Using certbot with BIND DNS (named)

opensuse 15.4

Is it possible to use certbot with named? Is there a plugin for named? None of the ones listed appear to work with named.

I know creation and renewal can be done manually by adding a key value to a DNS TXT entry and restarting named. I am hoping there is a way to automate the renewal.

We do not intend to use the certificates for web services, only email.

Probably a more generic question to ask the folks at LetsEncrypt (since they created the certbot tool) - but if the DNS server is externally resolvable (ie, the domain it hosts is a domain that’s resolvable), then it seems to me that you can just use the DNS challenge after applying the update to the bind server. The only real issue is that if there needs to be DNS propagation, you need to account for that.

(I use certbot myself, but I use it against AWS Route53, not bind - but ultimately, the LE folks are probably going to be a better resource to answer this question).


The BIND method (rfc2136) is described here.

After installing the dns-2136 plugin (search for “certbot” in yast), following the steps at the indicated URL, the certificate was renewed without a problem.