Skip to content

Latest commit

 

History

History
101 lines (84 loc) · 4.1 KB

README.md

File metadata and controls

101 lines (84 loc) · 4.1 KB

certbot-transip-dns-01-validator

Certbot DNS-01 validation for wildcard certificates (ACME-v2)

I created this script to request wildcard SSL certificates from Let's Encrypt. You are required to do a DNS-01 challenge for which you need to create a DNS (TXT) record. TransIP has an API which allows you to automate this. When you need to renew your certificate you also need to perform the DNS-01 challenge again. This should happen automatically.

Requirements

Version 2 has the following requirements. If you use older PHP versions you have to use the latest 1.x release. Upgrading? See the upgrade guide.

  • PHP 7.1 with XML and SOAP extensions enabled
  • Certbot >= v0.22
  • The composer package manager

Installation

  • Run composer install --no-dev
  • Acquire an API key for TransIP in your account on their website

Configuration

There are two methods to set the login and private key. Via a config file and ENV variables.

File

  • Copy config/transip.php.example to config/transip.php
  • Edit config/transip.php and set your login and private key.
  • Make sure you set the access to this file to only allow your user to read the contents of this file (on linux chmod og-rwx config/transip.php)

ENV

Only the first two variables are required.

  • TRANSIP_LOGIN
  • TRANSIP_PRIVATE_KEY
  • LOGLEVEL
  • LOGFILE

Request a wildcard certificate

Use this command to request the certificate. Replace "/path/to/" with the actual path on your system. It takes a couple of minutes for the nameservers to be updated. Please be patient until the validation completes.

certbot certonly --manual --preferred-challenges=dns \
--manual-auth-hook /path/to/auth-hook --manual-cleanup-hook /path/to/cleanup-hook \
-d 'domain.com' -d '*.domain.com'

If you need to do some testing add the staging flag to the certbot command:

--test-cert

To automatically renew your certificate add the Certbot renew command in a cron job so it runs at least monthly.

/usr/bin/certbot renew

Docker

There is also a docker container which you can use. You can either bind mount the config and / or logs folder or use ENV variables. The application runs in the /opt/certbot-dns-transip directory.

docker run -ti \
--mount type=bind,source="${PWD}"/letsencrypt,target="/etc/letsencrypt" \
--mount type=bind,source="${PWD}"/config,target="/opt/certbot-dns-transip/config" \
--mount type=bind,source="${PWD}"/logs,target="/opt/certbot-dns-transip/logs" \
rbongers/certbot-dns-transip \
certonly --manual --preferred-challenge=dns  \
--manual-auth-hook=/opt/certbot-dns-transip/auth-hook \
--manual-cleanup-hook=/opt/certbot-dns-transip/cleanup-hook \
-d 'domain.com' -d '*.domain.com'

And to renew certificates:

docker run -ti \
--mount type=bind,source="${PWD}"/letsencrypt,target="/etc/letsencrypt" \
--mount type=bind,source="${PWD}"/config,target="/opt/certbot-dns-transip/config" \
--mount type=bind,source="${PWD}"/logs,target="/opt/certbot-dns-transip/logs" \
rbongers/certbot-dns-transip \
renew

Supported platforms

The code is tested on a Debian based Linux distribution (Ubuntu LTS) and currently supported PHP versions (>= 7.2). It probably works fine on other systems and versions of PHP but no guarantees are made.

Upgrade guide

Version 2.0 is a complete rewrite of the code base and breaks with the original version. Follow these steps to upgrade:

  1. Checkout the latest master branch
  2. Follow the installation guide
  3. Remove the Transip folder after copying your login and private key to config/transip.php
  4. You are ready to go!

Contributors

When creating an issue please include a detailed description of what you are trying to execute and any output you receive. Feel free to fork the project and create a pull request. Make sure your code complies with the PSR-12 coding standards.