3 If your dns provider doesn't provide api access, you can use our dns alias mode:
5 https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
7 ## 1. Use CloudFlare domain API to automatically issue cert
9 First you need to login to your CloudFlare account to get your [API key](https://dash.cloudflare.com/profile).
12 export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
13 export CF_Email="xxxx@sss.com"
16 Ok, let's issue a cert now:
18 acme.sh --issue --dns dns_cf -d example.com -d www.example.com
21 The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
24 ## 2. Use DNSPod.cn domain API to automatically issue cert
26 First you need to login to your DNSPod account to get your API Key and ID.
30 export DP_Key="sADDsdasdgdsf"
33 Ok, let's issue a cert now:
35 acme.sh --issue --dns dns_dp -d example.com -d www.example.com
38 The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
41 ## 3. Use CloudXNS.com domain API to automatically issue cert
43 First you need to login to your CloudXNS account to get your API Key and Secret.
47 export CX_Secret="sADDsdasdgdsf"
50 Ok, let's issue a cert now:
52 acme.sh --issue --dns dns_cx -d example.com -d www.example.com
55 The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
58 ## 4. Use GoDaddy.com domain API to automatically issue cert
60 First you need to login to your GoDaddy account to get your API Key and Secret.
62 https://developer.godaddy.com/keys/
64 Please create a Production key, instead of a Test key.
67 export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
68 export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
71 Ok, let's issue a cert now:
73 acme.sh --issue --dns dns_gd -d example.com -d www.example.com
76 The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
79 ## 5. Use PowerDNS embedded API to automatically issue cert
81 First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration.
83 https://doc.powerdns.com/md/httpapi/README/
86 export PDNS_Url="http://ns.example.com:8081"
87 export PDNS_ServerId="localhost"
88 export PDNS_Token="0123456789ABCDEF"
92 Ok, let's issue a cert now:
94 acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
97 The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
100 ## 6. Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert
102 https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
105 ## 7. Use nsupdate to automatically issue cert
107 First, generate a key for updating the zone
109 b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo)
110 cat > /etc/named/keys/update.key <<EOF
112 algorithm hmac-sha512;
113 secret "$(awk '/^Key/{print $2}' /tmp/$b.private)";
116 rm -f /tmp/$b.{private,key}
119 Include this key in your named configuration
121 include "/etc/named/keys/update.key";
124 Next, configure your zone to allow dynamic updates.
126 Depending on your named version, use either
130 allow-update { key "update"; };
138 grant update subdomain example.com.;
143 Finally, make the DNS server and update Key available to `acme.sh`
146 export NSUPDATE_SERVER="dns.example.com"
147 export NSUPDATE_KEY="/path/to/your/nsupdate.key"
149 and optionally (depending on DNS server)
151 export NSUPDATE_ZONE="example.com"
154 Ok, let's issue a cert now:
156 acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
159 The `NSUPDATE_SERVER`, `NSUPDATE_KEY`, and `NSUPDATE_ZONE` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
162 ## 8. Use LuaDNS domain API
164 Get your API token at https://api.luadns.com/settings
167 export LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
168 export LUA_Email="xxxx@sss.com"
173 acme.sh --issue --dns dns_lua -d example.com -d www.example.com
176 The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
179 ## 9. Use DNSMadeEasy domain API
181 Get your API credentials at https://cp.dnsmadeeasy.com/account/info
184 export ME_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
185 export ME_Secret="qdfqsdfkjdskfj"
190 acme.sh --issue --dns dns_me -d example.com -d www.example.com
193 The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
196 ## 10. Use Amazon Route53 domain API
198 https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API
201 export AWS_ACCESS_KEY_ID=XXXXXXXXXX
202 export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX
207 acme.sh --issue --dns dns_aws -d example.com -d www.example.com
210 The `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
212 ## 11. Use Aliyun domain API to automatically issue cert
214 First you need to login to your Aliyun account to get your API key.
215 [https://ak-console.aliyun.com/#/accesskey](https://ak-console.aliyun.com/#/accesskey)
218 export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
219 export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
222 Ok, let's issue a cert now:
224 acme.sh --issue --dns dns_ali -d example.com -d www.example.com
227 The `Ali_Key` and `Ali_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
229 ## 12. Use ISPConfig 3.1 API
231 This only works for ISPConfig 3.1 (and newer).
233 Create a Remote User in the ISPConfig Control Panel. The Remote User must have access to at least `DNS zone functions` and `DNS txt functions`.
