ervin/acme.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
66466b5105
acme.sh/dnsapi/README.md
Jose Luis Duran 66466b5105
Improve the README.md files 
This change aims to make it easier to read through the README.md files,
both online and using a simple text editor.

Also contains minor corrections.

[ci skip]
2018-04-14 13:49:42 -03:00

961 lines
28 KiB
Markdown
Raw Blame History

How to use DNS API
==================
1. [Use CloudFlare domain API to automatically issue cert](#use-cloudflare-domain-api-to-automatically-issue-cert)
2. [Use DNSPod.cn domain API to automatically issue cert](#use-dnspodcn-domain-api-to-automatically-issue-cert)
3. [Use CloudXNS.com domain API to automatically issue cert](#use-cloudxnscom-domain-api-to-automatically-issue-cert)
4. [Use GoDaddy.com domain API to automatically issue cert](#use-godaddycom-domain-api-to-automatically-issue-cert)
5. [Use PowerDNS embedded API to automatically issue cert](#use-powerdns-embedded-api-to-automatically-issue-cert)
6. [Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert](#use-ovhkimsufisoyoustartrunabove-api-to-automatically-issue-cert)
7. [Use nsupdate to automatically issue cert](#use-nsupdate-to-automatically-issue-cert)
8. [Use LuaDNS domain API](#use-luadns-domain-api)
9. [Use DNSMadeEasy domain API](#use-dnsmadeeasy-domain-api)
10. [Use Amazon Route53 domain API](#use-amazon-route53-domain-api)
11. [Use Aliyun domain API to automatically issue cert](#use-aliyun-domain-api-to-automatically-issue-cert)
12. [Use ISPConfig 3.1 API](#use-ispconfig-31-api)
13. [Use Alwaysdata domain API](#use-alwaysdata-domain-api)
14. [Use Linode domain API](#use-linode-domain-api)
15. [Use FreeDNS](#use-freedns)
16. [Use cyon.ch](#use-cyonch)
17. [Use Domain-Offensive/Resellerinterface/Domainrobot API](#use-domain-offensiveresellerinterfacedomainrobot-api)
18. [Use Gandi LiveDNS API](#use-gandi-livedns-api)
19. [Use Knot (knsupdate) DNS API to automatically issue cert](#use-knot-knsupdate-dns-api-to-automatically-issue-cert)
20. [Use DigitalOcean API (native)](#use-digitalocean-api-native)
21. [Use ClouDNS.net API](#use-cloudnsnet-api)
22. [Use Infoblox API](#use-infoblox-api)
23. [Use VSCALE API](#use-vscale-api)
24. [Use Dynu API](#use-dynu-api)
25. [Use DNSimple API](#use-dnsimple-api)
26. [Use NS1.com API](#use-ns1com-api)
27. [Use DuckDNS.org API](#use-duckdnsorg-api)
28. [Use Name.com API](#use-namecom-api)
29. [Use Dyn Managed DNS API to automatically issue cert](#use-dyn-managed-dns-api-to-automatically-issue-cert)
30. [Use pdd.yandex.ru API](#use-pddyandexru-api)
31. [Use Hurricane Electric](#use-hurricane-electric)
32. [Use UnoEuro API to automatically issue cert](#use-unoeuro-api-to-automatically-issue-cert)
33. [Use INWX](#use-inwx)
34. [Use Servercow API v1](#use-servercow-api-v1)
35. [Use Namesilo.com API](#use-namesilocom-api)
36. [Use autoDNS (InternetX)](#use-autodns-internetx)
37. [Use Azure DNS](#use-azure-dns)
38. [Use selectel.com (selectel.ru) domain API to automatically issue cert](#use-selectelcom-selectelru-domain-api-to-automatically-issue-cert)
39. [Use zonomi.com domain API to automatically issue cert](#use-zonomicom-domain-api-to-automatically-issue-cert)
40. [Use DreamHost DNS API](#use-dreamhost-dns-api)
41. [Use DirectAdmin API](#use-directadmin-api)
42. [Use KingHost DNS API](#use-kinghost-dns-api)
43. [Use Zilore DNS API](#use-zilore-dns-api)
44. [Use Loopia.se API](#use-loopiase-api)
45. [Use ACME DNS API](#use-acme-dns-api)
Use a custom API
================
If your API is not supported yet, you can write your own DNS API.
Let's assume you want to name it `myapi`:
1. Create a bash script named `~/.acme.sh/dns_myapi.sh`.
2. In the script, you must have a function named `dns_myapi_add()`
which will be called by acme.sh to add the DNS records.
