Skip to content

Latest commit

 

History

History
64 lines (44 loc) · 2.63 KB

README.md

File metadata and controls

64 lines (44 loc) · 2.63 KB

Let's Encrypt Certificate Automation using Certbot and Hosttech

This repository provides an automated way to create a Let's Encrypt SSL/TLS certificate for your domain using the Certbot tool and Hosttech DNS API.

Prerequisites

To use this repository, you will need:

  • A domain name that you own
  • Access to the Hosttech DNS API and an API token with the necessary permissions to manage DNS records for your domain
  • Python 3.9 or later and poetry installed on your system

Installation

  1. Clone this repository to your local machine:

    git clone https://github.com/tiqi-group/hosttech-certbot-certificate.git

  2. Install the dependencies using Poetry:

    cd hosttech-certbot-certificate
poetry install [--without dev]

    You can specify --without dev if you do not want to install the development dependencies.

    This will install the certbot, python-dotenv, and loguru packages.

  3. Create a .env file in the root of the repository with the following contents:

    API_TOKEN=<your Hosttech DNS API token>
PROPAGATION_TIME=<(optional, defaults to 90): integer value specifying the expected propagation time of the DNS record>

    or set this environment variable in you shell. DON'T SHARE THIS TOKEN WITH ANYONE. It should not be tracked by git.

Usage

  1. To create a Let's Encrypt certificate for your domain, run the following command from within the repository folder:

    sudo .venv/bin/certbot certonly --manual --preferred-challenges=dns --manual-auth-hook ./authenticator.py -d <your_domain.ch> --no-eff-email -m <[email protected]> --agree-tos

    This command will use the Certbot tool to generate a new SSL/TLS certificate for your domain using the Hosttech DNS API to validate ownership of the domain. The --manual-auth-hook option specifies the path to the authenticator.py script in this repository, which will be used to authenticate with the Hosttech DNS API. The -d option specifies the domain name to generate the certificate for.

  2. Once the command has been executed successfully, the /etc/letsencrypt/live/<your_domain.ch> directory holds the new SSL/TLS certificate for your domain.

Renewal

The Let's Encrypt SSL/TLS certificate generated by Certbot is valid for 90 days. To renew the certificate, you can run

sudo .venv/bin/certbot renew

Resources

  1. Certbot documentation
  2. Let's Encrypt website
  3. Hosttech DNS API documentation

License

This project is licensed under the MIT License.