Open Gorgonbert opened 1 month ago
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade
If it's still not working, please provide the log with --debug 2
, otherwise, nobody can help you.
Hi,
Hurricane Electric has added a feature to enable the TXT validation for dynamic DNS domains. They announced the feature on https://dns.he.net/ (text below for convenience)
The current implementation of the "dns_he" script requires the credentials that give full access to all the DNS entries at the HE DNS service. The new feature of HE's DNS service offers the possibility to use credentials to one specific "TXT" entry and is therefore a lot more secure. If these credentials are leaked, only that specific entry can be compromised.
It would be highly desirable if the "dns_he" script could implement this feature.
In my research I found that "markkuleinio" has already submitted a new script to the dev branch (https://github.com/acmesh-official/acme.sh/issues/5237) but it's currently not moving forward.
Here is HE's description:
Dynamic TXT Records
We've received requests for dynamic TXT records for use with Let's Encrypt Certificates. We've added them in using the same basic ddns syntax that we already provide with the difference being the use of 'txt=' in place of 'myip='. You will need to create the dynamic TXT record from within the dns.he.net interface before you will be able to make updates. You will not be able to dynamically create and delete these TXT records as doing so would subsequently remove your ddns key associated with the record.
Authentication being passed in the URL % curl -4 "http://_acme-challenge.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com&txt=evaGxfADs6pSRb..."
Authentication and Updating using GET % curl "https://dyn.dns.he.net/nic/update?hostname=_acme-challenge.example.com&password=password&txt=evaGxfADs6pSRb..."
Authentication and Updating using a POST % curl "https://dyn.dns.he.net/nic/update" -d "hostname=_acme-challenge.example.com" -d "password=password" -d "txt=evaGxfADs6pSRb..."