From 94ec50b6b222f96956eaf1c39ac51a9084cebcc0 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Tue, 6 Jun 2023 16:00:18 +0300 Subject: [PATCH] Updated dnsapi (markdown) --- dnsapi.md | 199 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 134 insertions(+), 65 deletions(-) diff --git a/dnsapi.md b/dnsapi.md index 13fc607..f70f021 100644 --- a/dnsapi.md +++ b/dnsapi.md @@ -4,6 +4,7 @@ If your DNS provider doesn't provide API access, you can use our DNS alias mode: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode + * [1. CloudFlare](#dns_cf) * [2. DNSPod.cn Option:](#dns_dp) * [4. Use GoDaddy.com domain API to automatically issue cert](#dns_gd) @@ -70,7 +71,11 @@ https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode * [75. Use DDNSS.de API](#dns_ddnss) * [76. Use NLnetLabs NSD](#dns_nsd) - + + + + + ## 1. CloudFlare Option: Cloudflare Domain API offers two methods to automatically issue certs. @@ -105,7 +110,8 @@ Ok, let's issue a cert now: The `CF_Key` and `CF_Email` or `CF_Token`and `CF_Account_ID`will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 2. DNSPod.cn Option: The DNSPod.cn Domain API option requires that you first login to your account to get a DNSPod API Key and ID. @@ -128,7 +134,8 @@ The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and will be ~~Removed~~ - + + ## 4. Use GoDaddy.com domain API to automatically issue cert First you need to login to your GoDaddy account to get your API Key and Secret. @@ -150,7 +157,8 @@ Ok, let's issue a cert now: The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 5. Use PowerDNS embedded API to automatically issue cert First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration. @@ -172,13 +180,15 @@ Ok, let's issue a cert now: The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 6. Use OVH, Kimsufi, So you Start API to automatically issue cert https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api - + + ## 7. Use nsupdate to automatically issue cert First, generate a key for updating the zone @@ -246,7 +256,8 @@ Ok, let's issue a cert now: The `NSUPDATE_SERVER`, `NSUPDATE_KEY`, and `NSUPDATE_ZONE` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 8. Use LuaDNS domain API Get your API token at https://api.luadns.com/settings @@ -264,7 +275,8 @@ To issue a cert: The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 9. Use DNSMadeEasy domain API Get your API credentials at https://cp.dnsmadeeasy.com/account/info @@ -282,7 +294,8 @@ To issue a cert: The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 10. Use Amazon Route53 domain API https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API @@ -306,7 +319,8 @@ export AWS_DNS_SLOWRATE=1 (sleep between API requests in seconds) The `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_DNS_SLOWRATE` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. The `AWS_DNS_SLOWRATE` will enable the sleep between API requests to AWS servers. It will help to mitigate the AWS rate limit - + + ## 11. Use Aliyun domain API to automatically issue cert First you need to login to your Aliyun account to get your RAM API key. @@ -325,7 +339,8 @@ Ok, let's issue a cert now: The `Ali_Key` and `Ali_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 12. Use ISPConfig 3.1 API This only works for ISPConfig 3.1 (and newer). @@ -349,7 +364,8 @@ To issue a cert: The `ISPC_User`, `ISPC_Password`, `ISPC_Api`and `ISPC_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 13. Use Alwaysdata domain API First you need to login to your Alwaysdata account to get your API Key. @@ -368,7 +384,8 @@ The `AD_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 14. Use Linode domain API ### Cloud Manager ### @@ -399,7 +416,8 @@ The `LINODE_V4_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 15. Use FreeDNS [FreeDNS](https://freedns.afraid.org/) does not provide an API to update DNS records (other than IPv4 and IPv6 @@ -431,7 +449,8 @@ If you have any issues with FreeDNS API please report them here... https://github.com/Neilpang/acme.sh/issues/2305 - + + ## 16. Use cyon.ch You only need to set your cyon.ch login credentials. @@ -456,7 +475,8 @@ The `CY_Username`, `CY_Password` and `CY_OTP_Secret` will be saved in `~/.acme.s ~~Removed~~ - + + ## 18. Use Gandi LiveDNS API You must enable the new Gandi LiveDNS API first and then create