-
Notifications
You must be signed in to change notification settings - Fork 1
dnsapi2
Schlundtech offers an xml api with your standard login credentials, set them like so:
export SCHLUNDTECH_USER="yourusername"
export SCHLUNDTECH_PASSWORD="password"Then you can issue your certificates with:
./acme.sh --issue --dns dns_schlundtech -d example.com -d www.example.comThe SCHLUNDTECH_USER and SCHLUNDTECH_PASSWORD settings will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs of Schlundtech.de API, please report here: https://github.com/Neilpang/acme.sh/issues/2246
export ONECOM_User="sdfsdfsdfljlbjkljlkjsdfoiwje"
export ONECOM_Password="[email protected]"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_one -d example.com -d www.example.comNote:
It's no longer possible to add TXT Records with the Name "_acme-challenge" to the base Domain.
To override the fallback value, you must use a CNAME and proxy it.
For example:
CNAME _acme-challenge.yourdomain.com => proxy_acme-challenge.yourdomain.com
The TXT Records have to be created on proxy_acme-challenge.yourdomain.com
Since the default CNAME TTL is 3600 seconds, it is recommended to leave the CNAME record.
But if you would like to use the build-in SSL (for your Web-Site etc.) from one.com, you have to delete the Record.
You can set "ONECOM_KeepCnameProxy" to keep the CNAME record.
export ONECOM_KeepCnameProxy=1By default the CNAME record will be removed.
The ONECOM_User,ONECOM_Password and ONECOM_KeepCnameProxy will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs of one.com dns API, please report here: https://github.com/Neilpang/acme.sh/issues/2103
Acmeproxy can be used to as a single host in your network to request certificates through a DNS API. Clients can connect with one single host (the acmeproxy) so you don't need to store your DNS API credentials on every single host that wants to request a certificate.
export ACMEPROXY_ENDPOINT="https://acmeproxy.yourhost.com:9096"
export ACMEPROXY_USERNAME="username"
export ACMEPROXY_PASSWORD="password"Then you can issue your certificates with:
./acme.sh --issue --dns dns_acmeproxy -d example.com -d www.example.comThe ACMEPROXY_ENDPOINT, ACMEPROXY_USERNAME and ACMEPROXY_PASSWORD settings will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs of acmeproxy DNS API, please report here: https://github.com/Neilpang/acme.sh/issues/2251
Create an API token in your internetbs.net account.
Set your API token:
export INTERNETBS_API_KEY="..."
export INTERNETBS_API_PASSWORD="..."To issue a certificate run:
./acme.sh --issue --dns dns_internetbs -d example.com -d www.example.comThe INTERNETBS_API_KEY and INTERNETBS_API_PASSWORD will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs of internetbs.net API, please report here: https://github.com/Neilpang/acme.sh/issues/2261
Create an API token in your durabledns.com account.
Set your API token:
export DD_API_User="..."
export DD_API_Key="..."To issue a certificate run:
./acme.sh --issue --dns dns_durabledns -d example.com -d '*.example.com'The DD_API_User and DD_API_Key will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs of durabledns.com API, please report here: https://github.com/Neilpang/acme.sh/issues/2281
Set your API credentials:
export REGRU_API_Username='test'
export REGRU_API_Password='test'To issue a certificate run:
./acme.sh --issue --dns dns_regru -d 'example.com' -d '*.example.com'The REGRU_API_Username and REGRU_API_Password will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs of reg.ru API, please report here: Issue #2336
RU:
Установите свои учетные данные API:
В Настройки API для авторизации устанавливаем пароль в настройках "Альтернативный пароль", и добавляем IP в "Диапазоны IP-адресов" для избежание ошибки
response='{
"charset" : "utf-8",
"error_code" : "ACCESS_DENIED_FROM_IP",
"error_params" : {
"command_name" : "service/get_list"
},
"error_text" : "Access to API from this IP denied",
"messagestore" : null,
"result" : "error"
}'
Диапазоны IP-адресов
acme-v02.api.letsencrypt.org - 172.65.32.248 для получения SSL и api.reg.ru - 194.58.116.30 для тхт записи _acme-challenge
Для авторизатции в API выполните:
export REGRU_API_Username='водим свой логин для входа на REG.RU'
export REGRU_API_Password='водим пароль каторый настроили в настройках API для авторизации'Для получения сертификата выполните:
./acme.sh --issue --dns dns_regru -d 'example.com' -d '*.example.com'Настройки для авторизации REGRU_API_Username и REGRU_API_Password будут сохранены в ~/.acme.sh/account.conf и будут использоваться повторно при необходимости из конфига acme.
Если вы обнаружите какие-либо ошибки в API reg.ru, сообщите об этом здесь: Issue #2336
You'll need an API key for your Vultr account which you can find under the Account settings and you'll want to ensure the API key is allowed for any IPs you might be using acme.sh with.
