certbot.plugins.dns_common module

Common code for DNS Authenticator Plugins.

class certbot.plugins.dns_common.DNSAuthenticator(config: NamespaceConfig, name: str)[source]

Bases: Plugin, Authenticator

Base class for DNS Authenticators

classmethod add_parser_arguments(add: Callable[[...], None], default_propagation_seconds: int = 10) None[source]

Add plugin arguments to the CLI argument parser.


add (callable) – Function that proxies calls to argparse.ArgumentParser.add_argument prepending options with unique plugin name prefix.

auth_hint(failed_achalls: List[AnnotatedChallenge]) str[source]

See certbot.plugins.common.Plugin.auth_hint.

get_chall_pref(unused_domain: str) Iterable[Type[Challenge]][source]

Return collections.Iterable of challenge preferences.


domain (str) – Domain for which challenge preferences are sought.


collections.Iterable of challenge types (subclasses of acme.challenges.Challenge) with the most preferred challenges first. If a type is not specified, it means the Authenticator cannot perform the challenge.

Return type


prepare() None[source]

Prepare the plugin.

Finish up any additional initialization.

  • .PluginError – when full initialization cannot be completed.

  • .MisconfigurationError – when full initialization cannot be completed. Plugin will be displayed on a list of available plugins.

  • .NoInstallationError – when the necessary programs/files cannot be located. Plugin will NOT be displayed on a list of available plugins.

  • .NotSupportedError – when the installation is recognized, but the version is not currently supported.

more_info() str[source]

Human-readable string to help the user.

Should describe the steps taken and any relevant info to help the user decide which plugin to use.

Rtype str

perform(achalls: List[AnnotatedChallenge]) List[ChallengeResponse][source]

Perform the given challenge.


achalls (list) – Non-empty (guaranteed) list of AnnotatedChallenge instances, such that it contains types found within get_chall_pref() only.


list of ACME ChallengeResponse instances corresponding to each provided Challenge.

Return type

collections.List of acme.challenges.ChallengeResponse, where responses are required to be returned in the same order as corresponding input challenges


.PluginError – If some or all challenges cannot be performed

cleanup(achalls: List[AnnotatedChallenge]) None[source]

Revert changes and shutdown after challenges complete.

This method should be able to revert all changes made by perform, even if perform exited abnormally.


achalls (list) – Non-empty (guaranteed) list of AnnotatedChallenge instances, a subset of those previously passed to perform().


PluginError – if original configuration cannot be restored

class certbot.plugins.dns_common.CredentialsConfiguration(filename: str, mapper: ~typing.Callable[[str], str] = <function CredentialsConfiguration.<lambda>>)[source]

Bases: object

Represents a user-supplied filed which stores API credentials.

require(required_variables: Mapping[str, str]) None[source]

Ensures that the supplied set of variables are all present in the file.


required_variables (dict) – Map of variable which must be present to error to display.


errors.PluginError – If one or more are missing.

conf(var: str) str[source]

Find a configuration value for variable var, as transformed by mapper.


var (str) – The variable to get.


The value of the variable.

Return type


certbot.plugins.dns_common.validate_file(filename: str) None[source]

Ensure that the specified file exists.

certbot.plugins.dns_common.validate_file_permissions(filename: str) None[source]

Ensure that the specified file exists and warn about unsafe permissions.

certbot.plugins.dns_common.base_domain_name_guesses(domain: str) List[str][source]

Return a list of progressively less-specific domain names.

One of these will probably be the domain name known to the DNS provider.


>>> base_domain_name_guesses('foo.bar.baz.example.com')
['foo.bar.baz.example.com', 'bar.baz.example.com', 'baz.example.com', 'example.com', 'com']

domain (str) – The domain for which to return guesses.


The a list of less specific domain names.

Return type