3. Then you can use your API to issue cert like this:
acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
Use lexicon DNS API
===================
https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
------------------------------------------------------------------------
Use CloudFlare domain API to automatically issue cert
-----------------------------------------------------
First you need to login to your CloudFlare account to get your API key.
export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Email="xxxx@sss.com"
OK, let's issue a cert now:
acme.sh --issue --dns dns_cf -d example.com -d www.example.com
The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf`
and will be reused when needed.
Use DNSPod.cn domain API to automatically issue cert
----------------------------------------------------
First you need to login to your DNSPod account to get your API Key and
ID.
export DP_Id="1234"
export DP_Key="sADDsdasdgdsf"
OK, let's issue a cert now:
acme.sh --issue --dns dns_dp -d example.com -d www.example.com
The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and
will be reused when needed.
Use CloudXNS.com domain API to automatically issue cert
-------------------------------------------------------
First you need to login to your CloudXNS account to get your API Key and
Secret.
export CX_Key="1234"
export CX_Secret="sADDsdasdgdsf"
OK, let's issue a cert now:
acme.sh --issue --dns dns_cx -d example.com -d www.example.com
The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf`
and will be reused when needed.
Use GoDaddy.com domain API to automatically issue cert
------------------------------------------------------
First you need to login to your GoDaddy account to get your API Key and
Secret.
https://developer.godaddy.com/keys/
Please create a Production key, instead of a Test key.
export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
OK, let's issue a cert now:
acme.sh --issue --dns dns_gd -d example.com -d www.example.com
The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf`
and will be reused when needed.
Use PowerDNS embedded API to automatically issue cert
-----------------------------------------------------
First you need to login to your PowerDNS account to enable the API and
set your API-Token in the configuration.
https://doc.powerdns.com/md/httpapi/README/
export PDNS_Url="http://ns.example.com:8081"
export PDNS_ServerId="localhost"
export PDNS_Token="0123456789ABCDEF"
export PDNS_Ttl=60
OK, let's issue a cert now:
acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be
saved in `~/.acme.sh/account.conf` and will be reused when needed.
Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert
-------------------------------------------------------------------
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
Use nsupdate to automatically issue cert
----------------------------------------
First, generate a key for updating the zone
b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo)
cat > /etc/named/keys/update.key <<EOF
key "update" {
algorithm hmac-sha512;
secret "$(awk '/^Key/{print $2}' /tmp/$b.private)";
};
EOF
rm -f /tmp/$b.{private,key}
Include this key in your named configuration
include "/etc/named/keys/update.key";
Next, configure your zone to allow dynamic updates.
Depending on your named version, use either
zone "example.com" {
type master;
allow-update { key "update"; };
};
or
zone "example.com" {
type master;
update-policy {
grant update subdomain example.com.;
};
}
Finally, make the DNS server and update Key available to `acme.sh`
export NSUPDATE_SERVER="dns.example.com"
export NSUPDATE_KEY="/path/to/your/nsupdate.key"
OK, let's issue a cert now:
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use LuaDNS domain API
---------------------
Get your API token at https://api.luadns.com/settings
export LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export LUA_Email="xxxx@sss.com"
OK, let's issue a cert now:
acme.sh --issue --dns dns_lua -d example.com -d www.example.com
The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf`
and will be reused when needed.
Use DNSMadeEasy domain API
--------------------------
Get your API credentials at https://cp.dnsmadeeasy.com/account/info
export ME_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export ME_Secret="qdfqsdfkjdskfj"
OK, let's issue a cert now:
acme.sh --issue --dns dns_me -d example.com -d www.example.com
The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf`
and will be reused when needed.
Use Amazon Route53 domain API
-----------------------------
https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API
export AWS_ACCESS_KEY_ID=XXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX
OK, let's issue a cert now:
acme.sh --issue --dns dns_aws -d example.com -d www.example.com
The `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use Aliyun domain API to automatically issue cert
-------------------------------------------------
First you need to login to your Aliyun account to get your API key.
https://ak-console.aliyun.com/#/accesskey
export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
OK, let's issue a cert now:
acme.sh --issue --dns dns_ali -d example.com -d www.example.com
The `Ali_Key` and `Ali_Secret` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use ISPConfig 3.1 API
---------------------
This only works for ISPConfig 3.1 (and newer).
