diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md index 64f4536..ce218f7 100644 --- a/letsencrypt/DOCS.md +++ b/letsencrypt/DOCS.md @@ -80,6 +80,8 @@ netcup_api_key: '' netcup_api_password: '' gandi_api_key: '' gandi_sharing_id: '' +transip_username: '' +transip_api_key: '' ``` ## Example Configurations @@ -200,6 +202,29 @@ dns: cloudflare_api_key: 0123456789abcdef0123456789abcdef01234 ``` +### TransIP + +You will need to generate an API key from the TransIP Control Panel at https://www.transip.nl/cp/account/api/. + +The propagation limit will be automatically raised to 240 seconds. + +Example configuration: +```yaml +email: hello@home-assistant.io +domains: + - your.domain.tld +certfile: fullchain.pem +keyfile: privkey.pem +challenge: dns +dns: + provider: dns-transip + transip_username: transip-user + transip_api_key: | + -----BEGIN PRIVATE KEY----- + MII..ABCDEFGHIJKLMNOPQRSTUVWXYZ + AAAAAABCDEFGHIJKLMNOPQRSTUVWXYZ + -----END PRIVATE KEY----- +``` ## Certificate files @@ -227,6 +252,7 @@ dns-route53 dns-sakuracloud dns-netcup dns-gandi +dns-transip ``` ## Support diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile index 355dfec..8dae40d 100755 --- a/letsencrypt/Dockerfile +++ b/letsencrypt/Dockerfile @@ -5,6 +5,7 @@ FROM $BUILD_FROM ARG CERTBOT_VERSION ARG CERTBOT_NETCUP_VERSION ARG CERTBOT_GANDI_VERSION +ARG CERTBOT_DNS_TRANSIP_VERSION RUN apk add --no-cache --update \ libffi \ @@ -34,6 +35,7 @@ RUN apk add --no-cache --update \ certbot-dns-sakuracloud==${CERTBOT_VERSION} \ certbot-dns-netcup==${CERTBOT_NETCUP_VERSION} \ certbot-plugin-gandi==${CERTBOT_GANDI_VERSION} \ + certbot-dns-transip==${CERTBOT_DNS_TRANSIP_VERSION} \ && apk del .build-dependencies # Copy data diff --git a/letsencrypt/build.json b/letsencrypt/build.json index d182881..e1674f3 100755 --- a/letsencrypt/build.json +++ b/letsencrypt/build.json @@ -9,6 +9,7 @@ "args": { "CERTBOT_VERSION": "1.2.0", "CERTBOT_NETCUP_VERSION": "0.31.0.1", - "CERTBOT_GANDI_VERSION": "1.2.5" + "CERTBOT_GANDI_VERSION": "1.2.5", + "CERTBOT_DNS_TRANSIP_VERSION": "0.3.0" } } diff --git a/letsencrypt/config.json b/letsencrypt/config.json index d1a73bd..e47808e 100755 --- a/letsencrypt/config.json +++ b/letsencrypt/config.json @@ -30,7 +30,7 @@ "keyfile": "str", "challenge": "list(dns|http)", "dns": { - "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi)?", + "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi|dns-transip)?", "propagation_seconds": "int(60,3600)?", "cloudflare_email": "email?", "cloudflare_api_key": "str?", @@ -66,7 +66,9 @@ "netcup_api_key": "str?", "netcup_api_password": "str?", "gandi_api_key": "str?", - "gandi_sharing_id": "str?" + "gandi_sharing_id": "str?", + "transip_username": "str?", + "transip_api_key": "str?" } }, "image": "homeassistant/{arch}-addon-letsencrypt" diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh index 1b9eea7..a4f865a 100644 --- a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh +++ b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh @@ -35,6 +35,15 @@ echo -e "dns_cloudxns_api_key = $(bashio::config 'dns.cloudxns_api_key')\n" \ "aws_secret_access_key = $(bashio::config 'dns.aws_secret_access_key')\n" \ "dns_sakuracloud_api_token = $(bashio::config 'dns.sakuracloud_api_token')\n" \ "dns_sakuracloud_api_secret = $(bashio::config 'dns.sakuracloud_api_secret')\n" \ - "certbot_plugin_gandi:dns_api_key = $(bashio::config 'dns.gandi_api_key')" > /data/dnsapikey + "certbot_plugin_gandi:dns_api_key = $(bashio::config 'dns.gandi_api_key')\n" \ + "certbot_dns_transip:dns_transip_username = $(bashio::config 'dns.transip_username')\n" \ + "certbot_dns_transip:dns_transip_key_file = /data/transip-rsa.key" > /data/dnsapikey chmod 600 /data/dnsapikey + +## Prepare TransIP RSA key +if bashio::config.exists 'dns.transip_api_key'; then + TRANSIP_API_KEY=$(bashio::config 'dns.transip_api_key') + echo "${TRANSIP_API_KEY}" | openssl rsa -out /data/transip-rsa.key + chmod 600 /data/transip-rsa.key +fi diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run index 916ca5f..236a4c8 100644 --- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run +++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run @@ -50,6 +50,16 @@ elif bashio::config.exists 'dns.google_creds'; then elif bashio::config.exists 'dns.netcup_customer_id' && bashio::config.exists 'dns.netcup_api_key' && bashio::config.exists 'dns.netcup_api_password'; then PROVIDER_ARGUMENTS+=("--authenticator" "certbot-dns-netcup:dns-netcup" "--certbot-dns-netcup:dns-netcup-credentials" /data/dnsapikey "--certbot-dns-netcup:dns-netcup-propagation-seconds" "${PROPAGATION_SECONDS}") +#TransIP +elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-transip" ]; then + bashio::config.require.username 'dns.transip_username' + bashio::config.require 'dns.transip_api_key' + if (( PROPAGATION_SECONDS < 240 )); then + bashio::log.info "Increasing DNS propagation limit for TransIP to at least 240 seconds." + PROPAGATION_SECONDS=240 + fi + PROVIDER_ARGUMENTS+=("--authenticator" "certbot-${DNS_PROVIDER}:${DNS_PROVIDER}" "--certbot-${DNS_PROVIDER}:${DNS_PROVIDER}-credentials" /data/dnsapikey "--certbot-${DNS_PROVIDER}:${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}") + # CloudFlare elif [ "${DNS_PROVIDER}" == "dns-cloudflare" ]; then if bashio::config.exists 'dns.cloudflare_api_token'; then