|
1 | | -# certbot-dns-stackit |
| 1 | +# Certbot DNS-STACKIT Authenticator Plugin |
| 2 | + |
| 3 | +The Certbot DNS-Stackit Authenticator Plugin allows you to obtain SSL/TLS certificates from Let's Encrypt using the |
| 4 | +DNS-01 challenge method with STACKIT as your DNS provider. This README provides detailed instructions on how to install |
| 5 | +and use the plugin. |
| 6 | + |
| 7 | +## Installation |
| 8 | + |
| 9 | +You can install the Certbot DNS-STACKIT Authenticator Plugin using pip: |
| 10 | + |
| 11 | +```bash |
| 12 | +pip install certbot-dns-stackit |
| 13 | +``` |
| 14 | + |
| 15 | +## Usage |
| 16 | + |
| 17 | +Once the plugin is installed, you can use it with Certbot to obtain SSL/TLS certificates. Below are the available |
| 18 | +arguments and examples of how to use them: |
| 19 | + |
| 20 | +### Arguments |
| 21 | + |
| 22 | +| Argument | Example Value | Description | |
| 23 | +|-------------------------------------|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |
| 24 | +| `--authenticator` | dns-stackit | Selects the STACKIT authenticator. It must be set to dns-stackit. (Required) | |
| 25 | +| `--dns-stackit-credentials` | ./credentials.ini | Specifies the path to the file where the credentials for STACKIT DNS are stored. This file should contain the dns_stackit_auth_token and dns_stackit_project_id. (Required) | |
| 26 | +| `--dns-stackit-propagation-seconds` | 900 | Sets the time to wait until the DNS record is queried. It is recommended to set this to 900 seconds (15 minutes) for safety. (Default: 900) | |
| 27 | + |
| 28 | +### Example |
| 29 | + |
| 30 | +Here's an example of how to use Certbot with the Certbot DNS-STACKIT Authenticator Plugin to obtain a certificate: |
| 31 | + |
| 32 | +```bash |
| 33 | +certbot certonly \ |
| 34 | + --authenticator dns-stackit \ |
| 35 | + --dns-stackit-credentials ./credentials.ini \ |
| 36 | + --dns-stackit-propagation-seconds 900 \ |
| 37 | + --server https://acme-v02.api.letsencrypt.org/directory \ |
| 38 | + --agree-tos \ |
| 39 | + --rsa-key-size 4096 \ |
| 40 | + -d 'example.runs.onstackit.cloud' \ |
| 41 | + -d '*.example.runs.onstackit.cloud' |
| 42 | +``` |
| 43 | + |
| 44 | +where example.runs.onstackit.cloud is the domain (zone) for which you want to obtain a certificate. |
| 45 | + |
| 46 | +### Example of credentials.ini |
| 47 | + |
| 48 | +To use the plugin, you need to create a credentials.ini file that contains your STACKIT DNS credentials: |
| 49 | + |
| 50 | +```ini |
| 51 | +dns_stackit_auth_token = "your_token_here" |
| 52 | +dns_stackit_project_id = "your_project_id_here" |
| 53 | +``` |
| 54 | + |
| 55 | +Make sure to replace "your_token_here" and "your_project_id_here" with your actual STACKIT authentication token and |
| 56 | +project ID. The service account that owns the token must have the project membership role in order to create record |
| 57 | +sets. |
| 58 | + |
| 59 | +## Test Procedures |
| 60 | + |
| 61 | +- Unit Testing: |
| 62 | + ```bash |
| 63 | + make test |
| 64 | + ``` |
| 65 | + |
| 66 | +- Linting: |
| 67 | + ```bash |
| 68 | + make lint |
| 69 | + ``` |
0 commit comments