236 export ISPC_User="xxx"
237 export ISPC_Password="xxx"
238 export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php"
239 export ISPC_Api_Insecure=1
241 If you have installed ISPConfig on a different port, then alter the 8080 accordingly.
242 Leaver ISPC_Api_Insecure set to 1 if you have not a valid ssl cert for your installation. Change it to 0 if you have a valid ssl cert.
246 acme.sh --issue --dns dns_ispconfig -d example.com -d www.example.com
249 The `ISPC_User`, `ISPC_Password`, `ISPC_Api`and `ISPC_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
251 ## 13. Use Alwaysdata domain API
253 First you need to login to your Alwaysdata account to get your API Key.
256 export AD_API_KEY="myalwaysdataapikey"
259 Ok, let's issue a cert now:
262 acme.sh --issue --dns dns_ad -d example.com -d www.example.com
265 The `AD_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused
268 ## 14. Use Linode domain API
270 The tokens created in the classic manager and cloud manager are incompatible
271 with one another. While the classic manager makes an all or nothing API, the
272 newer cloud manager interface promises to produce API keys with a finer
273 permission system. However, either way works just fine.
275 ### Classic Manager ###
277 Classic Manager: https://manager.linode.com/profile/api
279 First you need to login to your Linode account to get your API Key.
281 Then add an API key with label *ACME* and copy the new key into the following
285 export LINODE_API_KEY="..."
288 Due to the reload time of any changes in the DNS records, we have to use the
289 `dnssleep` option to wait at least 15 minutes for the changes to take effect.
291 Ok, let's issue a cert now:
294 acme.sh --issue --dns dns_linode --dnssleep 900 -d example.com -d www.example.com
297 The `LINODE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be
300 ### Cloud Manager ###
302 Cloud Manager: https://cloud.linode.com/profile/tokens
304 First you need to login to your Linode account to get your API Key.
306 1. Click on "Add a Personal Access Token".
307 2. Give the new key a "Label" (we recommend *ACME*)
308 3. Give it Read/Write access to "Domains"
309 4. "Submit" and copy the new key into the `LINODE_V4_API_KEY` command below.
312 export LINODE_V4_API_KEY="..."
315 Due to the reload time of any changes in the DNS records, we have to use the
316 `dnssleep` option to wait at least 15 minutes for the changes to take effect.
318 Ok, let's issue a cert now:
321 acme.sh --issue --dns dns_linode_v4 --dnssleep 900 -d example.com -d www.example.com
324 The `LINODE_V4_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be
329 FreeDNS (https://freedns.afraid.org/) does not provide an API to update DNS records (other than IPv4 and IPv6
330 dynamic DNS addresses). The acme.sh plugin therefore retrieves and updates domain TXT records by logging
331 into the FreeDNS website to read the HTML and posting updates as HTTP. The plugin needs to know your
332 userid and password for the FreeDNS website.
335 export FREEDNS_User="..."
336 export FREEDNS_Password="..."
339 You need only provide this the first time you run the acme.sh client with FreeDNS validation and then again
340 whenever you change your password at the FreeDNS site. The acme.sh FreeDNS plugin does not store your userid
341 or password but rather saves an authentication token returned by FreeDNS in `~/.acme.sh/account.conf` and
342 reuses that when needed.
344 Now you can issue a certificate.
347 acme.sh --issue --dns dns_freedns -d example.com -d www.example.com
350 Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that
351 you create under a FreeDNS public domain. You must own the top level domain in order to automatically
352 validate with acme.sh at FreeDNS.
356 You only need to set your cyon.ch login credentials.
357 If you also have 2 Factor Authentication (OTP) enabled, you need to set your secret token too and have `oathtool` installed.
