implemented based on Hurricane Electric DNS's Dynamic DNS (https://dns.he.net/docs) support.
## installation
you can install the plugin with:
snap set certbot trust-plugin-with-root=oksnap install certbot-dns-hesnap connect certbot:plugin certbot-dns-heyou should see dns-he in the output if the plugin has been installed
successfully:
certbot plugins | grep dns-he## usage
### quick start
_acme-challenge.<your-domain>, where
<your-domain> is the domain name for which you're trying to get a
certificate. e.g., create _acme-challenge.example.com if you are trying
to get a certificate for example.com or *.example.com.he-credentials.ini on your web server with the following
content:dns_he_keys={"_acme-challenge.<your-domain>": "<ddns-key>"}<ddns-key> is the dynamic DNS key you created for this name earlier.certbot command with necessary arguments, e.g.,
certbot certonly --authenticator dns-he --dns-he-credentials he-credentials.ini -d example.comIMPORTANT: Hurricane Electric only allows one dynamic DNS entry per name. as
a result, you are unable to generate a single certificate for both a root domain
and a wildcard domain (e.g. for both example.com and *.example.com), since
that requires setting two different TXT records with the same name (e.g.
_acme-challenge.example.com) at the same time.
### CLI options
the following options are added to certbot's command line interface:
--authenticator dns-he: (required) use Hurricane Electric DNS authenticator.--dns-he-credentials <file>: (required) specify path to a credential file--dns-he-propagation-seconds <seconds>: (optional) specify how long to wait
before the TXT record is verified. defaults to 10.### credential file
the credential file expects the following key-value pair:
dns_he_keys: a JSON object with fully quantified domain names as keys and
the corresponding dynamic DNS keys as valuesThank you for your report. Information you provided will help us investigate further.
There was an error while sending your report. Please try again later.
You are about to open
Do you wish to proceed?
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build. They update automatically and roll back gracefully.
Snaps are discoverable and installable from the Snap Store, an app store with an audience of millions.
Snap can be installed from the command line on openSUSE Leap 15.x and Tumbleweed.
You need first add the snappy repository from the terminal. Leap 15.5 users, for example, can do this with the following command:
sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.5 snappy
Swap out openSUSE_Leap_15.5 for openSUSE_Leap_15.4 or openSUSE_Tumbleweed if you’re using a different version of openSUSE.
With the repository added, import its GPG key:
sudo zypper --gpg-auto-import-keys refresh
Finally, upgrade the package cache to include the new snappy repository:
sudo zypper dup --from snappy
Snap can now be installed with the following:
sudo zypper install snapd
You then need to either reboot, logout/login or source /etc/profile to have /snap/bin added to PATH.
Additionally, enable and start both the snapd and the snapd.apparmor services with the following commands:
sudo systemctl enable --now snapd
sudo systemctl enable --now snapd.apparmor
To install certbot-dns-he, simply use the following command:
sudo snap install certbot-dns-he
Browse and find snaps from the convenience of your desktop using the snap store snap.
Interested to find out more about snaps? Want to publish your own application? Visit snapcraft.io now.
