• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Available DNS providers in ACME package

Scheduled Pinned Locked Moved ACME
15 Posts 8 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wickeren
    last edited by Feb 20, 2019, 8:48 AM

    Is it possible to make a request for adding a hosting provider to the available DNS provider list?
    TransIP is quite a big provider in Holland, they have an API available so technically is should be possible to integrate this.
    TransIP API

    1 Reply Last reply Reply Quote 0
    • F
      free4 Rebel Alliance
      last edited by Feb 21, 2019, 4:36 PM

      sure ! please feel free to make a pull request here : https://github.com/Neilpang/acme.sh

      1 Reply Last reply Reply Quote 1
      • G
        Gertjan
        last edited by Feb 21, 2019, 4:39 PM

        None of us here can tell you if you can (or can't) formulate your request here https://github.com/Neilpang/acme.sh
        That place is where where acme.sh is developed - and all the methods are stored : https://github.com/Neilpang/acme.sh/tree/master/dnsapi

        If acme.sh can do it, pfSense, using the acme package, will follow shortly.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 1
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Feb 21, 2019, 5:37 PM

          As the others mentioned, you'll need to ask acme.sh to add it. I periodically update the version of acme.sh bundled in the ACME package for pfSense and update the GUI to add the new DNS providers. They add a lot of them, usually a few per month.

          It will take someone with shell scripting knowledge and access to their API to make it happen, however. I believe most of their DNS API scripts are submitted by users in the acme.sh community and not by the acme.sh author himself.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • S
            svheel
            last edited by May 9, 2019, 7:37 PM

            Sorry for replying to this old topic. My domain is also hosted at TransIP and I'm currently resorting to manually updating the certificate of my pfSense box (a Netgate SG-3100).

            The TransIP API uses the Lexicon DNS API and is listed as supported by Lexicon (see https://github.com/AnalogJ/lexicon#providers). In turn, the Lexicon DNS API is supported by acme.sh. Which should mean that it is supported by pfSense.

            Unfortunately DNS-Lexicon isn't available in the pfSense GUI dropdown box when editing the certificate options. I found that it is commented out in the file '/usr/local/pkg/acme/acme.inc', where it says: "You must install python and lexicon before using it. ???" (which is correct, check https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api).

            So even though it should be available it isn't because it requires extra packages that aren't available currently. Is there any chance this is going to be fixed? Python is probably not the issue here, but the lexicon Python application might be.
            Given the list of supported DNS providers on the Lexicon page it would be great if DNS-Lexicon could be enabled somehow.

            W 1 Reply Last reply Nov 6, 2019, 10:43 PM Reply Quote 0
            • F
              free4 Rebel Alliance
              last edited by free4 May 9, 2019, 8:41 PM May 9, 2019, 8:33 PM

              @svheel The short answer is no. Python is not installed on pfSense, and it is not planned to install it.
              One of the main reasons why acme.sh client has been chosen over the well-known certboot, was to avoid installing python.

              However, you maybe could subit a Pull Request to acme.sh to get rid of lexicon/python dependency ?

              ....The reason why transIP is only avaliable using lexicon, may be that that TransIP seems to not have a standard REST API. They instead provide an undocumented SOAP(XML) API. They however provide PHP/Go libraries that you can analyse to understand how the API work.

              This API seems to have only one HTTP endpoint for editing DNS (https://api.transip.nl/wsdl/?service=DnsService ), that you always request in POST. You could get or set DNS using XML in the request, and you would receive an XML reply. It's not impossible to reverse how the PHP/Go libs woks, and I guess it would be possible to request this API directly in shell.

              W 1 Reply Last reply Mar 5, 2020, 8:36 PM Reply Quote 0
              • W
                wickeren @svheel
                last edited by Nov 6, 2019, 10:43 PM

                @svheel said in Available DNS providers in ACME package:

                Sorry for replying to this old topic. My domain is also hosted at TransIP and I'm currently resorting to manually updating the certificate of my pfSense box (a Netgate SG-3100).

                Late reply, but I settled with DNS alias mode, https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode, with a non-used domain pointing to Cloudflare for DNS. Works perfectly fine and is much more convenient than manual updates.

                1 Reply Last reply Reply Quote 1
                • W
                  wickeren @free4
                  last edited by Mar 5, 2020, 8:36 PM

                  @free4 said in Available DNS providers in ACME package:

                  ....The reason why transIP is only avaliable using lexicon, may be that that TransIP seems to not have a standard REST API. They instead provide an undocumented SOAP(XML) API. They however provide PHP/Go libraries that you can analyse to understand how the API work.

                  Transip today accounced a new REST API:
                  https://www.transip.nl/nieuws/de-nieuwe-transip-rest-api-is-live/
                  Hope this will eliminate the need for lexicon/python and that someone with coding skills is willing to look into this.

                  1 Reply Last reply Reply Quote 0
                  • J
                    jimp Rebel Alliance Developer Netgate
                    last edited by Mar 5, 2020, 8:38 PM

                    If you haven't already, open a request on the acme.sh repository and let them know.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • R
                      rle
                      last edited by rle May 21, 2020, 10:39 AM May 21, 2020, 9:56 AM

                      I stumbled upon:

                      https://github.com/acmesh-official/acme.sh/wiki/dnsapi#106-use-transip-domain-api

                      There still appears to be some caveats, but the extent of it at this point in time is for me unclear however.

                      (As of 21 May 2020) TransIP for example is not yet in the dropdown list of ACME DNS challenge method

                      1 Reply Last reply Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate
                        last edited by May 21, 2020, 2:57 PM

                        I don't see any code in ACME which would take those parameters. Not currently or ever in the history of the git repository.

                        This was opened a few weeks ago but has not yet been merged: https://github.com/acmesh-official/acme.sh/pull/2895

                        So that's what you're waiting on to get merged into ACME and then after that point we can add it to pfSense.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        P 1 Reply Last reply Jun 24, 2020, 1:54 PM Reply Quote 1
                        • P
                          pvk1 @jimp
                          last edited by Jun 24, 2020, 1:54 PM

                          @jimp TransIp is now in this list: https://github.com/acmesh-official/acme.sh/wiki/dnsapi#106-use-transip-domain-api
                          and it seems in the code here: https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_transip.sh

                          Can you please check?

                          1 Reply Last reply Reply Quote 0
                          • J
                            jimp Rebel Alliance Developer Netgate
                            last edited by Jun 24, 2020, 2:49 PM

                            There is code there now but it requires adding a key file outside of the script, which doesn't align with how all of the others we support work. It won't be simple to add like the others, so it may not show up any time soon in the pfSense ACME package.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • M
                              morth
                              last edited by Jul 1, 2020, 11:22 AM

                              Are there any plans to add the Hetzner DNS API to the ACME package? It seems to be available in acme.sh.

                              1 Reply Last reply Reply Quote 0
                              • G
                                Gertjan
                                last edited by Gertjan Jul 1, 2020, 2:20 PM Jul 1, 2020, 1:03 PM

                                Hetzner : it could be as easy as coping this file https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_hetzner.sh into /usr/local/pkg/acme/dnsapi/ , with all the other dns_ files.

                                Because you use Hetzner, you know all about how Hetzner works.
                                Something special can be seen at the top 4 lines of the file :

                                #!/usr/bin/env sh
                                
                                #
                                #HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
                                #
                                

                                This means : obtain the token from Hetzner, and place it in the file.
                                And you remove the leading '#'.

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                1 Reply Last reply Reply Quote 1
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                  [[user:consent.lead]]
                                  [[user:consent.not_received]]