360 export CY_Username="your_cyon_username"
361 export CY_Password="your_cyon_password"
362 export CY_OTP_Secret="your_otp_secret" # Only required if using 2FA
367 acme.sh --issue --dns dns_cyon -d example.com -d www.example.com
370 The `CY_Username`, `CY_Password` and `CY_OTP_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
372 ## 17. Use Domain-Offensive/Resellerinterface/Domainrobot API
374 ATTENTION: You need to be a registered Reseller to be able to use the ResellerInterface. As a normal user you can not use this method.
376 You will need your login credentials (Partner ID+Password) to the Resellerinterface, and export them before you run `acme.sh`:
378 export DO_PID="KD-1234567"
379 export DO_PW="cdfkjl3n2"
382 Ok, let's issue a cert now:
384 acme.sh --issue --dns dns_do -d example.com -d www.example.com
387 ## 18. Use Gandi LiveDNS API
389 You must enable the new Gandi LiveDNS API first and the create your api key, See: http://doc.livedns.gandi.net/
392 export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
395 Ok, let's issue a cert now:
397 acme.sh --issue --dns dns_gandi_livedns -d example.com -d www.example.com
400 ## 19. Use Knot (knsupdate) DNS API to automatically issue cert
402 First, generate a TSIG key for updating the zone.
405 keymgr tsig generate -t acme_key hmac-sha512 > /etc/knot/acme.key
408 Include this key in your knot configuration file.
411 include: /etc/knot/acme.key
414 Next, configure your zone to allow dynamic updates.
416 Dynamic updates for the zone are allowed via proper ACL rule with the `update` action. For in-depth instructions, please see [Knot DNS's documentation](https://www.knot-dns.cz/documentation/).
421 address: 192.168.1.0/24
426 - domain: example.com
427 file: example.com.zone
431 Finally, make the DNS server and TSIG Key available to `acme.sh`
434 export KNOT_SERVER="dns.example.com"
435 export KNOT_KEY=`grep \# /etc/knot/acme.key | cut -d' ' -f2`
438 Ok, let's issue a cert now:
440 acme.sh --issue --dns dns_knot -d example.com -d www.example.com
443 The `KNOT_SERVER` and `KNOT_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
445 ## 20. Use DigitalOcean API (native)
447 You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/
450 export DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc"
453 Ok, let's issue a cert now:
455 acme.sh --issue --dns dns_dgon -d example.com -d www.example.com
458 ## 21. Use ClouDNS.net API
460 You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/. For security reasons, it's recommended to use a sub user ID that only has access to the necessary zones, as a regular API user has access to your entire account.
463 # Use this for a sub auth ID
464 export CLOUDNS_SUB_AUTH_ID=XXXXX
465 # Use this for a regular auth ID
466 #export CLOUDNS_AUTH_ID=XXXXX
467 export CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
470 Ok, let's issue a cert now:
472 acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com
474 The `CLOUDNS_AUTH_ID` and `CLOUDNS_AUTH_PASSWORD` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
476 ## 22. Use Infoblox API
478 First you need to create/obtain API credentials on your Infoblox appliance.
481 export Infoblox_Creds="username:password"
482 export Infoblox_Server="ip or fqdn of infoblox appliance"
485 Ok, let's issue a cert now:
487 acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com
490 Note: This script will automatically create and delete the ephemeral txt record.
491 The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
494 ## 23. Use VSCALE API
496 First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/).
499 export VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
502 Ok, let's issue a cert now:
504 acme.sh --issue --dns dns_vscale -d example.com -d www.example.com
509 First you need to create/obtain API credentials from your Dynu account. See: https://www.dynu.com/resources/api/documentation
512 export Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
513 export Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"
516 Ok, let's issue a cert now:
518 acme.sh --issue --dns dns_dynu -d example.com -d www.example.com
521 The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
523 ## 25. Use DNSimple API
525 First you need to login to your DNSimple account and generate a new oauth token.
527 https://dnsimple.com/a/{your account id}/account/access_tokens
529 Note that this is an _account_ token and not a user token. The account token is
530 needed to infer the `account_id` used in requests. A user token will not be able
531 to determine the correct account to use.
534 export DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje"
537 To issue the cert just specify the `dns_dnsimple` API.
540 acme.sh --issue --dns dns_dnsimple -d example.com
543 The `DNSimple_OAUTH_TOKEN` will be saved in `~/.acme.sh/account.conf` and will
544 be reused when needed.
