]>
Commit | Line | Data |
---|---|---|
d20831e4 | 1 | # How to use DNS API |
39c6df29 | 2 | |
cd3ef8fa | 3 | If your dns provider doesn't provide api access, you can use our dns alias mode: |
681e3785 | 4 | |
5 | https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode | |
6 | ||
d20831e4 | 7 | ## 1. Use CloudFlare domain API to automatically issue cert |
39c6df29 | 8 | |
cd3ef8fa | 9 | First you need to login to your CloudFlare account to get your [API key](https://dash.cloudflare.com/profile). |
39c6df29 | 10 | |
11 | ``` | |
12 | export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
39c6df29 | 13 | export CF_Email="xxxx@sss.com" |
39c6df29 | 14 | ``` |
15 | ||
d20831e4 | 16 | Ok, let's issue a cert now: |
39c6df29 | 17 | ``` |
d20831e4 | 18 | acme.sh --issue --dns dns_cf -d example.com -d www.example.com |
39c6df29 | 19 | ``` |
20 | ||
d20831e4 | 21 | The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
39c6df29 | 22 | |
23 | ||
d20831e4 | 24 | ## 2. Use DNSPod.cn domain API to automatically issue cert |
39c6df29 | 25 | |
d20831e4 | 26 | First you need to login to your DNSPod account to get your API Key and ID. |
39c6df29 | 27 | |
28 | ``` | |
29 | export DP_Id="1234" | |
39c6df29 | 30 | export DP_Key="sADDsdasdgdsf" |
39c6df29 | 31 | ``` |
32 | ||
d20831e4 | 33 | Ok, let's issue a cert now: |
39c6df29 | 34 | ``` |
d20831e4 | 35 | acme.sh --issue --dns dns_dp -d example.com -d www.example.com |
39c6df29 | 36 | ``` |
37 | ||
d20831e4 | 38 | The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
39c6df29 | 39 | |
39c6df29 | 40 | |
d20831e4 | 41 | ## 3. Use CloudXNS.com domain API to automatically issue cert |
39c6df29 | 42 | |
d20831e4 | 43 | First you need to login to your CloudXNS account to get your API Key and Secret. |
39c6df29 | 44 | |
45 | ``` | |
46 | export CX_Key="1234" | |
86c9e55c | 47 | export CX_Secret="sADDsdasdgdsf" |
39c6df29 | 48 | ``` |
49 | ||
d20831e4 | 50 | Ok, let's issue a cert now: |
39c6df29 | 51 | ``` |
d20831e4 | 52 | acme.sh --issue --dns dns_cx -d example.com -d www.example.com |
39c6df29 | 53 | ``` |
54 | ||
d20831e4 | 55 | The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
39c6df29 | 56 | |
57 | ||
d20831e4 | 58 | ## 4. Use GoDaddy.com domain API to automatically issue cert |
30de13b4 | 59 | |
d20831e4 | 60 | First you need to login to your GoDaddy account to get your API Key and Secret. |
30de13b4 | 61 | |
62 | https://developer.godaddy.com/keys/ | |
63 | ||
d20831e4 | 64 | Please create a Production key, instead of a Test key. |
30de13b4 | 65 | |
66 | ``` | |
67 | export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
30de13b4 | 68 | export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd" |
30de13b4 | 69 | ``` |
70 | ||
d20831e4 | 71 | Ok, let's issue a cert now: |
30de13b4 | 72 | ``` |
d20831e4 | 73 | acme.sh --issue --dns dns_gd -d example.com -d www.example.com |
30de13b4 | 74 | ``` |
75 | ||
d20831e4 | 76 | The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
30de13b4 | 77 | |
d6f0c2b5 | 78 | |
d20831e4 | 79 | ## 5. Use PowerDNS embedded API to automatically issue cert |
d6f0c2b5 | 80 | |
d20831e4 | 81 | First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration. |
d6f0c2b5 MZ |
82 | |
83 | https://doc.powerdns.com/md/httpapi/README/ | |
84 | ||
85 | ``` | |
86 | export PDNS_Url="http://ns.example.com:8081" | |
87 | export PDNS_ServerId="localhost" | |
88 | export PDNS_Token="0123456789ABCDEF" | |
89 | export PDNS_Ttl=60 | |
d6f0c2b5 MZ |
90 | ``` |
91 | ||
d20831e4 | 92 | Ok, let's issue a cert now: |
d6f0c2b5 | 93 | ``` |
d20831e4 | 94 | acme.sh --issue --dns dns_pdns -d example.com -d www.example.com |
d6f0c2b5 MZ |
95 | ``` |
96 | ||
d20831e4 | 97 | The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
d6f0c2b5 | 98 | |
13ffa170 | 99 | |
d20831e4 | 100 | ## 6. Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert |
30de13b4 | 101 | |
73ba54a5 | 102 | https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api |
39c6df29 | 103 | |
d20831e4 | 104 | |
9882f342 | 105 | ## 7. Use nsupdate to automatically issue cert |
13ffa170 PK |
106 | |
107 | First, generate a key for updating the zone | |
108 | ``` | |
109 | b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo) | |
110 | cat > /etc/named/keys/update.key <<EOF | |
111 | key "update" { | |
112 | algorithm hmac-sha512; | |
113 | secret "$(awk '/^Key/{print $2}' /tmp/$b.private)"; | |
114 | }; | |
115 | EOF | |
116 | rm -f /tmp/$b.{private,key} | |
117 | ``` | |
118 | ||
119 | Include this key in your named configuration | |
120 | ``` | |
121 | include "/etc/named/keys/update.key"; | |
122 | ``` | |
123 | ||
124 | Next, configure your zone to allow dynamic updates. | |
d20831e4 | 125 | |
13ffa170 PK |
126 | Depending on your named version, use either |
127 | ``` | |
128 | zone "example.com" { | |
129 | type master; | |
130 | allow-update { key "update"; }; | |
131 | }; | |
132 | ``` | |
133 | or | |
134 | ``` | |
135 | zone "example.com" { | |
136 | type master; | |
137 | update-policy { | |
138 | grant update subdomain example.com.; | |
139 | }; | |
140 | } | |
141 | ``` | |
d20831e4 AL |
142 | |
143 | Finally, make the DNS server and update Key available to `acme.sh` | |
144 | ||
13ffa170 | 145 | ``` |
d20831e4 | 146 | export NSUPDATE_SERVER="dns.example.com" |
7eea9533 | 147 | export NSUPDATE_KEY="/path/to/your/nsupdate.key" |
13ffa170 | 148 | ``` |
1a774909 DD |
149 | and optionally (depending on DNS server) |
150 | ``` | |
151 | export NSUPDATE_ZONE="example.com" | |
152 | ``` | |
13ffa170 | 153 | |
d20831e4 | 154 | Ok, let's issue a cert now: |
13ffa170 | 155 | ``` |
d20831e4 | 156 | acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com |
