acme-dns-tiny

Tiny ACME client to obtain wildcard TLS certificates through DNS challenge resolution

Introduction

acme-dns-tiny is a python 3 script able to ask a Certificate Autority (CA) to provide automatically a X.509 certificate.

To be able to automate the certificate creation, acme-dns-tiny uses the ACME RFC 8555 standard. Indeed, to prove to the CA you are the owner of the domains included in the certificate request, acme-dns-tiny uses the DNS challenges defined by this RFC.

To resolve these challenges, acme-dns-tiny dynamically updates some DNS resources on your DNS service provider.

That's why, to be able to use acme-dns-tiny, you'll have to choose a CA which provides a service following the ACME RFC 8555, like the Let's Encrypt non-profit Certificate Authority.

The main goal of acme-dns-tiny is not to rewrite the official certbot ACME client but to give administrators a simple script easy to integrate in their environment without requiring root privileges and without access to the domain private key.

Requirements

To run acme-dns-tiny, you'll need a computer with Python 3, the dnspython module, the requests module and the OpenSSL command line available.

Then you have to give access to the rootless user running the script to:

Finally, that computer must be able to access a DNS server allowing dynamic resource updates through TSIG key authentication.

Maintenance state

Latest Release main branch pipeline status main branch coverage status

Origin

acme-dns-tiny is a fork of the acme-tiny project, but it has slightly diverged to: