Certbot Domain Chief plugin
This plugin enables DNS verification with Certbot when using Domain Chief.
If you installed certbot as a snap, then you have to install this plugin as a snap as well:
snap install certbot-dns-domainchief
snap set certbot trust-plugin-with-root=ok
snap connect certbot:plugin certbot-dns-domainchiefand can be upgraded using the refresh command:
snap refresh certbot-dns-domainchiefAlternatively this package can be installed with pip:
pip install certbot-dns-domainchiefand can be upgraded using the --upgrade flag
pip install --upgrade certbot-dns-domainchiefYou need to supply Certbot with a Domain Chief API key, this is an example of how a credentials file can look:
# Domain Chief API credentials used by Certbot
dns_domainchief_api_key = ctp_...You can create a new API key here, ensure it has the domainchief scope and has the correct team selected.
Keep in mind that the credentials file should be readable only by the user running Certbot and the credentials cannot be scoped, so they can be used to perform any action on your behalf if compromised.
Simple example for a single domain:
certbot certonly \
--authenticator dns-domainchief \
--dns-domainchief-credentials ~/.secrets/domainchief.ini \
-d example.comSimple example for wildcard domain:
certbot certonly \
--authenticator dns-domainchief \
--dns-domainchief-credentials ~/.secrets/domainchief.ini \
-d example.com \
-d *.example.comExample changing the propagation delay, although you should not have to adjust it normally:
certbot certonly \
--authenticator dns-domainchief \
--dns-domainchief-credentials ~/.secrets/domainchief.ini \
--dns-domainchief-propagation-seconds 120 \
-d example.comIf you discover a security vulnerability, please send an e-mail to us at hello@chief.app. All security vulnerabilities will be swiftly addressed.