ACME PowerDNS is a Let's Encrypt client which makes the ACME challenge response with PowerDNS. The big benefit of doing the ACME challenge response over DNS is, that a central server can validate each certificate signing request without access to the web-servers. There is also no modification needed on the web-server.

• Python >= 3.4

Clone the git repository to a local directory and install it inside a virtualenv.

mkdir -p /opt/acme-powerdns
git clone https://github.com/adfinis-sygroup/acme-powerdns.git \
        /opt/acme-powerdns/acme-powerdns
python3 -m venv --without-pip /opt/acme-powerdns/venv
. /opt/acme-powerdns/venv/bin/activate
python /opt/acme-powerdns/acme-powerdns/.testdata/get-pip.py

Create your certificate signing request directories and your directories for the certificates.

mkdir -p /etc/acme-powerdns/{csr,live}

Create your configuration file /etc/acme-powerdns/settings.yml:

---

directory_url: 'https://acme-staging.api.letsencrypt.org/directory'
days: 30
updater: powerdns

powerdns:
  server: 'https://api.example.com/'
  username: '<user>'
  password: '<password>'

directories:
  - account_key: /etc/acme-powerdns/account.key
    csr:         /etc/acme-powerdns/csr
    cert:        /etc/acme-powerdns/live

# vim: set ft=yaml sw=2 ts=2 et wrap tw=76:

Multiple accounts are possible with multiple directories. Each directory is linked to one account.

The command acme-powerdns will do the following:

1. Search for files inside the csr directories (setting directories -> csr).
2. Read those files as certificate signing request (be aware, no other files are allowed inside the csr directories).
3. Validate the dns entries of each csr.
4. Get certificates from acme directory (e.g. Let's Encrypt).
5. Store certificates to cert directories (setting directories -> cert).

GNU GENERAL PUBLIC LICENSE Version 3

See the LICENSE file.