your api key, See: https://api.gandi.net/docs/livedns/ @@ -471,7 +491,8 @@ Ok, let's issue a cert now: ``` - + + ## 19. Use Knot (knsupdate) DNS API to automatically issue cert First, generate a TSIG key for updating the zone. @@ -524,7 +545,8 @@ Ok, let's issue a cert now: The `KNOT_SERVER` and `KNOT_KEY` and `KNOT_ZONE` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 20. Use DigitalOcean API (native) You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/ @@ -539,7 +561,8 @@ Ok, let's issue a cert now: ``` - + + ## 21. Use ClouDNS.net API You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/. For security reasons, it's recommended to use a sub user ID that only has access to the necessary zones, as a regular API user has access to your entire account. @@ -559,7 +582,8 @@ Ok, let's issue a cert now: The `CLOUDNS_AUTH_ID` and `CLOUDNS_AUTH_PASSWORD` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 22. Use Infoblox API First you need to create/obtain API credentials on your Infoblox appliance. @@ -578,7 +602,8 @@ Note: This script will automatically create and delete the ephemeral txt record. The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 23. Use VSCALE API First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/). @@ -593,7 +618,8 @@ Ok, let's issue a cert now: ``` - + + ## 24. Use Dynu API First you need to create/obtain API credentials from your Dynu account. See: https://www.dynu.com/resources/api/documentation @@ -611,7 +637,8 @@ Ok, let's issue a cert now: The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 25. Use DNSimple API First you need to login to your DNSimple account and generate a new oauth token. @@ -639,7 +666,8 @@ If you have any issues with this integration please report them to https://github.com/pho3nixf1re/acme.sh/issues. - + + ## 26. Use NS1.com API ```sh @@ -652,7 +680,8 @@ Ok, let's issue a cert now: ``` - + + ## 27. Use DuckDNS.org API ```sh @@ -666,7 +695,8 @@ acme.sh --insecure --issue --dns dns_duckdns -d mydomain.duckdns.org ``` - + + ## 28. Use Name.com API Create your API token here: https://www.name.com/account/settings/api @@ -688,7 +718,8 @@ If you had Two-step Authentication enabled, make sure to change your security se For issues, please report to https://github.com/raidenii/acme.sh/issues. - + + ## 29. Use Dyn Managed DNS API to automatically issue cert First, login to your Dyn Managed DNS account: https://portal.dynect.net/login/ @@ -722,7 +753,8 @@ Ok, let's issue a cert now: The `DYN_Customer`, `DYN_Username` and `DYN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 30. Use pdd.yandex.ru API ```sh @@ -739,7 +771,8 @@ Sometimes cloudflare / google doesn't pick new dns records fast enough. You can For issues, please report to https://github.com/non7top/acme.sh/issues. - + + ## 31. Use Hurricane Electric [Hurricane Electric he.net](https://dns.he.net/) doesn't have an API so just set your login credentials like so: @@ -777,7 +810,8 @@ Ok, let's issue a cert now: The `UNO_Key` and `UNO_User` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 33. Use INWX [INWX.de](https://www.inwx.de/) offers a [xmlrpc api](https://www.inwx.de/de/help/apidoc) with your standard login credentials, set them like so: @@ -820,7 +854,8 @@ Now you cann issue a cert: Both, `SERVERCOW_API_Username` and `SERVERCOW_API_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 35. Use Namesilo.com API You'll need to generate an API key at https://www.namesilo.com/account/api-manager @@ -836,7 +871,8 @@ And now you can issue certs with: ./acme.sh --issue --dns dns_namesilo --dnssleep 900 -d example.com -d www.example.com ``` - + + ## 36. Use autoDNS (InternetX) [InternetX](https://www.internetx.com/) offers a [xml api](https://help.internetx.com/display/API/AutoDNS+XML-API) with your standard login credentials, set them like so: @@ -856,7 +892,8 @@ Then you can issue your certificates with: The `AUTODNS_USER`, `AUTODNS_PASSWORD` and `AUTODNS_CONTEXT` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 37. Use Azure DNS You have to create a service principal first. See:[How to use Azure DNS](https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS) @@ -889,7 +926,8 @@ Issuing certificates using managed identity clears previously set settings: `AZU `AZUREDNS_SUBSCRIPTIONID` and `AZUREDNS_MANAGEDIDENTITY` will be