Create a Remote User in the ISPConfig Control Panel. The Remote User
must have access to at least `DNS zone functions` and `DNS txt
functions`.
export ISPC_User="xxx"
export ISPC_Password="xxx"
export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php"
export ISPC_Api_Insecure=1
If you have installed ISPConfig on a different port, then alter the
`8080` accordingly. Leave `ISPC_Api_Insecure` set to `1` if you do not
have a valid SSL cert for your installation. Change it to `0` if you
have a valid SSL cert.
OK, let's issue a cert now:
acme.sh --issue --dns dns_ispconfig -d example.com -d www.example.com
The `ISPC_User`, `ISPC_Password`, `ISPC_Api`and `ISPC_Api_Insecure` will
be saved in `~/.acme.sh/account.conf` and will be reused when needed.
Use Alwaysdata domain API
-------------------------
First you need to login to your Alwaysdata account to get your API Key.
export AD_API_KEY="myalwaysdataapikey"
OK, let's issue a cert now:
acme.sh --issue --dns dns_ad -d example.com -d www.example.com
The `AD_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be
reused when needed.
Use Linode domain API
---------------------
First you need to login to your Linode account to get your API Key.
https://manager.linode.com/profile/api
Then add an API key with label _ACME_ and copy the new key.
export LINODE_API_KEY="..."
Due to the reload time of any changes in the DNS records, we have to use
the `dnssleep` option to wait at least 15 minutes for the changes to
take effect.
OK, let's issue a cert now:
acme.sh --issue --dns dns_linode --dnssleep 900 -d example.com -d www.example.com
The `LINODE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will
be reused when needed.
Use FreeDNS
-----------
FreeDNS (https://freedns.afraid.org/) does not provide an API to update
DNS records (other than IPv4 and IPv6 dynamic DNS addresses). The
acme.sh plugin therefore retrieves and updates domain TXT records by
logging into the FreeDNS website to read the HTML and posting updates as
HTTP. The plugin needs to know your userid and password for the FreeDNS
website.
export FREEDNS_User="..."
export FREEDNS_Password="..."
You only need to provide this the first time you run the acme.sh client
with FreeDNS validation and then again whenever you change your password
at the FreeDNS site. The acme.sh FreeDNS plugin does not store your
userid or password but rather saves an authentication token returned by
FreeDNS in `~/.acme.sh/account.conf` and reuses that when needed.
OK, let's issue a cert now:
acme.sh --issue --dns dns_freedns -d example.com -d www.example.com
Note that you cannot use acme.sh automatic DNS validation for FreeDNS
public domains or for a subdomain that you create under a FreeDNS public
domain. You must own the top level domain in order to automatically
validate with acme.sh at FreeDNS.
Use cyon.ch
-----------
You only need to set your cyon.ch login credentials. If you also have 2
Factor Authentication (OTP) enabled, you need to set your secret token
too and have `oathtool` installed.
export CY_Username="your_cyon_username"
export CY_Password="your_cyon_password"
export CY_OTP_Secret="your_otp_secret" # Only required if using 2FA
OK, let's issue a cert now:
acme.sh --issue --dns dns_cyon -d example.com -d www.example.com
The `CY_Username`, `CY_Password` and `CY_OTP_Secret` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use Domain-Offensive/Resellerinterface/Domainrobot API
------------------------------------------------------
ATTENTION: You need to be a registered Reseller to be able to use the
ResellerInterface. As a normal user you can not use this method.
You will need your login credentials (Partner ID+Password) to the
Resellerinterface, and export them before you run `acme.sh`:
export DO_PID="KD-1234567"
export DO_PW="cdfkjl3n2"
OK, let's issue a cert now:
acme.sh --issue --dns dns_do -d example.com -d www.example.com
Use Gandi LiveDNS API
---------------------
You must enable the new Gandi LiveDNS API first and the create your API
key, See: http://doc.livedns.gandi.net/
export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
OK, let's issue a cert now:
acme.sh --issue --dns dns_gandi_livedns -d example.com -d www.example.com
Use Knot (knsupdate) DNS API to automatically issue cert
--------------------------------------------------------
First, generate a TSIG key for updating the zone.
keymgr tsig generate -t acme_key hmac-sha512 > /etc/knot/acme.key
Include this key in your knot configuration file.
include: /etc/knot/acme.key
Next, configure your zone to allow dynamic updates.
