Initial fork of certbot-dns-servfail; talks to the yeil dns-server RPC

DNS-01 authenticator that walks up the labels of the validation name,
calls findzone on the dns-server RPC to locate the registered parent
zone, then addrecord/deleterecord around the TXT challenge.

Auth is HTTP Basic with the shared rpc key (matches the protocol the
yeil DNS web app uses in dns/src/lib/rpc.ts).

README.md

@@ -0,0 +1,58 @@
+# certbot-dns-yeil
+
+yeil DNS Authenticator plugin for [Certbot](https://certbot.eff.org/).
+
+Talks to the yeil dns-server's RPC over HTTP Basic auth — the same RPC the
+yeil DNS web app uses. Use this on hosts that can reach the dns-server
+directly (NetBird-attached, typically). For internet-only clients, expose
+an HTTP API in front of the RPC and write a separate plugin against it.
+
+Wildcard certs require DNS-01, so this plugin (or another DNS authenticator)
+is needed for `*.example.com`.
+
+## Installation
+
+```sh
+pip install git+https://git.eskimo.dev/Yeil/certbot-dns-yeil.git
+```
+
+## Configuration
+
+The plugin reads `yeil_rpc_url` and `yeil_rpc_key` from a credentials INI.
+
+```ini
+dns_yeil_rpc_url = http://100.123.x.x:6969
+dns_yeil_rpc_key = the-rpc-key-from-dns-server-config
+```
+
+`chmod 600` it.
+
+`yeil_rpc_url` is the URL of any one of the dns-server NSes — they share
+the underlying Postgres so writes propagate either way.
+
+## Usage
+
+```sh
+certbot certonly \
+  --authenticator dns-yeil \
+  --dns-yeil-credentials /etc/letsencrypt/yeil.ini \
+  -d smtp.yeil.org \
+  --preferred-challenges dns
+```
+
+For wildcards:
+
+```sh
+certbot certonly \
+  --authenticator dns-yeil \
+  --dns-yeil-credentials /etc/letsencrypt/yeil.ini \
+  -d yeil.org -d '*.yeil.org'
+```
+
+## How it works
+
+For each requested name, the plugin walks up the labels and calls the
+dns-server's `findzone` RPC until it finds the registered zone. It then
+creates a TXT record at `_acme-challenge.<rel>` via `addrecord`, waits
+for propagation, and on cleanup calls `deleterecord` with the saved
+record id.