Fabio/certbot-dns-ionos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc and clean clean up

Browse source
This commit is contained in:
Helge 2020-12-23 14:31:31 +01:00
parent 6d5396cc58
commit b2c2b29b52
2 changed files with 33 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
README.rst
View file

@ -33,19 +33,17 @@ Named Arguments
To start using DNS authentication for ionos, pass the following arguments on To start using DNS authentication for ionos, pass the following arguments on
certbot's command line: certbot's command line:
============================================================= ============================================== ======================================== ==============================================
``--authenticator certbot-dns-ionos:dns-ionos`` select the authenticator plugin (Required) ``--authenticator dns-ionos`` select the authenticator plugin (Required)
``--certbot-dns-ionos:dns-ionos-credentials`` ionos Remote User credentials ``--dns-ionos-credentials`` ionos Remote User credentials
INI file. (Required) INI file. (Required)
``--certbot-dns-ionos:dns-ionos-propagation-seconds`` | waiting time for DNS to propagate before asking ``--dns-ionos-propagation-seconds`` | waiting time for DNS to propagate before asking
| the ACME server to verify the DNS record. | the ACME server to verify the DNS record.
| (Default: 10, Recommended: >= 600) | (Default: 10, Recommended: >= 600)
============================================================= ============================================== ======================================== ==============================================
(Note that the verbose and seemingly redundant ``certbot-dns-ionos:`` prefix
is currently imposed by certbot for external plugins.)
Credentials Credentials
@ -60,7 +58,7 @@ An example ``credentials.ini`` file:
dns_ionos_endpoint = https://api.hosting.ionos.com dns_ionos_endpoint = https://api.hosting.ionos.com
The path to this file can be provided interactively or using the The path to this file can be provided interactively or using the
``--certbot-dns-ionos:dns-ionos-credentials`` command-line argument. Certbot ``--dns-ionos-credentials`` command-line argument. Certbot
records the path to this file for use during renewal, but does not store the records the path to this file for use during renewal, but does not store the
file's contents. file's contents.
@ -88,9 +86,9 @@ To acquire a single certificate for both ``example.com`` and
.. code-block:: bash .. code-block:: bash
certbot certonly \ certbot certonly \
--authenticator certbot-dns-ionos:dns-ionos \ --authenticator dns-ionos \
--certbot-dns-ionos:dns-ionos-credentials /etc/letsencrypt/.secrets/domain.tld.ini \ --dns-ionos-credentials /etc/letsencrypt/.secrets/domain.tld.ini \
--certbot-dns-ionos:dns-ionos-propagation-seconds 900 \ --dns-ionos-propagation-seconds 900 \
--server https://acme-v02.api.letsencrypt.org/directory \ --server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \ --agree-tos \
--rsa-key-size 4096 \ --rsa-key-size 4096 \
@ -120,9 +118,9 @@ Once that's finished, the application can be run as follows::
-v /etc/letsencrypt:/etc/letsencrypt \ -v /etc/letsencrypt:/etc/letsencrypt \
--cap-drop=all \ --cap-drop=all \
certbot/dns-ionos certonly \ certbot/dns-ionos certonly \
--authenticator certbot-dns-ionos:dns-ionos \ --authenticator dns-ionos \
--certbot-dns-ionos:dns-ionos-propagation-seconds 900 \ --dns-ionos-propagation-seconds 900 \
--certbot-dns-ionos:dns-ionos-credentials \ --dns-ionos-credentials \
/etc/letsencrypt/.secrets/domain.tld.ini \ /etc/letsencrypt/.secrets/domain.tld.ini \
--no-self-upgrade \ --no-self-upgrade \
--keep-until-expiring --non-interactive --expand \ --keep-until-expiring --non-interactive --expand \

37
certbot_dns_ionos/dns_ionos.py
View file

@ -88,7 +88,7 @@ class _ionosClient(object):
:param str domain: The domain for which to find the managed zone. :param str domain: The domain for which to find the managed zone.
:returns: The ID of the managed zone, if found. :returns: The ID of the managed zone, if found.
:rtype: str :rtype: str zone id, str zone name
""" """
logger.debug("get zones") logger.debug("get zones")
zones = self._api_request(type='get', action="/dns/v1/zones") zones = self._api_request(type='get', action="/dns/v1/zones")
@ -151,15 +151,15 @@ class _ionosClient(object):
if zone_id is None: if zone_id is None:
raise errors.PluginError("Domain not known") raise errors.PluginError("Domain not known")
logger.debug("domain found: %s with id: %s", zone_name, zone_id) logger.debug("domain found: %s with id: %s", zone_name, zone_id)
record = self.get_existing_txt(zone_id, record_name) content, id = self.get_existing_txt(zone_id, record_name)
if record is not None: if content is not None:
if record["content"] == record_content: if content == record_content:
logger.info("already there, id {0}".format(record["id"])) logger.info("already there, id {0}".format(id))
return return
else: else:
logger.info("update txt record") logger.info("update txt record")
self._update_txt_record( self._update_txt_record(
zone_id, record["id"], record_content, record_ttl zone_id, id, record_content, record_ttl
) )
else: else:
logger.info("insert new txt record") logger.info("insert new txt record")
@ -179,16 +179,11 @@ class _ionosClient(object):
if zone_id is None: if zone_id is None:
raise errors.PluginError("Domain not known") raise errors.PluginError("Domain not known")
logger.debug("domain found: %s with id: %s", zone_name, zone_id) logger.debug("domain found: %s with id: %s", zone_name, zone_id)
record = self.get_existing_txt(zone_id, record_name) content, id = self.get_existing_txt(zone_id, record_name)
if record is not None: if content is not None:
#seem record "content" is double quoted. Remove quotes
content = record["content"]
# or, if they only occur at start...
content = content.lstrip('\"')
content = content.rstrip('\"')
if content == record_content: if content == record_content:
logger.debug("delete TXT record: %s", record["id"]) logger.debug("delete TXT record: %s", id)
self._delete_txt_record(zone_id, record["id"]) self._delete_txt_record(zone_id, id)
def _update_txt_record(self, zone_id, primary_id, record_content, record_ttl): def _update_txt_record(self, zone_id, primary_id, record_content, record_ttl):
data = {} data = {}
@ -226,8 +221,8 @@ class _ionosClient(object):
:param str zone_id: The ID of the managed zone. :param str zone_id: The ID of the managed zone.
:param str record_name: The record name (typically beginning with '_acme-challenge.'). :param str record_name: The record name (typically beginning with '_acme-challenge.').
:returns: TXT record value or None :returns: TXT record value or None, record id or None
:rtype: `string` or `None` :rtype: `string` or `None`, `string` or `None`
""" """
zone_data = self._api_request(type='get', action='/dns/v1/zones/{0}'.format(zone_id)) zone_data = self._api_request(type='get', action='/dns/v1/zones/{0}'.format(zone_id))
@ -236,5 +231,9 @@ class _ionosClient(object):
entry["name"] == record_name entry["name"] == record_name
and entry["type"] == "TXT" and entry["type"] == "TXT"
): ):
return entry #seems "content" is double quoted. Remove quotes
return None content = entry["content"]
content = content.lstrip('\"')
content = content.rstrip('\"')
return content, entry["id"]
return None, None