github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated dnsapi (markdown)

master
Sergey Ponomarev 2023-06-06 16:00:18 +03:00
parent c9bd1528a8
commit 94ec50b6b2
1 changed files with 134 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
dnsapi.md

@ -4,6 +4,7 @@ If your DNS provider doesn't provide API access, you can use our DNS alias mode:
https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
* [1. CloudFlare](#dns_cf)
* [2. DNSPod.cn Option:](#dns_dp)
* [4. Use GoDaddy.com domain API to automatically issue cert](#dns_gd)
@ -70,7 +71,11 @@ https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
* [75. Use DDNSS.de API](#dns_ddnss)
* [76. Use NLnetLabs NSD](#dns_nsd)
<a name="dns_cf" />
## 1. CloudFlare Option:
Cloudflare Domain API offers two methods to automatically issue certs.
@ -106,6 +111,7 @@ The `CF_Key` and `CF_Email` or `CF_Token`and `CF_Account_ID`will be saved in `~/
<a name="dns_dp" />
## 2. DNSPod.cn Option:
The DNSPod.cn Domain API option requires that you first login to your account to get a DNSPod API Key and ID.
@ -129,6 +135,7 @@ The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and will be
<a name="dns_gd" />
## 4. Use GoDaddy.com domain API to automatically issue cert
First you need to login to your GoDaddy account to get your API Key and Secret.
@ -151,6 +158,7 @@ The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf` and will
<a name="dns_pdns" />
## 5. Use PowerDNS embedded API to automatically issue cert
First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration.
@ -173,12 +181,14 @@ The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~
<a name="dns_ovh" />
## 6. Use OVH, Kimsufi, So you Start API to automatically issue cert
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
<a name="dns_nsupdate" />
## 7. Use nsupdate to automatically issue cert
First, generate a key for updating the zone
@ -247,6 +257,7 @@ The `NSUPDATE_SERVER`, `NSUPDATE_KEY`, and `NSUPDATE_ZONE` settings will be save
<a name="dns_lua" />
## 8. Use LuaDNS domain API
Get your API token at https://api.luadns.com/settings
@ -265,6 +276,7 @@ The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf` and wil
<a name="dns_me" />
## 9. Use DNSMadeEasy domain API
Get your API credentials at https://cp.dnsmadeeasy.com/account/info
@ -283,6 +295,7 @@ The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf` and will
<a name="dns_aws" />
## 10. Use Amazon Route53 domain API
https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API
@ -307,6 +320,7 @@ The `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_DNS_SLOWRATE` will be
<a name="dns_ali" />
## 11. Use Aliyun domain API to automatically issue cert
First you need to login to your Aliyun account to get your RAM API key.
@ -326,6 +340,7 @@ The `Ali_Key` and `Ali_Secret` will be saved in `~/.acme.sh/account.conf` and wi
<a name="dns_ispconfig" />
## 12. Use ISPConfig 3.1 API
This only works for ISPConfig 3.1 (and newer).
@ -350,6 +365,7 @@ The `ISPC_User`, `ISPC_Password`, `ISPC_Api`and `ISPC_Api_Insecure` will be save
<a name="dns_ad" />
## 13. Use Alwaysdata domain API
First you need to login to your Alwaysdata account to get your API Key.
@ -369,6 +385,7 @@ when needed.
<a name="dns_linode_v4" />
## 14. Use Linode domain API
### Cloud Manager ###
@ -400,6 +417,7 @@ reused when needed.
<a name="dns_freedns" />
## 15. Use FreeDNS
[FreeDNS](https://freedns.afraid.org/) does not provide an API to update DNS records (other than IPv4 and IPv6
@ -432,6 +450,7 @@ https://github.com/Neilpang/acme.sh/issues/2305
<a name="dns_cyon" />
## 16. Use cyon.ch
You only need to set your cyon.ch login credentials.
@ -457,6 +476,7 @@ The `CY_Username`, `CY_Password` and `CY_OTP_Secret` will be saved in `~/.acme.s
<a name="dns_gandi_livedns" />
## 18. Use Gandi LiveDNS API
You must enable the new Gandi LiveDNS API first and then create your api key, See: https://api.gandi.net/docs/livedns/
@ -472,6 +492,7 @@ Ok, let's issue a cert now:
<a name="dns_knot" />
## 19. Use Knot (knsupdate) DNS API to automatically issue cert
First, generate a TSIG key for updating the zone.