Vultr supports creating sub-accounts with limited permissions, and it's a good idea to create a sub-account with only the 'Manage DNS' permission and use an API key from that sub-account.
export VULTR_API_KEY="<Your API key>"To issue a cert:
./acme.sh --issue --dns dns_vultr -d example.com -d www.example.comThe VULTR_API_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs of Vultr API, please report here: Issue #2374
支持京东云 jdcloud.com 的免费dns服务. 请先登陆控制台获取 api key id 和 api key secret:
https://uc.jdcloud.com/account/accesskey
export JD_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje"
export JD_ACCESS_KEY_SECRET="xxxxxxx"然后生成证书:
./acme.sh --issue --dns dns_jd -d example.com -d www.example.comJD_ACCESS_KEY_ID 和 JD_ACCESS_KEY_SECRET 会自动保存在这里 ~/.acme.sh/account.conf, 下次再生成证书时, 可以自动重用.
高级选项:
- 默认使用的是
cn-north-1区域. 目前不需要改动, 如果需要改的话, 再生成证书之前执行:
export JD_REGION="cn-north-1" # 这里写你要改的区域有 bug 的话可以报到这里: https://github.com/Neilpang/acme.sh/issues/2388
Create a role user in your Account -> Settings -> ShareAccess
Set the Access Control like bellow:
QueryDNSZoneRRList(dnszone=*):ALLOW
UpdateDNSZone():ALLOW
Remember the role id and role password.
export Hexonet_Login='username!roleId'
export Hexonet_Password="role password"For example:
My user name is neilpang, my role id is: testid. So I use the following format:
export Hexonet_Login='neilpang!testid'To issue a cert:
./acme.sh --issue --dns dns_hexonet -d example.com -d www.example.comThe Hexonet_Login and Hexonet_Password will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here:
https://github.com/Neilpang/acme.sh/issues/2389
You'll have to get a Domeneshop API key and secret (https://api.domeneshop.no/docs/).
export DOMENESHOP_Token="1234567890"
export DOMENESHOP_Secret="1234567890abcdefghijklmnopqrstuvw"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_domeneshop -d example.com -d www.example.comThe DOMENESHOP_Token and DOMENESHOP_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here:
https://github.com/Neilpang/acme.sh/issues/2457
First you need to login to your OPNsense account and create an API Key for a user with access to the Bind service.
https://docs.opnsense.org/development/api.html
export OPNs_Host="opnsense.example.com"
export OPNs_Port="443"
export OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA"
export OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv"
export OPNs_Api_Insecure=0Ok, let's issue a cert now:
./acme.sh --issue --dns dns_opnsense -d example.com -d www.example.comThe OPNs_Host, OPNs_Port, OPNs_Key, OPNs_Token and OPNs_Api_Insecure will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here:
https://github.com/Neilpang/acme.sh/issues/2480
First you need to login to your RcodeZero account, enable the REST API and generate an ACME API token (only the ACME API token will work wih acme.sh. It has limited access and could only be used to add/remove challenges to the zones).
https://my.rcodezero.at/enableapi
export RCODE0_API_TOKEN="acme_1232342342343OEH1G1gDcKNMsN7mx9EZgSU6AX79u5KRSxWnC"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_rcode0 -d example.com -d www.example.comThe RCODE0_API_TOKEN will be saved in ~/.acme.sh/account.conf and will be reused when needed.
The RcodeZero API driver supports two addtional environment variables
export RCODE0_URL=https://my.rcodezero.atUse a different RcodeZero API Endpoint (e.g. the RcodeZero Testsystem)
export RCODE0_TTL=60Use a different TTL for the generated records
If you find any bugs, please report here:
https://github.com/Neilpang/acme.sh/issues/2490
Use the MailinaBox (MIAB) Custom DNS REST API interface to MIAB DNS. You only need to set your MIAB login credentials and the fully qualified domain name of the MIAB Server. Suggest single quote over double quote to ensure characters are not interpreted by the shell - important for passwords.
export MIAB_Username='your_MIAB_admin_username'
export MIAB_Password='your_MIAB_admin_password'
export MIAB_Server='FQDN_of_your_MIAB_Server'To issue a cert:
./acme.sh --issue --dns dns_miab -d example.com -d www.example.comThe MIAB_Username, MIAB_Password and MIAB_Server will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here:
https://github.com/Neilpang/acme.sh/issues/2550
You need to login to nic.ru account and register your application here.
You need to define the following environment variables befor issuing a cert:
-
NIC_Username- login for sitenic.ruin form000000/NIC-D -
NIC_Password- password for sitenic.ru. It may be administrative or technical password (details) -
NIC_ClientID- your application identifier (details) -
NIC_ClientSecret- your application secret NIC_Tokenis base64 encoded string<client_id>:<client_secret>. This variable is deprecated. It is used for backward compatibility. If NIC_ClientID and NIC_ClientSecret are not defined, then they are calculated using old NIC_Token variable.
export NIC_Username='000000/NIC-D'
export NIC_Password='xxxxxxxx'
export NIC_ClientID='xxxxxxxx'
export NIC_ClientSecret='xxxxxxxx'To issue a cert:
./acme.sh --issue --dns dns_nic -d domain.com -d www.domain.comThe NIC_Username, NIC_Password, NIC_ClientID and NIC_ClientSecret will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here:
https://github.com/Neilpang/acme.sh/issues/2547
Docs:
- https://www.nic.ru/help/upload/file/API_DNS-hosting-en.pdf
- https://www.nic.ru/help/oauth-server_5809.html
First you need to login to your Leaseweb account to get your API Key.
