Loopia DNS Authenticator for Certbot
This allows automatic completion of Certbot's DNS01 challenge for domains managed on Loopia DNS.
Installing
$ sudo pip install certbot-dns-loopiaNote that you should normally install this as root, unless you know
what you are doing.
Preconditions
Loopia API user
The plugin requires the following permissions enabled for your Loopia API user:
addZoneRecordgetZoneRecordsremoveSubdomainremoveZoneRecord
Credentials file
An INI file with user and password for your Loopia API user needs to be created. user
normally has the format user@loopiaapi.
The credentials file must have the following format:
dns_loopia_user = user@loopiaapi
dns_loopia_password = passwordgoeshereFor safety reasons the file must not be world readable. You can solve this by running:
$ chmod 600 credentials.iniUsage
Parameters
When using certbot with certbot-dns-loopia, aside from the usual parameters accepted by certbot, the following
parameters may be used:
| Parameter | Required? | Default | Description |
|---|---|---|---|
--dns-loopia-credentials <path> |
:heavy_check_mark:️ | - | The path of the INI file containing your Loopia API user credentials |
--dns-loopia-propagation-seconds <seconds> |
900 | Determines how many seconds to wait before contacting the ACME server after adding the zone record to Loopia DNS |
Examples
To obtain a certificate for domain.com, run certbot using:
$ sudo certbot certonly \
--authenticator dns-loopia \
--dns-loopia-credentials credentials.ini \
-d domain.comTo obtain a wildcard certificate for all subdomains of domain.com:
$ sudo certbot certonly \
--authenticator dns-loopia \
--dns-loopia-credentials credentials.ini \
-d *.domain.comTo obtain a certificate valid for multiple domains using SAN,
in this example for foo.com and bar.com:
$ sudo certbot certonly \
--authenticator dns-loopia \
--dns-loopia-credentials credentials.ini \
-d foo.com \
-d bar.comKnown issues
-
Due to caching on Loopia's side it can take up to 15 minutes before changes propagate. Therefore, the plugin will wait 15 minutes before contacting the ACME server.
It has been known to work with as little as 90 seconds and sometimes less. If you want to try something other than 15 minutes, use
--dns-loopia-propagation-seconds 90for 90 seconds or however many seconds you want.
Contributing
How to set up a dev environment, test and publish new versions of the project is described on the DEVELOP page.
Disclaimer
This plugin is neither affiliated with nor endorsed by Loopia AB.