Certbot DNS TransIP 🔐

Looking for a way to get a Let's Encrypt (wildcard) certificate for the domain(s) that you registered with TransIP?

This script automates the process of completing a DNS-01 challenge for domains using the TransIP DNS service. The auth script is invoked by Certbot's --manual-auth-hook, which then creates the required challenge record using the TransIP API. After validation the --manual-cleanup-hook is invoked and the challenge record is removed again.

Requirements

A TransIP account with API access enabled
Docker or:
- Certbot
- Composer
- PHP >= 7.3 with JSON and OpenSSL extensions enabled

Usage

This describes how to use the script via Docker. If you want to use the script on a system with Certbot & PHP installed follow these instructions.

Create a .env file with the following content:

TRANSIP_LOGIN=YOUR-LOGIN
TRANSIP_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----XXXXX-----END PRIVATE KEY-----"

Make sure your entire private key is on a single line (removing all newlines/spaces) and between double quotes
Run:

docker run -it --rm \
    --env-file /path/to/.env \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
    fransik/certbot-dns-transip

After validation succeeds (this can take up to 10 minutes) you can find the certificate here: /etc/letsencrypt/live.

Certificate renewal

Make sure the following command runs daily (via cron for example):

docker run --rm \
    --env-file /path/to/.env \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
    fransik/certbot-dns-transip renew

Test certificate

To request a test certificate run:

docker run -it --rm \
    --env-file /path/to/.env \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
    fransik/certbot-dns-transip certonly \
    --test-cert \
    --preferred-challenges=dns \
    --manual \
    --manual-auth-hook bin/auth \
    --manual-cleanup-hook bin/cleanup

Manual installation

Clone this repository
Run composer install --no-dev
Rename config.php.dist to config.php
Update config.php with your TransIP login name and private key
Run:

certbot certonly \
    --preferred-challenges=dns \
    --manual \
    --manual-auth-hook /path/to/certbot-dns-transip/bin/auth \
    --manual-cleanup-hook /path/to/certbot-dns-transip/bin/cleanup \
    -d example.com -d "*.example.com"

After validation succeeds (this can take up to 10 minutes) you can find the certificate here: /etc/letsencrypt/live.

Certificate renewal

Should be automatic on most systems that have the certbot package installed. See certbot docs.

Test certificate

To request a test certificate run:

certbot certonly \
    --test-cert \
    --preferred-challenges=dns \
    --manual \
    --manual-auth-hook /path/to/certbot-dns-transip/bin/auth \
    --manual-cleanup-hook /path/to/certbot-dns-transip/bin/cleanup \
    -d example.com -d "*.example.com"

Name		Name	Last commit message	Last commit date
Latest commit History 48 Commits
.build		.build
.github/workflows		.github/workflows
bin		bin
src		src
tests		tests
.dockerignore		.dockerignore
.editorconfig		.editorconfig
.gitignore		.gitignore
.php_cs		.php_cs
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
composer.json		composer.json
config.php.dist		config.php.dist
phpstan.neon		phpstan.neon
phpunit.xml		phpunit.xml

License

fransik/certbot-dns-transip

Folders and files

Latest commit

History

Repository files navigation

Certbot DNS TransIP 🔐

Requirements

Usage

Certificate renewal

Test certificate

Manual installation

Certificate renewal

Test certificate

About

Topics

Resources

License

Stars

Watchers

Forks

Languages