# script collection for certbot dns authentification for domains hosted by inwx.de This script collection is in alpha state and only useable on linux systems. Tested with debian 10 and ubuntu 20.04. ## requirements ### python ``` pip3 install inwx-domrobot ``` or ``` pip3 install -r requirements.txt ``` Look at the [inwx git repository](https://github.com/inwx/python-client) for more details. ### config A file `conf.cfg` with inwx settings must e exist in the repository root folder like: ``` [live] username = [USERNAME] password = [PASSWORD] shared_secret = your_shared_secret ``` ## example usage ### command line ``` certbot certonly --manual --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges=dns --manual-auth-hook [path to this repositry]/certbot-dns-auth.py --manual-cleanup-hook [path to this repositry]/certbot-dns-clean.py -d example.com -d *.example.com ``` ### with config file `wildcard-ini`: ``` email = [YOUR@EMAIL.com] cert-name = [USERNAME] rsa-key-size = 4096 server = https://acme-v02.api.letsencrypt.org/directory authenticator = manual manual-auth-hook = [path to this repositry]/certbot-dns-auth.py manual-cleanup-hook = [path to this repositry]/certbot-dns-clean.py domains = example.com, *.example.com ``` Command: ``` certbot certonly -c wildcard-ini ``` ### use as basic dynamic dns sesrvice ``` ./update-record.py -p -m update -c conf.cfg -t 300 -r AAAA device.example.com ``` ## help ``` usage: update-record.py [-h] -r type -m mode [-p] [-c path] [-t TTL] [-s section] [-v] [-d] domain [content] inwx subdomain update positional arguments: domain full domain like subdomain.example.com content ip or string to fill/update into subdomain domain entry optional arguments: -h, --help show this help message and exit -r type, --record-type type record type (A, AAAA, TXT, CNAME, TLSA) -m mode, --mode mode operation mode (create, update, delete) update:update all existing records if one exists, or create if not existing delete: delete existing record with given content, or delete all records if no content is given -p, --public-ip insert public ip. Use -r A for ip4 an -r AAAA for ipv6 -c path, --config_file path path to configuration file -t TTL, --ttl TTL TTL (time to live) of the nameserver record in seconds (default 3600) -s section, --config_section section configuration section (live, ote) default: live -v, --verbose verbose -d, --debug debug ``` ## Licences Get some code snippets from the [inwx documentation](https://www.inwx.de/de/help/apidoc/f/ch01s05.html#idm144) and from the [pyhton 2.7 inwx repository](https://github.com/inwx/python2.7-client).