Recently I needed the ability to dynamically create certificates for domains hosted on cPanel. Unfortunately the hosting provider didn’t support Lets Encrypt certificates using cPanels AutoSSL. Due to this I headed down the path of custom Certbot plugins.
Thankfully, badjware created a custom Certbot plugin for cPanel: certbot-dns-cpanel. His module solved part of the problem. It was to be able to create certificates for hosts not connected to the internet. However, automatically installing the certificate in cPanel for hosts that were connected to the internet still posed a problem.
This was the first time I needed to create a plugin for Certbot. Going through the basic instructions of standing up a Docker environment was simple enough. However, there were a few small issues. Here are are few tips that can help those needing to create a plugin or add installer support to an existing plugin.
Before jumping in I suggest reading Certbots official developer ‘Getting Started‘ documentation.
In the following example, I clone my fork of the certbot-dns-cpanel plugin. You will need to change this to what ever repo you use in addition to the plugin name in the pip install inside the Docker container.
# Clone the GitHub Certbot project git clone https://github.com/certbot/certbot cd certbot # Clone your plugin git clone https://github.com/mrtimp/certbot-dns-cpanel.git # Build your local Docker container cp Dockerfile-dev Dockerfile-dev docker-compose run --rm --service-ports development bash # run the following inside the Docker container to configure the Python virtual environment python tools/venv.py . venv/bin/activate # Install your Certbot plugin pip install -e certbot-dns-cpanel
As the Certbot directory (and your plugin) will be volume mounted inside the container, you are now able to develop/modify your plugin locally using your favourite IDE. Adding requirements or making changes to the setup.py will mean you need to rerun:
pip install -e certbot-dns-cpanel (inside the container).
certbot plugins command inside the Docker container to view installed/configured plugins.
You can view my PR #15 to get an on how to approach this.
The Certbot team are not accepting any requests for DNS plugins, it looks like custom plugins are the way forward.