Dynamic updates for the zone are allowed via proper ACL rule with the
`update` action. For in-depth instructions, please see [Knot DNS's
documentation](https://www.knot-dns.cz/documentation/).
acl:
- id: acme_acl
address: 192.168.1.0/24
key: acme_key
action: update
zone:
- domain: example.com
file: example.com.zone
acl: acme_acl
Finally, make the DNS server and TSIG Key available to `acme.sh`
export KNOT_SERVER="dns.example.com"
export KNOT_KEY=`grep \# /etc/knot/acme.key | cut -d' ' -f2`
OK, let's issue a cert now:
acme.sh --issue --dns dns_knot -d example.com -d www.example.com
The `KNOT_SERVER` and `KNOT_KEY` settings will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use DigitalOcean API (native)
-----------------------------
You need to obtain a read and write capable API key from your
DigitalOcean account. See: https://www.digitalocean.com/help/api/
export DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc"
OK, let's issue a cert now:
acme.sh --issue --dns dns_dgon -d example.com -d www.example.com
Use ClouDNS.net API
-------------------
You need to set the HTTP API user ID and password credentials. See:
https://www.cloudns.net/wiki/article/42/. For security reasons, it's
recommended to use a sub user ID that only has access to the necessary
zones, as a regular API user has access to your entire account.
# Use this for a sub auth ID
export CLOUDNS_SUB_AUTH_ID=XXXXX
# Use this for a regular auth ID
#export CLOUDNS_AUTH_ID=XXXXX
export CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
OK, let's issue a cert now:
acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com
The `CLOUDNS_AUTH_ID` and `CLOUDNS_AUTH_PASSWORD` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use Infoblox API
----------------
First you need to create/obtain API credentials on your Infoblox
appliance.
export Infoblox_Creds="username:password"
export Infoblox_Server="ip or fqdn of infoblox appliance"
OK, let's issue a cert now:
acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com
Note: This script will automatically create and delete the ephemeral TXT
record. The `Infoblox_Creds` and `Infoblox_Server` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use VSCALE API
--------------
First you need to create/obtain API tokens on your [settings
panel](https://vscale.io/panel/settings/tokens/).
VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
OK, let's issue a cert now:
acme.sh --issue --dns dns_vscale -d example.com -d www.example.com
Use Dynu API
------------
First you need to create/obtain API credentials from your Dynu account.
See: https://www.dynu.com/resources/api/documentation
export Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"
OK, let's issue a cert now:
acme.sh --issue --dns dns_dynu -d example.com -d www.example.com
The `Dynu_ClientId` and `Dynu_Secret` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use DNSimple API
----------------
First you need to login to your DNSimple account and generate a new
oauth token.
https://dnsimple.com/a/{your account id}/account/access_tokens
Note that this is an _account_ token and not a user token. The account
token is needed to infer the `account_id` used in requests. A user
token will not be able to determine the correct account to use.
export DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje"
To issue the cert just specify the `dns_dnsimple` API.
acme.sh --issue --dns dns_dnsimple -d example.com
The `DNSimple_OAUTH_TOKEN` will be saved in `~/.acme.sh/account.conf`
and will be reused when needed.
If you have any issues with this integration please report them to
https://github.com/pho3nixf1re/acme.sh/issues.
Use NS1.com API
---------------
export NS1_Key="fdmlfsdklmfdkmqsdfk"
OK, let's issue a cert now:
acme.sh --issue --dns dns_nsone -d example.com -d www.example.com
Use DuckDNS.org API
-------------------
export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
Please note that since DuckDNS uses StartSSL as their cert provider,
thus `--insecure` may need to be used when issuing certs:
acme.sh --insecure --issue --dns dns_duckdns -d mydomain.duckdns.org
For issues, please report to https://github.com/raidenii/acme.sh/issues.
Use Name.com API
----------------
Create your API token here: https://www.name.com/account/settings/api
Note: `Namecom_Username` should be your Name.com username and not the
token name. If you accidentally run the script with the token name as
the username see `~/.acme.sh/account.conf` to fix the issue
export Namecom_Username="testuser"
export Namecom_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
And now you can issue certs with:
acme.sh --issue --dns dns_namecom -d example.com -d www.example.com
For issues, please report to https://github.com/raidenii/acme.sh/issues.
Use Dyn Managed DNS API to automatically issue cert
---------------------------------------------------
First, login to your Dyn Managed DNS account:
https://portal.dynect.net/login/
It is recommended to add a new user specific for API access.
The minimum "Zones & Records Permissions" required are:
RecordAdd
RecordUpdate
RecordDelete
RecordGet
ZoneGet
ZoneAddNode
ZoneRemoveNode
ZonePublish
Pass the API user credentials to the environment:
export DYN_Customer="customer"
export DYN_Username="apiuser"
export DYN_Password="secret"
OK, let's issue a cert now:
acme.sh --issue --dns dns_dyn -d example.com -d www.example.com
The `DYN_Customer`, `DYN_Username` and `DYN_Password` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use pdd.yandex.ru API
---------------------
Follow these instructions to get the token for your domain
https://tech.yandex.com/domain/doc/concepts/access-docpage/
export PDD_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
OK, let's issue a cert now:
acme.sh --issue --dns dns_yandex -d mydomain.example.org
For issues, please report to https://github.com/non7top/acme.sh/issues.
Use Hurricane Electric
----------------------
Hurricane Electric (https://dns.he.net/) doesn't have an API so just set
your login credentials like so:
export HE_Username="yourusername"
export HE_Password="password"
OK, let's issue a cert now:
acme.sh --issue --dns dns_he -d example.com -d www.example.com
The `HE_Username` and `HE_Password` settings will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Please report any issues to https://github.com/angel333/acme.sh or to
<me@ondrejsimek.com>.
Use UnoEuro API to automatically issue cert
-------------------------------------------
First you need to login to your UnoEuro account to get your API key.
export UNO_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export UNO_User="UExxxxxx"
OK, let's issue a cert now:
acme.sh --issue --dns dns_unoeuro -d example.com -d www.example.com
The `UNO_Key` and `UNO_User` will be saved in `~/.acme.sh/account.conf`
and will be reused when needed.
Use INWX
--------
[INWX](https://www.inwx.de/) offers an [xmlrpc
api](https://www.inwx.de/de/help/apidoc) with your standard login
credentials, set them like so:
export INWX_User="yourusername"
export INWX_Password="password"
OK, let's issue a cert now:
acme.sh --issue --dns dns_inwx -d example.com -d www.example.com
The `INWX_User` and `INWX_Password` settings will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
If your account is secured by Mobile-TAN, you also have to define the
shared secret:
export INWX_Shared_Secret="shared secret"
You may need to re-enable the Mobile-TAN to get the shared secret.
Use Servercow API v1
---------------------
Create a new user from the servercow control center. Don't forget to
activate **DNS API** for this user.
export SERVERCOW_API_Username=username
export SERVERCOW_API_Password=password
OK, let's issue a cert now:
acme.sh --issue --dns dns_servercow -d example.com -d www.example.com
Both, `SERVERCOW_API_Username` and `SERVERCOW_API_Password` will be
saved in `~/.acme.sh/account.conf` and will be reused when needed.
Use Namesilo.com API
--------------------
You'll need to generate an API key at
https://www.namesilo.com/account_api.php Optionally you may restrict the
access to an IP range there.
export Namesilo_Key="xxxxxxxxxxxxxxxxxxxxxxxx"
OK, let's issue a cert now:
acme.sh --issue --dns dns_namesilo --dnssleep 900 -d example.com -d www.example.com
Use autoDNS (InternetX)
-----------------------
[InternetX](https://www.internetx.com/) offers an [XML
API](https://help.internetx.com/display/API/AutoDNS+XML-API) with your
standard login credentials, set them like so:
export AUTODNS_USER="yourusername"
export AUTODNS_PASSWORD="password"
export AUTODNS_CONTEXT="context"
OK, let's issue a cert now:
acme.sh --issue --dns dns_autodns -d example.com -d www.example.com
The `AUTODNS_USER`, `AUTODNS_PASSWORD` and `AUTODNS_CONTEXT` settings
will be saved in `~/.acme.sh/account.conf` and will be reused when
needed.
Use Azure DNS
-------------
You have to create a service principal first. See:[How to use Azure
DNS](https://github.com/Neilpang/acme.sh/wiki/How-to-use-Azure-DNS)
export AZUREDNS_SUBSCRIPTIONID="12345678-9abc-def0-1234-567890abcdef"
export AZUREDNS_TENANTID="11111111-2222-3333-4444-555555555555"
export AZUREDNS_APPID="3b5033b5-7a66-43a5-b3b9-a36b9e7c25ed"
export AZUREDNS_CLIENTSECRET="1b0224ef-34d4-5af9-110f-77f527d561bd"
OK, let's issue a cert now:
acme.sh --issue --dns dns_azure -d example.com -d www.example.com
`AZUREDNS_SUBSCRIPTIONID`, `AZUREDNS_TENANTID`, `AZUREDNS_APPID` and
`AZUREDNS_CLIENTSECRET` settings will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use selectel.com (selectel.ru) domain API to automatically issue cert
---------------------------------------------------------------------
First you need to login to your account to get your API key from:
https://my.selectel.ru/profile/apikeys.
export SL_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
OK, let's issue a cert now:
acme.sh --issue --dns dns_selectel -d example.com -d www.example.com
The `SL_Key` will be saved in `~/.acme.sh/account.conf` and will be
reused when needed.
