letsencrypt-inwx 1.1.0

A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx
Documentation

letsencrypt-inwx Build Status Docker Build Status Crates.io

A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx. This allows you to obtain wildcard certificates from letsencrypt.

Installation

Ubuntu / Debian

  • Build the .deb package or download it from releases and install it with sudo dpkg -i <path_to_the_deb_file>

Other linux

  • Build the executable or download it from releases and copy it to /usr/bin/
  • Copy both certbot scripts from ./etc/ to /usr/lib/letsencrypt-inwx/

With cargo

  • Run cargo install letsencrypt-inwx

Usage

With certbot

  • Put your inwx login data seperated by a newline into /etc/letsencrypt-inwx-cred
  • Make sure the file is only readable for root sudo chmod 600 /etc/letsencrypt-inwx-cred
  • You can now get certificates from certbot by running sudo certbot certonly -n --agree-tos --email <your_email> --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>

Notes

  • You need at least certbot 0.22.0 to issue wildcard certificates.
  • You can put your inwx login data into ~/.config/letsencrypt-inwx-cred if you want to run certbot as non-root user
  • This tool uses the google dns server 8.8.8.8 to check the supplied domain for CNAMEs and to verify that the dns change is publicly visible

With Docker and certbot

  • Put your inwx login data into a docker env file like this
INWX_USER=username
INWX_PASSWD=password
  • Generate your certificate by running docker run --rm -it --env-file <your-env-file> -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx certonly --email <your_email> --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>
  • Your certificate is now at /etc/letsencrypt/live/<your_domain>/
  • You can renew your certificate by running docker run --rm -it --env-file <your-env-file> -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx renew

Manually

  • Put your inwx login data seperated by a newline into a file
  • Create a txt record with letsencrypt-inwx create -c <credential_file> -d _acme-challenge.your-domain.com -v <acme_token>
  • Delete it with letsencrypt-inwx delete -c <credential_file> -d _acme-challenge.your-domain.com

Building

Requirements

libssl-dev and pkg-config are required when building on Ubuntu / Debian see here.

.deb package

  • Install cargo-deb by running cargo install cargo-deb
  • Run cargo deb to build the package

only the executable

  • Run cargo build --release to build the letsencrypt-inwx executable