@ -525,6 +546,7 @@ The `KNOT_SERVER` and `KNOT_KEY` and `KNOT_ZONE` settings will be saved in `~/.a
<a name="dns_dgon" />
## 20. Use DigitalOcean API (native)
You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/
@ -540,6 +562,7 @@ Ok, let's issue a cert now:
<a name="dns_cloudns" />
## 21. Use ClouDNS.net API
You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/. For security reasons, it's recommended to use a sub user ID that only has access to the necessary zones, as a regular API user has access to your entire account.
@ -560,6 +583,7 @@ The `CLOUDNS_AUTH_ID` and `CLOUDNS_AUTH_PASSWORD` will be saved in `~/.acme.sh/a
<a name="dns_infoblox" />
## 22. Use Infoblox API
First you need to create/obtain API credentials on your Infoblox appliance.
@ -579,6 +603,7 @@ The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.
<a name="dns_vscale" />
## 23. Use VSCALE API
First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/).
@ -594,6 +619,7 @@ Ok, let's issue a cert now:
<a name="dns_dynu" />
## 24. Use Dynu API
First you need to create/obtain API credentials from your Dynu account. See: https://www.dynu.com/resources/api/documentation
@ -612,6 +638,7 @@ The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf`
<a name="dns_dnsimple" />
## 25. Use DNSimple API
First you need to login to your DNSimple account and generate a new oauth token.
@ -640,6 +667,7 @@ https://github.com/pho3nixf1re/acme.sh/issues.
<a name="dns_nsone" />
## 26. Use NS1.com API
```sh
@ -653,6 +681,7 @@ Ok, let's issue a cert now:
<a name="dns_duckdns" />
## 27. Use DuckDNS.org API
```sh
@ -667,6 +696,7 @@ acme.sh --insecure --issue --dns dns_duckdns -d mydomain.duckdns.org
<a name="dns_namecom" />
## 28. Use Name.com API
Create your API token here: https://www.name.com/account/settings/api
@ -689,6 +719,7 @@ For issues, please report to https://github.com/raidenii/acme.sh/issues.
<a name="dns_dyn" />
## 29. Use Dyn Managed DNS API to automatically issue cert
First, login to your Dyn Managed DNS account: https://portal.dynect.net/login/
@ -723,6 +754,7 @@ The `DYN_Customer`, `DYN_Username` and `DYN_Password` will be saved in `~/.acme.
<a name="dns_yandex" />
## 30. Use pdd.yandex.ru API
```sh
@ -740,6 +772,7 @@ For issues, please report to https://github.com/non7top/acme.sh/issues.
<a name="dns_he" />
## 31. Use Hurricane Electric
[Hurricane Electric he.net](https://dns.he.net/) doesn't have an API so just set your login credentials like so:
@ -778,6 +811,7 @@ The `UNO_Key` and `UNO_User` will be saved in `~/.acme.sh/account.conf` and will
<a name="dns_inwx" />
## 33. Use INWX
[INWX.de](https://www.inwx.de/) offers a [xmlrpc api](https://www.inwx.de/de/help/apidoc) with your standard login credentials, set them like so:
@ -821,6 +855,7 @@ Both, `SERVERCOW_API_Username` and `SERVERCOW_API_Password` will be saved in `~/
<a name="dns_namesilo" />
## 35. Use Namesilo.com API
You'll need to generate an API key at https://www.namesilo.com/account/api-manager
@ -837,6 +872,7 @@ And now you can issue certs with:
```
<a name="dns_autodns" />
## 36. Use autoDNS (InternetX)
[InternetX](https://www.internetx.com/) offers a [xml api](https://help.internetx.com/display/API/AutoDNS+XML-API) with your standard login credentials, set them like so:
@ -857,6 +893,7 @@ The `AUTODNS_USER`, `AUTODNS_PASSWORD` and `AUTODNS_CONTEXT` settings will be sa
<a name="dns_azure" />
## 37. Use Azure DNS
You have to create a service principal first. See:[How to use Azure DNS](https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS)
@ -890,6 +927,7 @@ Issuing certificates using managed identity clears previously set settings: `AZU
<a name="dns_selectel" />
## 38. Use selectel.com(selectel.ru) domain API to automatically issue cert
First you need to login to your account to get your API key from: https://my.selectel.ru/profile/apikeys.
@ -908,6 +946,7 @@ The `SL_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when
<a name="dns_zonomi" />
## 39. Use zonomi.com domain API to automatically issue cert
First you need to login to your account to find your API key from: http://zonomi.com/app/dns/dyndns.jsp
@ -932,6 +971,7 @@ The `ZM_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when
<a name="dns_dreamhost" />
## 40. Use DreamHost DNS API
DNS API keys may be created at https://panel.dreamhost.com/?tree=home.api.
@ -947,6 +987,7 @@ be reused when needed.
<a name="dns_da" />
## 41. Use DirectAdmin API
The DirectAdmin interface has its own Let's encrypt functionality, but this
script can be used to generate certificates for names which are not hosted on
@ -976,6 +1017,7 @@ The `DA_Api` and `DA_Api_Insecure` will be saved in `~/.acme.sh/account.conf` an
<a name="dns_zilore" />
## 42. Use KingHost DNS API
API access must be enabled at https://painel.kinghost.com.br/painel.api.php
@ -990,6 +1032,7 @@ The `KINGHOST_username` and `KINGHOST_Password` will be saved in `~/.acme.sh/acc
<a name="dns_zilore" />
## 43. Use Zilore DNS API
First, get your API key at https://my.zilore.com/account/api
@ -1006,6 +1049,7 @@ Ok, let's issue a cert now:
The `Zilore_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
<a name="dns_loopia" />
## 44. Use Loopia API
User must provide login credentials to the Loopia API.
@ -1045,6 +1089,7 @@ will be reused when needed.
<a name="dns_acmedns" />
## 45. Use ACME DNS API
ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
@ -1081,6 +1126,7 @@ The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will
<a name="dns_euserv" />
## 47. Use Euserv.eu API
First you need to login to your euserv.eu account and activate your API Administration (API Verwaltung).
@ -1105,6 +1151,7 @@ Please report any issues to https://github.com/initit/acme.sh or to <github@init
<a name="dns_gcloud" />
## 48. Use DNSPod.com domain API to automatically issue cert
First you need to get your API Key and ID by this [get-the-user-token](https://www.dnspod.com/docs/info.html#get-the-user-token).
@ -1144,6 +1191,7 @@ export CLOUDSDK_ACTIVE_CONFIG_NAME=default # see the note above
<a name="dns_netcup" />
## 50. Use ConoHa API
First you need to login to your ConoHa account to get your API credentials.
@ -1186,6 +1234,7 @@ https://github.com/acmesh-official/acme.sh/pull/4049
<a name="dns_namecheap" />
## 53. Use Namecheap
You will need your namecheap username, API KEY (https://www.namecheap.com/support/api/intro.aspx) and your external IP address (or a URL to get it), this IP will need to be whitelisted at Namecheap.
@ -1211,6 +1260,7 @@ If you find any bugs of namecheap dns API, please report here: https://github.co
<a name="dns_mydnsjp" />
## 54. Use MyDNS.JP API
First, register to MyDNS.JP and get MasterID and Password.
@ -1229,6 +1279,7 @@ The `MYDNSJP_MasterID` and `MYDNSJP_Password` will be saved in `~/.acme.sh/accou
<a name="dns_hostingde" />
## 55. Use hosting.de API
Create an API key in your hosting.de account here: https://secure.hosting.de
@ -1255,6 +1306,7 @@ The hosting.de API key and endpoint will be saved in `~/.acme.sh/account.conf` a
<a name="dns_neodigit" />
## 56. Use Neodigit.net API
```sh
@ -1270,6 +1322,7 @@ Neodigit API Token will be saved in `~/.acme.sh/account.conf` and will be used w
<a name="dns_exoscale" />
## 57. Use Exoscale API
Create an API key and secret key in the Exoscale account section
@ -1290,6 +1343,7 @@ The `EXOSCALE_API_KEY` and `EXOSCALE_SECRET_KEY` will be saved in `~/.acme.sh/ac
<a name="dns_pointhq" />
## 58. Using PointHQ API to issue certs
Log into [PointHQ account management](https://app.pointhq.com/profile) and copy the API key from the page there.
@ -1306,6 +1360,7 @@ You can then issue certs by using:
<a name="dns_active24" />
## 59. Use Active24 API
Create an API token in the Active24 account section, documentation on https://faq.active24.com/cz/790131-REST-API-rozhran%C3%AD.
