certbot_dns_google.dns_google

DNS Authenticator for Google Cloud DNS.

class certbot_dns_google.dns_google.Authenticator(*args, **kwargs)[source]

Bases: certbot.plugins.dns_common.DNSAuthenticator

DNS Authenticator for Google Cloud DNS

This Authenticator uses the Google Cloud DNS API to fulfill a dns-01 challenge.

classmethod add_parser_arguments(add)[source]

Add plugin arguments to the CLI argument parser.

NOTE: If some of your flags interact with others, you can use cli.report_config_interaction to register this to ensure values are correctly saved/overridable during renewal.

Parameters:add (callable) – Function that proxies calls to argparse.ArgumentParser.add_argument prepending options with unique plugin name prefix.
_setup_credentials()[source]

Establish credentials, prompting if necessary.

_perform(domain, validation_name, validation)[source]

Performs a dns-01 challenge by creating a DNS TXT record.

Parameters:
  • domain (str) – The domain being validated.
  • validation_domain_name (str) – The validation record domain name.
  • validation (str) – The validation record content.
Raises:

errors.PluginError – If the challenge cannot be performed

_cleanup(domain, validation_name, validation)[source]

Deletes the DNS TXT record which would have been created by _perform_achall.

Fails gracefully if no such record exists.

Parameters:
  • domain (str) – The domain being validated.
  • validation_domain_name (str) – The validation record domain name.
  • validation (str) – The validation record content.
class certbot_dns_google.dns_google._GoogleClient(account_json=None, dns_api=None)[source]

Bases: object

Encapsulates all communication with the Google Cloud DNS API.

add_txt_record(domain, record_name, record_content, record_ttl)[source]

Add a TXT record using the supplied information.

Parameters:
  • domain (str) – The domain to use to look up the managed zone.
  • record_name (str) – The record name (typically beginning with ‘_acme-challenge.’).
  • record_content (str) – The record content (typically the challenge validation).
  • record_ttl (int) – The record TTL (number of seconds that the record may be cached).
Raises:

certbot.errors.PluginError – if an error occurs communicating with the Google API

del_txt_record(domain, record_name, record_content, record_ttl)[source]

Delete a TXT record using the supplied information.

Parameters:
  • domain (str) – The domain to use to look up the managed zone.
  • record_name (str) – The record name (typically beginning with ‘_acme-challenge.’).
  • record_content (str) – The record content (typically the challenge validation).
  • record_ttl (int) – The record TTL (number of seconds that the record may be cached).
Raises:

certbot.errors.PluginError – if an error occurs communicating with the Google API

get_existing_txt_rrset(zone_id, record_name)[source]

Get existing TXT records from the RRset for the record name.

If an error occurs while requesting the record set, it is suppressed and None is returned.

Parameters:
  • zone_id (str) – The ID of the managed zone.
  • record_name (str) – The record name (typically beginning with ‘_acme-challenge.’).
Returns:

List of TXT record values or None

Return type:

list of string or None

_find_managed_zone_id(domain)[source]

Find the managed zone for a given domain.

Parameters:domain (str) – The domain for which to find the managed zone.
Returns:The ID of the managed zone, if found.
Return type:str
Raises:certbot.errors.PluginError – if the managed zone cannot be found.
static get_project_id()[source]

Query the google metadata service for the current project ID

This only works on Google Cloud Platform

Raises:
  • ServerNotFoundError – Not running on Google Compute or DNS not available
  • ValueError – Server is found, but response code is not 200
Returns:

project id