Available DNS providers in ACME package
-
None of us here can tell you if you can (or can't) formulate your request here https://github.com/Neilpang/acme.sh
That place is where where acme.sh is developed - and all the methods are stored : https://github.com/Neilpang/acme.sh/tree/master/dnsapiIf acme.sh can do it, pfSense, using the acme package, will follow shortly.
-
As the others mentioned, you'll need to ask acme.sh to add it. I periodically update the version of acme.sh bundled in the ACME package for pfSense and update the GUI to add the new DNS providers. They add a lot of them, usually a few per month.
It will take someone with shell scripting knowledge and access to their API to make it happen, however. I believe most of their DNS API scripts are submitted by users in the acme.sh community and not by the acme.sh author himself.
-
Sorry for replying to this old topic. My domain is also hosted at TransIP and I'm currently resorting to manually updating the certificate of my pfSense box (a Netgate SG-3100).
The TransIP API uses the Lexicon DNS API and is listed as supported by Lexicon (see https://github.com/AnalogJ/lexicon#providers). In turn, the Lexicon DNS API is supported by acme.sh. Which should mean that it is supported by pfSense.
Unfortunately DNS-Lexicon isn't available in the pfSense GUI dropdown box when editing the certificate options. I found that it is commented out in the file '/usr/local/pkg/acme/acme.inc', where it says: "You must install python and lexicon before using it. ???" (which is correct, check https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api).
So even though it should be available it isn't because it requires extra packages that aren't available currently. Is there any chance this is going to be fixed? Python is probably not the issue here, but the lexicon Python application might be.
Given the list of supported DNS providers on the Lexicon page it would be great if DNS-Lexicon could be enabled somehow. -
@svheel The short answer is no. Python is not installed on pfSense, and it is not planned to install it.
One of the main reasons why acme.sh client has been chosen over the well-known certboot, was to avoid installing python.However, you maybe could subit a Pull Request to acme.sh to get rid of lexicon/python dependency ?
....The reason why transIP is only avaliable using lexicon, may be that that TransIP seems to not have a standard REST API. They instead provide an undocumented SOAP(XML) API. They however provide PHP/Go libraries that you can analyse to understand how the API work.
This API seems to have only one HTTP endpoint for editing DNS (https://api.transip.nl/wsdl/?service=DnsService ), that you always request in POST. You could get or set DNS using XML in the request, and you would receive an XML reply. It's not impossible to reverse how the PHP/Go libs woks, and I guess it would be possible to request this API directly in shell.
-
@svheel said in Available DNS providers in ACME package:
Sorry for replying to this old topic. My domain is also hosted at TransIP and I'm currently resorting to manually updating the certificate of my pfSense box (a Netgate SG-3100).
Late reply, but I settled with DNS alias mode, https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode, with a non-used domain pointing to Cloudflare for DNS. Works perfectly fine and is much more convenient than manual updates.
-
@free4 said in Available DNS providers in ACME package:
....The reason why transIP is only avaliable using lexicon, may be that that TransIP seems to not have a standard REST API. They instead provide an undocumented SOAP(XML) API. They however provide PHP/Go libraries that you can analyse to understand how the API work.
Transip today accounced a new REST API:
https://www.transip.nl/nieuws/de-nieuwe-transip-rest-api-is-live/
Hope this will eliminate the need for lexicon/python and that someone with coding skills is willing to look into this. -
If you haven't already, open a request on the acme.sh repository and let them know.
-
I stumbled upon:
https://github.com/acmesh-official/acme.sh/wiki/dnsapi#106-use-transip-domain-api
There still appears to be some caveats, but the extent of it at this point in time is for me unclear however.
(As of 21 May 2020) TransIP for example is not yet in the dropdown list of ACME DNS challenge method
-
I don't see any code in ACME which would take those parameters. Not currently or ever in the history of the git repository.
This was opened a few weeks ago but has not yet been merged: https://github.com/acmesh-official/acme.sh/pull/2895
So that's what you're waiting on to get merged into ACME and then after that point we can add it to pfSense.
-
@jimp TransIp is now in this list: https://github.com/acmesh-official/acme.sh/wiki/dnsapi#106-use-transip-domain-api
and it seems in the code here: https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_transip.shCan you please check?
-
There is code there now but it requires adding a key file outside of the script, which doesn't align with how all of the others we support work. It won't be simple to add like the others, so it may not show up any time soon in the pfSense ACME package.
-
Are there any plans to add the Hetzner DNS API to the ACME package? It seems to be available in acme.sh.
-
Hetzner : it could be as easy as coping this file https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_hetzner.sh into /usr/local/pkg/acme/dnsapi/ , with all the other dns_ files.
Because you use Hetzner, you know all about how Hetzner works.
Something special can be seen at the top 4 lines of the file :#!/usr/bin/env sh # #HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" #This means : obtain the token from Hetzner, and place it in the file.
And you remove the leading '#'.
