Lib.rs

Cryptography
#letsencrypt #certificate #domains #automating #challenge #hosted #utility

app letsencrypt-inwx

A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx

Owned by ciphax.

9 stable releases

2.0.2 Oct 7, 2019
2.0.1 Apr 13, 2019
2.0.0 Mar 2, 2019
1.1.2 Feb 19, 2019
1.0.2 Jun 4, 2018

#10 in #automating

33 downloads per month

MIT license

32KB
691 lines

letsencrypt-inwx CircleCI Docker Pulls Crates.io

A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx. This allows you to obtain wildcard certificates from letsencrypt.

Installation

Ubuntu / Debian

  • Build the .deb package or download it from releases and install it with sudo dpkg -i <path_to_the_deb_file>

Other linux

  • Build the executable or download it from releases and copy it to /usr/bin/
  • Copy both certbot scripts from ./etc/ to /usr/lib/letsencrypt-inwx/

With cargo

  • Run cargo install letsencrypt-inwx

Configuration

You can store the configuration file at /etc/letsencrypt-inwx.json or at ~/.config/letsencrypt-inwx.json when used with certbot or specify it's path with the -c option. The configuration file should look like this (without the comments):

{
    "accounts": [
        {
            "username": "user",
            "password": "pass",
            // optional, if the domain is not configured all accounts will be tried
            "domains": [
                "example.com"
            ],
            // optional, if true the public inwx test server will be used
            "ote": false
        }
    ],
    // optional
    "options": {
        // optional, if true letsencrypt-inwx will not wait until the created record is publicly visible, default: false
        "no_dns_check": false,
        // optional, the amount of time in seconds to wait after creating a record, default: 5 seconds
        "wait_interval": 5,
        // optional: the dns server to use, default: the google public dns server
        "dns_server": "8.8.8.8"
    }
}

Usage

With Docker and certbot

  • Generate your certificate by running docker run --rm -it -v /etc/letsencrypt-inwx.json:/etc/letsencrypt-inwx.json -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx certonly --email <your_email> --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>
  • You can find your certificate in /etc/letsencrypt/live/<your_domain>/
  • You can renew your certificate by running docker run --rm -it -v /etc/letsencrypt-inwx.json:/etc/letsencrypt-inwx.json -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx renew

With certbot

  • You can get certificates from certbot by running sudo certbot certonly -n --agree-tos --email <your_email> --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>

Manually

  • Create a txt record with letsencrypt-inwx create -c <config_file> -d _acme-challenge.<your_domain> -v <acme_token>
  • Delete it with letsencrypt-inwx delete -c <config_file> -d _acme-challenge.<your_domain>

Building

Requirements

libssl-dev and pkg-config are required when building on Ubuntu / Debian see here.

.deb package

  • Install cargo-deb by running cargo install cargo-deb
  • Run cargo deb to build the package

only the executable

  • Run cargo build --release to build the letsencrypt-inwx executable

Dependencies

~26–37MB
~627K SLoC