export LSW_Key="safas-3fs3sd-34sdf-safss"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_leaseweb -d example.com -d www.example.comThe LSW_Key will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here: https://github.com/Neilpang/acme.sh/issues/2558
First you need to obtain your API Key from variomedia's customer support.
export VARIOMEDIA_API_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwjesdfsdfsdfljlbjkljlkjsdfoiwje"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_variomedia -d example.com -d www.example.comThe VARIOMEDIA_API_TOKEN will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here: https://github.com/Neilpang/acme.sh/issues/2564
Before using the module, you must set your Plesk user name and password, and the address of your Plesk XML API (sometimes called a URI, URL or web link). The URI usually looks similar to this:
https://address-of-my-plesk-server.net:8443/enterprise/control/agent.php
All commands are CASE SENSITIVE:
export pleskxml_uri="address of my Plesk server's API"
export pleskxml_user="my plesk username"
export pleskxml_pass="my plesk password"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_pleskxml -d example.com -d www.example.comThe pleskxml_uri, pleskxml_user and pleskxml_pass will be saved in ~/.acme.sh/account.conf and reused when needed.
If you find any bugs, please report here: https://github.com/Neilpang/acme.sh/issues/2577
PDNS Manager is a web frontend for Power DNS.
This script uses PDNS Manager API and its "Update via GET request" method. So only single record update possible and no wildcards, for now.
export PDNS_MANAGER_URL=https://mypdnsmanagerurl.nx
export PDNS_MANAGER_RECORDID=<record id>
export PDNS_MANAGER_PASSWORD=<record password>- Add your domain to PDNS Manager.
- Create a password for your record.
Then issue a new certificate:
./acme.sh --issue -d example.com --dns dns_pdnsmanagerGet your API token at https://console.misaka.io/settings
export Misaka_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"To issue a cert:
./acme.sh --issue --dns dns_misaka -d example.com -d www.example.comYou need to sign up for API access here or select 'User' -> 'Security' from the top menu and select 'signup' in the 'easyDNS REST API' section after logging in to your account. API Docs: https://sandbox.rest.easydns.net:3001/
Note that initially you are only granted API access to a sandbox environment, not your live DNS settings.
export EASYDNS_Token="xxxxxxxxxxxxxxx.xxxxxxxx"
export EASYDNS_Key="apixxxxxxxxxxxxxx.xxxxxxxx"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_easydns -d example.com -d www.example.comThe EASYDNS_Token and EASYDNS_Key will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here:
https://github.com/acmesh-official/acme.sh/issues/2647
Docs: https://github.com/vshosting/clouddns
export CLOUDDNS_EMAIL="[email protected]"
export CLOUDDNS_PASSWORD="xxxxxxxx"
export CLOUDDNS_CLIENT_ID="xxxxxxxxxxxxxxxxxxxx"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_clouddns -d example.com -d www.example.comThe CLOUDDNS_EMAIL, CLOUDDNS_PASSWORD and CLOUDDNS_CLIENT_ID will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs, please report here:
https://github.com/Neilpang/acme.sh/issues/2699
This uses the dynv6 SSH API to issue the certificate. You will need a ssh key to authenticate. You can specify your own key with export KEY="path/to/keyfile" or if no key is specified one will be created for you which you will have to add here. In both cases the path to the keyfile will be saved for reuse.
Alternatively you can use the HTTP REST API. For this you will need a HTTP Token, which you can generate from the dynv6 website. Use it with export DYNV6_TOKEN="value".
If both a SSH Key and a HTTP Token are specified the REST API will be used.
To issue a cert use:
./acme.sh --issue --dns dns_dynv6 -d www.example.dynv6.netIf you find any bugs, please report here:
https://github.com/acmesh-official/acme.sh/issues/2702
You need your login credentials for All-Inkl (https://kas.all-inkl.com).
export KAS_Login="....."
export KAS_Authtype="sha1"
export KAS_Authdata="....."Now you are able to issue a cert:
./acme.sh --issue --dns dns_kas -d example.com -d www.example.comThe KAS_Login, KAS_Authtype and KAS_Authdata will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Get your API credentials at https://manage.constellix.com/users
export CONSTELLIX_Key="XXX"
export CONSTELLIX_Secret="XXX"To issue a cert:
./acme.sh --issue --dns dns_constellix -d example.com -d www.example.comThe CONSTELLIX_Key and CONSTELLIX_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Get your API credentials at https://namemaster.de DNS/API
export NM_user="XXX"
export NM_sha256="XXX"To issue a cert:
./acme.sh --issue --dns dns_nm -d example.com -d www.example.comThe NM_user and NM_sha256 will be saved in ~/.acme.sh/account.conf and will be reused when needed.
