- DNSPod
You must install certbot before starting to install the plugin, see Get Certbot
$ cd /opt/eff.org/certbot/venv
$ source bin/activate
$ pip install certbot-dns-verifier
$ deactivateAfter installed, You should see plugin in list
$ certbot pluginsIf you use sudo pip, maybe used pip is system, you should use sudo /opt/eff.org/certbot/venv/bin/pip
You can get the api id and token in the DNSPod console.
# /root/.secrets/certbot/dnspod.ini
certbot_dns_verifier:dns_dnspod_api_id = 12345
certbot_dns_verifier:dns_dnspod_api_token = foocertbot certonly -a certbot-dns-verifier:dns-dnspod \
--certbot-dns-verifier:dns-dnspod-credentials /root/.secrets/certbot/dnspod.ini \
-d "*.example.com" -d "example.com" \
--server https://acme-v02.api.letsencrypt.org/directory \
--renew-hook "systemctl reload nginx"After successful, the command line for obtain for a certificate will be saved to config,
example: /etc/letsencrypt/renewal/example.com.conf
This file saves the parameters when applying for a certificate.
Because the configuration of the application certificate has been saved, refreshing the certificate will no longer require additional parameters.
# test renew
$ certbot renew --dry-run
# renew
$ certbot renew --quietBecause the certificate is sent with the instruction to refresh the nginx, renew will also perform the refresh.
- Unsafe permissions on credentials configuration file: /path/secret.ini
$ chmod 600 /path/secret.ini