acme.sh Added Selfhost DNS API

Added Selfhost DNS API

Open Marvo2011 opened this issue 2 years ago • 12 comments

+ShellCheck +ACME v2 compatible

Example usage:

Fist create 2 new TXT records on _acme-challenge.example.com
Now note the ID in (...) from the edit page behind "_acme-challenge.example.com"
For optional Multi SAN please fill an export SELFHOSTDNS_MAP like: sub.domain.net:<RID> sub2.domain.net:<RID> sub3.domain.net:<RID>

Note: For myname you have to use your account / customer number. You can find them in any invoice or on the right top of the selfhost dashboard.

export SELFHOSTDNS_USERNAME=myname
export SELFHOSTDNS_PASSWORD=mypass
export SELFHOSTDNS_RID=id_of_txt_record
export SELFHOSTDNS_RID2=id_of_second_txt_record
acme.sh --issue -d example.com  --dns  dns_selfhost

Jan 05 '22 14:01 Marvo2011

fix the CI check first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test

Jan 08 '22 11:01 Neilpang

Sorry that i pushed an empty line. I figured out a problem with fedora, i try to debug and fix it.

Jan 08 '22 18:01 Marvo2011

Now the CI test has passed, I don't now why first time it sucks on fedora. I have debugged it in a VM and all looks good.

Jan 08 '22 20:01 Marvo2011

@Neilpang please check again, all is passed. Please let me know when I should do everything.

Jan 09 '22 11:01 Marvo2011

@Neilpang why did you close it, without merging?

Jan 19 '22 13:01 Marvo2011

It was closed automatically.

Jan 19 '22 14:01 Neilpang

@Neilpang can you merge it? Some other projects wait for it: https://lists.proxmox.com/pipermail/pve-devel/2022-February/051782.html

Feb 17 '22 12:02 Marvo2011

if SELFHOSTDNS_RID can not be created by the api, it will be a problem to support multiple domains.

for example, if you have 3 domains hosted there, and you need to issue a cert including all the three domains.

how can you accomplish that?

Feb 17 '22 12:02 Neilpang

I think we can create a mapping list for multi SAN certificates like: test.domain:<RID> second.domain:<RID> third.domain:<RID>

The current code works fine for wildcards and single domains, even for test.domain and www.test.domain (Tested with Lets Encrypt). I'm not the owner of the selfhost api, so we must use, what we get.

Do you think that is a good way?

Feb 17 '22 15:02 Marvo2011

@Neilpang can you rerun? I don't think that is failed on a script issue. Error: The process '/usr/bin/ssh' failed with exit code 1

Mar 30 '22 06:03 Marvo2011

@Neilpang now all have passed, can you merge it?

Apr 02 '22 15:04 Marvo2011

@Neilpang please re run.

We moved the RIDs to the domain.conf. Thanks to @AlvinSchiller

May 03 '22 14:05 Marvo2011

@Neilpang any news when this could be merged?

Aug 18 '22 15:08 AlvinSchiller

remove SELFHOSTDNS_RID , SELFHOSTDNS_RID2 and SELFHOSTDNS_LAST_SLOT

Just SELFHOSTDNS_MAP should be enough.

It can be format: sub.domain.net:<RID> sub2.domain.net:<RID> sub3.domain.net:<RID>

or sub.domain.net:<RID>:<RID2> sub2.domain.net:<RID>:<rid2> sub3.domain.net:<RID>:<rid2>

Aug 20 '22 05:08 Neilpang

remove SELFHOSTDNS_RID , SELFHOSTDNS_RID2 and SELFHOSTDNS_LAST_SLOT

Just SELFHOSTDNS_MAP should be enough.

It can be format: sub.domain.net:<RID> sub2.domain.net:<RID> sub3.domain.net:<RID>

or sub.domain.net:<RID>:<RID2> sub2.domain.net:<RID>:<rid2> sub3.domain.net:<RID>:<rid2>

We have a Solution to eliminate the additional parameter. Nevertheless do we need an internal storage field to support the rotation of RIDs for wildcarddomains. -> https://github.com/Marvo2011/acme.sh/pull/6#issue-1347096747

SELFHOSTDNS_RID and SELFHOSTDNS_RID2 variables have been removed as suggested. All entries must be contained in SELFHOSTDNS_MAP. Up to two RIDs per fulldomain are supported but at least one must be set, e.g. prefix.sub.domain.net:<RID>:<RID2> prefix.sub2.domain.net:<RID> prefix.sub3.domain.net:<RID>:<RID2>

SELFHOSTDNS_LAST_SLOT has been removed. For wildcard support the last used RID per domain will be stored internally (SELFHOSTDNS_MAP_LAST_USED_INTERNAL) to switch between them (if two RIDs are defined). The domain and last used RID will be stored in the format ;fulldomainA:lastUsedRidForFulldomainA;;fulldomainB:lastUsedRidForFulldomainB;;fulldomainC:lastUsedRidForFulldomainC;

Aug 25 '22 10:08 AlvinSchiller

@AlvinSchiller Github Actions / Testing DNS always failing on ubuntu

[Thu Aug 25 12:45:04 UTC 2022] fulldomain='acmetestXyzRandomName.***'
[Thu Aug 25 12:45:04 UTC 2022] txtvalue='acmeTestTxtRecord'
[Thu Aug 25 12:45:04 UTC 2022] config file is empty, can not read ***_LAST_USED_INTERNAL
[Thu Aug 25 12:45:04 UTC 2022] mapEntry
[Thu Aug 25 12:45:04 UTC 2022] *** must contain the fulldomain incl. prefix and at least one RID
Run Failed

Aug 26 '22 05:08 Marvo2011

the latest run was not passing?

https://github.com/Marvo2011/acme.sh/actions/runs/2961394624

Sep 05 '22 12:09 Neilpang

@Neilpang There was a problem with a secret which caused the failure. All changes are made, usage is up to date and the tests are passing now. You could review again.

Sep 06 '22 10:09 AlvinSchiller

https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide

Sep 06 '22 12:09 Neilpang

https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide

Please copy dnsapi wiki, I get 403 permission denied. https://github.com/Marvo2011/acme.sh/wiki/dnsapi

#4291

Sep 06 '22 14:09 Marvo2011

you can edit the wiki page now.

Sep 07 '22 12:09 Neilpang

you can edit the wiki page now.

Thanks, I had to split the dnsapi wiki page, because github does not render "a to large page"

https://github.com/acmesh-official/acme.sh/wiki/dnsapi https://github.com/acmesh-official/acme.sh/wiki/dnsapi2

Sep 08 '22 05:09 Marvo2011

acme.sh acme.sh copied to clipboard

Added Selfhost DNS API

acme.sh
acme.sh copied to clipboard