13ffa170 PK |
157 | ``` |
158 | ||
1a774909 | 159 | The `NSUPDATE_SERVER`, `NSUPDATE_KEY`, and `NSUPDATE_ZONE` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
d20831e4 | 160 | |
13ffa170 | 161 | |
9882f342 | 162 | ## 8. Use LuaDNS domain API |
f58e83ee | 163 | |
164 | Get your API token at https://api.luadns.com/settings | |
165 | ||
166 | ``` | |
167 | export LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
f58e83ee | 168 | export LUA_Email="xxxx@sss.com" |
f58e83ee | 169 | ``` |
170 | ||
171 | To issue a cert: | |
172 | ``` | |
d20831e4 | 173 | acme.sh --issue --dns dns_lua -d example.com -d www.example.com |
f58e83ee | 174 | ``` |
175 | ||
d20831e4 AL |
176 | The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
177 | ||
f58e83ee | 178 | |
9882f342 | 179 | ## 9. Use DNSMadeEasy domain API |
b9091e14 | 180 | |
181 | Get your API credentials at https://cp.dnsmadeeasy.com/account/info | |
182 | ||
183 | ``` | |
184 | export ME_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
b9091e14 | 185 | export ME_Secret="qdfqsdfkjdskfj" |
b9091e14 | 186 | ``` |
187 | ||
188 | To issue a cert: | |
189 | ``` | |
d20831e4 | 190 | acme.sh --issue --dns dns_me -d example.com -d www.example.com |
b9091e14 | 191 | ``` |
192 | ||
d20831e4 AL |
193 | The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
194 | ||
b9091e14 | 195 | |
5b771039 | 196 | ## 10. Use Amazon Route53 domain API |
197 | ||
198 | https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API | |
199 | ||
200 | ``` | |
201 | export AWS_ACCESS_KEY_ID=XXXXXXXXXX | |
202 | export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX | |
203 | ``` | |
204 | ||
205 | To issue a cert: | |
206 | ``` | |
207 | acme.sh --issue --dns dns_aws -d example.com -d www.example.com | |
208 | ``` | |
209 | ||
210 | The `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
211 | ||
be39ab32 | 212 | ## 11. Use Aliyun domain API to automatically issue cert |
213 | ||
214 | First you need to login to your Aliyun account to get your API key. | |
215 | [https://ak-console.aliyun.com/#/accesskey](https://ak-console.aliyun.com/#/accesskey) | |
216 | ||
217 | ``` | |
218 | export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
219 | export Ali_Secret="jlsdflanljkljlfdsaklkjflsa" | |
220 | ``` | |
221 | ||
222 | Ok, let's issue a cert now: | |
223 | ``` | |
224 | acme.sh --issue --dns dns_ali -d example.com -d www.example.com | |
225 | ``` | |
226 | ||
227 | The `Ali_Key` and `Ali_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
228 | ||
192ede5e | 229 | ## 12. Use ISPConfig 3.1 API |
230 | ||
231 | This only works for ISPConfig 3.1 (and newer). | |
232 | ||
233 | Create a Remote User in the ISPConfig Control Panel. The Remote User must have access to at least `DNS zone functions` and `DNS txt functions`. | |
234 | ||
235 | ``` | |
236 | export ISPC_User="xxx" | |
237 | export ISPC_Password="xxx" | |
238 | export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php" | |
239 | export ISPC_Api_Insecure=1 | |
240 | ``` | |
241 | If you have installed ISPConfig on a different port, then alter the 8080 accordingly. | |
242 | Leaver ISPC_Api_Insecure set to 1 if you have not a valid ssl cert for your installation. Change it to 0 if you have a valid ssl cert. | |
243 | ||
244 | To issue a cert: | |
245 | ``` | |
246 | acme.sh --issue --dns dns_ispconfig -d example.com -d www.example.com | |
247 | ``` | |
248 | ||
249 | The `ISPC_User`, `ISPC_Password`, `ISPC_Api`and `ISPC_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
250 | ||
180f05f6 PK |
251 | ## 13. Use Alwaysdata domain API |
252 | ||
253 | First you need to login to your Alwaysdata account to get your API Key. | |
254 | ||
255 | ```sh | |
256 | export AD_API_KEY="myalwaysdataapikey" | |
257 | ``` | |
258 | ||
259 | Ok, let's issue a cert now: | |
260 | ||
261 | ```sh | |
262 | acme.sh --issue --dns dns_ad -d example.com -d www.example.com | |
263 | ``` | |
264 | ||
265 | The `AD_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused | |
266 | when needed. | |
267 | ||
38f23343 PG |
268 | ## 14. Use Linode domain API |
269 | ||
c8c1140f AS |
270 | The tokens created in the classic manager and cloud manager are incompatible |
271 | with one another. While the classic manager makes an all or nothing API, the | |
272 | newer cloud manager interface promises to produce API keys with a finer | |
273 | permission system. However, either way works just fine. | |
274 | ||
275 | ### Classic Manager ### | |
276 | ||
277 | Classic Manager: https://manager.linode.com/profile/api | |
278 | ||
dd17ac50 | 279 | First you need to login to your Linode account to get your API Key. |
38f23343 | 280 | |
c8c1140f AS |
281 | Then add an API key with label *ACME* and copy the new key into the following |
282 | command. | |
38f23343 | 283 | |
dd17ac50 PG |
284 | ```sh |
285 | export LINODE_API_KEY="..." | |
38f23343 PG |
286 | ``` |
287 | ||
c8c1140f AS |
288 | Due to the reload time of any changes in the DNS records, we have to use the |
289 | `dnssleep` option to wait at least 15 minutes for the changes to take effect. | |
38f23343 | 290 | |
dd17ac50 PG |
291 | Ok, let's issue a cert now: |
292 | ||
38f23343 PG |
293 | ```sh |
294 | acme.sh --issue --dns dns_linode --dnssleep 900 -d example.com -d www.example.com | |
295 | ``` | |
296 | ||
c8c1140f AS |
297 | The `LINODE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be |
298 | reused when needed. | |
299 | ||
300 | ### Cloud Manager ### | |
301 | ||
302 | Cloud Manager: https://cloud.linode.com/profile/tokens | |
303 | ||
304 | First you need to login to your Linode account to get your API Key. | |
305 | ||
