This plugin uses certbot's dns-01 challenge to create and delete TXT records on a Wedos domain server, thanks to the API interface called WAPI provided by Wedos. With this plugin you can make wildcard ssl.
For the functionality of this plugin, you will need to install these programs/softwares.
| Name | Install | Version |
|---|---|---|
| python | Link | >= 3.7 |
| pip | Link | >= 18.1 |
| certbot | Link | >= 0.34.0 |
Note that in theory, even the oldest versions that are mentions should work, but the test was conducted on a Debian 10 system with Python 3.9.2, pip3 20.3.4, and Certbot 2.2.0, so there may be compatibility issues.
You will also need to have WAPI activated for communication between Wedos and the plugin. To activate WAPI, you can read the article from Wedos, available at this link WAPI activation and settings.
CAUTION: Please note that the IP address of the server where Certbot with the plugin will be located must be allowed on WAPI, otherwise it will not work.
First, we will download the source code from GitHub, and then we can install the plugin using pip.
With git
git clone https://github.com/clazzor/certbot-dns-wedos.git
cd certbot-dns-wedos
pip3 install .
With wget
wget https://github.com/clazzor/certbot-dns-wedos/archive/refs/heads/main.zip -O wedos.zip
unzip wedos.zip -d wedos
cd wedos/certbot-dns-wedos-main/
pip3 install .
With curl
curl -L https://github.com/clazzor/certbot-dns-wedos/archive/refs/heads/main.zip --output wedos.zip
unzip wedos.zip -d wedos
cd wedos/certbot-dns-wedos-main/
pip3 install .
After installation, the created folders may be deleted.
If you have used it git
cd ..
rm -r certbot-dns-wedos
If you have used it wget or curl
cd ..
rm -r wedos.zip wedos
The basic structure of the command is the same as with all other plugins, we define the plugin and domains, like this:
certbot certonly \
--authenticator dns-wedos \
-d *.example.com \
-d example.com
In any case, without entering the required command/plugin parameters, it cannot function!
To ensure proper functionality of the plugin, it is necessary to set some parameters. Here are the arguments/credentials:
| Name | Argument | Credential | Description |
|---|---|---|---|
| propagation‑seconds | Optional (default 30) | Not allowed | Seconds to wait for DNS propagation before verifying DNS record with ACME server. |
| credentials | Optional | Not allowed | The complete path to the INI file for credentials. |
| user | Required * | Required | The user (username) for WAPI. |
| auth | Required * | Required | The auth (password) for WAPI and must be encrypted using SHA1. |
| finalize | Optional | Optinal | The command to be executed at the end. |
* Only required if the path to the credentials is not defined!
- CAUTION: The auth (password) must be entered as an encrypted password using SHA1. You can use a website like this one to encrypt your password emn178 sha1!
- If the credential path is defined, then the user and auth must be defined in INI file as well. Otherwise, an error will occur.
- The arguments overwrite the credentials data.
For arguments
- The prefix --dns-wedos is used for arguments, and values are written after a space. For values with spaces, such as
hello world, quotes"or apostrophes'are used.
--dns-wedos-<NameOfArgument> <Value>
Example:
--dns-wedos-finalize "nginx -s reload"
For credential
- The prefix dns_wedos_ is used for credentials, and values are written after an equal sign
=. For values with spaces, such ashello world, a space can be used. - For the ini file you must apply permission:
chmod 600 file.ini
dns_wedos_<NameOfArgument>=<Value>
Example:
dns_wedos_finalize=nginx -s reload
Using credential
certbot certonly --authenticator dns-wedos \
--dns-wedos-credentials /path/to/the/file.ini \
-d *.example.com -d example.com
The /path/to/the/file.ini file:
[email protected]
dns_wedos_auth=c3499c2729730a7f807efb8676a92dcb6f8a3f8f
Using arguments
certbot certonly --authenticator dns-wedos \
[email protected] \
--dns-wedos-auth=c3499c2729730a7f807efb8676a92dcb6f8a3f8f \
-d *.example.com -d example.com
Using credentials and arguments
(arguments overwrite the credentials so user will be [email protected])
certbot certonly --authenticator dns-wedos \
--dns-wedos-user [email protected] \
--dns-wedos-finalize "nginx -s reload" \
--dns-wedos-credentials /path/to/the/file.ini \
-d *.example.com -d example.com
The /path/to/the/file.ini file:
[email protected]
dns_wedos_auth=c3499c2729730a7f807efb8676a92dcb6f8a3f8f
Note:
c3499c2729730a7f807efb8676a92dcb6f8a3f8fis encrypted wordtestwith sha1
I just want to mention which modules/libraries this plugin uses for better debugging of errors in the future, in case any occur.
| Name | License |
|---|---|
| setuptools | MIT |
| requests | Apache 2.0 |
| subprocess | PSF |
| logging | PSF |
| haslib | PSF |
| shelx | PSF |
| json | PSF |
| time | PSF |
If an error occurs, Certbot will display the type of error that has occurred.
- If you encounter an HTTP error related to communication with WAPI, you will receive an HTTP error.
- If it is an error related to communication between the plugin and WAPI, you will receive a return code. Wedos has a list of error codes on their Czech website, which you can access through this link WAPI list of return codes. (If you do not speak Czech, you can use Google Translate :D)
- If there is an error with the command you entered as the
finalizeparameter, you will receive a error code and error text similar to what you would get if you entered it in the terminal.