546 If you have any issues with this integration please report them to
547 https://github.com/pho3nixf1re/acme.sh/issues.
549 ## 26. Use NS1.com API
552 export NS1_Key="fdmlfsdklmfdkmqsdfk"
555 Ok, let's issue a cert now:
557 acme.sh --issue --dns dns_nsone -d example.com -d www.example.com
560 ## 27. Use DuckDNS.org API
563 export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
566 Please note that since DuckDNS uses StartSSL as their cert provider, thus
567 --insecure may need to be used when issuing certs:
569 acme.sh --insecure --issue --dns dns_duckdns -d mydomain.duckdns.org
572 For issues, please report to https://github.com/raidenii/acme.sh/issues.
574 ## 28. Use Name.com API
576 Create your API token here: https://www.name.com/account/settings/api
578 Note: `Namecom_Username` should be your Name.com username and not the token name. If you accidentally run the script with the token name as the username see `~/.acme.sh/account.conf` to fix the issue
581 export Namecom_Username="testuser"
582 export Namecom_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
585 And now you can issue certs with:
588 acme.sh --issue --dns dns_namecom -d example.com -d www.example.com
591 For issues, please report to https://github.com/raidenii/acme.sh/issues.
593 ## 29. Use Dyn Managed DNS API to automatically issue cert
595 First, login to your Dyn Managed DNS account: https://portal.dynect.net/login/
597 It is recommended to add a new user specific for API access.
599 The minimum "Zones & Records Permissions" required are:
611 Pass the API user credentials to the environment:
613 export DYN_Customer="customer"
614 export DYN_Username="apiuser"
615 export DYN_Password="secret"
618 Ok, let's issue a cert now:
620 acme.sh --issue --dns dns_dyn -d example.com -d www.example.com
623 The `DYN_Customer`, `DYN_Username` and `DYN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
625 ## 30. Use pdd.yandex.ru API
628 export PDD_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
631 Follow these instructions to get the token for your domain https://tech.yandex.com/domain/doc/concepts/access-docpage/
633 acme.sh --issue --dns dns_yandex -d mydomain.example.org
636 For issues, please report to https://github.com/non7top/acme.sh/issues.
638 ## 31. Use Hurricane Electric
640 Hurricane Electric (https://dns.he.net/) doesn't have an API so just set your login credentials like so:
643 export HE_Username="yourusername"
644 export HE_Password="password"
647 Then you can issue your certificate:
650 acme.sh --issue --dns dns_he -d example.com -d www.example.com
653 The `HE_Username` and `HE_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
655 Please report any issues to https://github.com/angel333/acme.sh or to <me@ondrejsimek.com>.
657 ## 32. Use UnoEuro API to automatically issue cert
659 First you need to login to your UnoEuro account to get your API key.
662 export UNO_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
663 export UNO_User="UExxxxxx"
666 Ok, let's issue a cert now:
668 acme.sh --issue --dns dns_unoeuro -d example.com -d www.example.com
671 The `UNO_Key` and `UNO_User` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
675 [INWX](https://www.inwx.de/) offers an [xmlrpc api](https://www.inwx.de/de/help/apidoc) with your standard login credentials, set them like so:
678 export INWX_User="yourusername"
679 export INWX_Password="password"
682 Then you can issue your certificates with:
685 acme.sh --issue --dns dns_inwx -d example.com -d www.example.com
688 The `INWX_User` and `INWX_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
690 If your account is secured by mobile tan you have also defined the shared secret.
693 export INWX_Shared_Secret="shared secret"
