Add documentation about DNS plugins and Docker (#5710)

* make binding port optional * Add DNS docker docs * add basic DNS plugin docs * Add link to DNS plugin docs from Docker docs * Shrink table size
2026-06-08 16:22:18 -04:00 · 2018-03-13 07:08:01 -07:00 · 2018-03-13 07:08:01 -07:00 · 1d0e3b1bfa
commit 1d0e3b1bfa
parent d310ad18c7
2 changed files with 54 additions and 4 deletions
--- a/docs/install.rst
+++ b/docs/install.rst
@ -115,13 +115,17 @@ these make much sense to you, you should definitely use the
 certbot-auto_ method, which enables you to use installer plugins
 that cover both of those hard topics.

-If you're still not convinced and have decided to use this method,
-from the server that the domain you're requesting a certficate for resolves
-to, `install Docker`_, then issue the following command:
+If you're still not convinced and have decided to use this method, from
+the server that the domain you're requesting a certficate for resolves
+to, `install Docker`_, then issue a command like the one found below. If
+you are using Certbot with the :ref:`Standalone` plugin, you will need
+to make the port it uses accessible from outside of the container by
+including something like ``-p 80:80`` or ``-p 443:443`` on the command
+line before ``certbot/certbot``.

 .. code-block:: shell

-   sudo docker run -it --rm -p 443:443 -p 80:80 --name certbot \
+   sudo docker run -it --rm --name certbot \
               -v "/etc/letsencrypt:/etc/letsencrypt" \
               -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
               certbot/certbot certonly
@ -131,6 +135,16 @@ Running Certbot with the ``certonly`` command will obtain a certificate and plac
 within Docker, you must install the certificate manually according to the procedure
 recommended by the provider of your webserver.

+There are also Docker images for each of Certbot's DNS plugins available
+at https://hub.docker.com/u/certbot which automate doing domain
+validation over DNS for popular providers. To use one, just replace
+``certbot/certbot`` in the command above with the name of the image you
+want to use. For example, to use Certbot's plugin for Amazon Route 53,
+you'd use ``certbot/dns-route53``. You may also need to add flags to
+Certbot and/or mount additional directories to provide access to your
+DNS API credentials. See the :ref:`DNS plugin documentation
+<dns_plugins>`  for more info.
+
 For more information about the layout
 of the ``/etc/letsencrypt`` directory, see :ref:`where-certs`.

--- a/docs/using.rst
+++ b/docs/using.rst
@ -54,12 +54,19 @@ standalone_ Y    N    | Uses a "standalone" webserver to obtain a certificate.
                      | Requires port 80 or 443 to be available. This is useful on    tls-sni-01_ (443)
                      | systems with no webserver, or when direct integration with
                      | the local webserver is not supported or not desired.
+|dns_plugs| Y    N    | This category of plugins automates obtaining a certificate by dns-01_ (53)
+                      | modifying DNS records to prove you have control over a
+                      | domain. Doing domain validation in this way is
+                      | the only way to obtain wildcard certificates from Let's
+                      | Encrypt.
 manual_     Y    N    | Helps you obtain a certificate by giving you instructions to  http-01_ (80),
                      | perform domain validation yourself. Additionally allows you   dns-01_ (53) or
                      | to specify scripts to automate the validation task in a       tls-sni-01_ (443)
                      | customized way.
 =========== ==== ==== =============================================================== =============================

+.. |dns_plugs| replace:: :ref:`DNS plugins <dns_plugins>`
+
 Under the hood, plugins use one of several ACME protocol challenges_ to
 prove you control a domain. The options are http-01_ (which uses port 80),
 tls-sni-01_ (port 443) and dns-01_ (requiring configuration of a DNS server on
@ -141,6 +148,8 @@ the ``--nginx`` flag on the commandline.

   certbot --nginx

+.. _standalone:
+
 Standalone
 ----------

@ -164,6 +173,33 @@ the Internet on the specified port using each requested domain name.
 .. note:: The ``--standalone-supported-challenges`` option has been
   deprecated since ``certbot`` version 0.9.0.

+.. _dns_plugins:
+
+DNS Plugins
+-----------
+
+If you'd like to obtain a wildcard certificate from Let's Encrypt or run
+``certbot`` on a machine other than your target webserver, you can use one of
+Certbot's DNS plugins.
+
+These plugins are still in the process of being packaged
+by many distributions and cannot currently be installed with ``certbot-auto``.
+If, however, you are comfortable installing the certificates yourself,
+you can run these plugins with :ref:`Docker <docker>`.
+
+Once installed, you can find documentation on how to use each plugin at:
+
+* `certbot-dns-cloudflare <https://certbot-dns-cloudflare.readthedocs.io>`_
+* `certbot-dns-cloudxns <https://certbot-dns-cloudxns.readthedocs.io>`_
+* `certbot-dns-digitalocean <https://certbot-dns-digitalocean.readthedocs.io>`_
+* `certbot-dns-dnsimple <https://certbot-dns-dnsimple.readthedocs.io>`_
+* `certbot-dns-dnsmadeeasy <https://certbot-dns-dnsmadeeasy.readthedocs.io>`_
+* `certbot-dns-google <https://certbot-dns-google.readthedocs.io>`_
+* `certbot-dns-luadns <https://certbot-dns-luadns.readthedocs.io>`_
+* `certbot-dns-nsone <https://certbot-dns-nsone.readthedocs.io>`_
+* `certbot-dns-rfc2136 <https://certbot-dns-rfc2136.readthedocs.io>`_
+* `certbot-dns-route53 <https://certbot-dns-route53.readthedocs.io>`_
+
 Manual
 ------