Skip to content

Certbot hook to solve a DNS-01 challenge using the TransIP API. Wildcard certs supported & Docker image available! 🔐

License

Notifications You must be signed in to change notification settings

fransik/certbot-dns-transip

Repository files navigation

Certbot DNS TransIP 🔐

Release License CI Docker Image codecov

Looking for a way to get a Let's Encrypt (wildcard) certificate for the domain(s) that you registered with TransIP?

This script automates the process of completing a DNS-01 challenge for domains using the TransIP DNS service. The auth script is invoked by Certbot's --manual-auth-hook, which then creates the required challenge record using the TransIP API. After validation the --manual-cleanup-hook is invoked and the challenge record is removed again.

Requirements

  • A TransIP account with API access enabled
  • Docker or:
    • Certbot
    • Composer
    • PHP >= 7.3 with JSON and OpenSSL extensions enabled

Usage

This describes how to use the script via Docker. If you want to use the script on a system with Certbot & PHP installed follow these instructions.

  • Create a .env file with the following content:
TRANSIP_LOGIN=YOUR-LOGIN
TRANSIP_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----XXXXX-----END PRIVATE KEY-----"
  • Make sure your entire private key is on a single line (removing all newlines/spaces) and between double quotes
  • Run:
docker run -it --rm \
    --env-file /path/to/.env \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
    fransik/certbot-dns-transip

After validation succeeds (this can take up to 10 minutes) you can find the certificate here: /etc/letsencrypt/live.

Certificate renewal

Make sure the following command runs daily (via cron for example):

docker run --rm \
    --env-file /path/to/.env \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
    fransik/certbot-dns-transip renew

Test certificate

To request a test certificate run:

docker run -it --rm \
    --env-file /path/to/.env \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
    fransik/certbot-dns-transip certonly \
    --test-cert \
    --preferred-challenges=dns \
    --manual \
    --manual-auth-hook bin/auth \
    --manual-cleanup-hook bin/cleanup

Manual installation

  • Clone this repository
  • Run composer install --no-dev
  • Rename config.php.dist to config.php
  • Update config.php with your TransIP login name and private key
  • Run:
certbot certonly \
    --preferred-challenges=dns \
    --manual \
    --manual-auth-hook /path/to/certbot-dns-transip/bin/auth \
    --manual-cleanup-hook /path/to/certbot-dns-transip/bin/cleanup \
    -d example.com -d "*.example.com"

After validation succeeds (this can take up to 10 minutes) you can find the certificate here: /etc/letsencrypt/live.

Certificate renewal

Should be automatic on most systems that have the certbot package installed. See certbot docs.

Test certificate

To request a test certificate run:

certbot certonly \
    --test-cert \
    --preferred-challenges=dns \
    --manual \
    --manual-auth-hook /path/to/certbot-dns-transip/bin/auth \
    --manual-cleanup-hook /path/to/certbot-dns-transip/bin/cleanup \
    -d example.com -d "*.example.com"

About

Certbot hook to solve a DNS-01 challenge using the TransIP API. Wildcard certs supported & Docker image available! 🔐

Topics

Resources

License

Stars

Watchers

Forks

Packages