Certbot Client Python MS AD DNS

Hey, fox, I am not able to find a sample code or a certbot client working with MS. AD DNS Manager to create DNS TXT record in MS AD DNS and clean it or any plugin already existing for MS AD? 1) Does anyone have any tips or link to help.
PS i initially try ldap3 with python but unsucessfully manage to create the TXT record!.

thanks

Assuming you are on linux, I think (?) you just want to update Microsoft DNS (not necessarily Active Directory). I don't know how you do that from linux.

An alternative approach is to get your certificates on windows, then deploy them to linux if that's where you need them.

1 Like

hi, yes. the plan is to use certbot as acme client with a plugin or custom code to create the TXT record with the value provided by the acme server. i want to use dns01 challenge and the DNS is DNS manager from MS ADDS. the machine requesting the cert is linux for testing. i need to add the DNS TXT record_acme-challenge.{server}. i have errors with ldap3 which allow to manage DNS in ADDS and more specifically any AD object stored in MS AD. this is why i am seeking some tips and if anyone have used a plugin working with MS DNS manager which is part of MS ADDS or see some code doing so.

You can delegate _acme-challenge records from your primary DNS system (on initial setup) to a secondary DNS system (such a vendor or an instance of acme-dns you put on the internet).

This would allow you to use a DNS system with better plugin support, but is also often recommended for security measures to sandbox the API keys from affecting the real DNS in event of compromise.

2 Likes

Maybe this python script would help? GitHub - Sagar-Jangam/DNSUpdate: A python based script to update DNS entries in ADIDNS

2 Likes