696 You may need to re-enable the mobile tan to gain the shared secret.
698 ## 34. User Servercow API v1
700 Create a new user from the servercow control center. Don't forget to activate **DNS API** for this user.
703 export SERVERCOW_API_Username=username
704 export SERVERCOW_API_Password=password
707 Now you cann issue a cert:
710 acme.sh --issue --dns dns_servercow -d example.com -d www.example.com
712 Both, `SERVERCOW_API_Username` and `SERVERCOW_API_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
714 ## 35. Use Namesilo.com API
716 You'll need to generate an API key at https://www.namesilo.com/account_api.php
717 Optionally you may restrict the access to an IP range there.
720 export Namesilo_Key="xxxxxxxxxxxxxxxxxxxxxxxx"
723 And now you can issue certs with:
726 acme.sh --issue --dns dns_namesilo --dnssleep 900 -d example.com -d www.example.com
729 ## 36. Use autoDNS (InternetX)
731 [InternetX](https://www.internetx.com/) offers an [xml api](https://help.internetx.com/display/API/AutoDNS+XML-API) with your standard login credentials, set them like so:
734 export AUTODNS_USER="yourusername"
735 export AUTODNS_PASSWORD="password"
736 export AUTODNS_CONTEXT="context"
739 Then you can issue your certificates with:
742 acme.sh --issue --dns dns_autodns -d example.com -d www.example.com
745 The `AUTODNS_USER`, `AUTODNS_PASSWORD` and `AUTODNS_CONTEXT` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
749 You have to create a service principal first. See:[How to use Azure DNS](../../../wiki/How-to-use-Azure-DNS)
752 export AZUREDNS_SUBSCRIPTIONID="12345678-9abc-def0-1234-567890abcdef"
753 export AZUREDNS_TENANTID="11111111-2222-3333-4444-555555555555"
754 export AZUREDNS_APPID="3b5033b5-7a66-43a5-b3b9-a36b9e7c25ed"
755 export AZUREDNS_CLIENTSECRET="1b0224ef-34d4-5af9-110f-77f527d561bd"
758 Then you can issue your certificates with:
761 acme.sh --issue --dns dns_azure -d example.com -d www.example.com
764 `AZUREDNS_SUBSCRIPTIONID`, `AZUREDNS_TENANTID`,`AZUREDNS_APPID` and `AZUREDNS_CLIENTSECRET` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
766 ## 38. Use selectel.com(selectel.ru) domain API to automatically issue cert
768 First you need to login to your account to get your API key from: https://my.selectel.ru/profile/apikeys.
771 export SL_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
775 Ok, let's issue a cert now:
777 acme.sh --issue --dns dns_selectel -d example.com -d www.example.com
780 The `SL_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
782 ## 39. Use zonomi.com domain API to automatically issue cert
784 First you need to login to your account to find your API key from: http://zonomi.com/app/dns/dyndns.jsp
786 Your will find your api key in the example urls:
789 https://zonomi.com/app/dns/dyndns.jsp?host=example.com&api_key=1063364558943540954358668888888888
793 export ZM_Key="1063364558943540954358668888888888"
797 Ok, let's issue a cert now:
799 acme.sh --issue --dns dns_zonomi -d example.com -d www.example.com
802 The `ZM_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
804 ## 40. Use DreamHost DNS API
806 DNS API keys may be created at https://panel.dreamhost.com/?tree=home.api.
807 Ensure the created key has add and remove privelages.
810 export DH_API_KEY="<api key>"
811 acme.sh --issue --dns dns_dreamhost -d example.com -d www.example.com
814 The 'DH_API_KEY' will be saved in `~/.acme.sh/account.conf` and will
815 be reused when needed.
817 ## 41. Use DirectAdmin API
818 The DirectAdmin interface has it's own Let's encrypt functionality, but this
819 script can be used to generate certificates for names which are not hosted on
