This plugin enables DNS verification with Certbot when using dnsmanager.io.

If you installed certbot as a snap, then you have to install this plugin as a snap as well:

snap install certbot-dns-dnsmanager
snap set certbot trust-plugin-with-root=ok
snap connect certbot:plugin certbot-dns-dnsmanager

and can be upgraded using the refresh command:

snap refresh certbot-dns-dnsmanager

Alternatively this package can be installed with pip:

pip install certbot-dns-dnsmanager

and can be upgraded using the --upgrade flag

pip install --upgrade certbot-dns-dnsmanager

You need to supply Certbot with your dnsmanager.io API credentials, this is an example of how a credentials file can look:

# dnsmanager.io API credentials used by Certbot
dns_dnsmanager_api_id = 4b968ab4-b30b-4376-898d-659b3e8b9028
dns_dnsmanager_api_key = DprstzDtrGXUUVb5X8AThDOLdmpyPCqw

You can create a new set of API credentials in your dnsmanager.io account.

Keep in mind that the credentials file should be readable only by the user running Certbot and the credentials cannot be scoped, so they can be used to perform any action on your behalf if compromised.

Simple example for a single domain:

certbot certonly \
  --authenticator dns-dnsmanager \
  --dns-dnsmanager-credentials ~/.secrets/dnsmanager.ini \
  -d example.com

Simple example for wildcard domain:

certbot certonly \
  --authenticator dns-dnsmanager \
  --dns-dnsmanager-credentials ~/.secrets/dnsmanager.ini \
  -d example.com \
  -d *.example.com

Example changing the propagation delay, although you should not have to adjust it normally:

certbot certonly \
  --authenticator dns-dnsmanager \
  --dns-dnsmanager-credentials ~/.secrets/dnsmanager.ini \
  --dns-dnsmanager-propagation-seconds 120 \
  -d example.com

If you discover a security vulnerability, please send an e-mail to Alex Bouma at alex+security@bouma.me. All security vulnerabilities will be swiftly addressed.