From cb031bfe417232012615917e92c985ee31e2cd2e Mon Sep 17 00:00:00 2001 From: Simon Lepla Date: Thu, 11 Jun 2020 11:33:34 +0200 Subject: [PATCH] letsencrypt: Add DirectAdmin DNS provider (#1381) --- letsencrypt/CHANGELOG.md | 4 +++ letsencrypt/DOCS.md | 32 +++++++++++++++++++ letsencrypt/Dockerfile | 2 ++ letsencrypt/build.json | 1 + letsencrypt/config.json | 7 ++-- .../rootfs/etc/cont-init.d/file-structure.sh | 3 ++ .../rootfs/etc/services.d/lets-encrypt/run | 7 ++++ 7 files changed, 54 insertions(+), 2 deletions(-) mode change 100755 => 100644 letsencrypt/CHANGELOG.md mode change 100755 => 100644 letsencrypt/Dockerfile mode change 100755 => 100644 letsencrypt/build.json mode change 100755 => 100644 letsencrypt/config.json diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md old mode 100755 new mode 100644 index eac6ef5..fd701e4 --- a/letsencrypt/CHANGELOG.md +++ b/letsencrypt/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 4.9.0 + +- Add support for DirectAdmin DNS + ## 4.8.0 - Add support for Gandi DNS diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md index 97c900a..d7e5586 100644 --- a/letsencrypt/DOCS.md +++ b/letsencrypt/DOCS.md @@ -51,6 +51,9 @@ cloudflare_api_token: '' cloudxns_api_key: '' cloudxns_secret_key: '' digitalocean_token: '' +directadmin_url: '' +directadmin_username: '' +directadmin_password: '' dnsimple_token: '' dnsmadeeasy_api_key: '' dnsmadeeasy_secret_key: '' @@ -202,6 +205,34 @@ dns: cloudflare_api_key: 0123456789abcdef0123456789abcdef01234 ``` +### DirectAdmin + +It is recommended to create a login key in the DirectAdmin control panel to be used as value for directadmin_password. +Instructions on how to create such key can be found at https://help.directadmin.com/item.php?id=523. + +Make sure to grant the following permissions: +- `CMD_API_LOGIN_TEST` +- `CMD_API_DNS_CONTROL` +- `CMD_API_SHOW_DOMAINS` + +Username and password can also be used in case your DirectAdmin instance has no support for login keys. + +Example configuration: +```yaml +email: mail@domain.tld +domains: + - your.domain.tld +certfile: fullchain.pem +keyfile: privkey.pem +challenge: dns +dns: + propagation_seconds: 60 + provider: dns-directadmin + directadmin_url: 'https://domain.tld:2222/' + directadmin_username: da_user + directadmin_password: da_password_or_key +``` + ### TransIP You will need to generate an API key from the TransIP Control Panel at https://www.transip.nl/cp/account/api/. @@ -242,6 +273,7 @@ You can in addition find the files via the "samba" addon within the "ssl" share. dns-cloudflare dns-cloudxns dns-digitalocean +dns-directadmin dns-dnsimple dns-dnsmadeeasy dns-gehirn diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile old mode 100755 new mode 100644 index 8dae40d..d80cc45 --- a/letsencrypt/Dockerfile +++ b/letsencrypt/Dockerfile @@ -3,6 +3,7 @@ FROM $BUILD_FROM # setup base ARG CERTBOT_VERSION +ARG CERTBOT_DNS_DIRECTADMIN_VERSION ARG CERTBOT_NETCUP_VERSION ARG CERTBOT_GANDI_VERSION ARG CERTBOT_DNS_TRANSIP_VERSION @@ -22,6 +23,7 @@ RUN apk add --no-cache --update \ certbot-dns-cloudflare==${CERTBOT_VERSION} \ certbot-dns-cloudxns==${CERTBOT_VERSION} \ certbot-dns-digitalocean==${CERTBOT_VERSION} \ + certbot-dns-directadmin==${CERTBOT_DNS_DIRECTADMIN_VERSION} \ certbot-dns-dnsimple==${CERTBOT_VERSION} \ certbot-dns-dnsmadeeasy==${CERTBOT_VERSION} \ certbot-dns-gehirn==${CERTBOT_VERSION} \ diff --git