Menu

certbot-dns-he

jane (janeirl) Publisher

Install latest/stable of certbot-dns-he

Ubuntu 16.04 or later?

Make sure snap support is enabled in your Desktop store.

Install using the command line

sudo snap install certbot-dns-he

Don't have snapd? Get set up for snaps.

Channel Version Published

Details for certbot-dns-he

License

  • 0BSD

Last updated

  • 1 October 2024 - latest/stable

Websites

Contact

Source code

Report a bug

Report a Snap Store violation

Share this snap

Generate an embeddable card to be shared on external websites.

Hurricane Electric DNS authenticator plugin for Certbot

implemented based on Hurricane Electric DNS's Dynamic DNS (https://dns.he.net/docs) support.

## installation

you can install the plugin with:

  • snap set certbot trust-plugin-with-root=ok
  • snap install certbot-dns-he
  • snap connect certbot:plugin certbot-dns-he

you should see dns-he in the output if the plugin has been installed successfully:

  • certbot plugins | grep dns-he

## usage

### quick start

  1. navigate to your zone on Hurricane Electric DNS (https://dns.he.net).
  2. create a new TXT record:
    • set "Name" to _acme-challenge.<your-domain>, where <your-domain> is the domain name for which you're trying to get a certificate. e.g., create _acme-challenge.example.com if you are trying to get a certificate for example.com or *.example.com.
    • check "Enable entry for dynamic dns".
    • leave other fields as-is and click "Submit".
  3. click on the "Generate a DDNS key" icon for the TXT record under the "DDNS" column.
  4. set a key for this dynamic DNS entry. store this key somewhere safe.
  5. create a file he-credentials.ini on your web server with the following content:
    • dns_he_keys={"_acme-challenge.<your-domain>": "<ddns-key>"}
    where <ddns-key> is the dynamic DNS key you created for this name earlier.
  6. execute the certbot command with necessary arguments, e.g., certbot certonly --authenticator dns-he --dns-he-credentials he-credentials.ini -d example.com

IMPORTANT: Hurricane Electric only allows one dynamic DNS entry per name. as a result, you are unable to generate a single certificate for both a root domain and a wildcard domain (e.g. for both example.com and *.example.com), since that requires setting two different TXT records with the same name (e.g. _acme-challenge.example.com) at the same time.

### CLI options

the following options are added to certbot's command line interface:

  • --authenticator dns-he: (required) use Hurricane Electric DNS authenticator.
  • --dns-he-credentials <file>: (required) specify path to a credential file
  • --dns-he-propagation-seconds <seconds>: (optional) specify how long to wait before the TXT record is verified. defaults to 10.

### credential file

the credential file expects the following key-value pair:

  • dns_he_keys: a JSON object with fully quantified domain names as keys and the corresponding dynamic DNS keys as values

Install certbot-dns-he on your Linux distribution

Choose your Linux distribution to get detailed installation instructions. If yours is not shown, get more details on the installing snapd documentation.

Arch Linux

CentOS

Debian

elementary OS

Fedora

KDE Neon

Kubuntu

Manjaro

Pop!_OS

openSUSE

Red Hat Enterprise Linux

Ubuntu

Raspberry Pi

Where people are using certbot-dns-he

Users by distribution (log)

Ubuntu 24.04
Ubuntu 22.04