306 | 1. Click on "Add a Personal Access Token". | |
307 | 2. Give the new key a "Label" (we recommend *ACME*) | |
308 | 3. Give it Read/Write access to "Domains" | |
309 | 4. "Submit" and copy the new key into the `LINODE_V4_API_KEY` command below. | |
310 | ||
311 | ```sh | |
312 | export LINODE_V4_API_KEY="..." | |
313 | ``` | |
314 | ||
315 | Due to the reload time of any changes in the DNS records, we have to use the | |
316 | `dnssleep` option to wait at least 15 minutes for the changes to take effect. | |
317 | ||
318 | Ok, let's issue a cert now: | |
319 | ||
320 | ```sh | |
321 | acme.sh --issue --dns dns_linode_v4 --dnssleep 900 -d example.com -d www.example.com | |
322 | ``` | |
323 | ||
324 | The `LINODE_V4_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be | |
325 | reused when needed. | |
dd17ac50 | 326 | |
e6b940e2 | 327 | ## 15. Use FreeDNS |
0aed065a DK |
328 | |
329 | FreeDNS (https://freedns.afraid.org/) does not provide an API to update DNS records (other than IPv4 and IPv6 | |
330 | dynamic DNS addresses). The acme.sh plugin therefore retrieves and updates domain TXT records by logging | |
331 | into the FreeDNS website to read the HTML and posting updates as HTTP. The plugin needs to know your | |
332 | userid and password for the FreeDNS website. | |
333 | ||
334 | ```sh | |
335 | export FREEDNS_User="..." | |
336 | export FREEDNS_Password="..." | |
337 | ``` | |
338 | ||
339 | You need only provide this the first time you run the acme.sh client with FreeDNS validation and then again | |
340 | whenever you change your password at the FreeDNS site. The acme.sh FreeDNS plugin does not store your userid | |
341 | or password but rather saves an authentication token returned by FreeDNS in `~/.acme.sh/account.conf` and | |
342 | reuses that when needed. | |
343 | ||
344 | Now you can issue a certificate. | |
345 | ||
346 | ```sh | |
e6b940e2 | 347 | acme.sh --issue --dns dns_freedns -d example.com -d www.example.com |
0aed065a DK |
348 | ``` |
349 | ||
f78b656f | 350 | Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that |
3d22708f | 351 | you create under a FreeDNS public domain. You must own the top level domain in order to automatically |
f78b656f DK |
352 | validate with acme.sh at FreeDNS. |
353 | ||
edfefb67 AL |
354 | ## 16. Use cyon.ch |
355 | ||
356 | You only need to set your cyon.ch login credentials. | |
357 | If you also have 2 Factor Authentication (OTP) enabled, you need to set your secret token too and have `oathtool` installed. | |
358 | ||
359 | ``` | |
afa3fc8b AL |
360 | export CY_Username="your_cyon_username" |
361 | export CY_Password="your_cyon_password" | |
362 | export CY_OTP_Secret="your_otp_secret" # Only required if using 2FA | |
edfefb67 AL |
363 | ``` |
364 | ||
365 | To issue a cert: | |
366 | ``` | |
367 | acme.sh --issue --dns dns_cyon -d example.com -d www.example.com | |
368 | ``` | |
369 | ||
afa3fc8b | 370 | The `CY_Username`, `CY_Password` and `CY_OTP_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
edfefb67 | 371 | |
3d6a125b SS |
372 | ## 17. Use Domain-Offensive/Resellerinterface/Domainrobot API |
373 | ||
fbd8ab47 | 374 | ATTENTION: You need to be a registered Reseller to be able to use the ResellerInterface. As a normal user you can not use this method. |
375 | ||
3d6a125b SS |
376 | You will need your login credentials (Partner ID+Password) to the Resellerinterface, and export them before you run `acme.sh`: |
377 | ``` | |
378 | export DO_PID="KD-1234567" | |
379 | export DO_PW="cdfkjl3n2" | |
380 | ``` | |
381 | ||
382 | Ok, let's issue a cert now: | |
383 | ``` | |
384 | acme.sh --issue --dns dns_do -d example.com -d www.example.com | |
385 | ``` | |
386 | ||
fab2d9dc FC |
387 | ## 18. Use Gandi LiveDNS API |
388 | ||
9683ffe1 | 389 | You must enable the new Gandi LiveDNS API first and the create your api key, See: http://doc.livedns.gandi.net/ |
390 | ||
fab2d9dc FC |
391 | ``` |
392 | export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk" | |
393 | ``` | |
394 | ||
395 | Ok, let's issue a cert now: | |
396 | ``` | |
397 | acme.sh --issue --dns dns_gandi_livedns -d example.com -d www.example.com | |
398 | ``` | |
399 | ||
9c87a589 | 400 | ## 19. Use Knot (knsupdate) DNS API to automatically issue cert |
401 | ||
402 | First, generate a TSIG key for updating the zone. | |
403 | ||
404 | ``` | |
7f59d7ea | 405 | keymgr tsig generate -t acme_key hmac-sha512 > /etc/knot/acme.key |
9c87a589 | 406 | ``` |
407 | ||
408 | Include this key in your knot configuration file. | |
409 | ||
410 | ``` | |
411 | include: /etc/knot/acme.key | |
412 | ``` | |
413 | ||
414 | Next, configure your zone to allow dynamic updates. | |
415 | ||
416 | Dynamic updates for the zone are allowed via proper ACL rule with the `update` action. For in-depth instructions, please see [Knot DNS's documentation](https://www.knot-dns.cz/documentation/). | |
417 | ||
418 | ``` | |
419 | acl: | |
420 | - id: acme_acl | |
421 | address: 192.168.1.0/24 | |
422 | key: acme_key | |
423 | action: update | |
424 | ||
425 | zone: | |
426 | - domain: example.com | |
427 | file: example.com.zone | |
428 | acl: acme_acl | |
429 | ``` | |
430 | ||
431 | Finally, make the DNS server and TSIG Key available to `acme.sh` | |
432 | ||
433 | ``` | |
434 | export KNOT_SERVER="dns.example.com" | |
435 | export KNOT_KEY=`grep \# /etc/knot/acme.key | cut -d' ' -f2` | |
436 | ``` | |
437 | ||
438 | Ok, let's issue a cert now: | |
439 | ``` | |
440 | acme.sh --issue --dns dns_knot -d example.com -d www.example.com | |
441 | ``` | |
442 | ||
443 | The `KNOT_SERVER` and `KNOT_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
444 | ||
