3.0.057.6 MB
0BSD
strict
core24
Hurricane Electric DNS authenticator plugin for Certbot
implemented based on Hurricane Electric DNS's Dynamic
DNS (https://dns.he.net/docs) support.
## installation
you can install the plugin with:
you should see
successfully:
## usage
### quick start
1. navigate to your zone on Hurricane Electric DNS (https://dns.he.net).
1. create a new TXT record:
1. click on the "Generate a DDNS key" icon for the TXT record under the "DDNS"
1. set a key for this dynamic DNS entry. store this key somewhere safe.
1. create a file
1. execute the
IMPORTANT: Hurricane Electric only allows one dynamic DNS entry per name. as
a result, you are unable to generate a single certificate for both a root domain
and a wildcard domain (e.g. for both
that requires setting two different TXT records with the same name (e.g.
### CLI options
the following options are added to certbot's command line interface:
### credential file
the credential file expects the following key-value pair:
DNS (https://dns.he.net/docs) support.
## installation
you can install the plugin with:
snap set certbot trust-plugin-with-root=oksnap install certbot-dns-hesnap connect certbot:plugin certbot-dns-he
you should see
dns-he in the output if the plugin has been installedsuccessfully:
certbot plugins | grep dns-he
## usage
### quick start
1. navigate to your zone on Hurricane Electric DNS (https://dns.he.net).
1. create a new TXT record:
* set "Name" to acme-challenge.<your-domain>, where <your-domain> is the domain name for which you're trying to get a certificate. e.g., create acme-challenge.example.com if you are trying to get a certificate for example.com or *.example.com.* check "Enable entry for dynamic dns".* leave other fields as-is and click "Submit".1. click on the "Generate a DDNS key" icon for the TXT record under the "DDNS"
column.1. set a key for this dynamic DNS entry. store this key somewhere safe.
1. create a file
he-credentials.ini on your web server with the following
content:* dnshekeys={"acme-challenge.<your-domain>": "<ddns-key>"}where <ddns-key> is the dynamic DNS key you created for this name earlier.1. execute the
certbot command with necessary arguments, e.g.,
certbot certonly --authenticator dns-he --dns-he-credentials he-credentials.ini -d example.comIMPORTANT: Hurricane Electric only allows one dynamic DNS entry per name. as
a result, you are unable to generate a single certificate for both a root domain
and a wildcard domain (e.g. for both
example.com and *.example.com), sincethat requires setting two different TXT records with the same name (e.g.
acme-challenge.example.com) at the same time.### CLI options
the following options are added to certbot's command line interface:
--authenticator dns-he: (required) use Hurricane Electric DNS authenticator.--dns-he-credentials <file>: (required) specify path to a credential file--dns-he-propagation-seconds <seconds>: (optional) specify how long to wait
10.### credential file
the credential file expects the following key-value pair:
dnshekeys: a JSON object with fully quantified domain names as keys and
Update History
3.0.0 (5)13 Dec 2025, 09:47 UTC
3 Mar 2024, 12:37 UTC
1 Oct 2024, 02:29 UTC
13 Dec 2025, 09:47 UTC