How get your API credentials: https://api.adm.tools/osnovnie-polozheniya/dostup-k-api/
# Your login:
HostingUkraine_Login="XXX"
# Your api token:
HostingUkraine_Token="XXX"
To issue a cert:
./acme.sh --issue --dns dns_hostingukraine -d yourdomain.com -d www.yourdomain.comTo issue a wildcard cert:
./acme.sh --issue --dns dns_hostingukraine -d yourdomain.com -d '*.yourdomain.com' The HostingUkraine_Login and HostingUkraine_Token will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Get your API token at https://npanel.arvancloud.com/profile/api-keys
export Arvan_Token="fsdasdfsdfljlbjkljlkjsdfoiwje"To issue a cert:
./acme.sh --issue --dns dns_arvan -d example.com -d www.example.comThe Arvan_Token will be saved in ~/.acme.sh/account.conf and will be reused when needed.
You must activate Dynamic DNS in Joker.com DNS configuration first. Username and password below refer to Dynamic DNS authentication, not your Joker.com login credentials. See https://joker.com/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html.
NOTE: This script does not support wildcard certificates, because Joker.com API does not support adding two TXT records with the same subdomain. Adding the second record will overwrite the first one. See https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html:
... this request will replace all TXT records for the specified label by the provided content...
Report bugs to https://github.com/acmesh-official/acme.sh/issues/2840
export JOKER_USERNAME="xxxx"
export JOKER_PASSWORD="xxxx"To issue a cert:
./acme.sh --issue --dns dns_joker -d example.comThe JOKER_USERNAME and JOKER_PASSWORD will be saved in ~/.acme.sh/account.conf and will be reused when needed.
1984Hosting does not provide an API to update DNS records
(other than IPv4 and IPv6 dynamic DNS addresses). The acme.sh plugin therefore
retrieves and updates domain TXT records by logging into the 1984Hosting
website to read the HTML and posting updates as HTTP. The plugin needs to
know your username and password for the 1984Hosting website.
export One984HOSTING_Username=<your_username>
export One984HOSTING_Password=<your_password>You need only provide this the first time you run the acme.sh client with 1984Hosting
validation and then again whenever you change your password at the 1984Hosting site.
The acme.sh 1984Hosting plugin does not store your username or password,
but rather saves an authentication token returned by 1984Hosting
in ~/.acme.sh/account.conf and reuses it when needed.
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_1984hosting -d example.com -d *.example.comIf you have any issues with 1984Hosting DNS API please report them here.
Get your api token following instruction here at https://admin.arubabusiness.it/DashBoard/WebApiGuide.aspx
export ARUBA_TK="sdfsdfsdfljlbjkljlkjsdfoiwje" #ARUBA API Token
export ARUBA_AK="xxxxxxxxxxxxx" #ARUBA Username
export ARUBA_AS="xxxxxxxxxxxxx" #ARUBA PasswordOk, let's issue a cert now:
./acme.sh --issue --dns dns_aruba -d example.com -d www.example.comIf you find any bugs, please report here: https://github.com/JTrotta/acme.sh/issues
First you need to login to your TransIP account to get your private key.
export TRANSIP_Username="MyUserName"
export TRANSIP_Key_File="private_key"Note: TransIP is rather slow, so adding a --dnssleep of 300 might be adviced. Note 2: if the DNS fails with something like
Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
== Info: SSL certificate problem: unable to get local issuer certificate
Than maybe the root CA of TransIP is NOT in your cacerts. You can check this manually with
curl -vvI https://api.transip.nl
Currently, the root CA of TransIP is COMODO_RSA_Certification_Authority.crt you can add this trusted root CA with
--ca-bundle COMODO_RSA_Certification_Authority.crt
This script will create a new access token with a default lifetime of 30 minutes. Note that these tokens are by default IP-whitelisted and will not work if your IP is not whitelisted in the Transip control panel.
To issue a cert:
./acme.sh --issue --dns dns_transip --dnssleep 300 -d example.com -d www.example.comexport DF_user="XXX"
export DF_password="XXX"To issue a cert:
./acme.sh --issue --dns dns_df -d example.com -d www.example.comThe df_user and df_password will be saved in ~/.acme.sh/account.conf and will be reused when needed.
export NJALLA_Token="XXX"To issue a cert:
./acme.sh --issue --dns dns_njalla -d example.com -d www.example.comPlease report any bugs here: https://github.com/acmesh-official/acme.sh/issues/2913
Obtain an account token from https://vercel.com/account/tokens.
export VERCEL_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje"To issue a cert:
./acme.sh --issue --dns dns_vercel -d example.com -d www.example.comFirst you need to create/obtain API tokens on your Hetzner DNS console.
export HETZNER_Token="somelongrandomstring"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_hetzner -d example.com -d www.example.comThe HETZNER_Token settings will be saved in [acme.sh-config-home-path]/account.conf
and will be reused when needed.
The domain(s) zone_id(s) will be saved in CERT_HOME/[domain]/[domain].conf
in order to avoid multiple get_zone_id requests two months later.
If you're not already using the new "gases" name servers (hydrogen, oxygen and helium) don't forget to change the domain's whois ns section to them and wait about 24-48 Hours. See Hetzner wiki.
Contact kapper.net support via [email protected] to get your kapper.net DNS Panel API Key and Secret.
For initialzation call following in commandline
export KAPPERNETDNS_Key="yourKAPPERNETapikey"
export KAPPERNETDNS_Secret="yourKAPPERNETapisecret"You can start the acme.sh with following parameters for testing
./acme.sh --issue --dns dns_kappernet -d <example.com>
or for a wildcertificate
./acme.sh --issue --dns dns_kappernet -d <example.com> -d *.<example.com>
Please replace "<example.com>" with the name of the domain you wish to create a certificate for.