ac690fce | 445 | ## 20. Use DigitalOcean API (native) |
446 | ||
447 | You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/ | |
448 | ||
449 | ``` | |
450 | export DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc" | |
451 | ``` | |
452 | ||
453 | Ok, let's issue a cert now: | |
454 | ``` | |
455 | acme.sh --issue --dns dns_dgon -d example.com -d www.example.com | |
456 | ``` | |
457 | ||
3e9478b5 | 458 | ## 21. Use ClouDNS.net API |
3b7fbcd0 | 459 | |
212d0f24 | 460 | You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/. For security reasons, it's recommended to use a sub user ID that only has access to the necessary zones, as a regular API user has access to your entire account. |
3b7fbcd0 | 461 | |
462 | ``` | |
212d0f24 DLN |
463 | # Use this for a sub auth ID |
464 | export CLOUDNS_SUB_AUTH_ID=XXXXX | |
465 | # Use this for a regular auth ID | |
466 | #export CLOUDNS_AUTH_ID=XXXXX | |
3b7fbcd0 | 467 | export CLOUDNS_AUTH_PASSWORD="YYYYYYYYY" |
468 | ``` | |
469 | ||
470 | Ok, let's issue a cert now: | |
471 | ``` | |
472 | acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com | |
473 | ``` | |
ee56b9cd | 474 | The `CLOUDNS_AUTH_ID` and `CLOUDNS_AUTH_PASSWORD` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
3b7fbcd0 | 475 | |
d0392950 | 476 | ## 22. Use Infoblox API |
1994c682 | 477 | |
d0392950 | 478 | First you need to create/obtain API credentials on your Infoblox appliance. |
1994c682 | 479 | |
d0392950 J |
480 | ``` |
481 | export Infoblox_Creds="username:password" | |
482 | export Infoblox_Server="ip or fqdn of infoblox appliance" | |
483 | ``` | |
1994c682 | 484 | |
d0392950 J |
485 | Ok, let's issue a cert now: |
486 | ``` | |
487 | acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com | |
488 | ``` | |
1994c682 | 489 | |
d0392950 J |
490 | Note: This script will automatically create and delete the ephemeral txt record. |
491 | The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
492 | ||
a6e5876d | 493 | |
494 | ## 23. Use VSCALE API | |
1994c682 | 495 | |
a6e5876d | 496 | First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/). |
1994c682 | 497 | |
a6e5876d | 498 | ``` |
4b581f37 | 499 | export VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" |
a6e5876d | 500 | ``` |
1994c682 | 501 | |
a6e5876d | 502 | Ok, let's issue a cert now: |
503 | ``` | |
504 | acme.sh --issue --dns dns_vscale -d example.com -d www.example.com | |
505 | ``` | |
506 | ||
507 | ## 24. Use Dynu API | |
afb67d37 | 508 | |
509 | First you need to create/obtain API credentials from your Dynu account. See: https://www.dynu.com/resources/api/documentation | |
510 | ||
511 | ``` | |
512 | export Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" | |
513 | export Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy" | |
514 | ``` | |
515 | ||
516 | Ok, let's issue a cert now: | |
517 | ``` | |
518 | acme.sh --issue --dns dns_dynu -d example.com -d www.example.com | |
519 | ``` | |
520 | ||
521 | The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
522 | ||
1994c682 MT |
523 | ## 25. Use DNSimple API |
524 | ||
525 | First you need to login to your DNSimple account and generate a new oauth token. | |
526 | ||
527 | https://dnsimple.com/a/{your account id}/account/access_tokens | |
528 | ||
529 | Note that this is an _account_ token and not a user token. The account token is | |
530 | needed to infer the `account_id` used in requests. A user token will not be able | |
531 | to determine the correct account to use. | |
532 | ||
533 | ``` | |
534 | export DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
535 | ``` | |
536 | ||
537 | To issue the cert just specify the `dns_dnsimple` API. | |
538 | ||
539 | ``` | |
540 | acme.sh --issue --dns dns_dnsimple -d example.com | |
541 | ``` | |
542 | ||
543 | The `DNSimple_OAUTH_TOKEN` will be saved in `~/.acme.sh/account.conf` and will | |
544 | be reused when needed. | |
27a05ff2 | 545 | |
2b092539 MT |
546 | If you have any issues with this integration please report them to |
547 | https://github.com/pho3nixf1re/acme.sh/issues. | |
548 | ||
dff641a6 | 549 | ## 26. Use NS1.com API |
5e3a5f62 | 550 | |
551 | ``` | |
552 | export NS1_Key="fdmlfsdklmfdkmqsdfk" | |
553 | ``` | |
554 | ||
555 | Ok, let's issue a cert now: | |
556 | ``` | |
557 | acme.sh --issue --dns dns_nsone -d example.com -d www.example.com | |
558 | ``` | |
559 | ||
1a504118 R |
560 | ## 27. Use DuckDNS.org API |
561 | ||
562 | ``` | |
563 | export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" | |
564 | ``` | |
565 | ||
2c83224f | 566 | Please note that since DuckDNS uses StartSSL as their cert provider, thus |
96801e34 | 567 | --insecure may need to be used when issuing certs: |
1a504118 R |
568 | ``` |
569 | acme.sh --insecure --issue --dns dns_duckdns -d mydomain.duckdns.org | |
570 | ``` | |
571 | ||
1a504118 R |
572 | For issues, please report to https://github.com/raidenii/acme.sh/issues. |
573 | ||
574 | ## 28. Use Name.com API | |
575 | ||
ba9e7fbf JG |
576 | Create your API token here: https://www.name.com/account/settings/api |
577 | ||
578 | Note: `Namecom_Username` should be your Name.com username and not the token name. If you accidentally run the script with the token name as the username see `~/.acme.sh/account.conf` to fix the issue | |
3002f6df | 579 | |
333090a9 | 580 | ``` |
1a504118 R |
581 | export Namecom_Username="testuser" |
582 | export Namecom_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | |
583 | ``` | |
584 | ||
585 | And now you can issue certs with: | |
333090a9 | 586 | |
1a504118 R |
587 | ``` |
588 | acme.sh --issue --dns dns_namecom -d example.com -d www.example.com | |
589 | ``` | |
590 | ||
