From 73ef6d18e92c74a0748cf247b395e25536af7a6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D1=8A=D1=8B=D1=8C?= Date: Sat, 20 Jul 2024 04:59:55 +0300 Subject: [PATCH] Yandex 360 for Business DNS API was added --- dnsapi2.md | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/dnsapi2.md b/dnsapi2.md index 62fe7de..2a8176f 100644 --- a/dnsapi2.md +++ b/dnsapi2.md @@ -87,7 +87,8 @@ - [163. Use hosttech API](#dns_hosttech) - [164. Use Alviy API](#dns_alviy) - [165. Use Timeweb Cloud DNS API](#dns_timeweb) -- [165. Use myLoc.de / webtropia.com DNS API](#dns_myloc) +- [166. Use myLoc.de / webtropia.com DNS API](#dns_myloc) +- [167. Use Yandex 360 for Business DNS API](#dns_yandex360) - [Use custom API](#dns_myapi) - [Use lexicon DNS API](#dns_lexicon) @@ -2187,6 +2188,77 @@ Now, use the dns_myloc backend to issue and renew certificates using DNS-01: Report any bugs or issues [here](https://github.com/acmesh-official/acme.sh/issues/5193). + + +## 167. Use Yandex 360 for Business DNS API + +### a. Set up OAuth application: + +1. Log in as an organization administrator on Yandex. +2. [Create an OAuth application at Yandex ID](https://oauth.yandex.ru/client/new). +3. Choose "Web services" platform. +4. Set Redirect URI to `https://oauth.yandex.ru/verification_code`. +5. Select the "Manage DNS records" (directory:manage_dns) permission. +6. Save the Client ID and Client Secret. + +### b. Obtain Yandex 360 Organization ID: + +1. After setting up the OAuth application, [visit Yandex 360 for Business Administration](https://admin.yandex.ru/). +2. In the lower-left corner of the page, find and note the Organization ID. + +### c. Set up environment variables: + +Depending on whether you are using OAuth or a manually obtained access token, export the appropriate variables: + +#### i. Using OAuth (recommended): + +Export the following variables: + +``` +export YANDEX360_CLIENT_ID="your_client_id" +export YANDEX360_CLIENT_SECRET="your_client_secret" +export YANDEX360_ORG_ID="your_organization_id" +``` + +#### ii. Manually obtained access token: + +1. Obtain an access token manually: + - Go to: `https://oauth.yandex.ru/authorize?response_type=token&client_id=` + - Replace `` with your OAuth application's Client ID. + - Authorize and obtain the token. + +2. Export the following variables: + +``` +export YANDEX360_ACCESS_TOKEN="your_access_token" +export YANDEX360_ORG_ID="your_organization_id" +``` + +### d. Issue/renew certificate: + +Use the `acme.sh` command with the `--dns dns_yandex360` parameter. For example: + +``` +acme.sh --issue --dns dns_yandex360 --dnssleep 600 -d example.com -d *.example.com +``` + +When using OAuth you will need to complete an one-time authorization procedure: +1. On first run, the script will initiate the device authorization process. +2. You'll be prompted to visit a URL and enter a code for authorization. +3. After successful authorization, the access token will be obtained automatically. + +### Important notes: + +- The script automatically refreshes the access token when needed. You don't need to manually update the token for subsequent operations **if using OAuth**. +- If you are using the manual token method, you will need to update `YANDEX360_ACCESS_TOKEN` manually due to the limited token lifespan. +- Ensure you include the `--dnssleep` option with a value of at least 600 seconds (10 minutes) to account for the slow DNS record propagation on Yandex 360 DNS. +- Whenever possible, use the OAuth method as it provides automatic token refresh and a higher level of security. +- [You can learn more about the Yandex 360 for Business DNS API access procedure here.](https://yandex.ru/dev/api360/doc/concepts/access.html) +- [You can learn more about the OAuth device authorization flow here.](https://yandex.ru/dev/id/doc/ru/codes/screen-code-oauth) +- [You can learn more about obtaining debug tokens here.](https://yandex.ru/dev/id/doc/ru/tokens/debug-token) +- [Report any bugs or issues here.](https://github.com/acmesh-official/acme.sh/issues/5213) + + ## Use custom API