Python script for certbot --manual-auth-hook and --manual-cleanup-hook for DNS-01 challenge

Oct 11, 2025 in Tools

You can use a custom Python script as a hook for manual DNS-01 challenge.

Example:

certbot certonly --non-interactive --agree-tos \
    --email webmaster@example.com \
    --manual --preferred-challenges dns \
    --manual-auth-hook /path/to/certbot-hook.py auth \
    --manual-cleanup-hook /path/to/certbot-hook.py cleanup \
    -d example.com -d *.example.com

You can use the same script for both auth and clean up - pass auth or cleanup as the first argument to distinguish.

Auth call

CERTBOT_ALL_DOMAINS=example.com,example.com
CERTBOT_DOMAIN=example.com
CERTBOT_REMAINING_CHALLENGES=1|0
CERTBOT_VALIDATION=abc...def

Cleanup call

All of the above plus

CERTBOT_AUTH_OUTPUT=

Full documentation: https://eff-certbot.readthedocs.io/en/stable/using.html#pre-and-post-validation-hooks

#python #certbot