591 | For issues, please report to https://github.com/raidenii/acme.sh/issues. | |
592 | ||
42b2adc0 LA |
593 | ## 29. Use Dyn Managed DNS API to automatically issue cert |
594 | ||
595 | First, login to your Dyn Managed DNS account: https://portal.dynect.net/login/ | |
596 | ||
597 | It is recommended to add a new user specific for API access. | |
598 | ||
599 | The minimum "Zones & Records Permissions" required are: | |
600 | ``` | |
601 | RecordAdd | |
602 | RecordUpdate | |
603 | RecordDelete | |
604 | RecordGet | |
605 | ZoneGet | |
606 | ZoneAddNode | |
607 | ZoneRemoveNode | |
608 | ZonePublish | |
609 | ``` | |
610 | ||
611 | Pass the API user credentials to the environment: | |
612 | ``` | |
613 | export DYN_Customer="customer" | |
614 | export DYN_Username="apiuser" | |
615 | export DYN_Password="secret" | |
616 | ``` | |
617 | ||
618 | Ok, let's issue a cert now: | |
619 | ``` | |
620 | acme.sh --issue --dns dns_dyn -d example.com -d www.example.com | |
621 | ``` | |
622 | ||
623 | The `DYN_Customer`, `DYN_Username` and `DYN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
624 | ||
ae302ee6 VB |
625 | ## 30. Use pdd.yandex.ru API |
626 | ||
627 | ``` | |
628 | export PDD_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | |
629 | ``` | |
630 | ||
631 | Follow these instructions to get the token for your domain https://tech.yandex.com/domain/doc/concepts/access-docpage/ | |
632 | ``` | |
633 | acme.sh --issue --dns dns_yandex -d mydomain.example.org | |
634 | ``` | |
635 | ||
636 | For issues, please report to https://github.com/non7top/acme.sh/issues. | |
42b2adc0 | 637 | |
5c3b41bd | 638 | ## 31. Use Hurricane Electric |
7d64e141 | 639 | |
2655e726 | 640 | Hurricane Electric (https://dns.he.net/) doesn't have an API so just set your login credentials like so: |
7d64e141 OS |
641 | |
642 | ``` | |
643 | export HE_Username="yourusername" | |
644 | export HE_Password="password" | |
645 | ``` | |
646 | ||
647 | Then you can issue your certificate: | |
648 | ||
649 | ``` | |
650 | acme.sh --issue --dns dns_he -d example.com -d www.example.com | |
651 | ``` | |
652 | ||
653 | The `HE_Username` and `HE_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
654 | ||
655 | Please report any issues to https://github.com/angel333/acme.sh or to <me@ondrejsimek.com>. | |
42b2adc0 | 656 | |
78712245 A |
657 | ## 32. Use UnoEuro API to automatically issue cert |
658 | ||
659 | First you need to login to your UnoEuro account to get your API key. | |
660 | ||
661 | ``` | |
fb6e0658 A |
662 | export UNO_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" |
663 | export UNO_User="UExxxxxx" | |
78712245 A |
664 | ``` |
665 | ||
666 | Ok, let's issue a cert now: | |
667 | ``` | |
668 | acme.sh --issue --dns dns_unoeuro -d example.com -d www.example.com | |
669 | ``` | |
670 | ||
fb6e0658 | 671 | The `UNO_Key` and `UNO_User` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. |
78712245 | 672 | |
454ad6f8 | 673 | ## 33. Use INWX |
657334fb | 674 | |
f7c346de | 675 | [INWX](https://www.inwx.de/) offers an [xmlrpc api](https://www.inwx.de/de/help/apidoc) with your standard login credentials, set them like so: |
657334fb | 676 | |
677 | ``` | |
678 | export INWX_User="yourusername" | |
679 | export INWX_Password="password" | |
680 | ``` | |
681 | ||
682 | Then you can issue your certificates with: | |
683 | ||
684 | ``` | |
685 | acme.sh --issue --dns dns_inwx -d example.com -d www.example.com | |
686 | ``` | |
687 | ||
688 | The `INWX_User` and `INWX_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
689 | ||
63f32835 JOK |
690 | If your account is secured by mobile tan you have also defined the shared secret. |
691 | ||
692 | ``` | |
693 | export INWX_Shared_Secret="shared secret" | |
694 | ``` | |
695 | ||
696 | You may need to re-enable the mobile tan to gain the shared secret. | |
697 | ||
ae299297 JH |
698 | ## 34. User Servercow API v1 |
699 | ||
700 | Create a new user from the servercow control center. Don't forget to activate **DNS API** for this user. | |
701 | ||
702 | ``` | |
703 | export SERVERCOW_API_Username=username | |
704 | export SERVERCOW_API_Password=password | |
705 | ``` | |
706 | ||
707 | Now you cann issue a cert: | |
708 | ||
709 | ``` | |
710 | acme.sh --issue --dns dns_servercow -d example.com -d www.example.com | |
711 | ``` | |
712 | Both, `SERVERCOW_API_Username` and `SERVERCOW_API_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
713 | ||
eb207322 M |
714 | ## 35. Use Namesilo.com API |
715 | ||
716 | You'll need to generate an API key at https://www.namesilo.com/account_api.php | |
717 | Optionally you may restrict the access to an IP range there. | |
718 | ||
719 | ``` | |
720 | export Namesilo_Key="xxxxxxxxxxxxxxxxxxxxxxxx" | |
721 | ``` | |
722 | ||
723 | And now you can issue certs with: | |
724 | ||
725 | ``` | |
726 | acme.sh --issue --dns dns_namesilo --dnssleep 900 -d example.com -d www.example.com | |
727 | ``` | |
728 | ||
258cf20c | 729 | ## 36. Use autoDNS (InternetX) |
a01da2fd A |
730 | |
731 | [InternetX](https://www.internetx.com/) offers an [xml api](https://help.internetx.com/display/API/AutoDNS+XML-API) with your standard login credentials, set them like so: | |
732 | ||
733 | ``` | |
734 | export AUTODNS_USER="yourusername" | |
735 | export AUTODNS_PASSWORD="password" | |
736 | export AUTODNS_CONTEXT="context" | |
737 | ``` | |
738 | ||
739 | Then you can issue your certificates with: | |
740 | ||
741 | ``` | |
742 | acme.sh --issue --dns dns_autodns -d example.com -d www.example.com | |
743 | ``` | |
744 | ||
745 | The `AUTODNS_USER`, `AUTODNS_PASSWORD` and `AUTODNS_CONTEXT` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
