From ae84a86209fa96da90d5809b411a94b9c0ed0863 Mon Sep 17 00:00:00 2001
From: "Patrick T.C" <124277+ptc@users.noreply.github.com>
Date: Wed, 5 Feb 2020 21:51:30 +0100
Subject: [PATCH] added support for netcup dns (#1030)

* added support for netcup dns

* Changes based on PR feedback

* changed rexexp for netcup propagation seconds

* pinned netcup plugin to a version

* updated changelog + version to 4.4

* adapted to new format of example json
---
 letsencrypt/CHANGELOG.md |  4 ++++
 letsencrypt/Dockerfile   |  2 ++
 letsencrypt/README.md    | 33 +++++++++++++++++++++++++++++++--
 letsencrypt/build.json   |  3 ++-
 letsencrypt/config.json  | 10 +++++++---
 letsencrypt/data/run.sh  | 14 ++++++++++++++
 6 files changed, 60 insertions(+), 6 deletions(-)

diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
index a20b75f..1741e38 100755
--- a/letsencrypt/CHANGELOG.md
+++ b/letsencrypt/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 4.4
+
+- Added support for nectup dns
+
 ## 4.3
 
 - Added support for google dns
diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile
index 9eee4b1..514cd90 100755
--- a/letsencrypt/Dockerfile
+++ b/letsencrypt/Dockerfile
@@ -3,6 +3,7 @@ FROM $BUILD_FROM
 
 # setup base
 ARG CERTBOT_VERSION
+ARG CERTBOT_NETCUP_VERSION
 
 RUN apk add --no-cache --update \
         libffi \
@@ -28,6 +29,7 @@ RUN apk add --no-cache --update \
         certbot-dns-rfc2136==${CERTBOT_VERSION} \
         certbot-dns-route53==${CERTBOT_VERSION} \
         certbot-dns-sakuracloud==${CERTBOT_VERSION} \
+        certbot-dns-netcup==${CERTBOT_NETCUP_VERSION} \
     && apk del .build-dependencies
 
 # Copy data
diff --git a/letsencrypt/README.md b/letsencrypt/README.md
index 42ede72..6c30293 100644
--- a/letsencrypt/README.md
+++ b/letsencrypt/README.md
@@ -53,6 +53,7 @@ dnsprovider: ""
 
 In addition add the fields according to the credentials required by your dns provider:
 
+
 ```yaml
 cloudflare_email: ''
 cloudflare_api_key: ''
@@ -83,6 +84,10 @@ aws_access_key_id: ''
 aws_secret_access_key: ''
 sakuracloud_api_token: ''
 sakuracloud_api_secret: ''
+"netcup_customer_id": ''
+"netcup_api_key": ''
+"netcup_api_password": ''
+"netcup_propagation_seconds": ''
 ```
 
 ## Example Configurations
@@ -137,11 +142,34 @@ You can find additional information in regards to the required permissions in th
 
 <https://github.com/certbot/certbot/blob/master/certbot-dns-google/certbot_dns_google/__init__.py>
 
+### netcup dns challenge:
+```json
+{
+  "email": "hello@home-assistant.io",
+  "domains": [
+    "home-assistant.io"
+  ],
+  "certfile": "fullchain.pem",
+  "keyfile": "privkey.pem",
+  "challenge": "dns",
+  "dns": {
+    "provider": "dns-netcup",
+    "netcup_customer_id": "12345",
+    "netcup_api_key": "ABCDEFGHIJKLMNOPQRST",
+    "netcup_api_password": "1234567890ABCDEFGHIJK",
+    "netcup_propagation_seconds": "600"
+  }
+}
+```
+
+You can create the api key and api password in your netcup customer control panel. Here you'll also find you customer id.
+The "netcup_propagation_seconds" parameter sets the waiting time for DNS to propagate before asking the ACME server to verify the DNS record. It is highly recommended to setup a value >600 seconds.
+
 ## Certificate files
 
-The certificate files will be available within the "ssl" share after sucessful request of the certificates.
+The certificate files will be available within the "ssl" share after successful request of the certificates.
 
-By default other addons are refering to the correct path of the certificates.
+By default other addons are referring to the correct path of the certificates.
 You can in addition find the files via the "samba" addon within the "ssl" share.
 
 ## Supported DNS providers
@@ -161,6 +189,7 @@ dns-ovh
 dns-rfc2136
 dns-route53
 dns-sakuracloud
+dns-netcup
 ```
 
 ## Support
diff --git a/letsencrypt/build.json b/letsencrypt/build.json
index 756c329..965b196 100755
--- a/letsencrypt/build.json
+++ b/letsencrypt/build.json
@@ -7,6 +7,7 @@
     "i386": "homeassistant/i386-base-python:3.7-alpine3.10"
   },
   "args": {
-    "CERTBOT_VERSION": "1.0.0"
+    "CERTBOT_VERSION": "1.0.0",
+    "CERTBOT_NETCUP_VERSION": "0.31.0.1"
   }
 }
diff --git a/letsencrypt/config.json b/letsencrypt/config.json
index 5cdf95d..c5a5872 100755
--- a/letsencrypt/config.json
+++ b/letsencrypt/config.json
@@ -1,6 +1,6 @@
 {
   "name": "Let's Encrypt",
-  "version": "4.3",
+  "version": "4.4",
   "slug": "letsencrypt",
   "description": "Manage certificate from Let's Encrypt",
   "url": "https://github.com/home-assistant/hassio-addons/tree/master/letsencrypt",
@@ -29,7 +29,7 @@
     "keyfile": "str",
     "challenge": "list(dns|http)",
     "dns": {
-      "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud)?",
+      "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup)?",
       "cloudflare_email": "email?",
       "cloudflare_api_key": "str?",
       "cloudxns_api_key": "str?",
@@ -58,7 +58,11 @@
       "aws_access_key_id": "str?",
       "aws_secret_access_key": "str?",
       "sakuracloud_api_token": "str?",
-      "sakuracloud_api_secret": "str?"
+      "sakuracloud_api_secret": "str?",
+      "netcup_customer_id": "str?",
+      "netcup_api_key": "str?",
+      "netcup_api_password": "str?",
+      "netcup_propagation_seconds": "int(60,3600)?"
     }
   },
   "image": "homeassistant/{arch}-addon-letsencrypt"
diff --git a/letsencrypt/data/run.sh b/letsencrypt/data/run.sh
index 263c1f7..e30bfb7 100755
--- a/letsencrypt/data/run.sh
+++ b/letsencrypt/data/run.sh
@@ -37,6 +37,9 @@ echo -e "dns_cloudflare_email = $(bashio::config 'dns.cloudflare_email')\n" \
   "dns_linode_version = $(bashio::config 'dns.linode_version')\n" \
   "dns_luadns_email = $(bashio::config 'dns.luadns_email')\n" \
   "dns_luadns_token = $(bashio::config 'dns.luadns_token')\n" \
+  "certbot_dns_netcup:dns_netcup_customer_id = $(bashio::config 'dns.netcup_customer_id')\n" \
+  "certbot_dns_netcup:dns_netcup_api_key = $(bashio::config 'dns.netcup_api_key')\n" \
+  "certbot_dns_netcup:dns_netcup_api_password = $(bashio::config 'dns.netcup_api_password')\n" \
   "dns_nsone_api_key = $(bashio::config 'dns.nsone_api_key')\n" \
   "dns_ovh_endpoint = $(bashio::config 'dns.ovh_endpoint')\n" \
   "dns_ovh_application_key = $(bashio::config 'dns.ovh_application_key')\n" \
@@ -73,6 +76,17 @@ elif bashio::config.exists 'dns.google_creds'; then
       bashio::log.info "Google Credentials File doesnt exists in folder share."
     fi
     PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/${GOOGLE_CREDS}")
+#Netcup
+elif bashio::config.exists 'dns.netcup_customer_id' && bashio::config.exists 'dns.netcup_api_key' && bashio::config.exists 'dns.netcup_api_password'; then
+    if bashio::config.exists 'dns.netcup_propagation_seconds'; then
+      NETCUP_DNS_PROPAGATION_SECONDS="$(bashio::config 'dns.netcup_propagation_seconds')"
+    else
+      NETCUP_DNS_PROPAGATION_SECONDS=600
+      bashio::log.info "no propagation time found for netcup, using default value"
+    fi
+
+    PROVIDER_ARGUMENTS+=("--authenticator" "certbot-dns-netcup:dns-netcup" "--certbot-dns-netcup:dns-netcup-credentials" /data/dnsapikey "--certbot-dns-netcup:dns-netcup-propagation-seconds" "${NETCUP_DNS_PROPAGATION_SECONDS}")
+
 #All others
 else
     PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey)