From ae2ac83038a14db3dced7a4a793900fa26da6682 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Tue, 15 Aug 2023 12:37:44 +0300 Subject: [PATCH] replace www.example.com with *.example.com which is more often used --- dnsapi.md | 112 +++++++++++++++++++++++++++--------------------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/dnsapi.md b/dnsapi.md index 059a247..611f4e2 100644 --- a/dnsapi.md +++ b/dnsapi.md @@ -188,7 +188,7 @@ export CF_Zone_ID="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_cf -d example.com -d www.example.com +./acme.sh --issue --dns dns_cf -d example.com -d *.example.com ``` The `CF_Key` and `CF_Email` or `CF_Token`and `CF_Account_ID`will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -207,7 +207,7 @@ export DP_Key="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_dp -d example.com -d www.example.com +./acme.sh --issue --dns dns_dp -d example.com -d *.example.com ``` The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -235,7 +235,7 @@ export GD_Secret="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_gd -d example.com -d www.example.com +./acme.sh --issue --dns dns_gd -d example.com -d *.example.com ``` The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -258,7 +258,7 @@ export PDNS_Ttl=60 Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_pdns -d example.com -d www.example.com +./acme.sh --issue --dns dns_pdns -d example.com -d *.example.com ``` The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -334,7 +334,7 @@ export NSUPDATE_ZONE="example.com" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com +./acme.sh --issue --dns dns_nsupdate -d example.com -d *.example.com ``` The `NSUPDATE_SERVER`, `NSUPDATE_KEY`, and `NSUPDATE_ZONE` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -353,7 +353,7 @@ export LUA_Email="youremail@example.com" To issue a cert: ```sh -./acme.sh --issue --dns dns_lua -d example.com -d www.example.com +./acme.sh --issue --dns dns_lua -d example.com -d *.example.com ``` The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -372,7 +372,7 @@ export ME_Secret="" To issue a cert: ```sh -./acme.sh --issue --dns dns_me -d example.com -d www.example.com +./acme.sh --issue --dns dns_me -d example.com -d *.example.com ``` The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -391,7 +391,7 @@ export AWS_SECRET_ACCESS_KEY="" To issue a cert: ```sh -./acme.sh --issue --dns dns_aws -d example.com -d www.example.com +./acme.sh --issue --dns dns_aws -d example.com -d *.example.com ``` If you get an `AWS Route53 rate exceeded` error, you can add a sleep time between api requests: @@ -417,7 +417,7 @@ export Ali_Secret="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_ali -d example.com -d www.example.com +./acme.sh --issue --dns dns_ali -d example.com -d *.example.com ``` The `Ali_Key` and `Ali_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -442,7 +442,7 @@ Leave ISPC_Api_Insecure set to 1 if you have no valid ssl cert for your installa To issue a cert: ```sh -./acme.sh --issue --dns dns_ispconfig -d example.com -d www.example.com +./acme.sh --issue --dns dns_ispconfig -d example.com -d *.example.com ``` The `ISPC_User`, `ISPC_Password`, `ISPC_Api`and `ISPC_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -461,7 +461,7 @@ export AD_API_KEY="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_ad -d example.com -d www.example.com +./acme.sh --issue --dns dns_ad -d example.com -d *.example.com ``` The `AD_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -492,7 +492,7 @@ Due to the reload time of any changes in the DNS records, we have to use the Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_linode_v4 --dnssleep 900 -d example.com -d www.example.com +./acme.sh --issue --dns dns_linode_v4 -d example.com -d *.example.com --dnssleep 900 ``` The `LINODE_V4_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -520,7 +520,7 @@ reuses that when needed. Now you can issue a certificate. ```sh -./acme.sh --issue --dns dns_freedns -d example.com -d www.example.com +./acme.sh --issue --dns dns_freedns -d example.com -d *.example.com ``` Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that @@ -545,7 +545,7 @@ export CY_OTP_Secret="your_otp_secret" # Only required if using 2FA To issue a cert: ```sh -./acme.sh --issue --dns dns_cyon -d example.com -d www.example.com +./acme.sh --issue --dns dns_cyon -d example.com -d *.example.com ``` The `CY_Username`, `CY_Password` and `CY_OTP_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -568,7 +568,7 @@ export GANDI_LIVEDNS_KEY="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_gandi_livedns -d example.com -d www.example.com +./acme.sh --issue --dns dns_gandi_livedns -d example.com -d *.example.com ``` @@ -621,7 +621,7 @@ export KNOT_ZONE="le.example.com" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_knot -d example.com -d www.example.com +./acme.sh --issue --dns dns_knot -d example.com -d *.example.com ``` The `KNOT_SERVER` and `KNOT_KEY` and `KNOT_ZONE` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -639,7 +639,7 @@ export DO_API_KEY="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_dgon -d example.com -d www.example.com +./acme.sh --issue --dns dns_dgon -d example.com -d *.example.com ``` @@ -660,7 +660,7 @@ export CLOUDNS_AUTH_PASSWORD="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com +./acme.sh --issue --dns dns_cloudns -d example.com -d *.example.com ``` The `CLOUDNS_AUTH_ID` and `CLOUDNS_AUTH_PASSWORD` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -678,7 +678,7 @@ export Infoblox_Server="ip or fqdn of infoblox appliance" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com +./acme.sh --issue --dns dns_infoblox -d example.com -d *.example.com ``` Note: This script will automatically create and delete the ephemeral txt record. @@ -697,7 +697,7 @@ export VSCALE_API_KEY="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_vscale -d example.com -d www.example.com +./acme.sh --issue --dns dns_vscale -d example.com -d *.example.com ``` @@ -714,7 +714,7 @@ export Dynu_Secret="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_dynu -d example.com -d www.example.com +./acme.sh --issue --dns dns_dynu -d example.com -d *.example.com ``` The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -739,7 +739,7 @@ export DNSimple_OAUTH_TOKEN="" To issue the cert just specify the `dns_dnsimple` API. ```sh -./acme.sh --issue --dns dns_dnsimple -d example.com +./acme.sh --issue --dns dns_dnsimple -d example.com -d *.example.com ``` The `DNSimple_OAUTH_TOKEN` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -757,7 +757,7 @@ export NS1_Key="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_nsone -d example.com -d www.example.com +./acme.sh --issue --dns dns_nsone -d example.com -d *.example.com ``` @@ -792,7 +792,7 @@ export Namecom_Token="" And now you can issue certs with: ```sh -./acme.sh --issue --dns dns_namecom -d example.com -d www.example.com +./acme.sh --issue --dns dns_namecom -d example.com -d *.example.com ``` If you had Two-step Authentication enabled, make sure to change your security setting, read this guide for help: [Using API with Two-step Authentication](https://www.name.com/support/articles/360007989433-Using-API-with-Two-step-Authentication) @@ -828,7 +828,7 @@ export DYN_Password="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_dyn -d example.com -d www.example.com +./acme.sh --issue --dns dns_dyn -d example.com -d *.example.com ``` The `DYN_Customer`, `DYN_Username` and `DYN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -866,7 +866,7 @@ export HE_Password="" Then you can issue your certificate: ```sh -./acme.sh --issue --dns dns_he -d example.com -d www.example.com +./acme.sh --issue --dns dns_he -d example.com -d *.example.com ``` The `HE_Username` and `HE_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -892,7 +892,7 @@ export INWX_Password="" Then you can issue your certificates with: ```sh -./acme.sh --issue --dns dns_inwx -d example.com -d www.example.com +./acme.sh --issue --dns dns_inwx -d example.com -d *.example.com ``` The `INWX_User` and `INWX_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -920,7 +920,7 @@ export SERVERCOW_API_Password="" Now you cann issue a cert: ```sh -./acme.sh --issue --dns dns_servercow -d example.com -d www.example.com +./acme.sh --issue --dns dns_servercow -d example.com -d *.example.com ``` Both, `SERVERCOW_API_Username` and `SERVERCOW_API_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -939,7 +939,7 @@ export Namesilo_Key="" And now you can issue certs with: ```sh -./acme.sh --issue --dns dns_namesilo --dnssleep 900 -d example.com -d www.example.com +./acme.sh --issue --dns dns_namesilo -d example.com -d *.example.com --dnssleep 900 ``` @@ -957,7 +957,7 @@ export AUTODNS_CONTEXT="context" Then you can issue your certificates with: ```sh -./acme.sh --issue --dns dns_autodns -d example.com -d www.example.com +./acme.sh --issue --dns dns_autodns -d example.com -d *.example.com ``` The `AUTODNS_USER`, `AUTODNS_PASSWORD` and `AUTODNS_CONTEXT` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -979,7 +979,7 @@ export AZUREDNS_CLIENTSECRET="" Then you can issue your certificates with: ```sh -./acme.sh --issue --dns dns_azure -d example.com -d www.example.com +./acme.sh --issue --dns dns_azure -d example.com -d *.example.com ``` `AZUREDNS_SUBSCRIPTIONID`, `AZUREDNS_TENANTID`,`AZUREDNS_APPID` and `AZUREDNS_CLIENTSECRET` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1009,7 +1009,7 @@ export SL_Key="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_selectel -d example.com -d www.example.com +./acme.sh --issue --dns dns_selectel -d example.com -d *.example.com ``` The `SL_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1034,7 +1034,7 @@ export ZM_Key="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_zonomi -d example.com -d www.example.com +./acme.sh --issue --dns dns_zonomi -d example.com -d *.example.com ``` The `ZM_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1049,7 +1049,7 @@ Ensure the created key has `add` and `remove` privileges. ```sh export DH_API_KEY="" -./acme.sh --issue --dns dns_dreamhost -d example.com -d www.example.com +./acme.sh --issue --dns dns_dreamhost -d example.com -d *.example.com ``` The `DH_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1078,7 +1078,7 @@ Set `DA_Api_Insecure` to 1 for insecure and 0 for secure -> difference is whethe Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_da -d example.com -d www.example.com +./acme.sh --issue --dns dns_da -d example.com -d *.example.com ``` The `DA_Api` and `DA_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1173,7 +1173,7 @@ https://github.com/joohoi/acme-dns # export ACMEDNS_PASSWORD="" # export ACMEDNS_SUBDOMAIN="" -./acme.sh --issue --dns dns_acmedns -d example.com -d www.example.com +./acme.sh --issue --dns dns_acmedns -d example.com -d *.example.com ``` The credentials will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1234,7 +1234,7 @@ export DPI_Key="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_dpi -d example.com -d www.example.com +./acme.sh --issue --dns dns_dpi -d example.com -d *.example.com ``` The `DPI_Id` and `DPI_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1279,7 +1279,7 @@ export CONOHA_IdentityServiceApi="https://identity.xxxx.conoha.io/v2.0" To issue a cert: ```sh -./acme.sh --issue --dns dns_conoha -d example.com -d www.example.com +./acme.sh --issue --dns dns_conoha -d example.com -d *.example.com ``` The `CONOHA_Username`, `CONOHA_Password`, `CONOHA_TenantId` and `CONOHA_IdentityServiceApi` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1298,7 +1298,7 @@ export NC_CID="" Now, let's issue a cert: ```sh -./acme.sh --issue --dns dns_netcup -d example.com -d www.example.com +./acme.sh --issue --dns dns_netcup -d example.com -d *.example.com ``` The `NC_Apikey`,`NC_Apipw` and `NC_CID` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1395,7 +1395,7 @@ export NEODIGIT_API_TOKEN="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_neodigit -d example.com -d www.example.com +./acme.sh --issue --dns dns_neodigit -d example.com -d *.example.com ``` Neodigit API Token will be saved in `~/.acme.sh/account.conf` and will be used when needed. @@ -1416,7 +1416,7 @@ export EXOSCALE_SECRET_KEY='' Now, let's issue a cert: ```sh -./acme.sh --issue --dns dns_exoscale -d example.com -d www.example.com +./acme.sh --issue --dns dns_exoscale -d example.com -d *.example.com ``` The `EXOSCALE_API_KEY` and `EXOSCALE_SECRET_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1435,7 +1435,7 @@ exportPointHQ_Email="accountemail@yourdomain.com" You can then issue certs by using: ``` -./acme.sh --issue --dns dns_pointhq -d example.com -d www.example.com +./acme.sh --issue --dns dns_pointhq -d example.com -d *.example.com ``` Report any bugs or issues [here](https://github.com/acmesh-official/acme.sh/issues/2060) @@ -1455,7 +1455,7 @@ export ACTIVE24_Token='' Now, let's issue a cert, set `dnssleep` for propagation new DNS record: ```sh -./acme.sh --issue --dns dns_active24 -d example.com -d www.example.com --dnssleep 1000 +./acme.sh --issue --dns dns_active24 -d example.com -d *.example.com --dnssleep 1000 ``` The `ACTIVE24_Token` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1500,7 +1500,7 @@ export NW_API_ENDPOINT="https://portal.nexcess.net" Finally, we'll issue the certificate: (Nexcess DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`) ```sh -./acme.sh --issue --dns dns_nw -d example.com --dnssleep 900 +./acme.sh --issue --dns dns_nw -d example.com -d *.example.com --dnssleep 900 ``` The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1524,7 +1524,7 @@ export NW_API_ENDPOINT="https://core.thermo.io" Finally, we'll issue the certificate: (Thermo DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`) ```sh -./acme.sh --issue --dns dns_nw -d example.com --dnssleep 900 +./acme.sh --issue --dns dns_nw -d example.com -d *.example.com --dnssleep 900 ``` The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1548,7 +1548,7 @@ export NW_API_ENDPOINT="https://my.futurehosting.com" Finally, we'll issue the certificate: (Futurehosting DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`) ```sh -./acme.sh --issue --dns dns_nw -d example.com --dnssleep 900 +./acme.sh --issue --dns dns_nw -d example.com -d *.example.com --dnssleep 900 ``` The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1570,7 +1570,7 @@ export RACKSPACE_Apikey="" Now, let's issue a cert: ```sh -./acme.sh --issue --dns dns_rackspace -d example.com -d www.example.com +./acme.sh --issue --dns dns_rackspace -d example.com -d *.example.com ``` Report any bugs or issues [here](https://github.com/acmesh-official/acme.sh/issues/2091) @@ -1589,7 +1589,7 @@ export ONLINE_API_KEY='' To issue a cert run: ```sh -./acme.sh --issue --dns dns_online -d example.com -d www.example.com +./acme.sh --issue --dns dns_online -d example.com -d *.example.com ``` `ONLINE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1638,7 +1638,7 @@ export CN_Password="" Ok, let's issue a cert now: ```sh -./acme.sh --issue --dns dns_cn -d example.com -d www.example.com +./acme.sh --issue --dns dns_cn -d example.com -d *.example.com ``` The `CN_User` and `CN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1679,7 +1679,7 @@ export ZONE_Key=keygoeshere To issue a cert run: ```sh -./acme.sh --issue -d example.com -d www.example.com --dns dns_zone +./acme.sh --issue --dns dns_zone -d example.com -d *.example.com ``` `ZONE_Username` and `ZONE_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1704,10 +1704,10 @@ https://portal.ultradns.com/ - or if you create an API only user, that username ```sh export ULTRA_USR="" export ULTRA_PWD="" - +``` To issue a cert run: - -./acme.sh --issue --dns dns_ultra -d example.com -d www.example.com +```sh +./acme.sh --issue --dns dns_ultra -d example.com -d *.example.com ``` `ULTRA_USR` and `ULTRA_PWD` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1745,7 +1745,7 @@ First, you need to enable API access and retrieve your password hash on https:// export OPENPROVIDER_USER="" export OPENPROVIDER_PASSWORDHASH="" -./acme.sh --issue --dns dns_openprovider -d example.com -d www.example.com +./acme.sh --issue --dns dns_openprovider -d example.com -d *.example.com ``` `OPENPROVIDER_USER` and `OPENPROVIDER_PASSWORDHASH` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. @@ -1791,7 +1791,7 @@ Use [dnsConsole](https://dns.hetzner.com/) to create your hetzner api token. Issuing a certificate (using LetsEncrypt): ```sh export HETZNER_Token="" -./acme.sh --issue --dns dns_hetzner -d example.com -d www.example.com --server letsencrypt +./acme.sh --issue --dns dns_hetzner -d example.com -d *.example.com --server letsencrypt ``` Report any bugs or issues [here](https://github.com/acmesh-official/acme.sh/issues/2943) @@ -1813,7 +1813,7 @@ export DDNSS_Token="" After that you can issue a new certificate: ```sh -./acme.sh --issue --dns dns_ddnss -d example.com +./acme.sh --issue --dns dns_ddnss -d example.com -d *.example.com ``` Report any bugs or issues [here](https://github.com/acmesh-official/acme.sh/issues/2230)