After the test you can replace your kapper.net DNS Panel API Key and Secret, it is stored in ~/.acme.sh/account.conf.
For repeated calls use
./acme.sh --issue --dns dns_kappernet -d <example.com>First create your WAPI password and add your IP address to access list at customer portal. For more info visit, https://kb.wedos.com/en/kategorie/wapi-api-interface/
Set variables:
export WEDOS_User='[email protected]'
export WEDOS_Pass='xxx123'
or use sha1 hash of WEDOS_Pass directly
export WEDOS_Hash='xxxxxxxxxx'Issue your certs:
./acme.sh --issue --dns dns_wedos -d xxx.xx -d www.xxx.xxWEDOS_User and WEDOS_Hash will be stored in ~/.acme.sh/account.conf and will be reused when needed.
Shellrent API offers one method to automatically issue certs.
First you need to login to your Shellrent account to get your API key. In order to use the token, you need to authorize your IP to have access to it. More Info on https://api.shellrent.com and https://guide.shellrent.com
export SH_Username="usrXXXX"
export SH_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"Alternatively, if the certificate only covers a single zone, you can speed up the process by specify the SH_Domain_ID directly:
export SH_Username="usrXXXX"
export SH_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
export SH_Domain_ID="xxxxxxxxxxxxx"Let's issue a cert now:
./acme.sh --issue --dns dns_shellrent -d example.com -d www.example.comThe SH_Username and SH_Token and SH_Domain_ID will be saved in ~/.acme.sh/account.conf and will be reused when needed.
This provider supports OpenStack Designate for creating DNS records.
Report any issues to https://github.com/acmesh-official/acme.sh/issues/3054
This provider requires the OpenStack Client (python-openstackclient) and Designate client (python-designateclient) be installed and available in your path.
It also requires you use Keystone V3 credentials, which can be either password or application credentials provided as environment variables. Any other authentication method will not save your credentials for renewal.
You will most likely want to source your OpenStack RC file to set your environment variables:
. openrc.sh
or manually like:
export OS_AUTH_URL=https://keystone.example.com:5000/
export OS_USERNAME=<username>
export OS_PASSWORD=<password>
export OS_PROJECT_NAME=<project name>
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=DefaultTo issue a cert:
./acme.sh --issue --dns dns_openstack -d example.comYour OpenStack credentials will be saved to ~/.acme.sh/account.conf and reused on renewal.
-
Generate a Personal Access Token at https://app.netlify.com/user/applications
-
Set your token for use with
export NETLIFY_ACCESS_TOKEN='arstdhneioqwfpgjluyzxcvbkm'- Issue a cert with:
./acme.sh --issue --dns dns_netlify -d example.com -d www.example.comThis provider supports the Akamai Edge DNS API for creating DNS records.
Report any issues to https://github.com/acmesh-official/acme.sh/issues/3157
This provider requires Akamai Open Edgegrid Credentials with EdgeDNS API access authorization. To create and establish your Akamai OPEN CREDENTIALS, see the authorization and credentials sections of the Akamai Developer Get Started guide.
The Akamai Open Edgegrid credentials must be specified as environment variables as follows:
export AKAMAI_CLIENT_TOKEN=<akamai edgegrid client token>
export AKAMAI_ACCESS_TOKEN=<akamai edgegrid access token>
export AKAMAI_CLIENT_SECRET=<akamai edgegrid client secret>
export AKAMAI_HOST=<akamai edgegrid api host>To issue a cert:
./acme.sh --issue --dns dns_edgedns -d example.comYour Akamai Edgegrid credentials will be saved to ~/.acme.sh/account.conf and reused on renewal.
WEDOS DNS provider comes from Czech Republic. DNS API implementation for WEDOS require your WEDOS's account to allow WAPI interface. You have to login to WEDOS administration, in setting allow WAPI interface (in days when this manual were written it was for free completelly). Configure WAPI interface to XML interface and register the IP addresses (IPv4 and IPv6) of the server where you plan to use acme.sh. That is from the manual side.
By doing this setting you should have WEDOS web account username and configured WAPI password. This must be configured to your acme.sh account in the first execution of acme.sh script. To save it to ~/.acme.sh/account.conf (and for subsequent acme.sh executions) just execute following before first execution of acme.sh script.
export WEDOS_Username=<your user name to login to wedos web account>
export WEDOS_Wapipass=<your WAPI passwords you setup using wedos web pages>Then you can issue a certificates:
./acme.sh --issue --dns dns_wedos -d "*.example.com" -d "examle.com"If you face any bug, please use this page to report it. But before reporting run the acme.sh with --debug 2 switch and append full acme.sh output to the issue report.
Enjoy it.
Obtain an api key and secret from https://admin.websupport.sk/en/auth/apiKey
export WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"To issue a cert:
./acme.sh --issue --dns dns_websupport -d "*.example.com" -d "examle.com"Report any issues to https://github.com/akulumbeg/acme.sh/issues
Infomaniak hosts a large number of domains and other hosted services. Create a token with Domain scope in the API dashboard at https://manager.infomaniak.com/v3/<account_id>/api/dashboard and export it as an environment variable:
export INFOMANIAK_API_TOKEN=xxx
./acme.sh --issue --dns dns_infomaniak -d example.com -d www.example.comPlease report any issue to https://github.com/acmesh-official/acme.sh/issues/3188
Bookmyname hosts domains and has a small API.
Export your login/pass as an environment variable:
export BOOKMYNAME_USERNAME=xxx
export BOOKMYNAME_PASSWORD=yyy
./acme.sh --issue --dns dns_bookmyname --dnssleep 600 -d example.com -d www.example.comPlease report any issue to https://github.com/acmesh-official/acme.sh/issues/3209
For DNS records managed via https://engine.anexia-it.com/clouddns
Export your token as an environment variable:
export ANX_Token='XXXXXXXXXXXXXXXXXXX'
./acme.sh --issue --dns dns_anx -d example.com -d www.example.comPlease report any issue to https://github.com/acmesh-official/acme.sh/issues/3238
Note that in order the script to be working properly acme.sh should be installed on Synology itself.
To issue a cert:
./acme.sh --issue --dns dns_synology_dsm -d example.com -d www.example.comTo issue a wildcard cert:
./acme.sh --issue --dns dns_synology_dsm -d example.com -d *.example.com
You can find more details here
Please report any issue here
Export your credentials as an environment variable:
About "DomainName" parameters see: https://support.huaweicloud.com/api-iam/iam_01_0006.html
export HUAWEICLOUD_Username=<Your Username> # IAM Username
export HUAWEICLOUD_Password=<Your Password>
export HUAWEICLOUD_DomainName=<Your DomainName>To issue a cert:
./acme.sh --issue --dns dns_huaweicloud -d example.com -d www.example.comTo issue a wildcard cert:
./acme.sh --issue --dns dns_huaweicloud -d example.com -d *.example.comExport your credentials, you will find your API key by logging in to your Simply.com account here:
export SIMPLY_AccountName=<Your accountname>
export SIMPLY_ApiKey=<Your API-key>To issue a cert:
./acme.sh --issue --dns dns_simply -d example.com -d www.example.comTo issue a wildcard cert:
./acme.sh --issue --dns dns_simply -d example.com -d *.example.comExport your credentials as an environment variable:
export WORLD4YOU_USERNAME=<customer-id>
export WORLD4YOU_PASSWORD=<password>To issue a cert:
./acme.sh --issue --dns dns_world4you -d example.com -d www.example.comTo issue a wildcard cert:
./acme.sh --issue --dns dns_world4you -d example.com -d *.example.comFirst, you'll need to retrieve your Api Key
export SCALEWAY_API_TOKEN='xxx'To issue a cert run:
./acme.sh --issue --dns dns_scaleway -d example.com -d www.example.comPlease report any issue here
export LS_Key="KEY"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_ls -d example.com -d www.example.comExport your credentials as an environment variable:
export RACKCORP_APIUUID="UUIDHERE"
export RACKCORP_APISECRET="SECRETHERE"To issue a cert:
./acme.sh --issue --dns dns_rackcorp -d example.com -d www.example.comTo issue a wildcard cert:
./acme.sh --issue --dns dns_rackcorp -d example.com -d *.example.comRead Getting Started to learn how to create an API key. Export your credentials as environment variables:
export IONOS_PREFIX="..."
export IONOS_SECRET="..."To issue a certificate, execute:
./acme.sh --issue --dns dns_ionos -d example.com -d www.example.comTo issue a wildcard certificate, execute:
./acme.sh --issue --dns dns_ionos -d example.com -d *.example.comRead Getting Started to learn how to create an API key. Export your credentials as environment variables:
export PORKBUN_API_KEY="..."
export PORKBUN_SECRET_API_KEY="..."To issue a certificate, execute:
./acme.sh --issue --dns dns_porkbun -d example.com -d www.example.comTo issue a wildcard certificate, execute:
./acme.sh --issue --dns dns_porkbun -d example.com -d *.example.comPCextreme B.V. is a Dutch cloud provider offering cloud services under the family name Aurora. Head over to DNS & Health Checks > Users to get your API credentials. Export your credentials as environment variables:
export AURORA_Key="..."
export AURORA_Secret="..."To issue a certificate, execute:
./acme.sh --issue --dns dns_aurora -d example.com -d www.example.comPlease report any issue to https://github.com/acmesh-official/acme.sh/issues/3459
Azion is a Edge Computing Platform to build modern applications at edge. This API reflects the Intelligent DNS product. Read this documentation to create an username/password and permissions to use this plugin.
Export your username/password as environment variables:
export AZION_Email="[email protected]"
export AZION_Password="password"To issue a certificate, execute:
./acme.sh --issue --dns dns_azion -d example.com -d www.example.comPlease report any issue to https://github.com/acmesh-official/acme.sh/issues/3555
See: https://github.com/acmesh-official/acme.sh/wiki/Using-Oracle-Cloud-Infrastructure-DNS
Créer un token API sur votre compte Hostline Hébergement VPS.
