Open kraygy opened 3 years ago
this is clearly the better approach but it has a couple of caveats
overall , would still use the limited API as it is instead of curl-ing/parsing the html body responses
thank you for the info @kraygy
Since you can set the DDNS key to the same across multiple entries, I would propose a more compatible offering would be to not re-use HE_Username, but instead, take in the full domain as per the original script. For example:
#!/usr/bin/env sh
# source: https://github.com/acmesh-official/acme.sh/issues/3406
dns_he_add() {
_full_domain=$1
_txt_value=$2
_info "Using DNS-01 Hurricane Electric hook"
HE_Username="${HE_Username:-$(_readaccountconf_mutable HE_Username)}"
HE_Password="${HE_Password:-$(_readaccountconf_mutable HE_Password)}"
if [ -z "$HE_Username" ] || [ -z "$HE_Password" ]; then
HE_Username=
HE_Password=
_err "No auth details provided. Please set user credentials using the \$HE_Username and \$HE_Password environment variables$ return 1
fi
_saveaccountconf_mutable HE_Username "$HE_Username"
_saveaccountconf_mutable HE_Password "$HE_Password"
hostname_encoded="$(printf "%s" "$_full_domain" | _url_encode)"
username_encoded="$(printf "%s" "${HE_Username}" | _url_encode)"
password_encoded="$(printf "%s" "${HE_Password}" | _url_encode)"
body="hostname=${hostname_encoded}&password=${password_encoded}&txt=$_txt_value"
response="$(_post "$body" "https://dyn.dns.he.net/nic/update")"
exit_code="$?"
if [ "$exit_code" -eq 0 ]; then
_info "TXT record added successfully."
else
_err "Couldn't add the TXT record."
fi
_debug2 response "$response"
return "$exit_code"
}
#-- dns_he_rm() - Remove TXT record ------------------------------------
# Usage: dns_he_rm _acme-challenge.subdomain.domain.com "XyZ123..."
dns_he_rm() {
_info "TXT removal not supported by Hurricane Electric"
return 0
}
Hi All,
I highly anticipated the HE DNS API and just came across this thread. Is there a reason why it is not merged yet? Is there an unresolved problem that I missed?
I searched previously for "HE.net" for open issues but didn't find this, but today I searched nic/update
and found this.
I already created my own similar script https://github.com/acmesh-official/acme.sh/issues/3512 , and I listed a few limitations of this approach in that issue.
Pull request: https://github.com/acmesh-official/acme.sh/pull/4318
The README file states that Hurricane Electric doesn't have an API but it has been updated. While not logged into a Hurricane Electric account the documentation on the call is available here: https://dns.he.net/
It's more secure that providing the username/password to the entire account. The username/password for the dynamic dns updates are limited to the specify record.
The three existing functions in the code can be modified to be just these two.