoneedit
License: Apache-2.0
Author: Ziemowit Łąski
Author-email: zlaski@ziemas.net
Requires-Python: >=3.7,<4.0
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Plugins
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Security
Classifier: Topic :: System :: Installation/Setup
Classifier: Topic :: System :: Networking
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Utilities
Requires-Dist: acme (>=2.4.0)
Requires-Dist: certbot (>=2.4.0)
Requires-Dist: dnspython (>=2.3.0)
Requires-Dist: logging (>=0.4.9)
Requires-Dist: requests (>=2.31.0)
Project-URL: Repository, https://github.com/zlaski/certbot-dns-zoneedit
Description-Content-Type: text/markdown

certbot-dns-zoneedit
====================

[ZoneEdit](https://www.zoneedit.com/) DNS Authenticator plugin for [Certbot](https://certbot.eff.org/).

This plugin automates the process of completing a `DNS-01` challenge by creating, and subsequently removing, 
`TXT` records using the ZoneEdit API end-points.

Installation
------------

    pip install certbot-dns-zoneedit

Named Arguments
---------------

To start using DNS authentication for ZoneEdit, pass the following arguments on Certbot's command line:

Option|Description|
---|---|
`--authenticator dns-zoneedit`|Select the authenticator plugin (Required)|
`--dns-zoneedit-credentials FILE`|ZoneEdit credentials INI file. (Default is `/etc/letsencrypt/zoneedit.ini`)|
`--dns-zoneedit-propagation-seconds NUM`|How long to wait before veryfing the written `TXT` challenges. (Default is `120`)|

Credentials
-----------

Use of this plugin requires a configuration file containing your ZoneEdit user name and authentication token.  
The token can be obtained from the [ZoneEdit DynDNS settings](https://cp.zoneedit.com/manage/domains/dyn/) page.

An example `zoneedit.ini` file:

``` {.sourceCode .ini}
dns_zoneedit_user =   <login-user-id>
dns_zoneedit_token =  <dyn-authentication-token>
```

The default path to this file is set to `/etc/letsencrypt/zoneedit.ini`, but this can can be changed using the
`--dns-zoneedit-credentials` command-line argument.

**CAUTION:** You should protect these API credentials as you would the password to your ZoneEdit account 
(e.g., by using a command like `chmod 600` to restrict access to the file).

Examples
--------

To acquire a single certificate for both `example.com` and `*.example.com`, waiting 900 seconds for DNS propagation:

    certbot certonly \
      --authenticator dns-zoneedit \
      --dns-zoneedit-credentials ~/.secrets/certbot/zoneedit.ini \
      --dns-zoneedit-propagation-seconds 900 \
      --keep-until-expiring --non-interactive --expand \
      --server https://acme-v02.api.letsencrypt.org/directory \
      -d 'example.com' \
      -d '*.example.com'

Docker
------

You can build a docker image from source using the included `Dockerfile` or pull the latest version directly from Docker Hub:

    docker pull zlaski/certbot-dns-zoneedit

Once the installation is finished, the application can be run as follows:

    docker run --rm \
      -v /var/lib/letsencrypt:/var/lib/letsencrypt \
      -v /etc/letsencrypt:/etc/letsencrypt \
      --cap-drop=all \
      zlaski/certbot-dns-zoneedit certbot certonly \
        --authenticator dns-zoneedit \
        --dns-zoneedit-propagation-seconds 900 \
        --dns-zoneedit-credentials /var/lib/letsencrypt/zoneedit_credentials.ini \
        --keep-until-expiring --non-interactive --expand \
        --agree-tos --email "webmaster@example.com" \
        -d example.com -d '*.example.com'

