[How to] use certbot plugin gandi not in CLI

[Benouare]

Hi,

Current behavior :

I am generating certs well with certbot/gandi-plugin on NASs, but to do that i am forced to share my DNS_GANDI_KEY with NASs.

The finality :

I would like to integrate the certificate generation process in a python app (django on Gandi instance). With this, my clients will not know my DNS_GANDI_KEY anymore. My app will be the only one that knows this api key. I will provide the certificates to each NAS.

What i want :

I am looking for some python code that is using certbot and plugin-gandi (or needs some adaptations to use it), and make me able to generate my certs using only python (no shell, and i dont want to use subprocess that is calling python app/lib... ).

What i did :

I tried to dig into the code of certbot/gandi-plugin, but I didnt find a good entry point yet.

Any help?

Merci pour la lib', super boulot!

Ressources :

PS : just found this, that's more or less what i am looking for (in my case i will use DNS-Challenge)
https://gist.github.com/gpjt/2bd2a223b410d8fcfb782d0df1be2e00

[Benouare]

Ok.
Found something with certbot.main

edit

import certbot.main
from django.conf import settings


def __prepare_params_generate(domain):
    params = "certonly -n -a dns-gandi --dns-gandi-credentials {} --domain {} --email {} --agree-tos --config-dir {} --work-dir {} --logs-dir {}".format(
        settings.GANDI_FILE_CONF_CERT,
        domain,
        settings.GANDI_EMAIL_CERT,
        settings.GANDI_CONFIG_DIR_CERT,
        settings.GANDI_WORK_DIR_CERT,
        settings.GANDI_LOG_DIR_CERT,
    )
    return params.split(" ")


def generate_cert(domain):
    certbot.main.main(__prepare_params_generate(domain))

This works.