letsencrypt-inwx
A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx. This allows you to obtain wildcard certificates from letsencrypt.
Installation
Ubuntu / Debian
- Build the .deb package or download it from releases and install it with
sudo dpkg -i <path_to_the_deb_file>
Other linux
- Build the executable or download it from releases and copy it to
/usr/bin/
- Copy both certbot scripts from
./etc/
to/usr/lib/letsencrypt-inwx/
With cargo
- Run
cargo install letsencrypt-inwx
Usage
With certbot
- Put your inwx login data seperated by a newline into
/etc/letsencrypt-inwx-cred
- Make sure the file is only readable for root
sudo chmod 600 /etc/letsencrypt-inwx-cred
- You can now get certificates from certbot by running
sudo certbot certonly -n --agree-tos --email <your_email> --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>
Notes
- You need at least certbot 0.22.0 to issue wildcard certificates.
- You can put your inwx login data into
~/.config/letsencrypt-inwx-cred
if you want to run certbot as non-root user - This tool uses the google dns server 8.8.8.8 to check the supplied domain for CNAMEs and to verify that the dns change is publicly visible
With Docker and certbot
- Put your inwx login data into a docker env file like this
INWX_USER=username
INWX_PASSWD=password
- Generate your certificate by running
docker run --rm -it --env-file <your-env-file> -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx certonly --email <your_email> --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>
- Your certificate is now at
/etc/letsencrypt/live/<your_domain>/
- You can renew your certificate by running
docker run --rm -it --env-file <your-env-file> -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx renew
Manually
- Put your inwx login data seperated by a newline into a file
- Create a txt record with
letsencrypt-inwx create -c <credential_file> -d _acme-challenge.your-domain.com -v <acme_token>
- Delete it with
letsencrypt-inwx delete -c <credential_file> -d _acme-challenge.your-domain.com
Building
Requirements
libssl-dev
and pkg-config
are required when building on Ubuntu / Debian see here.
.deb package
- Install cargo-deb by running
cargo install cargo-deb
- Run
cargo deb
to build the package
only the executable
- Run
cargo build --release
to build theletsencrypt-inwx
executable