822 User must provide login data and URL to the DirectAdmin incl. port.
823 You can create an user which only has access to
825 - CMD_API_DNS_CONTROL
826 - CMD_API_SHOW_DOMAINS
828 By using the Login Keys function.
829 See also https://www.directadmin.com/api.php and https://www.directadmin.com/features.php?id=1298
832 export DA_Api="https://remoteUser:remotePassword@da.domain.tld:8443"
833 export DA_Api_Insecure=1
835 Set `DA_Api_Insecure` to 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
837 Ok, let's issue a cert now:
839 acme.sh --issue --dns dns_da -d example.com -d www.example.com
842 The `DA_Api` and `DA_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
844 ## 42. Use KingHost DNS API
846 API access must be enabled at https://painel.kinghost.com.br/painel.api.php
849 export KINGHOST_Username="yourusername"
850 export KINGHOST_Password="yourpassword"
851 acme.sh --issue --dns dns_kinghost -d example.com -d *.example.com
854 The `KINGHOST_username` and `KINGHOST_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
856 ## 43. Use Zilore DNS API
858 First, get your API key at https://my.zilore.com/account/api
861 export Zilore_Key="5dcad3a2-36cb-50e8-cb92-000002f9"
864 Ok, let's issue a cert now:
866 acme.sh --issue --dns dns_zilore -d example.com -d *.example.com
869 The `Zilore_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
871 ## 44. Use Loopia.se API
872 User must provide login credentials to the Loopia API.
873 The user needs the following permissions:
880 Set the login credentials:
882 export LOOPIA_User="user@loopiaapi"
883 export LOOPIA_Password="password"
888 acme.sh --issue --dns dns_loopia -d example.com -d *.example.com
891 The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
892 ## 45. Use ACME DNS API
894 ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
895 https://github.com/joohoi/acme-dns
898 export ACMEDNS_UPDATE_URL="https://auth.acme-dns.io/update"
899 export ACMEDNS_USERNAME="<username>"
900 export ACMEDNS_PASSWORD="<password>"
901 export ACMEDNS_SUBDOMAIN="<subdomain>"
903 acme.sh --issue --dns dns_acmedns -d example.com -d www.example.com
906 The credentials will be saved in `~/.acme.sh/account.conf` and will
907 be reused when needed.
910 First you need to login to your TELE3 account to set your API-KEY.
911 https://www.tele3.cz/system-acme-api.html
914 export TELE3_Key="MS2I4uPPaI..."
915 export TELE3_Secret="kjhOIHGJKHg"
917 acme.sh --issue --dns dns_tele3 -d example.com -d *.example.com
920 The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.
922 ## 47. Use Euserv.eu API
924 First you need to login to your euserv.eu account and activate your API Administration (API Verwaltung).
925 [https://support.euserv.com](https://support.euserv.com)
927 Once you've activate, login to your API Admin Interface and create an API account.
928 Please specify the scope (active groups: domain) and assign the allowed IPs.
931 export EUSERV_Username="99999.user123"
932 export EUSERV_Password="Asbe54gHde"
935 Ok, let's issue a cert now: (Be aware to use the `--insecure` flag, cause euserv.eu is still using self-signed certificates!)
937 acme.sh --issue --dns dns_euserv -d example.com -d *.example.com --insecure
940 The `EUSERV_Username` and `EUSERV_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
942 Please report any issues to https://github.com/initit/acme.sh or to <github@initit.de>
944 ## 48. Use DNSPod.com domain API to automatically issue cert
946 First you need to get your API Key and ID by this [get-the-user-token](https://www.dnspod.com/docs/info.html#get-the-user-token).
950 export DPI_Key="sADDsdasdgdsf"
953 Ok, let's issue a cert now:
955 acme.sh --issue --dns dns_dpi -d example.com -d www.example.com
958 The `DPI_Id` and `DPI_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
960 ## 49. Use Google Cloud DNS API to automatically issue cert
962 First you need to authenticate to gcloud.
968 **The `dns_gcloud` script uses the active gcloud configuration and credentials.**
969 There is no logic inside `dns_gcloud` to override the project and other settings.
970 If needed, create additional [gcloud configurations](https://cloud.google.com/sdk/gcloud/reference/topic/configurations).
971 You can change the configuration being used without *activating* it; simply set the `CLOUDSDK_ACTIVE_CONFIG_NAME` environment variable.
973 To issue a certificate you can:
975 export CLOUDSDK_ACTIVE_CONFIG_NAME=default # see the note above
976 acme.sh --issue --dns dns_gcloud -d example.com -d '*.example.com'
979 `dns_gcloud` also supports [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode).
