「CERTBOT」- 通过 DNSPod DNS Plugin 完成 DNS 质询

DNSPOD和CertBot结合使用来自动生成通配符的SSl证书

with certbot-dns-dnspod | by tengattack

https://snapcraft.io/certbot-dns-dnspod 

snap install certbot --classic
snap install certbot-dns-dnspod

snap set certbot trust-plugin-with-root=ok
snap connect certbot:plugin certbot-dns-dnspod

# 登录 DNSPod 控制台,在 密钥管理 中创建密钥,复制自动生成的 ID 和 Token 并保存。
# https://console.dnspod.cn/account/token
mkdir -pv /etc/letsencrypt/
cat > /etc/letsencrypt/dnspod-credentials.ini <<EOF
dns_dnspod_api_id = 12345
dns_dnspod_api_token = 1234567890abcdef1234567890abcdef
EOF

chmod 600 /etc/letsencrypt/dnspod-credentials.ini

certbot run \
    --authenticator dns-dnspod \
    --dns-dnspod-credentials /etc/letsencrypt/dnspod-credentials.ini

certbot certonly -a dns-dnspod \
    --dns-dnspod-credentials /etc/letsencrypt/dnspod-credentials.ini \
    -d "*.devops.example.com"

插件文档:https://github.com/tengattack/certbot-dns-dnspod

# 12/09/2024 注意,在 snap 中,如果 certbot 为 3.0.0 版本以上,则无法使用 certbot-dns-dnspod(0.24.2,10,latest/stable ericzhang456,当前最新版本),需要针对 snap certbot 进行降级处理; 

snap download certbot --revision 3834 # certbot 2.11.0
snap ack certbot_3834.assert
snap install certbot_3834.snap --classic

snap set certbot trust-plugin-with-root=ok
snap connect certbot:plugin certbot-dns-dnspod

snap refresh --hold=forever certbot # 保持该版本

with certbot-dns-dnspod-109 | by 10935336

插件通过使用 Dnspod API(腾讯云 API 3.0)创建并随后删除 TXT 记录,自动完成dns-01 质询。

仓库:https://github.com/10935336/certbot-dns-dnspod-109

该版本通过 Certbot 3.0.1 版本,05/08/2025,bdda671·5 months ago 

snap install certbot --classic # 4.0.0
snap refresh --hold=forever certbot

snap install certbot-dns-dnspod-10935336
snap set certbot trust-plugin-with-root=ok
snap connect certbot:plugin certbot-dns-dnspod-10935336

snap refresh --hold=forever certbot-dns-dnspod-10935336

mkdir -pv /etc/letsencrypt/
cat > /etc/letsencrypt/dnspod-credentials.ini <<EOF
dns_dnspod_109_secret_id=xxxxxxxxxxx
dns_dnspod_109_secret_key=xxxxxxxxxxx
EOF

certbot certonly \
  --authenticator dns-dnspod-109 \
  --dns-dnspod-109-credentials /etc/letsencrypt/dnspod-credentials.ini \
  -d example.com

certbot run \
    --authenticator dns-dnspod-109 \
    --dns-dnspod-109-credentials /etc/letsencrypt/dnspod-credentials.ini

# 05/08/2025 测试失败,我们使用 ci.foo.example.com 无法获取证书,主要原因在与 DNS 质询失败。其调用腾讯云接口的 Domain 参数存在问题。

Filed under: K4NZDROID - @ 12:02 AM