certbot.plugins.dns_common module

Common code for DNS Authenticator Plugins.

class certbot.plugins.dns_common.DNSAuthenticator(config: NamespaceConfig, name: str)[source]

Bases: Plugin, Authenticator

Base class for DNS Authenticators

classmethod add_parser_arguments(add: Callable[[...], None], default_propagation_seconds: int = 10) None[source]

Add plugin arguments to the CLI argument parser.


add (callable) – Function that proxies calls to argparse.ArgumentParser.add_argument prepending options with unique plugin name prefix.

auth_hint(failed_achalls: List[AnnotatedChallenge]) str[source]

See certbot.plugins.common.Plugin.auth_hint.

get_chall_pref(unused_domain: str) Iterable[Type[Challenge]][source]

Return collections.Iterable of challenge preferences.


domain (str) – Domain for which challenge preferences are sought.


collections.Iterable of challenge types (subclasses of acme.challenges.Challenge) with the most preferred challenges first. If a type is not specified, it means the Authenticator cannot perform the challenge.

Return type:


prepare() None[source]

Prepare the plugin.

Finish up any additional initialization.

  • .PluginError – when full initialization cannot be completed.

  • .MisconfigurationError – when full initialization cannot be completed. Plugin will be displayed on a list of available plugins.

  • .NoInstallationError – when the necessary programs/files cannot be located. Plugin will NOT be displayed on a list of available plugins.

  • .NotSupportedError – when the installation is recognized, but the version is not currently supported.

more_info() str[source]

Human-readable string to help the user.

Should describe the steps taken and any relevant info to help the user decide which plugin to use.

Rtype str:

perform(achalls: List[AnnotatedChallenge]) List[ChallengeResponse][source]

Perform the given challenge.


achalls (list) – Non-empty (guaranteed) list of AnnotatedChallenge instances, such that it contains types found within get_chall_pref() only.


list of ACME ChallengeResponse instances corresponding to each provided Challenge.

Return type:

collections.List of acme.challenges.ChallengeResponse, where responses are required to be returned in the same order as corresponding input challenges


.PluginError – If some or all challenges cannot be performed

cleanup(achalls: List[AnnotatedChallenge]) None[source]

Revert changes and shutdown after challenges complete.

This method should be able to revert all changes made by perform, even if perform exited abnormally.


achalls (list) – Non-empty (guaranteed) list of AnnotatedChallenge instances, a subset of those previously passed to perform().


PluginError – if original configuration cannot be restored

class certbot.plugins.dns_common.CredentialsConfiguration(filename: str, mapper: ~typing.Callable[[str], str] = <function CredentialsConfiguration.<lambda>>)[source]

Bases: object

Represents a user-supplied filed which stores API credentials.

require(required_variables: Mapping[str, str]) None[source]

Ensures that the supplied set of variables are all present in the file.


required_variables (dict) – Map of variable which must be present to error to display.


errors.PluginError – If one or more are missing.

conf(var: str) str | None[source]

Find a configuration value for variable var, as transformed by mapper.


var (str) – The variable to get.


The value of the variable, if it exists.

Return type:

str or None

certbot.plugins.dns_common.validate_file(filename: str) None[source]

Ensure that the specified file exists.

certbot.plugins.dns_common.validate_file_permissions(filename: str) None[source]

Ensure that the specified file exists and warn about unsafe permissions.

certbot.plugins.dns_common.base_domain_name_guesses(domain: str) List[str][source]

Return a list of progressively less-specific domain names.

One of these will probably be the domain name known to the DNS provider.


>>> base_domain_name_guesses('foo.bar.baz.example.com')
['foo.bar.baz.example.com', 'bar.baz.example.com', 'baz.example.com', 'example.com', 'com']

domain (str) – The domain for which to return guesses.


The a list of less specific domain names.

Return type: