Hi,
I would like to write a plugin to create / renew certificates automatically for our server. At the moment we have to do this manually because none of the current plugins is working for us.
Is there any documentation on how to start with that? Do I have to change the core code of the project (like in the script plugin) or is there a way to have it separate and make it installable if needed? What is the recommended way for plugins which might be usable for a small group of users?
Can you give a bit of background about your servers ( and effectively what you need / what can’t be done currently). There are a lot of alternative clients so one of those may be a good starting point. There is detailed documentation on writing your own client / plugin, yes, depending on exactly what you need.
thanks for the fast answer. We are using Heroku for hosting, which is a cloud hosting service provider.
At the moment we have to run everything on a command line.
login on Heroku (command line)
start the certbot script with “certonly” option and process until the validation has to be done
make the file with the specified content available. This usually means:
create the file locally, commit on Github, deploy code and wait until dynos are restarted
or (like we do at the moment)
create a special router script which handles all calls on the URL starting with “.well-known” and get the data from an environment variable which then has to be set (we do this via command line) and wait until dynos are restarted
continue with the next domain (in total we have 6 with the same certificate)
after all domains are validated we have to put the certificate to the server, again via command line
I hope the process got clear. What I would like to do is create a plugin for Heroku which first matches just our needs, but after everything is working, I would love to share this with the community as well.
There are a few options. The best I think is the “script plugin” https://github.com/certbot/certbot/pull/3521 which looks as if it was merged into master yesterday so should be available shortly.
Do you use a DNS provider with an API - it may be a lot easier using the dns-01 challenge, that way you don’t have to handle all the “.well-known” http routing, and you don’t even have to run it on the specific server if you don’t want to.