Implementing a new provider for DNS-01

My current domain registrar has an EPP API where I can manage my domains and records.
I'd like to extend certbot or in some way write a plugin to be able to automatically, not manually, use certbot for DNS-01 challenges.

I couldn't find information about this in the documenatation.

Just use any of the existing plugins, first party or third party, that are out there as an example.

Or check if your domain service provider (which is not necessarily the same as the domain registrar by the way) is already implemented in GitHub - go-acme/lego: Let's Encrypt/ACME client and library written in Go. In that case you maybe could use GitHub - alexzorin/certbot-dns-multi: Certbot DNS plugin supporting multiple providers, using github.com/go-acme/lego which uses the lego library internally to interface it with Certbot.

If you still want to implement your own third party Certbot DNS plugin, check out if your DNS service provider is supported by GitHub - dns-lexicon/dns-lexicon: Manipulate DNS records on various DNS providers in a standardized way.. Some of the Certbor DNS plugins also use dns-lexicon, so if you could use that, it would make your life much easier.

3 Likes

It's not, that's why I created this thread in the 1st place.
It's a cheap, not prominent registrar and provider using the EPP to manage domains and records.

You might have wanted to mention that in your post to spare me the effort. I'm not able to read minds and thus could not have known you already checked those options.

Looking at Extensible Provisioning Protocol - Wikipedia, I'm not sure EPP is even the protocol you're looking for. Maybe there are some relevant extensions, but just looking at the EPP, it really seems to be a registrar thing, not for modifying the DNS zone, where the latter is required for adding and removing the required TXT RRs.

3 Likes

Can you please answer the question?
How do I write a custom plugin for certbot or extend it, to automatically handle DNS-01 challenges?

Let me worry about EPP, I need to just extend certbot or write a plugin.

Copy an existing plugin and modify it to your own needs. That's all I can say about that. Maybe other users have more input, but this is just what I can provide.

2 Likes

The easiest way to implement a DNS provider for yourself is often to write a single script (python or bash etc) and call it as a custom create TXT record script. Various ACME clients support this method and it can be easier than implementing a full certbot plugin etc.

If you really want to write your own certbot plugin there is some reference to that in the certbot docs: Developer Guide — Certbot 3.1.0 documentation

1 Like