dns_api feature request: Add and delete TXT records only

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol

https://acme.sh

GNU General Public License v3.0

38.87k stars 4.93k forks source link

dns_api feature request: Add and delete TXT records only #4472

Closed klaboor closed 1 year ago

klaboor commented 1 year ago

Hello,

Is it possible to add feature where we can control ONLY DNS TXT records creation/removal process without issuing the certificate? For example ./acme.sh --issue --dns <provider> -d mydomain.eu --create_dns_record_only --txt_value "some43charactersLongTxtString" ./acme.sh --issue --dns <provider> -d mydomain.eu --delete_dns_record_only --txt_value "some43charactersLongTxtString" There are a lot of Truenas Scale users using acmesh project to issue certificates, but it does not install certificate for them so they need to supply it by another custom scripts. However latest Truenas Scale version added option to run shell script as ACME challenge authenticator, but there is numerous providers issue. Since acmesh already covers wide variety of providers it's make sense to ask for help here. With such features we can use acmesh as ACME challange authenticator and let Truenas to issue, import, renew certificate. Thank you.

Neilpang commented 1 year ago

Yes, you can write a simple script to call the dns api easily:

#1.  source the whole acme.sh file for utils functions.
source  /root/.acme.sh/acme.sh  >/dev/null

#2.  source the  dns api that you want to use:
source  /root/.acme.sh/dnsapi/dns_cf.sh  >/dev/null

#3. OK, you can export the dns variables and use the api:

export  CF_Email=xxxxx@xxxx.com
export  CF_Key="xcccccc"

dns_cf_add    _acme-challenge.mydomain.tld    "TXTValue_to_add.........."

#4.  After use, you can remove the txt record:

dns_cf_rm    _acme-challenge.mydomain.tld    "TXTValue_to_add.........."

klaboor commented 1 year ago

Awesome. I created my own script based on functions I found for my provider but I totally forgot I can source main script. Tried that and it's working. Thank you very much.

cron0mat commented 1 year ago

Awesome. I created my own script based on functions I found for my provider but I totally forgot I can source main script. Tried that and it's working. Thank you very much.

Could you provide your bash script ? I get error mesages "config file is empty, can not save and can not clear ..."

acme.sh is installed as root and letsencrypt as server is registered. I also added acme.sh.env to the .bashrc

Siress commented 1 year ago

Could you provide your bash script ? I get error mesages "config file is empty, can not save and can not clear ..."

See other post here: https://www.truenas.com/community/threads/acme-dns-authenticator-shell-script.106589/post-739605