746 | ||
b6fc8398 | 747 | ## 37. Use Azure DNS |
748 | ||
c82cd90e | 749 | You have to create a service principal first. See:[How to use Azure DNS](../../../wiki/How-to-use-Azure-DNS) |
b6fc8398 | 750 | |
751 | ``` | |
752 | export AZUREDNS_SUBSCRIPTIONID="12345678-9abc-def0-1234-567890abcdef" | |
753 | export AZUREDNS_TENANTID="11111111-2222-3333-4444-555555555555" | |
754 | export AZUREDNS_APPID="3b5033b5-7a66-43a5-b3b9-a36b9e7c25ed" | |
755 | export AZUREDNS_CLIENTSECRET="1b0224ef-34d4-5af9-110f-77f527d561bd" | |
756 | ``` | |
757 | ||
758 | Then you can issue your certificates with: | |
759 | ||
760 | ``` | |
761 | acme.sh --issue --dns dns_azure -d example.com -d www.example.com | |
762 | ``` | |
763 | ||
764 | `AZUREDNS_SUBSCRIPTIONID`, `AZUREDNS_TENANTID`,`AZUREDNS_APPID` and `AZUREDNS_CLIENTSECRET` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
765 | ||
a4fc802d | 766 | ## 38. Use selectel.com(selectel.ru) domain API to automatically issue cert |
767 | ||
768 | First you need to login to your account to get your API key from: https://my.selectel.ru/profile/apikeys. | |
769 | ||
770 | ```sh | |
771 | export SL_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
772 | ||
773 | ``` | |
774 | ||
775 | Ok, let's issue a cert now: | |
776 | ``` | |
777 | acme.sh --issue --dns dns_selectel -d example.com -d www.example.com | |
778 | ``` | |
779 | ||
780 | The `SL_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
781 | ||
6ca5f3d8 | 782 | ## 39. Use zonomi.com domain API to automatically issue cert |
783 | ||
784 | First you need to login to your account to find your API key from: http://zonomi.com/app/dns/dyndns.jsp | |
785 | ||
786 | Your will find your api key in the example urls: | |
787 | ||
788 | ```sh | |
789 | https://zonomi.com/app/dns/dyndns.jsp?host=example.com&api_key=1063364558943540954358668888888888 | |
790 | ``` | |
791 | ||
792 | ```sh | |
793 | export ZM_Key="1063364558943540954358668888888888" | |
794 | ||
795 | ``` | |
796 | ||
797 | Ok, let's issue a cert now: | |
798 | ``` | |
799 | acme.sh --issue --dns dns_zonomi -d example.com -d www.example.com | |
800 | ``` | |
801 | ||
802 | The `ZM_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
803 | ||
2ef9904d | 804 | ## 40. Use DreamHost DNS API |
2c83224f MD |
805 | |
806 | DNS API keys may be created at https://panel.dreamhost.com/?tree=home.api. | |
807 | Ensure the created key has add and remove privelages. | |
808 | ||
809 | ``` | |
5b355c6c | 810 | export DH_API_KEY="<api key>" |
2c83224f MD |
811 | acme.sh --issue --dns dns_dreamhost -d example.com -d www.example.com |
812 | ``` | |
813 | ||
814 | The 'DH_API_KEY' will be saved in `~/.acme.sh/account.conf` and will | |
815 | be reused when needed. | |
a4fc802d | 816 | |
14c27554 T |
817 | ## 41. Use DirectAdmin API |
818 | The DirectAdmin interface has it's own Let's encrypt functionality, but this | |
819 | script can be used to generate certificates for names which are not hosted on | |
820 | DirectAdmin | |
821 | ||
822 | User must provide login data and URL to the DirectAdmin incl. port. | |
823 | You can create an user which only has access to | |
824 | ||
825 | - CMD_API_DNS_CONTROL | |
826 | - CMD_API_SHOW_DOMAINS | |
827 | ||
828 | By using the Login Keys function. | |
829 | See also https://www.directadmin.com/api.php and https://www.directadmin.com/features.php?id=1298 | |
830 | ||
831 | ``` | |
832 | export DA_Api="https://remoteUser:remotePassword@da.domain.tld:8443" | |
833 | export DA_Api_Insecure=1 | |
834 | ``` | |
835 | Set `DA_Api_Insecure` to 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1) | |
836 | ||
837 | Ok, let's issue a cert now: | |
838 | ``` | |
839 | acme.sh --issue --dns dns_da -d example.com -d www.example.com | |
840 | ``` | |
841 | ||
842 | The `DA_Api` and `DA_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
843 | ||
2ff6f4d3 FB |
844 | ## 42. Use KingHost DNS API |
845 | ||
846 | API access must be enabled at https://painel.kinghost.com.br/painel.api.php | |
847 | ||
848 | ``` | |
86ef6e69 | 849 | export KINGHOST_Username="yourusername" |
2ff6f4d3 FB |
850 | export KINGHOST_Password="yourpassword" |
851 | acme.sh --issue --dns dns_kinghost -d example.com -d *.example.com | |
852 | ``` | |
853 | ||
854 | The `KINGHOST_username` and `KINGHOST_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
14c27554 | 855 | |
ce9c2274 H |
856 | ## 43. Use Zilore DNS API |
857 | ||
98e15f65 | 858 | First, get your API key at https://my.zilore.com/account/api |
ce9c2274 H |
859 | |
860 | ``` | |
861 | export Zilore_Key="5dcad3a2-36cb-50e8-cb92-000002f9" | |
862 | ``` | |
863 | ||
864 | Ok, let's issue a cert now: | |
865 | ``` | |
98e15f65 | 866 | acme.sh --issue --dns dns_zilore -d example.com -d *.example.com |
ce9c2274 H |
867 | ``` |
868 | ||
869 | The `Zilore_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
870 | ||
b7d573a4 | 871 | ## 44. Use Loopia.se API |
7a46293f IL |
872 | User must provide login credentials to the Loopia API. |
873 | The user needs the following permissions: | |
874 | ||
875 | - addSubdomain | |
876 | - updateZoneRecord | |
877 | - getDomains | |
878 | - removeSubdomain | |
879 | ||
880 | Set the login credentials: | |
881 | ``` | |
882 | export LOOPIA_User="user@loopiaapi" | |
883 | export LOOPIA_Password="password" | |
884 | ``` | |
885 | ||
886 | And to issue a cert: | |
887 | ``` | |
888 | acme.sh --issue --dns dns_loopia -d example.com -d *.example.com | |
889 | ``` | |
890 | ||
891 | The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
dd72f763 WE |
892 | ## 45. Use ACME DNS API |
893 | ||
cd3ef8fa | 894 | ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely. |
