Hurricane Electric API for dynamic DNS for DNS-01

[hdholm]

Hurricane Electric has added an API (as of two days ago - see http://dns.he.net) DNS TXT records to allow for updating letsencrypt DNS-01 style authentication without needing to store the entire account key. It would be wonderful if acme.sh could be updated to account for this change.

[felmue]

Hi there just an FYI: the API he.net has implemented for DNS TXT records only allows to modify an existing record, but not to create or delete one (which is the method currently used). I think that might make this API more error prone as an empty DNS TXT record needs to be added manually first and its name needs to match exactly the domain name one wants to have validated. But then again I only briefly looked into this and I might as well be wrong about this assumption. Felix

[sammko]

Why was this closed?

[blarosen95]

Why was this closed?

only allows to modify an existing record, but not to create or delete one

Would be a "wont do" I believe. This is a simple thing to whip up on your own. Set the TXT record (the name will not need to change ever, just the value) manually. Run through the process of creating the wildcard cert and just use grep on the side to grab the TXT record value from letsencrypt, setting it as the value through HE's API, then finish the cert request. This is probably a single line of code in a bash script.

[blarosen95]

Why was this closed?

only allows to modify an existing record, but not to create or delete one

Would be a "wont do" I believe. This is a simple thing to whip up on your own. Set the TXT record (the name will not need to change ever, just the value) manually. Run through the process of creating the wildcard cert and just use grep on the side to grab the TXT record value from letsencrypt, setting it as the value through HE's API, then finish the cert request. This is probably a single line of code in a bash script.

On that note, I wound up writing my own script for dnsapi that actually uses the API instead of your whole account credentials and whatnot. Will issue a PR once I work out storing the DNS record keys (I have 3 different domains on there, so I've got room for testing this)

[rpavery]

Hi @blarosen95

Did you ever submit that PR for this? I'm happy to test at some point - I have several domains on HE too, and right now I do delegated certificate renewal through a different domain at my registrar until the dynamic TXT API is implemented. Thanks!

[blarosen95]

It is on my homelab somewhere and I'm currently in the middle of a move unfortunately. I might have a screenshot on LinkedIn though so I'll go look.

[blarosen95]

It's just a couple Curl commands with parameters passed at execution time. Would be best to automate it's running in a cron job tbh.

[pmarks-net]

I made a pull request: https://github.com/acmesh-official/acme.sh/pull/4318. It's not featureful enough to fully replace dns_he.sh, but I want to use server-specific passwords.