letsencrypt: Add DirectAdmin DNS provider (#1381)

letsencrypt/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 4.9.0
+
+- Add support for DirectAdmin DNS
+
 ## 4.8.0
 
 - Add support for Gandi DNS

letsencrypt/DOCS.md

@@ -51,6 +51,9 @@ cloudflare_api_token: ''
 cloudxns_api_key: ''
 cloudxns_secret_key: ''
 digitalocean_token: ''
+directadmin_url: ''
+directadmin_username: ''
+directadmin_password: ''
 dnsimple_token: ''
 dnsmadeeasy_api_key: ''
 dnsmadeeasy_secret_key: ''
@@ -202,6 +205,34 @@ dns:
   cloudflare_api_key: 0123456789abcdef0123456789abcdef01234
 ```
 
+### DirectAdmin
+
+It is recommended to create a login key in the DirectAdmin control panel to be used as value for directadmin_password.
+Instructions on how to create such key can be found at https://help.directadmin.com/item.php?id=523.
+
+Make sure to grant the following permissions:
+- `CMD_API_LOGIN_TEST`
+- `CMD_API_DNS_CONTROL`
+- `CMD_API_SHOW_DOMAINS`
+
+Username and password can also be used in case your DirectAdmin instance has no support for login keys.
+
+Example configuration:
+```yaml
+email: mail@domain.tld
+domains:
+  - your.domain.tld
+certfile: fullchain.pem
+keyfile: privkey.pem
+challenge: dns
+dns:
+  propagation_seconds: 60
+  provider: dns-directadmin
+  directadmin_url: 'https://domain.tld:2222/'
+  directadmin_username: da_user
+  directadmin_password: da_password_or_key
+```
+
 ### TransIP
 
 You will need to generate an API key from the TransIP Control Panel at https://www.transip.nl/cp/account/api/.
@@ -242,6 +273,7 @@ You can in addition find the files via the "samba" addon within the "ssl" share.
 dns-cloudflare
 dns-cloudxns
 dns-digitalocean
+dns-directadmin
 dns-dnsimple
 dns-dnsmadeeasy
 dns-gehirn

letsencrypt/Dockerfile

@@ -3,6 +3,7 @@ FROM $BUILD_FROM
 
 # setup base
 ARG CERTBOT_VERSION
+ARG CERTBOT_DNS_DIRECTADMIN_VERSION
 ARG CERTBOT_NETCUP_VERSION
 ARG CERTBOT_GANDI_VERSION
 ARG CERTBOT_DNS_TRANSIP_VERSION
@@ -22,6 +23,7 @@ RUN apk add --no-cache --update \
         certbot-dns-cloudflare==${CERTBOT_VERSION} \
         certbot-dns-cloudxns==${CERTBOT_VERSION} \
         certbot-dns-digitalocean==${CERTBOT_VERSION} \
+        certbot-dns-directadmin==${CERTBOT_DNS_DIRECTADMIN_VERSION} \
         certbot-dns-dnsimple==${CERTBOT_VERSION} \
         certbot-dns-dnsmadeeasy==${CERTBOT_VERSION} \
         certbot-dns-gehirn==${CERTBOT_VERSION} \

letsencrypt/build.json

@@ -8,6 +8,7 @@
   },
   "args": {
     "CERTBOT_VERSION": "1.2.0",
+    "CERTBOT_DNS_DIRECTADMIN_VERSION": "0.0.13",
     "CERTBOT_NETCUP_VERSION": "0.31.0.1",
     "CERTBOT_GANDI_VERSION": "1.2.5",
     "CERTBOT_DNS_TRANSIP_VERSION": "0.3.0"

letsencrypt/config.json

@@ -1,6 +1,6 @@
 {
   "name": "Let's Encrypt",
-  "version": "4.8.0",
+  "version": "4.9.0",
   "slug": "letsencrypt",
   "description": "Manage certificate from Let's Encrypt",
   "url": "https://github.com/home-assistant/hassio-addons/tree/master/letsencrypt",
@@ -30,7 +30,7 @@
     "keyfile": "str",
     "challenge": "list(dns|http)",
     "dns": {
-      "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi|dns-transip)?",
+      "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi|dns-transip)?",
       "propagation_seconds": "int(60,3600)?",
       "cloudflare_email": "email?",
       "cloudflare_api_key": "str?",
@@ -38,6 +38,9 @@
       "cloudxns_api_key": "str?",
       "cloudxns_secret_key": "str?",
       "digitalocean_token": "str?",
+      "directadmin_url": "str?",
+      "directadmin_username": "str?",
+      "directadmin_password": "str?",
       "dnsimple_token": "str?",
       "dnsmadeeasy_api_key": "str?",
       "dnsmadeeasy_secret_key": "str?",

letsencrypt/rootfs/etc/cont-init.d/file-structure.sh

@@ -9,6 +9,9 @@ mkdir -p /data/letsencrypt
 echo -e "dns_cloudxns_api_key = $(bashio::config 'dns.cloudxns_api_key')\n" \
       "dns_cloudxns_secret_key = $(bashio::config 'dns.cloudxns_secret_key')\n" \
       "dns_digitalocean_token = $(bashio::config 'dns.digitalocean_token')\n" \
+      "certbot_dns_directadmin:directadmin_url = $(bashio::config 'dns.directadmin_url')\n" \
+      "certbot_dns_directadmin:directadmin_username = $(bashio::config 'dns.directadmin_username')\n" \
+      "certbot_dns_directadmin:directadmin_password = $(bashio::config 'dns.directadmin_password')\n" \
       "dns_dnsimple_token = $(bashio::config 'dns.dnsimple_token')\n" \
       "dns_dnsmadeeasy_api_key = $(bashio::config 'dns.dnsmadeeasy_api_key')\n" \
       "dns_dnsmadeeasy_secret_key = $(bashio::config 'dns.dnsmadeeasy_secret_key')\n" \

letsencrypt/rootfs/etc/services.d/lets-encrypt/run

@@ -73,6 +73,13 @@ elif [ "${DNS_PROVIDER}" == "dns-cloudflare" ]; then
 
     PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey "--dns-cloudflare-propagation-seconds" "${PROPAGATION_SECONDS}")
 
+# DirectAdmin
+elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-directadmin" ]; then
+    bashio::config.require 'dns.directadmin_url'
+    bashio::config.require 'dns.directadmin_username'
+    bashio::config.require 'dns.directadmin_password'
+    PROVIDER_ARGUMENTS+=("--authenticator" "certbot-dns-directadmin:directadmin" "--certbot-dns-directadmin:directadmin-credentials" /data/dnsapikey "--certbot-dns-directadmin:directadmin-propagation-seconds" "${PROPAGATION_SECONDS}")
+
 # Gandi
 elif [ "${DNS_PROVIDER}" == "dns-gandi" ]; then
     if bashio::config.exists 'dns.gandi_sharing_id'; then