dd72f763 WE |
895 | https://github.com/joohoi/acme-dns |
896 | ||
897 | ``` | |
898 | export ACMEDNS_UPDATE_URL="https://auth.acme-dns.io/update" | |
899 | export ACMEDNS_USERNAME="<username>" | |
900 | export ACMEDNS_PASSWORD="<password>" | |
901 | export ACMEDNS_SUBDOMAIN="<subdomain>" | |
902 | ||
903 | acme.sh --issue --dns dns_acmedns -d example.com -d www.example.com | |
904 | ``` | |
905 | ||
906 | The credentials will be saved in `~/.acme.sh/account.conf` and will | |
907 | be reused when needed. | |
4e05062d | 908 | ## 46. Use TELE3 API |
7a46293f | 909 | |
4e05062d RB |
910 | First you need to login to your TELE3 account to set your API-KEY. |
911 | https://www.tele3.cz/system-acme-api.html | |
912 | ||
913 | ``` | |
914 | export TELE3_Key="MS2I4uPPaI..." | |
915 | export TELE3_Secret="kjhOIHGJKHg" | |
916 | ||
917 | acme.sh --issue --dns dns_tele3 -d example.com -d *.example.com | |
918 | ``` | |
919 | ||
920 | The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed. | |
3cd5b9ca | 921 | |
616b0b6b | 922 | ## 47. Use Euserv.eu API |
94f91ae6 | 923 | |
d99968ee | 924 | First you need to login to your euserv.eu account and activate your API Administration (API Verwaltung). |
94f91ae6 M |
925 | [https://support.euserv.com](https://support.euserv.com) |
926 | ||
d99968ee | 927 | Once you've activate, login to your API Admin Interface and create an API account. |
94f91ae6 M |
928 | Please specify the scope (active groups: domain) and assign the allowed IPs. |
929 | ||
94f91ae6 M |
930 | ``` |
931 | export EUSERV_Username="99999.user123" | |
932 | export EUSERV_Password="Asbe54gHde" | |
933 | ``` | |
934 | ||
616b0b6b | 935 | Ok, let's issue a cert now: (Be aware to use the `--insecure` flag, cause euserv.eu is still using self-signed certificates!) |
94f91ae6 M |
936 | ``` |
937 | acme.sh --issue --dns dns_euserv -d example.com -d *.example.com --insecure | |
938 | ``` | |
939 | ||
940 | The `EUSERV_Username` and `EUSERV_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
941 | ||
942 | Please report any issues to https://github.com/initit/acme.sh or to <github@initit.de> | |
1d4dec55 | 943 | |
22cd408e H |
944 | ## 48. Use DNSPod.com domain API to automatically issue cert |
945 | ||
946 | First you need to get your API Key and ID by this [get-the-user-token](https://www.dnspod.com/docs/info.html#get-the-user-token). | |
947 | ||
948 | ``` | |
949 | export DPI_Id="1234" | |
950 | export DPI_Key="sADDsdasdgdsf" | |
951 | ``` | |
952 | ||
953 | Ok, let's issue a cert now: | |
954 | ``` | |
955 | acme.sh --issue --dns dns_dpi -d example.com -d www.example.com | |
956 | ``` | |
957 | ||
958 | The `DPI_Id` and `DPI_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
959 | ||
9c39121e | 960 | ## 49. Use Google Cloud DNS API to automatically issue cert |
1d4dec55 JL |
961 | |
962 | First you need to authenticate to gcloud. | |
963 | ||
964 | ``` | |
965 | gcloud init | |
966 | ``` | |
967 | ||
968 | **The `dns_gcloud` script uses the active gcloud configuration and credentials.** | |
969 | There is no logic inside `dns_gcloud` to override the project and other settings. | |
970 | If needed, create additional [gcloud configurations](https://cloud.google.com/sdk/gcloud/reference/topic/configurations). | |
971 | You can change the configuration being used without *activating* it; simply set the `CLOUDSDK_ACTIVE_CONFIG_NAME` environment variable. | |
972 | ||
973 | To issue a certificate you can: | |
974 | ``` | |
975 | export CLOUDSDK_ACTIVE_CONFIG_NAME=default # see the note above | |
976 | acme.sh --issue --dns dns_gcloud -d example.com -d '*.example.com' | |
977 | ``` | |
978 | ||
979 | `dns_gcloud` also supports [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode). | |
980 | ||
2e74df25 KT |
981 | ## 50. Use ConoHa API |
982 | ||
983 | First you need to login to your ConoHa account to get your API credentials. | |
984 | ||
985 | ``` | |
986 | export CONOHA_Username="xxxxxx" | |
987 | export CONOHA_Password="xxxxxx" | |
988 | export CONOHA_TenantId="xxxxxx" | |
989 | export CONOHA_IdentityServiceApi="https://identity.xxxx.conoha.io/v2.0" | |
990 | ``` | |
991 | ||
992 | To issue a cert: | |
993 | ``` | |
994 | acme.sh --issue --dns dns_conoha -d example.com -d www.example.com | |
995 | ``` | |
996 | ||
997 | The `CONOHA_Username`, `CONOHA_Password`, `CONOHA_TenantId` and `CONOHA_IdentityServiceApi` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
998 | ||
fc9d321e | 999 | ## 51. Use netcup DNS API to automatically issue cert |
dc267663 | 1000 | |
1001 | First you need to login in your CCP account to get your API Key and API Password. | |
3cd5b9ca | 1002 | ``` |
1003 | export NC_Apikey="<Apikey>" | |
1004 | export NC_Apipw="<Apipassword>" | |
1005 | export NC_CID="<Customernumber>" | |
1006 | ``` | |
1007 | ||
1008 | Now, let's issue a cert: | |
1009 | ``` | |
1010 | acme.sh --issue --dns dns_netcup -d example.com -d www.example.com | |
1011 | ``` | |
1012 | ||
1013 | The `NC_Apikey`,`NC_Apipw` and `NC_CID` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
dc267663 | 1014 | |
1756bbff HS |
1015 | ## 52. Use GratisDNS.dk |
1016 | ||
12c900ea | 1017 | GratisDNS.dk (https://gratisdns.dk/) does not provide an API to update DNS records (other than IPv4 and IPv6 |
1756bbff HS |
1018 | dynamic DNS addresses). The acme.sh plugin therefore retrieves and updates domain TXT records by logging |
1019 | into the GratisDNS website to read the HTML and posting updates as HTTP. The plugin needs to know your | |
1020 | userid and password for the GratisDNS website. | |
1021 | ||
1022 | ```sh | |
1023 | export GDNSDK_Username="..." | |
1024 | export GDNSDK_Password="..." | |