saved in ~/.acme.sh/account.conf for future use. - + + ## 38. Use selectel.com(selectel.ru) domain API to automatically issue cert First you need to login to your account to get your API key from: https://my.selectel.ru/profile/apikeys. @@ -907,7 +945,8 @@ Ok, let's issue a cert now: The `SL_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 39. Use zonomi.com domain API to automatically issue cert First you need to login to your account to find your API key from: http://zonomi.com/app/dns/dyndns.jsp @@ -931,7 +970,8 @@ Ok, let's issue a cert now: The `ZM_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 40. Use DreamHost DNS API DNS API keys may be created at https://panel.dreamhost.com/?tree=home.api. @@ -946,7 +986,8 @@ The 'DH_API_KEY' will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 41. Use DirectAdmin API The DirectAdmin interface has its own Let's encrypt functionality, but this script can be used to generate certificates for names which are not hosted on @@ -975,7 +1016,8 @@ Ok, let's issue a cert now: The `DA_Api` and `DA_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 42. Use KingHost DNS API API access must be enabled at https://painel.kinghost.com.br/painel.api.php @@ -989,7 +1031,8 @@ export KINGHOST_Password="yourpassword" The `KINGHOST_username` and `KINGHOST_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 43. Use Zilore DNS API First, get your API key at https://my.zilore.com/account/api @@ -1005,7 +1048,8 @@ Ok, let's issue a cert now: The `Zilore_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 44. Use Loopia API User must provide login credentials to the Loopia API. @@ -1044,7 +1088,8 @@ The exported variables will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 45. Use ACME DNS API ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely. @@ -1080,7 +1125,8 @@ export TELE3_Secret="" The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed. - + + ## 47. Use Euserv.eu API First you need to login to your euserv.eu account and activate your API Administration (API Verwaltung). @@ -1104,7 +1150,8 @@ The `EUSERV_Username` and `EUSERV_Password` will be saved in `~/.acme.sh/account Please report any issues to https://github.com/initit/acme.sh or to - + + ## 48. Use DNSPod.com domain API to automatically issue cert First you need to get your API Key and ID by this [get-the-user-token](https://www.dnspod.com/docs/info.html#get-the-user-token). @@ -1143,7 +1190,8 @@ export CLOUDSDK_ACTIVE_CONFIG_NAME=default # see the note above `dns_gcloud` also supports [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode). - + + ## 50. Use ConoHa API First you need to login to your ConoHa account to get your API credentials. @@ -1185,7 +1233,8 @@ Removed https://github.com/acmesh-official/acme.sh/pull/4049 - + + ## 53. Use Namecheap You will need your namecheap username, API KEY (https://www.namecheap.com/support/api/intro.aspx) and your external IP address (or a URL to get it), this IP will need to be whitelisted at Namecheap. @@ -1210,7 +1259,8 @@ Now you can issue a certificate. If you find any bugs of namecheap dns API, please report here: https://github.com/Neilpang/acme.sh/issues/2107 - + + ## 54. Use MyDNS.JP API First, register to MyDNS.JP and get MasterID and Password. @@ -1228,7 +1278,8 @@ To issue a certificate: The `MYDNSJP_MasterID` and `MYDNSJP_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 55. Use hosting.de API Create an API key in your hosting.de account here: https://secure.hosting.de @@ -1254,7 +1305,8 @@ Ok, let's issue a cert now: The hosting.de API key and endpoint will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 56. Use Neodigit.net API ```sh @@ -1269,7 +1321,8 @@ Ok, let's issue a cert now: Neodigit API Token will be saved in `~/.acme.sh/account.conf` and will be used when needed. - + + ## 57. Use Exoscale API Create an API key and secret key in the Exoscale account section @@ -1289,7 +1342,8 @@ Now, let's issue a cert: The `EXOSCALE_API_KEY` and `EXOSCALE_SECRET_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 58. Using PointHQ API to issue certs Log into [PointHQ account management](https://app.pointhq.com/profile) and copy the API key from the page there. @@ -1305,7 +1359,8 @@ You can then issue certs by using: ``` - + + ## 59. Use Active24 API Create an API token in the Active24 