Welcome to certbot-dns-transip’s documentation!¶

Contents:

certbot-dns-transip¶

Certbot plugin to authenticate using dns TXT records via Transip API

Documentation: https://readthedocs.org/projects/certbot-dns-transip/

You can also run this directly from Docker, and get the certificates and keys written to disk for further processing.

For example the following command can be used. This assumes the transip.ini file and the keyfile are present in /tmp/letsencrypt.

docker run -ti -v `/tmp/letsencrypt`:/etc/letsencrypt \
    -w /etc/letsencrypt \
    hsmade/certbot-transip \
    certonly -n \
    -d 'your.domain.com' \
    -a dns-transip \
    --dns-transip-credentials /etc/letsencrypt/transip.ini \
    --dns-transip-propagation-seconds 240 \
    -m your@domain.com \
    --agree-tos \
    --eff-email

The contents of transip.ini are as follows.

dns_transip_key_file = transip.key
dns_transip_username = my_user

Finally, the key file is an RSA private key

Installation¶

At the command line:

$ pip install certbot-dns-transip

Or, if you have virtualenvwrapper installed:

$ mkvirtualenv certbot-dns-transip
$ pip install certbot-dns-transip

Usage¶

To use certbot-dns-transip in a project:

# Get an API key from TransIP

# Convert the key to an RSA key
$ openssl rsa -in /etc/letsencrypt/transip.key -out /etc/letsencrypt/transip-rsa.key

# make sure the rights are set correctly
$ chmod 600 /etc/letsencrypt/transip-rsa.key

$ cat /etc/letsencrypt/transip-rsa.key
-----BEGIN RSA PRIVATE KEY-----
MIIE........
-----END RSA PRIVATE KEY-----

# Create a transip.ini file
$ cat //etc/letsencrypttransip.ini
dns_transip_username = my_username
dns_transip_key_file = /etc/letsencrypt/transip-rsa.key

# Execute certbot
$ docker run -ti -v `/etc/letsencrypt`:/etc/letsencrypt \
         hsmade/certbot-transip \
         certonly -n \
         -d 'your.domain.com' \
         -a dns-transip \
         --dns-transip-credentials /etc/letsencrypt/transip.ini \
         --dns-transip-propagation-seconds 240 \
         -m your@domain.com \
         --agree-tos \
         --eff-email

# make sure to use the propagation wait time of at least 240 seconds, as Transip doesn't refresh the zones that often.

IP Whitelistsing¶

By default the access token generated to do the api requests will only allow requests from whitelisted ip addresses. If the key you use doesn’t require whitelisting you can disable this by adding dns_transip_global_key = yes to the ini file.

Contributing¶

Contributions are welcome, and they are greatly appreciated! Every little bit helps, and credit will always be given.

Submit Feedback¶

If you are proposing a feature:

Explain in detail how it would work.
Keep the scope as narrow as possible, to make it easier to implement.

Get Started!¶

Ready to contribute? Here’s how to set up certbot-dns-transip for local development.

Clone your fork locally:

$ git clone https://github.com/hsmade/certbot-dns-transip

Install your local copy into a virtualenv. Assuming you have virtualenvwrapper installed, this is how you set up your clone for local development:
```
$ mkvirtualenv certbot-dns-transip
$ cd certbot-dns-transip/
$ python setup.py develop
```
Create a branch for local development:
```
$ git checkout -b name-of-your-bugfix-or-feature
```
Now you can make your changes locally.

Commit your changes and push your branch to the server:

$ git add .
$ git commit -m "Your detailed description of your changes."
$ git push origin name-of-your-bugfix-or-feature

Submit a merge request

certbot_dns_transip¶

certbot_dns_transip package¶

Submodules¶

certbot_dns_transip.dns_transip module¶

certbot DNS plugin for Transip.

class certbot_dns_transip.dns_transip.Authenticator(*args, **kwargs)[source]¶

Bases: certbot.plugins.dns_common.DNSAuthenticator

DNS Authenticator for Transip.

This Authenticator uses the Transip API to fulfill a dns-01 challenge.

classmethod add_parser_arguments(add, **_)[source]¶

Add plugin arguments to the CLI argument parser.

Parameters:	add (callable) – Function that proxies calls to argparse.ArgumentParser.add_argument prepending options with unique plugin name prefix.

description = 'Obtain certs using a DNS TXT record (if you are using Transip for DNS).'¶

more_info()[source]¶: Returns info about this plugin.

Module contents¶

certbot_dns_transip package.

Imports all parts from certbot_dns_transip here

Credits¶

Development Lead¶

Wim Fournier <wim@fournier.nl>

Contributors¶

None yet. Why not be the first?

History¶

0.4.3 (13-10-2021)¶

add dns_transip_global_key as option in ini file

0.4.1 (07-10-2021)¶

refactored code to use new v6 API
changed workflow to github actions
updated docker base image to python:3.9

0.3.0 (24-03-2020)¶

updated CI and docker to python 3.6
changed dockerfile from using CMD to ENTRYPOINT

0.2.6 (21-03-2020)¶

updated transip lib

0.1.4 (18-01-2019)¶

Added docker image + instructions

0.1.2 (12-11-2018)¶

Updated the API for transip to current version

0.1 (14-07-2017)¶

First release on https://pypi.python.org/pypi/certbot-dns-transip