diff --git a/.gitignore b/.gitignore
index 2f360bf..2d30fef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@
 /certbot-dns-cloudxns-0.37.2.tar.gz
 /certbot-dns-cloudxns-0.38.0.tar.gz
 /certbot-dns-cloudxns-0.39.0.tar.gz
+/certbot-dns-cloudxns-0.39.0.tar.gz.asc
diff --git a/gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg b/gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg
new file mode 100644
index 0000000..013feed
Binary files /dev/null and b/gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg differ
diff --git a/python-certbot-dns-cloudxns.spec b/python-certbot-dns-cloudxns.spec
index 5e5bc90..aa62560 100644
--- a/python-certbot-dns-cloudxns.spec
+++ b/python-certbot-dns-cloudxns.spec
@@ -14,12 +14,19 @@
 
 Name:           python-%{pypi_name}
 Version:        0.39.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        CloudXNS DNS Authenticator plugin for Certbot
 
 License:        ASL 2.0
 URL:            https://github.com/certbot/certbot
-Source0:        https://files.pythonhosted.org/packages/source/c/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
+Source0:        %{pypi_source}
+Source1:        %{pypi_source}.asc
+# Key mentioned in https://certbot.eff.org/docs/install.html#certbot-auto
+# Keyring generation steps as follows:
+#   gpg2 --keyserver pool.sks-keyservers.net --recv-key A2CFB51FA275A7286234E7B24D17C995CD9775F2
+#   gpg2 --export --export-options export-minimal A2CFB51FA275A7286234E7B24D17C995CD9775F2 > gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg
+Source2:        gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg
+
 BuildArch:      noarch
 
 %if %{with python2}
@@ -41,6 +48,9 @@ BuildRequires:  python3-dns-lexicon >= 2.2.1
 BuildRequires:  python3-setuptools
 %endif
 
+# Used to verify OpenPGP signature
+BuildRequires:  gnupg2
+
 %description
 CloudXNS DNS Authenticator plugin for Certbot
 
@@ -92,6 +102,7 @@ Documentation for certbot-dns-cloudxns
 %endif
 
 %prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -n %{pypi_name}-%{version}
 # Remove bundled egg-info
 rm -rf %{pypi_name}.egg-info
@@ -148,6 +159,9 @@ rm -rf html/.{doctrees,buildinfo}
 %endif
 
 %changelog
+* Wed Dec 04 2019 Eli Young <elyscape@gmail.com> - 0.39.0-2
+- Verify source OpenPGP signature
+
 * Tue Oct 01 2019 Eli Young <elyscape@gmail.com> - 0.39.0-1
 - Update to 0.39.0 (#1757579)
 
diff --git a/sources b/sources
index f226793..6374508 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 SHA512 (certbot-dns-cloudxns-0.39.0.tar.gz) = d0fbcb9c0c64048733e86f67a62f08c4988d2b2fdeddb71b58bb77e60f2e1258a8a9ce443ef31c53572cd754a19a9be295a9a289f7631c0889f025ad82dd5284
+SHA512 (certbot-dns-cloudxns-0.39.0.tar.gz.asc) = 943b62cfeda6ce84c2eb1fe64b8c68875f19f5e94cde9e7f37801fe565dec9aa57b49e136ec7f3ff748e4e08fbc12fbaed7e586c1a632ba980ff5030272e385f