account section, documentation on https://faq.active24.com/cz/790131-REST-API-rozhran%C3%AD. @@ -1324,7 +1379,8 @@ Now, let's issue a cert, set `dnssleep` for propagation new DNS record: The `ACTIVE24_Token` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 60. Use do.de API Create an API token in your do.de account ([Create token here](https://www.do.de/account/letsencrypt/) | [Documentation](https://www.do.de/wiki/LetsEncrypt_-_Entwickler)). @@ -1342,7 +1398,8 @@ To issue a certificate run: The API token will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 61. Use Nexcess API First, you'll need to login to the [Nexcess.net Client Portal](https://portal.nexcess.net) and [generate a new API token](https://portal.nexcess.net/api-token). @@ -1365,7 +1422,8 @@ The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.co If you find any bugs of Nexcess dns API, please report here: https://github.com/Neilpang/acme.sh/issues/2088 - + + ## 62. Use Thermo.io API First, you'll need to login to the [Thermo.io Client Portal](https://core.thermo.io) and [generate a new API token](https://core.thermo.io/api-token). @@ -1386,7 +1444,8 @@ Finally, we'll issue the certificate: (Thermo DNS publishes at max every 15 minu The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. - + + ## 63. Use Futurehosting API First, you'll need to login to the [Futurehosting Client Portal](https://my.futurehosting.com) and [generate a new API token](https://my.futurehosting.com/api-token). @@ -1424,7 +1483,8 @@ Now, let's issue a cert: If you find any bugs of Rackspace dns API, please report here: https://github.com/Neilpang/acme.sh/issues/2091 - + + ## 65. Use Online API First, you'll need to retrive your API key, which is available under https://console.online.net/en/api/access @@ -1444,7 +1504,8 @@ To issue a cert run: If you find any bugs of online.net dns API, please report here: https://github.com/Neilpang/acme.sh/issues/2093 - + + ## 66. Use MyDevil.net Make sure that you can execute own binaries: @@ -1466,7 +1527,8 @@ To issue a new certificate, run: After certificate is ready, you can install it with [deploy command](https://github.com/Neilpang/acme.sh/wiki/deployhooks#14-deploy-your-cert-on-mydevilnet). - + + ## 67. Use Core-Networks API to automatically issue cert First you need to login to your Core-Networks account to set up an API-User. @@ -1523,7 +1585,8 @@ To issue a cert run: If you find any bugs of zone.eu (zone.ee) dns API, please report here: https://github.com/Neilpang/acme.sh/issues/2146 - + + ## 70. Use UltraDNS API UltraDNS is a paid for service that provides DNS, as well as Web and Mail forwarding (as well as reporting, auditing, and advanced tools). @@ -1547,7 +1610,8 @@ To issue a cert run: `ULTRA_USR` and `ULTRA_PWD` will be saved in `~/.acme.sh/account.conf` and will be resued when needed. - + + ## 71. Use deSEC.io Sign up for dynDNS at https://desec.io first. @@ -1564,7 +1628,8 @@ To issue a certificate run: If you find any bugs of deSEC.io API, please report here: https://github.com/Neilpang/acme.sh/issues/2180 - + + ## 72. Use OpenProvider API First, you need to enable API access and retrieve your password hash on https://rcp.openprovider.eu/account/dashboard.php @@ -1580,7 +1645,8 @@ export OPENPROVIDER_PASSWORDHASH="" If you find any bugs of OpenProvider dns API, please report here: https://github.com/Neilpang/acme.sh/issues/2104 - + + ## 73. Use MaraDNS API Make sure you've configured MaraDNS properly and setup a zone file for your domain. See [`csv2(5)`](https://manpages.debian.org/stretch/maradns/csv2.5.en.html). @@ -1604,7 +1670,8 @@ Issuing a certificate: If you find any bugs of MaraDNS DNS API, please report here: https://github.com/Neilpang/acme.sh/issues/2072 - + + ## 74. Use Hetzner API Get the API Token: @@ -1616,7 +1683,8 @@ export HETZNER_Token="" ./acme.sh --issue --dns dns_hetzner -d example.com -d www.example.com --server letsencrypt ``` - + + ## 75. Use DDNSS.de API First create an account at https://ddnss.de. After that create a new host record. @@ -1636,7 +1704,8 @@ After that you can issue a new certificate: If you find any bugs of ddnss.de API, please report here: https://github.com/Neilpang/acme.sh/issues/2230 - + + ## 76. Use NLnetLabs NSD You need to export two variables. Your zonefile which the script will automatically edit: