Developer guide

Thanks a lot for your involvement. You will find here some tips to quickly setup a suitable development environment, and useful tools to ensure code quality in the project.

General design principles

DNSroboCert is coded entirely in Python, and uses features available starting with Python 3.6+.

It sits on top of Certbot and Lexicon. Here are the repartition of the roles:

  • Certbot takes care of the actual certificate issuances and renewals against the ACME CA server, in a compliant and secured processing that respects the RFC-8555 protocol,
  • Lexicon provides the central interface to communicate with the DNS API providers, and inserts the required TXT entries for the DNS-01 challenges,
  • DNSroboCert
    • holds and validates the central configuration for users,
    • couples Certbot and Lexicon through the auth/cleanup hook system of Certbot’s manual plugin, to issue/renew DNS-01 challenged based certificates,
    • orchestrates the post-deploy processing (autocmd, autorestart, files rights…),
    • executes a a cron job to trigger regularly the Certbot renewal process.

Setting up a development environment

DNSroboCert uses Poetry to configure an environment development, build the project, and push wheel/sdist to PyPI.

  1. First, install Poetry, following this guide: Poetry installation.
  2. Now Poetry should be available in your command line. Check that the following command is displaying Poetry version:
poetry --version
  1. Fork the upstream GitHub project and clone your fork locally:
git clone


A widely used development pattern in Python is to setup a virtual environment.
Python virtual environments allow to manage a dedicated and isolated Python runtime for a specific project.
It allows in particular to have a separated set of dependencies for the project that will not interfere with the OS Python packages installed globally.
  1. Setup the virtual environment for DNSroboCert using Poetry:
cd dnsrobocert
poetry env use python3
  1. Activate the virtual environment:
  • For Linux/Mac OS X:
source .venv/bin/activate
  • For Windows (using Powershell):
  1. Install development dependencies.
poetry install

At this point, you are ready to develop on the project. You can run the CLI that will use the local source code:

dnsrobocert --help

Code quality

The project DNSroboCert tries to follows the up-to-date recommended guideline in Python development:

  • DNSroboCert logic is tested with a pyramidal approach (unit tests + integration tests) using Pytest.
  • The code is formatted using Black and Isort to keep as possible unified and standardized writing conventions.
  • The code is linted with Flake8 and statically checked using MyPy.

Please ensure that your code is compliant with this guideline before submitting a PR:

  1. Ensure that tests are passing:
pytest test


On Windows you must run the tests from an account with administrative privileges to make them pass.

  1. Ensure that linting and static type checking are passing:
flake8 src test utils
mypy src
  1. Reformat your code:
isort -rc src test utils
black src test utils

Submitting a PR

Well, you know what to do ;)