Hello,
we're developing product which renews certificates in our company, we use certbot and need to use DNS challenge.
We call certbot from python using
process = Popen(call, stdout=PIPE, stderr=STDOUT) where "call" is the certbot command.
My very first test certbot command is:
certbot certonly --manual --preferred-challenges=dns -d acmetest.mydomain.com
How can we programmatically get payload for the TXT record? Our certbot cannot contact DNS server directly, we have to contact it from the python layer. But when I tested certbot I noticed it returns string for the TXT record in the response text and additionally it expects me to hit enter to continue. Is there some way to, for example, save payload of TXT record to file? Like we do with "--webroot" when we use certbot for HTTP challenged SSL certificates.
The TXT RR value is provided to a separate script which is called/specified with the --manual-auth-hook. See User Guide — Certbot 2.11.0 documentation for more info.
That said, I'm not sure if integrating Certbot with subprocess.Popen is the most sensible thing to do. The output is far from machine readable, interfacing with challenges like this is difficult if not almost impossible et c.
I second @Osiris recommendation. Specifically, I suggest writing two small scripts -- one which takes the token as input via environment variable and sets the appropriate DNS TXT record, and another which cleans up the record -- and passing these scripts to certbot with the --manual-auth-hook and --manual-cleanup-hook flags.
