certbot-dns-he

Install latest/stable of certbot-dns-he

Ubuntu 16.04 or later?

Make sure snap support is enabled in your Desktop store.


Install using the command line

sudo snap install certbot-dns-he

Don't have snapd? Get set up for snaps.

Channel Version Published

Hurricane Electric DNS authenticator plugin for Certbot

implemented based on Hurricane Electric DNS's Dynamic DNS (https://dns.he.net/docs) support.

## installation

you can install the plugin with:

  • snap set certbot trust-plugin-with-root=ok
  • snap install certbot-dns-he
  • snap connect certbot:plugin certbot-dns-he

you should see dns-he in the output if the plugin has been installed successfully:

  • certbot plugins | grep dns-he

## usage

### quick start

  1. navigate to your zone on Hurricane Electric DNS (https://dns.he.net).
  2. create a new TXT record:
    • set "Name" to _acme-challenge.<your-domain>, where <your-domain> is the domain name for which you're trying to get a certificate. e.g., create _acme-challenge.example.com if you are trying to get a certificate for example.com or *.example.com.
    • check "Enable entry for dynamic dns".
    • leave other fields as-is and click "Submit".
  3. click on the "Generate a DDNS key" icon for the TXT record under the "DDNS" column.
  4. set a key for this dynamic DNS entry. store this key somewhere safe.
  5. create a file he-credentials.ini on your web server with the following content:
    • dns_he_keys={"_acme-challenge.<your-domain>": "<ddns-key>"}
    where <ddns-key> is the dynamic DNS key you created for this name earlier.
  6. execute the certbot command with necessary arguments, e.g., certbot certonly --authenticator dns-he --dns-he-credentials he-credentials.ini -d example.com

IMPORTANT: Hurricane Electric only allows one dynamic DNS entry per name. as a result, you are unable to generate a single certificate for both a root domain and a wildcard domain (e.g. for both example.com and *.example.com), since that requires setting two different TXT records with the same name (e.g. _acme-challenge.example.com) at the same time.

### CLI options

the following options are added to certbot's command line interface:

  • --authenticator dns-he: (required) use Hurricane Electric DNS authenticator.
  • --dns-he-credentials <file>: (required) specify path to a credential file
  • --dns-he-propagation-seconds <seconds>: (optional) specify how long to wait before the TXT record is verified. defaults to 10.

### credential file

the credential file expects the following key-value pair:

  • dns_he_keys: a JSON object with fully quantified domain names as keys and the corresponding dynamic DNS keys as values

Details for certbot-dns-he

License
  • 0BSD

Last updated
  • 1 October 2024 - latest/stable

Websites

Contact

Source code

Report a bug

Report a Snap Store violation

Share this snap

Generate an embeddable card to be shared on external websites.


Install certbot-dns-he on your Linux distribution

Choose your Linux distribution to get detailed installation instructions. If yours is not shown, get more details on the installing snapd documentation.


Where people are using certbot-dns-he

Users by distribution (log)

Ubuntu 24.04
Ubuntu 22.04