search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.54k stars 4.9k forks source link

Gandi Live DNS Depricated #4836

Closed FreakyBigFoot closed 7 months ago

FreakyBigFoot commented 11 months ago

Gandi has deprecated the live DNS API Keys. Is there another method planned to be able to accomplish DNS checks?

Neilpang commented 11 months ago

Is there any announcement ?

FreakyBigFoot commented 10 months ago

They deprecated the API and now use an application key. Since this change has occurred it seems it's no longer possible to renew certificates.

helix-loop commented 9 months ago

The announcement for the deprecation of DNS API Keys in favor of Personal Access Tokens is here: https://docs.gandi.net/en/account_management/security/developer_access.html

The description of PAT is here: https://docs.gandi.net/en/managing_an_organization/organizations/personal_access_token.html

I also had problems to renew certificates via DNS API Keys and had to renew manually, because neither DNS API Keys nor PAT are working with acme.sh at the moment.

I found this issue and the file where I expect Gandi LiveDNS API to be handled within acme.sh:

https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gandi_livedns.sh

There is the following line defining the API URL: GANDI_LIVEDNS_API="https://dns.api.gandi.net/api/v5"

However this URL is "https://api.gandi.net/v5/livedns" according to https://api.gandi.net/docs/livedns/

Should the URL be changed to support Gandi LiveDNS API again in acme.sh?

I was able to successfully renew a certificate via Gandi LiveDNS API using the proposed change of the URL.