Namecheap API Access is working!

jimp

As of ACME package version 0.5.1, Namecheap API updates are working.

I mentioned this in the ACME 0.5 update thread, but it was worth its own thread.

This does require some extra steps, including having to apply for API access with Namecheap. I documented the process here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

Note that the script may still produce some errors, but it does function. The ACME challenge records are added and removed as expected.

occamsrazor

That's nice, thanks.... I'd like to give it a try when I have a chance. A couple questions....

From here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

Warning
The Namecheap DNS API requires that the client read all records and then write them all back when making any change. This is potentially dangerous. Take a backup of all DNS records on the domain before attempting to use the API.

It reads all DNS records held in your Namecheap account, or just for that domain you are trying to set up... i.e. is the risk of a bad writeback just to that domain or all? How risky is it do you think?

Once the API is enabled, then perform the following steps:
......
Click Edit and add whitelisted IP addresses that can contact the API using this API key.

Is whitelisting your IP mandatory? I guess it makes sense from security viewpoint, but if you are running on dynamic IP (hence the reason using namecheap as a dynamic dns) that wouldn't work would it?

Thanks....

jimp

@occamsrazor said in Namecheap API Access is working!:

That's nice, thanks.... I'd like to give it a try when I have a chance. A couple questions....

From here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

Warning
The Namecheap DNS API requires that the client read all records and then write them all back when making any change. This is potentially dangerous. Take a backup of all DNS records on the domain before attempting to use the API.

It reads all DNS records held in your Namecheap account, or just for that domain you are trying to set up... i.e. is the risk of a bad writeback just to that domain or all? How risky is it do you think?

It reads all your domains but only reads/writes DNS records for the domain being acted upon. It should be safe, but given the weird atomic/destructive nature of their requirements, it's always possible something could go wrong. It should only be isolated to a single domain, however.

Once the API is enabled, then perform the following steps:
......
Click Edit and add whitelisted IP addresses that can contact the API using this API key.

Is whitelisting your IP mandatory? I guess it makes sense from security viewpoint, but if you are running on dynamic IP (hence the reason using namecheap as a dynamic dns) that wouldn't work would it?

The Namecheap site implies it is required but I have not yet tested it without adding a whitelist entry. It is possible that the API may work without it, but it needs confirmation.

occamsrazor

Just to revisit this thread.... I was having problems renewing my Namecheap Let's Encrypt certificate using the manual method so figured I would give this a try. It was all quite easy - the request in namecheap for API key was instant so seemingly automatic.
You do have to whitelist the IP of the pfSense machine though... without having that IP in the whitelisted section of the namecheap API page results in an error when trying to issue the certificate. Other than that... all seems to work well - Thanks.