Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Namecheap API Access is working!

    Scheduled Pinned Locked Moved ACME
    4 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      As of ACME package version 0.5.1, Namecheap API updates are working.

      I mentioned this in the ACME 0.5 update thread, but it was worth its own thread.

      This does require some extra steps, including having to apply for API access with Namecheap. I documented the process here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

      Note that the script may still produce some errors, but it does function. The ACME challenge records are added and removed as expected.

      Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 3
      • occamsrazorO
        occamsrazor
        last edited by occamsrazor

        That's nice, thanks.... I'd like to give it a try when I have a chance. A couple questions....

        From here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

        Warning
        The Namecheap DNS API requires that the client read all records and then write them all back when making any change. This is potentially dangerous. Take a backup of all DNS records on the domain before attempting to use the API.
        

        It reads all DNS records held in your Namecheap account, or just for that domain you are trying to set up... i.e. is the risk of a bad writeback just to that domain or all? How risky is it do you think?

        Once the API is enabled, then perform the following steps:
        ......
        Click Edit and add whitelisted IP addresses that can contact the API using this API key.
        

        Is whitelisting your IP mandatory? I guess it makes sense from security viewpoint, but if you are running on dynamic IP (hence the reason using namecheap as a dynamic dns) that wouldn't work would it?

        Thanks....

        pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
        Ubiquiti Unifi wired and wireless network, APC UPSs
        Mac OSX and IOS devices, QNAP NAS

        jimpJ 1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate @occamsrazor
          last edited by

          @occamsrazor said in Namecheap API Access is working!:

          That's nice, thanks.... I'd like to give it a try when I have a chance. A couple questions....

          From here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

          Warning
          The Namecheap DNS API requires that the client read all records and then write them all back when making any change. This is potentially dangerous. Take a backup of all DNS records on the domain before attempting to use the API.
          

          It reads all DNS records held in your Namecheap account, or just for that domain you are trying to set up... i.e. is the risk of a bad writeback just to that domain or all? How risky is it do you think?

          It reads all your domains but only reads/writes DNS records for the domain being acted upon. It should be safe, but given the weird atomic/destructive nature of their requirements, it's always possible something could go wrong. It should only be isolated to a single domain, however.

          Once the API is enabled, then perform the following steps:
          ......
          Click Edit and add whitelisted IP addresses that can contact the API using this API key.
          

          Is whitelisting your IP mandatory? I guess it makes sense from security viewpoint, but if you are running on dynamic IP (hence the reason using namecheap as a dynamic dns) that wouldn't work would it?

          The Namecheap site implies it is required but I have not yet tested it without adding a whitelist entry. It is possible that the API may work without it, but it needs confirmation.

          Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • occamsrazorO
            occamsrazor
            last edited by

            Just to revisit this thread.... I was having problems renewing my Namecheap Let's Encrypt certificate using the manual method so figured I would give this a try. It was all quite easy - the request in namecheap for API key was instant so seemingly automatic.
            You do have to whitelist the IP of the pfSense machine though... without having that IP in the whitelisted section of the namecheap API page results in an error when trying to issue the certificate. Other than that... all seems to work well - Thanks.

            pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
            Ubiquiti Unifi wired and wireless network, APC UPSs
            Mac OSX and IOS devices, QNAP NAS

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.