@ -1325,6 +1380,7 @@ The `ACTIVE24_Token` will be saved in `~/.acme.sh/account.conf` and will be reus
<a name="dns_doapi" />
## 60. Use do.de API
Create an API token in your do.de account ([Create token here](https://www.do.de/account/letsencrypt/) | [Documentation](https://www.do.de/wiki/LetsEncrypt_-_Entwickler)).
@ -1343,6 +1399,7 @@ The API token will be saved in `~/.acme.sh/account.conf` and will be reused when
<a name="dns_nw" />
## 61. Use Nexcess API
First, you'll need to login to the [Nexcess.net Client Portal](https://portal.nexcess.net) and [generate a new API token](https://portal.nexcess.net/api-token).
@ -1366,6 +1423,7 @@ If you find any bugs of Nexcess dns API, please report here: https://github.com/
<a name="dns_nw" />
## 62. Use Thermo.io API
First, you'll need to login to the [Thermo.io Client Portal](https://core.thermo.io) and [generate a new API token](https://core.thermo.io/api-token).
@ -1387,6 +1445,7 @@ The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.co
<a name="dns_nw" />
## 63. Use Futurehosting API
First, you'll need to login to the [Futurehosting Client Portal](https://my.futurehosting.com) and [generate a new API token](https://my.futurehosting.com/api-token).
@ -1425,6 +1484,7 @@ If you find any bugs of Rackspace dns API, please report here: https://github.co
<a name="dns_online" />
## 65. Use Online API
First, you'll need to retrive your API key, which is available under https://console.online.net/en/api/access
@ -1445,6 +1505,7 @@ If you find any bugs of online.net dns API, please report here: https://github.c
<a name="dns_mydevil" />
## 66. Use MyDevil.net
Make sure that you can execute own binaries:
@ -1467,6 +1528,7 @@ After certificate is ready, you can install it with [deploy command](https://git
<a name="dns_cn" />
## 67. Use Core-Networks API to automatically issue cert
First you need to login to your Core-Networks account to set up an API-User.
@ -1524,6 +1586,7 @@ If you find any bugs of zone.eu (zone.ee) dns API, please report here: https://g
<a name="dns_ultra" />
## 70. Use UltraDNS API
UltraDNS is a paid for service that provides DNS, as well as Web and Mail forwarding (as well as reporting, auditing, and advanced tools).
@ -1548,6 +1611,7 @@ To issue a cert run:
`ULTRA_USR` and `ULTRA_PWD` will be saved in `~/.acme.sh/account.conf` and will be resued when needed.
<a name="dns_desec" />
## 71. Use deSEC.io
Sign up for dynDNS at https://desec.io first.
@ -1565,6 +1629,7 @@ If you find any bugs of deSEC.io API, please report here: https://github.com/Ne
<a name="dns_openprovider" />
## 72. Use OpenProvider API
First, you need to enable API access and retrieve your password hash on https://rcp.openprovider.eu/account/dashboard.php
@ -1581,6 +1646,7 @@ export OPENPROVIDER_PASSWORDHASH="<hash>"
If you find any bugs of OpenProvider dns API, please report here: https://github.com/Neilpang/acme.sh/issues/2104
<a name="dns_maradns" />
## 73. Use MaraDNS API
Make sure you've configured MaraDNS properly and setup a zone file for your domain. See [`csv2(5)`](https://manpages.debian.org/stretch/maradns/csv2.5.en.html).
@ -1605,6 +1671,7 @@ Issuing a certificate:
If you find any bugs of MaraDNS DNS API, please report here: https://github.com/Neilpang/acme.sh/issues/2072
<a name="dns_hetzner" />
## 74. Use Hetzner API
Get the API Token:
@ -1617,6 +1684,7 @@ export HETZNER_Token="<token>"
```
<a name="dns_ddnss" />
## 75. Use DDNSS.de API
First create an account at https://ddnss.de. After that create a new host record.
@ -1637,6 +1705,7 @@ After that you can issue a new certificate:
If you find any bugs of ddnss.de API, please report here: https://github.com/Neilpang/acme.sh/issues/2230
<a name="dns_nsd" />
## 76. Use NLnetLabs NSD
You need to export two variables. Your zonefile which the script will automatically edit: