certbot manual auth hook for DNS-01 with namecheap and subdomain cert support
- python
- requests
- beautifulsoup
- lxml
- requests-cache (optional, currently commented out)
- certbot
- namecheap api key https://www.namecheap.com/support/knowledgebase/article.aspx/9739/63/api--faq#c
- SLD/TLD extraction is extremely naive and does not support multipart tlds
- update: it now handles subdomains thanks to @maservant
- no cleanup hook, just an auth hook
- update: a cleanup function has been added to remove old challenges before setting a new one
- none of the api calls are paginated yet but this probably doesn't matter bc the hook works based on an env var
- no error checking or handling of any sort
- was going to be a more robust wrapper of certbot that loops over all your domains, but heck it
- lol everything is hardcoded so make sure to put in your own username / api key
edit existing renewal conf, e.g. /etc/letsencrypt/renewal/tarawneh.org.conf
and make sure authenticator = manual
, pref_challs = dns-01,
, manual_auth_hook = /path/to/auth.py
, manual_public_ip_logging_ok = True
[renewalparams]
account = 1234567890abcdef1234567890abcdef
authenticator = manual
server = https://acme-v02.api.letsencrypt.org/directory
pref_challs = dns-01,
manual_auth_hook = /home/trwnh/bin/namecheap/auth.py
manual_public_ip_logging_ok = True
sudo certbot certonly \
--preferred-challenges=dns \
--manual \
--manual-auth-hook=/path/to/auth.py \
--agree-tos \
-d domain.com,*.domain.com
sudo certbot certonly \
--preferred-challenges=dns \
--manual \
--manual-auth-hook=/path/to/auth.py \
--agree-tos \
-d sub.domain.com
you should be able to run certbot renew
after that and the settings will be remembered? idk yes, this works without intervention
pay me for emotional damages caused by namecheap's api:
- recurring: https://liberapay.com/trwnh
- one-time: https://paypal.me/trwnh
interact with me elsewhere:
- fedi: https://mastodon.social/@trwnh
- smtp/xmpp: a@trwnh.com