981 ## 50. Use ConoHa API
983 First you need to login to your ConoHa account to get your API credentials.
986 export CONOHA_Username="xxxxxx"
987 export CONOHA_Password="xxxxxx"
988 export CONOHA_TenantId="xxxxxx"
989 export CONOHA_IdentityServiceApi="https://identity.xxxx.conoha.io/v2.0"
994 acme.sh --issue --dns dns_conoha -d example.com -d www.example.com
997 The `CONOHA_Username`, `CONOHA_Password`, `CONOHA_TenantId` and `CONOHA_IdentityServiceApi` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
999 ## 51. Use netcup DNS API to automatically issue cert
1001 First you need to login in your CCP account to get your API Key and API Password.
1003 export NC_Apikey="<Apikey>"
1004 export NC_Apipw="<Apipassword>"
1005 export NC_CID="<Customernumber>"
1008 Now, let's issue a cert:
1010 acme.sh --issue --dns dns_netcup -d example.com -d www.example.com
1013 The `NC_Apikey`,`NC_Apipw` and `NC_CID` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1014 ## 52. Use GratisDNS.dk
1016 GratisDNS.dk (https://gratisdns.dk/) does not provide an API to update DNS records (other than IPv4 and IPv6
1017 dynamic DNS addresses). The acme.sh plugin therefore retrieves and updates domain TXT records by logging
1018 into the GratisDNS website to read the HTML and posting updates as HTTP. The plugin needs to know your
1019 userid and password for the GratisDNS website.
1022 export GDNSDK_Username="..."
1023 export GDNSDK_Password="..."
1025 The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1028 Now you can issue a certificate.
1030 Note: It usually takes a few minutes (usually 3-4 minutes) before the changes propagates to gratisdns.dk nameservers (ns3.gratisdns.dk often are slow),
1031 and in rare cases I have seen over 5 minutes before google DNS catches it. Therefor a DNS sleep of at least 300 seconds are recommended-
1034 acme.sh --issue --dns dns_gdnsdk --dnssleep 300 -d example.com -d *.example.com
1037 ## 53. Use Namecheap
1039 You will need your namecheap username, API KEY (https://www.namecheap.com/support/api/intro.aspx) and your external IP address (or an URL to get it), this IP will need to be whitelisted at Namecheap.
1040 Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a backup of your records you could apply if any issue would arise.
1043 export NAMECHEAP_USERNAME="..."
1044 export NAMECHEAP_API_KEY="..."
1045 export NAMECHEAP_SOURCEIP="..."
1048 NAMECHEAP_SOURCEIP can either be an IP address or an URL to provide it (e.g. https://ifconfig.co/ip).
1050 The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1052 Now you can issue a certificate.
1055 acme.sh --issue --dns dns_namecheap -d example.com -d *.example.com
1058 ## 54. Use MyDNS.JP API
1060 First, register to MyDNS.JP and get MasterID and Password.
1063 export MYDNSJP_MasterID=MasterID
1064 export MYDNSJP_Password=Password
1067 To issue a certificate:
1070 acme.sh --issue --dns dns_mydnsjp -d example.com -d www.example.com
1072 The `MYDNSJP_MasterID` and `MYDNSJP_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1074 ## 55. Use hosting.de API
1076 Create an API key in your hosting.de account here: https://secure.hosting.de
1078 The key needs the following rights:
1082 Set your API Key and endpoint:
1085 export HOSTINGDE_APIKEY='xxx'
1086 export HOSTINGDE_ENDPOINT='https://secure.hosting.de'
1089 The plugin can also be used for the http.net API. http.net customers have to set endpoint to https://partner.http.net.
1091 Ok, let's issue a cert now:
1093 acme.sh --issue --dns dns_hostingde -d example.com -d *.example.com
1096 The hosting.de API key and endpoint will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1098 ## 56. Use Neodigit.net API
1101 export NEODIGIT_API_TOKEN="eXJxTkdUVUZmcHQ3QWJackQ4ZGlMejRDSklRYmo5VG5zcFFKK2thYnE0WnVnNnMy"
1104 Ok, let's issue a cert now:
1106 acme.sh --issue --dns dns_neodigit -d example.com -d www.example.com
1109 Neodigit API Token will be saved in `~/.acme.sh/account.conf` and will be used when needed.
1111 ## 57. Use Exoscale API
1113 Create an API key and secret key in the Exoscale account section
1115 Set your API and secret key:
1118 export EXOSCALE_API_KEY='xxx'
1119 export EXOSCALE_SECRET_KEY='xxx'
1122 Now, let's issue a cert:
1124 acme.sh --issue --dns dns_exoscale -d example.com -d www.example.com
1127 The `EXOSCALE_API_KEY` and `EXOSCALE_SECRET_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1129 ## 58. Using PointHQ API to issue certs
1131 Log into [PointHQ account management](https://app.pointhq.com/profile) and copy the API key from the page there.
1133 ```export PointHQ_Key="apikeystringgoeshere"
1134 exportPointHQ_Email="accountemail@yourdomain.com"
1137 You can then issue certs by using:
1138 ```acme.sh --issue --dns dns_pointhq -d example.com -d www.example.com
1141 ## 59. Use Active24 API
1143 Create an API token in the Active24 account section, documentation on https://faq.active24.com/cz/790131-REST-API-rozhran%C3%AD.
1148 export ACTIVE24_Token='xxx'
1151 Now, let's issue a cert, set `dnssleep` for propagation new DNS record:
1153 acme.sh --issue --dns dns_active24 -d example.com -d www.example.com --dnssleep 1000
1156 The `ACTIVE24_Token` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1158 ## 60. Use do.de API
1160 Create an API token in your do.de account.
1164 export DO_LETOKEN='FmD408PdqT1E269gUK57'
1167 To issue a certificate run:
1169 acme.sh --issue --dns dns_doapi -d example.com -d *.example.com
1172 The API token will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1174 ## 61. Use Nexcess API
1176 First, you'll need to login to the [Nexcess.net Client Portal](https://portal.nexcess.net) and [generate a new API token](https://portal.nexcess.net/api-token).
1178 Once you have a token, set it in your systems environment:
1181 export NW_API_TOKEN="YOUR_TOKEN_HERE"
1182 export NW_API_ENDPOINT="https://portal.nexcess.net"
1185 Finally, we'll issue the certificate: (Nexcess DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`)
1188 acme.sh --issue --dns dns_nw -d example.com --dnssleep 900
1191 The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1193 ## 62. Use Thermo.io API
1195 First, you'll need to login to the [Thermo.io Client Portal](https://core.thermo.io) and [generate a new API token](https://core.thermo.io/api-token).
1197 Once you have a token, set it in your systems environment:
1200 export NW_API_TOKEN="YOUR_TOKEN_HERE"
1201 export NW_API_ENDPOINT="https://core.thermo.io"
1204 Finally, we'll issue the certificate: (Thermo DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`)
1207 acme.sh --issue --dns dns_nw -d example.com --dnssleep 900
1210 The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1212 ## 63. Use Futurehosting API
1214 First, you'll need to login to the [Futurehosting Client Portal](https://my.futurehosting.com) and [generate a new API token](https://my.futurehosting.com/api-token).
1216 Once you have a token, set it in your systems environment:
1219 export NW_API_TOKEN="YOUR_TOKEN_HERE"
1220 export NW_API_ENDPOINT="https://my.futurehosting.com"
1223 Finally, we'll issue the certificate: (Futurehosting DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`)
1226 acme.sh --issue --dns dns_nw -d example.com --dnssleep 900
1229 The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1231 ## 64. Use Rackspace API
1233 Set username and API key, which is available under "My Profile & Settings"
1236 export RACKSPACE_Username='username'
1237 export RACKSPACE_Apikey='xxx'
1240 Now, let's issue a cert:
1243 acme.sh --issue --dns dns_rackspace -d example.com -d www.example.com
1246 ## 65. Use Online API
1248 First, you'll need to retrive your API key, which is available under https://console.online.net/en/api/access
1251 export ONLINE_API_KEY='xxx'
1254 To issue a cert run:
1257 acme.sh --issue --dns dns_online -d example.com -d www.example.com
1260 `ONLINE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
1264 If your API is not supported yet, you can write your own DNS API.
1266 Let's assume you want to name it 'myapi':
1268 1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
1269 2. In the script you must have a function named `dns_myapi_add()` which will be called by acme.sh to add the DNS records.
1270 3. Then you can use your API to issue cert like this:
1273 acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
1276 For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
1278 See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
1280 # Use lexicon DNS API
1282 https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api