Ajouter les variables API suivantes :
export HOSTLINE_Token="xxx" (obligatoire)
export HOSTLINE_Url="https://api.hostline.fr" (optionnel)
export HOSTLINE_Ttl="60" ttl custom record (optionnel)Pour générer un certificat exécuter la commande correspondante à votre cas :
./acme.sh --issue --dns dns_hostline -d www.example.com # simple domain
./acme.sh --issue --dns dns_hostline -d example.com -d www.example.com # multi domain
./acme.sh --issue --dns dns_hostline -d example.com -d *.example.com # wildcardLes variables HOSTLINE_Token, HOSTLINE_Url (optionnel) et HOSTLINE_Ttl (optionnel) doivent être définies dans le fichier /root/.acme.sh/account.conf.
Si vous rencontrez un problème sur l'API Hostline Hébergement VPS, merci de rapporter votre problème sur le lien suivant : https://github.com/acmesh-official/acme.sh/issues/3675
Veesp offers HTTP REST API to manage vital details of account and services like DNS. Your standard login credentials is needed:
export VEESP_User="[email protected]"
export VEESP_Password="password"To issue a cert:
./acme.sh --issue --dns dns_veesp -d example.com -d www.example.comThe VEESP_User and VEESP_Password will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Please report any issue to https://github.com/acmesh-official/acme.sh/issues/3712
First you need to log into the cPanel interface and generate an API key for your account (under Security -> Manage API Tokens). Then set your username, api token and hostname:
export cPanel_Username=username
export cPanel_Apitoken=apitoken
export cPanel_Hostname=https://hostname:portexample
export cPanel_Username=myadminuseratnordicway
export cPanel_Apitoken=CXJ8HRXFNS363RQ71Z51TKM9KTHRFZVE
export cPanel_Hostname=https://cp04.nordicway.dk:2083Ok, let's issue a cert now:
./acme.sh --issue --dns dns_cpanel -d example.com -d www.example.com(see https://api.docs.cpanel.net/cpanel/introduction/#cpanel-or-webmail-session-url-1 regarding cPanel ports)
The cPanel_Username, cPanel_Apitoken and cPanel_Hostname will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Please report any issue to https://github.com/acmesh-official/acme.sh/issues/3732
!!! IMPORTANT: Make sure the verson of ISPMan supports TXT records !!!
The dns_ispman.sh api Adds & Deletes domain TXT records by authenticating into the ISPMan Customer Control Panel and executing related HTTP POST & GET requests.
The dns_ispman.sh api requires your <domain> and <passwd> for authentication:
export ISPMan_Username=<domain>
export ISPMan_Password=<passwd>The ISPMan_Username and ISPMan_Password will be saved in $LE_WORKING_DIR/account.conf and will be reused for certificate renewals.
Ok, let's issue a cert:
./acme.sh --issue --dns dns_ispman -d example.com -d *.example.comPlease report bugs to https://github.com/acmesh-official/acme.sh/issues/3751
export DNSHOME_Subdomain=""
export DNSHOME_SubdomainPassword=""Ok, let's issue a cert now:
./acme.sh --issue --dns dns_dnshome -d subdomain.ddnsdomain.tldThe DNSHOME_Subdomain and DNSHOME_SubdomainPassword will be saved in the domain conf and will be reused when needed.
Please report any issue to https://github.com/acmesh-official/acme.sh/issues/3819
First obtain you API key from the control panel.
export MB_AK="Key"
export MB_AS="Secret"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_mythic_beasts --domain example.comThe credentials will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Please report any issue to https://github.com/acmesh-official/acme.sh/issues/3848
First generate your dns zone key. Open your existing nameserver entry, click on [Passwort für dynamic DNS generieren] and save your zone. This generates a new key for your zone.
export SDNS_ZONE_KEY="Key"Ok, let's issue a cert now:
./acme.sh --issue --dns dns_sdns --domain example.comS-dns nameservers use anycast. It is therefore possible that the server next to your location already provides the new record, while the CA reaches another one that does not have the TXT record yet. To avoid such timing errors the dnssleep flag can be set to a value of 240 seconds.
./acme.sh --issue --dns dns_sdns --domain example.com --dnssleep 240Create an account at ud reselling.
There is no option to use an API key, so you just need to set your credentials as environment variables:
export UDR_USER="..."
export UDR_PASS="..."To issue a certificate, execute:
./acme.sh --issue --dns dns_udr -d example.com -d www.example.comTo issue a wildcard certificate, execute:
./acme.sh --issue --dns dns_udr -d example.com -d *.example.comThe UDR_USER and UDR_PASS will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Login to your curanet account, create a new API Application, and use client_id and secret as shown below
export CURANET_AUTHCLIENTID="..."
export CURANET_AUTHSECRET="..."To issue a certificate, execute:
./acme.sh --issue --dns dns_curanet -d example.com -d www.example.comTo issue a wildcard certificate, execute:
./acme.sh --issue --dns dns_curanet -d example.com -d *.example.comThe CURANET_AUTHCLIENTID and CURANET_AUTHSECRET will be saved in ~/.acme.sh/account.conf and will be reused when needed.
First, verify that API access is already enabled:
- Go to ArtFiles.de's DCP (Domain Control Panel).
