{"id":5874,"library":"certbot-dns-namecheap","title":"Namecheap DNS Authenticator for Certbot","description":"Certbot-dns-namecheap is a plugin for Certbot that automates the DNS-01 challenge for Let's Encrypt certificates using the Namecheap API. This allows for obtaining and renewing wildcard certificates by programmatically creating and deleting TXT records on Namecheap DNS. The current version is 1.0.0 and it is part of the Certbot ecosystem.","status":"active","version":"1.0.0","language":"en","source_language":"en","source_url":"https://github.com/knoxell/certbot-dns-namecheap","tags":["certbot","dns","namecheap","lets-encrypt","ssl","tls","wildcard-certificate"],"install":[{"cmd":"pip install certbot","lang":"bash","label":"Install Certbot (if not already installed)"},{"cmd":"pip install certbot-dns-namecheap","lang":"bash","label":"Install Namecheap DNS plugin"}],"dependencies":[{"reason":"Core Certbot functionality is required.","package":"certbot"},{"reason":"Used for ACME protocol challenges, typically bundled with Certbot.","package":"acme"},{"reason":"Used for making HTTP requests to the Namecheap API.","package":"requests","optional":true}],"imports":[{"note":"This is a Certbot plugin and is loaded dynamically by the Certbot client, not imported directly in Python code by the end-user.","symbol":"certbot-dns-namecheap:dns-namecheap","correct":"Used via Certbot CLI: certbot certonly -a certbot-dns-namecheap:dns-namecheap ..."}],"quickstart":{"code":"# 1. Create a credentials INI file (e.g., namecheap.ini) with your Namecheap API details.\n#    Ensure this file has restricted permissions (e.g., chmod 600 namecheap.ini).\n#    You can get your API Key from your Namecheap account's API Management page.\n#\n# namecheap.ini content:\n# dns_namecheap_username = your_namecheap_username\n# dns_namecheap_api_key = your_namecheap_api_key\n\nimport os\n\n# For demonstration, use environment variables to populate the INI content\n# In a real scenario, you'd create the file manually or securely programmatically.\nusername = os.environ.get('NAMECHEAP_USERNAME', 'your_namecheap_username')\napi_key = os.environ.get('NAMECHEAP_API_KEY', 'your_namecheap_api_key')\n\nini_content = f\"\"\"\ndns_namecheap_username = {username}\ndns_namecheap_api_key = {api_key}\n\"\"\"\n\ncreds_file = 'namecheap.ini'\nwith open(creds_file, 'w') as f:\n    f.write(ini_content)\nos.chmod(creds_file, 0o600) # Set restrictive permissions\n\n# 2. Run Certbot with the Namecheap DNS authenticator\n#    Replace example.com with your actual domain and your@email.com with your email.\n#    Use --test-cert for initial testing to avoid hitting Let's Encrypt rate limits.\nprint(f\"\\nNow run this command in your terminal:\\n\")\nprint(f\"certbot certonly \\\n  --authenticator certbot-dns-namecheap:dns-namecheap \\\n  --certbot-dns-namecheap:dns-namecheap-credentials {creds_file} \\\n  --agree-tos \\\n  --no-eff-email \\\n  --email your@email.com \\\n  -d example.com -d *.example.com \\\n  --test-cert\")\nprint(f\"\\nAfter successful testing, remove --test-cert for a live certificate.\")\n","lang":"python","description":"To quickly get started, first, create a credentials file (e.g., `namecheap.ini`) with your Namecheap API username and API key. Ensure this file has restrictive permissions (e.g., `chmod 600 namecheap.ini`). Then, use the `certbot` command-line tool with the `certbot-dns-namecheap:dns-namecheap` authenticator, pointing to your credentials file. The example includes obtaining a wildcard certificate. Remember to test with `--test-cert` first."},"warnings":[{"fix":"Ensure your Namecheap account meets the API activation criteria or contact Namecheap support.","message":"Namecheap API access is restricted. To activate API access, your Namecheap account must meet at least one of these requirements: have at least 20 domains, have at least $50 on your account balance, or have spent at least $50 within the last 2 years.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Use a static IP address for your server, or if on a dynamic IP, consider an alternative DNS provider with dynamic IP support for API access, or implement a mechanism to update the whitelisted IP dynamically before renewal.","message":"Namecheap API requires IP whitelisting. If your server has a dynamic IP address, automation of certificate renewal might fail as the API only allows requests from whitelisted IPs.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always set restrictive file permissions (e.g., `chmod 600`) on your API credentials file and store it in a secure location. Avoid hardcoding credentials directly in scripts or version control.","message":"The credentials file containing your Namecheap API key is highly sensitive. If compromised, it could grant full control over your Namecheap account.","severity":"gotcha","affected_versions":"All versions"},{"fix":"If validation fails, retry after a few minutes to allow more time for DNS changes to propagate. You can manually check TXT record propagation using `dig TXT _acme-challenge.yourdomain.com`.","message":"DNS propagation delays can cause Certbot validation to fail. While Certbot and the plugin usually handle waits, unusually slow DNS updates can still lead to errors.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-14T00:00:00.000Z","next_check":"2026-07-13T00:00:00.000Z"}