a/letsencrypt/build.json b/letsencrypt/build.json old mode 100755 new mode 100644 index e1674f3..51c6b9f --- a/letsencrypt/build.json +++ b/letsencrypt/build.json @@ -8,6 +8,7 @@ }, "args": { "CERTBOT_VERSION": "1.2.0", + "CERTBOT_DNS_DIRECTADMIN_VERSION": "0.0.13", "CERTBOT_NETCUP_VERSION": "0.31.0.1", "CERTBOT_GANDI_VERSION": "1.2.5", "CERTBOT_DNS_TRANSIP_VERSION": "0.3.0" diff --git a/letsencrypt/config.json b/letsencrypt/config.json old mode 100755 new mode 100644 index e47808e..a7f7a5f --- a/letsencrypt/config.json +++ b/letsencrypt/config.json @@ -1,6 +1,6 @@ { "name": "Let's Encrypt", - "version": "4.8.0", + "version": "4.9.0", "slug": "letsencrypt", "description": "Manage certificate from Let's Encrypt", "url": "https://github.com/home-assistant/hassio-addons/tree/master/letsencrypt", @@ -30,7 +30,7 @@ "keyfile": "str", "challenge": "list(dns|http)", "dns": { - "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi|dns-transip)?", + "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi|dns-transip)?", "propagation_seconds": "int(60,3600)?", "cloudflare_email": "email?", "cloudflare_api_key": "str?", @@ -38,6 +38,9 @@ "cloudxns_api_key": "str?", "cloudxns_secret_key": "str?", "digitalocean_token": "str?", + "directadmin_url": "str?", + "directadmin_username": "str?", + "directadmin_password": "str?", "dnsimple_token": "str?", "dnsmadeeasy_api_key": "str?", "dnsmadeeasy_secret_key": "str?", diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh index a4f865a..15fcd1d 100644 --- a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh +++ b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh @@ -9,6 +9,9 @@ mkdir -p /data/letsencrypt echo -e "dns_cloudxns_api_key = $(bashio::config 'dns.cloudxns_api_key')\n" \ "dns_cloudxns_secret_key = $(bashio::config 'dns.cloudxns_secret_key')\n" \ "dns_digitalocean_token = $(bashio::config 'dns.digitalocean_token')\n" \ + "certbot_dns_directadmin:directadmin_url = $(bashio::config 'dns.directadmin_url')\n" \ + "certbot_dns_directadmin:directadmin_username = $(bashio::config 'dns.directadmin_username')\n" \ + "certbot_dns_directadmin:directadmin_password = $(bashio::config 'dns.directadmin_password')\n" \ "dns_dnsimple_token = $(bashio::config 'dns.dnsimple_token')\n" \ "dns_dnsmadeeasy_api_key = $(bashio::config 'dns.dnsmadeeasy_api_key')\n" \ "dns_dnsmadeeasy_secret_key = $(bashio::config 'dns.dnsmadeeasy_secret_key')\n" \ diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run index 236a4c8..cc6fd39 100644 --- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run +++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run @@ -73,6 +73,13 @@ elif [ "${DNS_PROVIDER}" == "dns-cloudflare" ]; then PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey "--dns-cloudflare-propagation-seconds" "${PROPAGATION_SECONDS}") +# DirectAdmin +elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-directadmin" ]; then + bashio::config.require 'dns.directadmin_url' + bashio::config.require 'dns.directadmin_username' + bashio::config.require 'dns.directadmin_password' + PROVIDER_ARGUMENTS+=("--authenticator" "certbot-dns-directadmin:directadmin" "--certbot-dns-directadmin:directadmin-credentials" /data/dnsapikey "--certbot-dns-directadmin:directadmin-propagation-seconds" "${PROPAGATION_SECONDS}") + # Gandi elif [ "${DNS_PROVIDER}" == "dns-gandi" ]; then if bashio::config.exists 'dns.gandi_sharing_id'; then