Use zonomi.com domain API to automatically issue cert
-----------------------------------------------------
First you need to login to your account to find your API key from:
http://zonomi.com/app/dns/dyndns.jsp
Your will find your api key in the example urls:
https://zonomi.com/app/dns/dyndns.jsp?host=example.com&api_key=1063364558943540954358668888888888
export ZM_Key="1063364558943540954358668888888888"
OK, let's issue a cert now:
acme.sh --issue --dns dns_zonomi -d example.com -d www.example.com
The `ZM_Key` will be saved in `~/.acme.sh/account.conf` and will be
reused when needed.
Use DreamHost DNS API
---------------------
DNS API keys may be created at
https://panel.dreamhost.com/?tree=home.api. Ensure the created key has
add and remove privileges.
export DH_API_KEY="<api key>"
OK, let's issue a cert now:
acme.sh --issue --dns dns_dreamhost -d example.com -d www.example.com
The 'DH_API_KEY' will be saved in `~/.acme.sh/account.conf` and will
be reused when needed.
Use DirectAdmin API
-------------------
The DirectAdmin interface has it's own Let's Encrypt functionality, but
this script can be used to generate certificates for names which are not
hosted on DirectAdmin.
User must provide login data and URL to the DirectAdmin incl. port.
You can create an user which only has access to
- `CMD_API_DNS_CONTROL`
- `CMD_API_SHOW_DOMAINS`
By using the Login Keys function. See also
https://www.directadmin.com/api.php and
https://www.directadmin.com/features.php?id=1298
export DA_Api="https://remoteUser:remotePassword@da.domain.tld:8443"
export DA_Api_Insecure=1
Set `DA_Api_Insecure` to `1` for insecure and `0` for secure ->
difference is whether SSL cert is checked for validity (`0`) or whether
it is just accepted (`1`).
OK, let's issue a cert now:
acme.sh --issue --dns dns_da -d example.com -d www.example.com
The `DA_Api` and `DA_Api_Insecure` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use KingHost DNS API
--------------------
API access must be enabled at
https://painel.kinghost.com.br/painel.api.php
export KINGHOST_Username="yourusername"
export KINGHOST_Password="yourpassword"
OK, let's issue a cert now:
acme.sh --issue --dns dns_kinghost -d example.com -d *.example.com
The `KINGHOST_username` and `KINGHOST_Password` will be saved in
`~/.acme.sh/account.conf` and will be reused when needed.
Use Zilore DNS API
------------------
First, get your API key at https://my.zilore.com/account/api
export Zilore_Key="5dcad3a2-36cb-50e8-cb92-000002f9"
OK, let's issue a cert now:
acme.sh --issue --dns dns_zilore -d example.com -d *.example.com
The `Zilore_Key` will be saved in `~/.acme.sh/account.conf` and will be
reused when needed.
Use Loopia.se API
-----------------
User must provide login credentials to the Loopia API. The user needs
the following permissions:
- `addSubdomain`
- `updateZoneRecord`
- `getDomains`
- `removeSubdomain`
Set the login credentials:
export LOOPIA_User="user@loopiaapi"
export LOOPIA_Password="password"
OK, let's issue a cert now:
acme.sh --issue --dns dns_loopia -d example.com -d *.example.com
The username and password will be saved in `~/.acme.sh/account.conf` and
will be reused when needed.
Use ACME DNS API
----------------
ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME
DNS challenges easily and securely. https://github.com/joohoi/acme-dns
export ACMEDNS_UPDATE_URL="https://auth.acme-dns.io/update"
export ACMEDNS_USERNAME="<username>"
export ACMEDNS_PASSWORD="<password>"
export ACMEDNS_SUBDOMAIN="<subdomain>"
OK, let's issue a cert now:
acme.sh --issue --dns dns_acmedns -d example.com -d www.example.com
The credentials will be saved in `~/.acme.sh/account.conf` and will be
reused when needed.
Reference in New Issue View Git Blame Copy Permalink