remove route53 until certbot/certbot#5781 or similar is merged

README.md

@@ -12,7 +12,7 @@ running at home or otherwise, including free TLS, without having to know too muc
 **Note: To fix [this issue](https://github.com/SpiderLabs/ModSecurity/issues/2848), instead of running `nginx -s reload`, this fork stops nginx and starts it again. This can result in a 502 error when you update your hosts. See https://github.com/ZoeyVid/NPMplus/issues/296 and https://github.com/ZoeyVid/NPMplus/issues/283.** <br>
 --->
 **Note: Reloading the NPMplus UI can cause a 502 error. See https://github.com/ZoeyVid/NPMplus/issues/241.** <br>
-**Note: NO armv7 support.** <br>
+**Note: NO armv7 and route53 support.** <br>
 **Note: add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf` to support PUID/PGID in network mode host.** <br>
 **Note: If you don't use network mode host, which I don't recommend, don't forget to expose port 443 on tcp AND udp (http3/quic needs udp).** <br>
 **Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to edit the daemon.json and restart docker, if you use the bridge network, otherwise please enable IPv6 in your custom docker network!** <br>

backend/internal/certificate.js

@@ -832,34 +832,18 @@ const internalCertificate = {
 		const credentialsCmd     = `echo '${escapedCredentials}' | tee '${credentialsLocation}'`;
 		const prepareCmd         = 'pip install --no-cache-dir ' + dns_plugin.package_name;
 
-		// Whether the plugin has a --<name>-credentials argument
-		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
-
 		let mainCmd = certbotCommand + ' certonly ' +
 			'--config "' + certbotConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--domains "' + certificate.domain_names.join(',') + '" ' +
 			'--authenticator ' + dns_plugin.full_plugin_name + ' ' +
-			(
-				hasConfigArg
-					? '--' + dns_plugin.full_plugin_name + '-credentials "' + credentialsLocation + '"'
-					: ''
-			) +
+			'--' + dns_plugin.full_plugin_name + '-credentials "' + credentialsLocation + '"' +
 			(
 				certificate.meta.propagation_seconds !== undefined
 					? ' --' + dns_plugin.full_plugin_name + '-propagation-seconds ' + certificate.meta.propagation_seconds
 					: ''
 			);
 
-		// Prepend the path to the credentials file as an environment variable
-		if (certificate.meta.dns_provider === 'route53') {
-			mainCmd = 'AWS_CONFIG_FILE=\'' + credentialsLocation + '\' ' + mainCmd;
-		}
-
-		if (certificate.meta.dns_provider === 'duckdns') {
-			mainCmd = mainCmd + ' --dns-duckdns-no-txt-restore';
-		}
-
 		if (certificate.meta.letsencrypt_email === '') {
 			mainCmd = mainCmd + ' --register-unsafely-without-email ';
 		} else {
@@ -972,12 +956,6 @@ const internalCertificate = {
 			'--preferred-challenges "dns,http" ' +
 			'--no-random-sleep-on-renew';
 
-		// Prepend the path to the credentials file as an environment variable
-		if (certificate.meta.dns_provider === 'route53') {
-			const credentialsLocation = '/data/tls/certbot/credentials/credentials-' + certificate.id;
-			mainCmd                   = 'AWS_CONFIG_FILE=\'' + credentialsLocation + '\' ' + mainCmd;
-		}
-
 		logger.info('Command:', mainCmd);
 
 		return utils.exec(mainCmd)

global/certbot-dns-plugins.js

@@ -61,8 +61,6 @@ dns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf274462
 	bunny: {
 		display_name:        'bunny.net',
 		package_name:        'certbot-dns-bunny',
-		version_requirement: '~=0.0.9',
-		dependencies:        '',
 		credentials:         `# Bunny API token used by Certbot (see https://dash.bunny.net/account/settings)
 dns_bunny_api_key = xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx`,
 		full_plugin_name: 'dns-bunny',
@@ -452,20 +450,18 @@ dns_rfc2136_algorithm = HMAC-SHA512`,
 		full_plugin_name: 'dns-rfc2136',
 	},
 	//####################################################//
-	route53: {
-		display_name:        'Route 53 (Amazon)',
-		package_name:        'certbot-dns-route53',
-		credentials:         `[default]
-aws_access_key_id=AKIAIOSFODNN7EXAMPLE
-aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
-		full_plugin_name: 'dns-route53',
-	},
-	//####################################################//
+/**	route53: {
+*		display_name:        'Route 53 (Amazon)',
+*		package_name:        'certbot-dns-route53',
+*		credentials:         `[default]
+*aws_access_key_id=AKIAIOSFODNN7EXAMPLE
+*aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
+*		full_plugin_name: 'dns-route53',
+*	},
+**/ //####################################################//
 	strato: {
 		display_name:        'Strato',
 		package_name:        'certbot-dns-strato',
-		version_requirement: '~=0.1.1',
-		dependencies:        '',
 		credentials:         `dns_strato_username = user
 dns_strato_password = pass
 # uncomment if you're using two factor authentication:

rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf

@@ -4,8 +4,4 @@ more_set_headers "X-Content-Type-Options: nosniff";
 more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
 more_set_headers "Content-Security-Policy: $content_security_policy";
 
-map $scheme $hsts_header {
-    https "max-age=31536000; includeSubDomains; preload";
-}
-
 more_set_headers "Strict-Transport-Security: $hsts_header";

rootfs/usr/local/nginx/conf/nginx.conf

@@ -67,6 +67,10 @@ http {
         '' "upgrade-insecure-requests";
     }
 
+    map $scheme $hsts_header {
+        https "max-age=31536000; includeSubDomains; preload";
+    }
+
     # Websocket
     map $http_upgrade $connection_upgrade {
         default upgrade;