Namecheap API Access is working!


  • Rebel Alliance Developer Netgate

    As of ACME package version 0.5.1, Namecheap API updates are working.

    I mentioned this in the ACME 0.5 update thread, but it was worth its own thread.

    This does require some extra steps, including having to apply for API access with Namecheap. I documented the process here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

    Note that the script may still produce some errors, but it does function. The ACME challenge records are added and removed as expected.



  • That's nice, thanks.... I'd like to give it a try when I have a chance. A couple questions....

    From here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

    Warning
    The Namecheap DNS API requires that the client read all records and then write them all back when making any change. This is potentially dangerous. Take a backup of all DNS records on the domain before attempting to use the API.
    

    It reads all DNS records held in your Namecheap account, or just for that domain you are trying to set up... i.e. is the risk of a bad writeback just to that domain or all? How risky is it do you think?

    Once the API is enabled, then perform the following steps:
    ......
    Click Edit and add whitelisted IP addresses that can contact the API using this API key.
    

    Is whitelisting your IP mandatory? I guess it makes sense from security viewpoint, but if you are running on dynamic IP (hence the reason using namecheap as a dynamic dns) that wouldn't work would it?

    Thanks....


  • Rebel Alliance Developer Netgate

    @occamsrazor said in Namecheap API Access is working!:

    That's nice, thanks.... I'd like to give it a try when I have a chance. A couple questions....

    From here: https://www.netgate.com/docs/pfsense/certificates/acme-validation.html#namecheap-api

    Warning
    The Namecheap DNS API requires that the client read all records and then write them all back when making any change. This is potentially dangerous. Take a backup of all DNS records on the domain before attempting to use the API.
    

    It reads all DNS records held in your Namecheap account, or just for that domain you are trying to set up... i.e. is the risk of a bad writeback just to that domain or all? How risky is it do you think?

    It reads all your domains but only reads/writes DNS records for the domain being acted upon. It should be safe, but given the weird atomic/destructive nature of their requirements, it's always possible something could go wrong. It should only be isolated to a single domain, however.

    Once the API is enabled, then perform the following steps:
    ......
    Click Edit and add whitelisted IP addresses that can contact the API using this API key.
    

    Is whitelisting your IP mandatory? I guess it makes sense from security viewpoint, but if you are running on dynamic IP (hence the reason using namecheap as a dynamic dns) that wouldn't work would it?

    The Namecheap site implies it is required but I have not yet tested it without adding a whitelist entry. It is possible that the API may work without it, but it needs confirmation.