- Click Passwords in the left menu.
- To the menu's right, the drop-down menu for Active is either
activeorinactive. - If Active is already set to
active, skip this step. Otherwise, enter your desired password into both text boxes, save it somewhere else (e. g. Firefox, KeePass, etc.) & click Apply below. - Copy User name's value, i. e. the one that starts with
api& then continues with your account number which is something likea12345678.
Export AF_API_Username & AF_API_Password only once (saved into domain's config file upon 1st successful script run):
export AF_API_Username="api12345678"
export AF_API_Password="apiPassword"To issue a certificate, execute:
./acme.sh --issue --dns dns_artfiles -d yourDomain.tldTo issue a wildcard certificate, execute:
./acme.sh --issue --dns dns_artfiles -d yourDomain.tld -d *.yourDomain.tldPlease report any issue at Eagle3386/acme.sh/issues.
Create an account at Geoscaling.
Set your credentials as environment variables:
export GEOSCALING_Username="..."
export GEOSCALING_Password="..."To issue a certificate, execute:
./acme.sh --issue --dns dns_geoscaling -d example.com -d www.example.comTo issue a wildcard certificate, execute:
./acme.sh --issue --dns dns_geoscaling -d example.com -d '*.example.com'The GEOSCALING_Username and GEOSCALING_Password will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Report bugs at this issue.
Get an API key in your fornex.com account page. Then
export FORNEX_API_KEY="Key"To issue a cert, run command:
./acme.sh --issue --dns dns_fornex -d example.comTo issue a wildcard certificate, execute:
./acme.sh --issue --dns dns_fornex -d example.com -d '*.example.com'Use your credentials
export [email protected]
export DnsServices_Password=YouPassword
To issue a cert, run command:
./acme.sh --issue --dns dns_dnsservices -d example.com
To issue a wildcard certificate, run command:
./acme.sh --issue --dns dns_dnsservices -d example.com -d '*.example.com'
You are able to create a free account on app.nodion.com and add an API key used by acme.sh by visiting the settings page. Please take this token and set it as env variable.
export NODION_API_KEY="Token"To issue a certificate, execute:
acme.sh --issue --dns dns_nodion -d example.comTo issue a wildcard certificate, execute:
acme.sh --issue --dns dns_nodion -d *.example.comUse your credentials
export LA_Id="appid"
export LA_Key="apikey"
To issue a cert, run command:
./acme.sh --issue --dns dns_la -d example.com
To issue a wildcard certificate, run command:
./acme.sh --issue --dns dns_la -d example.com -d *.example.com
Create a new service account with role dns.editor and create authorized key for him.
Required parameters:
export YC_Folder_ID="YC Folder ID"
export YC_SA_ID="Service Account ID"
export YC_SA_Key_ID="Service Account IAM Key ID"
# You need use YC_SA_Key_File_PEM_b64 or YC_SA_Key_File_Path
export YC_SA_Key_File_PEM_b64="Base64 content of private.key"
export YC_SA_Key_File_Path="/path/to/private.key"Optional parameters:
export YC_Zone_ID="DNS Zone ID"Now you cann issue a cert:
./acme.sh --issue --dns dns_yc -d example.com -d www.example.comBoth, YC_Folder_ID, YC_SA_ID, YC_SA_Key_ID, YC_SA_Key_File_PEM_b64 or YC_SA_Key_File_Path and YC_Zone_ID will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Find your API key at https://panel.bunny.net/account Then export the key:
export BUNNY_API_KEY="your-api-key-goes-here"Then you can issue a cert:
./acme.sh --issue --dns dns_bunny -d example.com -d www.example.comThe BUNNY_API_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.
If you find any bugs with the Bunny DNS API integration, please report them here: https://github.com/Neilpang/acme.sh/issues/4296
- create a new TXT record for a subdomainname with the needed prefix e.g. "_acme-challenge.example.com" (default) or "alias.example.com" (dns alias mode)
- for wildcard subdomains add a second TXT record for the identical subdomainname
- edit the TXT record and note the ID in (...) behind the subdomainname
- export each subdomainname (including the prefix) and the corresponding record IDs in SELFHOSTDNS_MAP like "subdomainname:RID1:RID2"
- at least one RID must be set, up to two are supported for wildcard subdomains
- each entry must be seperated by a space
- export username and password in SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD
Note: For username you have to use your account / customer number. You can find them in any invoice or on the right top of the selfhost dashboard.
export SELFHOSTDNS_USERNAME="myname"
export SELFHOSTDNS_PASSWORD="mypass"
export SELFHOSTDNS_MAP="_acme-challenge.example.com:12345:98765 alias.example.com:11111"
acme.sh --issue -d example.com --dns dns_selfhost
If your API is not supported yet, you can write your own DNS API.
Let's assume you want to name it 'myapi':
- Create a bash script named
~/.acme.sh/dns_myapi.sh, - In the script you must have a function named
dns_myapi_add()which will be called by acme.sh to add the DNS records. - Then you can use your API to issue cert like this:
./acme.sh --issue --dns dns_myapi -d example.com -d www.example.comFor more details, please check our sample script: dns_myapi.sh
See: DNS API Dev Guide
More APIs coming soon...