1025 | ``` | |
1026 | The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
1027 | ||
1028 | ||
1029 | Now you can issue a certificate. | |
1030 | ||
12c900ea HS |
1031 | Note: It usually takes a few minutes (usually 3-4 minutes) before the changes propagates to gratisdns.dk nameservers (ns3.gratisdns.dk often are slow), |
1032 | and in rare cases I have seen over 5 minutes before google DNS catches it. Therefor a DNS sleep of at least 300 seconds are recommended- | |
1033 | ||
1756bbff | 1034 | ```sh |
12c900ea | 1035 | acme.sh --issue --dns dns_gdnsdk --dnssleep 300 -d example.com -d *.example.com |
1756bbff HS |
1036 | ``` |
1037 | ||
f7e7e885 L |
1038 | ## 53. Use Namecheap |
1039 | ||
1040 | You will need your namecheap username, API KEY (https://www.namecheap.com/support/api/intro.aspx) and your external IP address (or an URL to get it), this IP will need to be whitelisted at Namecheap. | |
7e130c26 | 1041 | Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a backup of your records you could apply if any issue would arise. |
f7e7e885 L |
1042 | |
1043 | ```sh | |
1044 | export NAMECHEAP_USERNAME="..." | |
1045 | export NAMECHEAP_API_KEY="..." | |
1046 | export NAMECHEAP_SOURCEIP="..." | |
1047 | ``` | |
1048 | ||
7e130c26 | 1049 | NAMECHEAP_SOURCEIP can either be an IP address or an URL to provide it (e.g. https://ifconfig.co/ip). |
f7e7e885 L |
1050 | |
1051 | The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
1052 | ||
1053 | Now you can issue a certificate. | |
1054 | ||
1055 | ```sh | |
1056 | acme.sh --issue --dns dns_namecheap -d example.com -d *.example.com | |
1057 | ``` | |
1058 | ||
14ad5955 | 1059 | ## 54. Use MyDNS.JP API |
1060 | ||
1061 | First, register to MyDNS.JP and get MasterID and Password. | |
1062 | ||
1063 | ``` | |
1064 | export MYDNSJP_MasterID=MasterID | |
1065 | export MYDNSJP_Password=Password | |
1066 | ``` | |
1067 | ||
1068 | To issue a certificate: | |
1069 | ||
1070 | ``` | |
1071 | acme.sh --issue --dns dns_mydnsjp -d example.com -d www.example.com | |
1072 | ``` | |
1073 | The `MYDNSJP_MasterID` and `MYDNSJP_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
1074 | ||
ee258f14 | 1075 | ## 55. Use hosting.de API |
4162975f OD |
1076 | |
1077 | Create an API key in your hosting.de account here: https://secure.hosting.de | |
1078 | ||
1079 | The key needs the following rights: | |
1080 | - DNS_ZONES_EDIT | |
1081 | - DNS_ZONES_LIST | |
1082 | ||
1083 | Set your API Key and endpoint: | |
1084 | ||
1085 | ``` | |
ed95509a OD |
1086 | export HOSTINGDE_APIKEY='xxx' |
1087 | export HOSTINGDE_ENDPOINT='https://secure.hosting.de' | |
4162975f OD |
1088 | ``` |
1089 | ||
1090 | The plugin can also be used for the http.net API. http.net customers have to set endpoint to https://partner.http.net. | |
1091 | ||
1092 | Ok, let's issue a cert now: | |
1093 | ``` | |
1094 | acme.sh --issue --dns dns_hostingde -d example.com -d *.example.com | |
1095 | ``` | |
1096 | ||
1097 | The hosting.de API key and endpoint will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
1dab353f | 1098 | |
fb08b53f AA |
1099 | ## 56. Use Neodigit.net API |
1100 | ||
1101 | ``` | |
1102 | export NEODIGIT_API_TOKEN="eXJxTkdUVUZmcHQ3QWJackQ4ZGlMejRDSklRYmo5VG5zcFFKK2thYnE0WnVnNnMy" | |
1103 | ``` | |
1104 | ||
1105 | Ok, let's issue a cert now: | |
1106 | ``` | |
1107 | acme.sh --issue --dns dns_neodigit -d example.com -d www.example.com | |
1108 | ``` | |
1109 | ||
1110 | Neodigit API Token will be saved in `~/.acme.sh/account.conf` and will be used when needed. | |
1111 | ||
67d3e8d0 I |
1112 | ## 57. Use Exoscale API |
1113 | ||
1114 | Create an API key and secret key in the Exoscale account section | |
1115 | ||
1116 | Set your API and secret key: | |
1117 | ||
1118 | ``` | |
1119 | export EXOSCALE_API_KEY='xxx' | |
1120 | export EXOSCALE_SECRET_KEY='xxx' | |
1121 | ``` | |
1122 | ||
1123 | Now, let's issue a cert: | |
1124 | ``` | |
ecf7dded | 1125 | acme.sh --issue --dns dns_exoscale -d example.com -d www.example.com |
67d3e8d0 I |
1126 | ``` |
1127 | ||
1128 | The `EXOSCALE_API_KEY` and `EXOSCALE_SECRET_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. | |
1129 | ||
72ce3770 MB |
1130 | ## 58. Using PointHQ API to issue certs |
1131 | ||
1132 | Log into [PointHQ account management](https://app.pointhq.com/profile) and copy the API key from the page there. | |
1133 | ||
1134 | ```export PointHQ_Key="apikeystringgoeshere" | |
1135 | exportPointHQ_Email="accountemail@yourdomain.com" | |
1136 | ``` | |
1137 | ||
1138 | You can then issue certs by using: | |
1139 | ```acme.sh --issue --dns dns_pointhq -d example.com -d www.example.com | |
1140 | ``` | |
1141 | ||
58bb94d7 | 1142 | # Use custom API |
9882f342 | 1143 | |
d20831e4 | 1144 | If your API is not supported yet, you can write your own DNS API. |
9882f342 | 1145 | |
d20831e4 | 1146 | Let's assume you want to name it 'myapi': |
9882f342 | 1147 | |
d20831e4 AL |
1148 | 1. Create a bash script named `~/.acme.sh/dns_myapi.sh`, |
1149 | 2. In the script you must have a function named `dns_myapi_add()` which will be called by acme.sh to add the DNS records. | |
1150 | 3. Then you can use your API to issue cert like this: | |
9882f342 | 1151 | |
1152 | ``` | |
d20831e4 | 1153 | acme.sh --issue --dns dns_myapi -d example.com -d www.example.com |
9882f342 | 1154 | ``` |
1155 | ||
1156 | For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh) | |
1157 | ||
4c99c012 | 1158 | See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide |
b9091e14 | 1159 | |
58bb94d7 | 1160 | # Use lexicon DNS API |
39c6df29 | 1161 | |
d20831e4 | 1162 | https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api |