Add DNS provider for RcodeZero

[MikeAT]

This PR add a DNS provider for RcodeZero (https://www.rcodezero.at)

API-Documentation available at https://my.rcodezero.at/openapi

[ldez]

Hello, in order for a PR adding a DNS provider to be accepted, you have to:

• [x] add a description to your PR
• [x] be able to maintain this provider
• [x] have a homogeneous design with the other providers
• [x] add tests (units)

  make test

• [x] add tests ("live") https://github.com/go-acme/lego/blob/c938de68f262c057542d44bcb67ef961cefcc60e/providers/dns/cloudflare/cloudflare_test.go#L125-L151

make test

• [x] add a provider descriptor
• [x] generate CLI help, documentation, and readme.

  make generate-dns

• [x] be able to do: (and put the output of this command to a comment in your PR)

  
  rm -rf .lego

./lego -m your@email.com --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Note the wildcard domain is important.
- [x] pass the linter ([golangci-lint](https://github.com/golangci/golangci-lint#install) must be installed):
```shell
make checks

• [x] do go mod tidy

[ldez]

Hello,

I can see several problems:

• you have copy-paste the ppdns provider but it contains some specific things that you don't need.
• the documentation is about v2 but you have created the implementation on the v1. (I think it's because you have used acmesh as a reference instead of the API documentation)
• some fixtures files are not used

In summary, the client must be fully rewritten to follow the API v2.

• Get RRset
• Manage RRsets

[MikeAT]

the API has some special "ACME" routes (with /api/v1/acme) with are not in the offical documenation and which are still (and will be in the future) supported on APIv1 (because they are used by other ACME implementations too).

[ldez]

Maybe it was a special endpoint in the v1 but you can mainly do the same thing with v2: Manage RRsets

The use of a not documented API endpoint is a maintenance problem: if the API changes, we will not be able to update the implementation.

[ldez]

Are you an employee of RcodeZero or a customer?

[ldez]

You seem to be an employee https://www.nic.at/en/team/research-and-development I will say that we can overcome the missing API documentation in this context.

But the client implementation and the tests still need to be updated.

[MikeAT]

Yes, I am an employee and the main developer of the API.

With the /api/v1/acme/zones/<zone>/rrsets route, your are only apple to update the acme_challenge records, so if your API token leaks it can not be used for abuse. The /api/v2/zones/<zone>/rrsets calls allows the complete modification for all RRsets in the zone. This is the reason why we implemented the acme routes (and keep them stable while we improve the API).

[ldez]

I updated the code and the documentation to have a homogeneous design.

Can you give me the output of the last unchecked box? https://github.com/go-acme/lego/pull/1947#issuecomment-1612665530

[MikeAT]

Thank you very much for the review and the updates.

This is the missing output:

$ rm -rf .lego

$ ./lego -m nobody@nic.at --dns rcodezero -d "*.le.braunoeder.at"  -d "le.braunoeder.at" -s https://acme-staging-v02.api.letsencrypt.org/directory run
2023/06/29 14:42:43 No key found for account nobody@nic.at. Generating a P256 key.
2023/06/29 14:42:43 Saved key to /home/mib/projects/go/lego/dist/.lego/accounts/acme-staging-v02.api.letsencrypt.org/nobody@nic.at/keys/nobody@nic.at.key

2023/06/29 14:42:43 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
Do you accept the TOS? Y/n
2023/06/29 14:42:43 [INFO] acme: Registering account for nobody@nic.at
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/home/mib/projects/go/lego/dist/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2023/06/29 14:42:44 [INFO] [*.le.braunoeder.at, le.braunoeder.at] acme: Obtaining bundled SAN certificate
2023/06/29 14:42:44 [INFO] [*.le.braunoeder.at] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7095020954
2023/06/29 14:42:44 [INFO] [le.braunoeder.at] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7095020964
2023/06/29 14:42:44 [INFO] [*.le.braunoeder.at] acme: use dns-01 solver
2023/06/29 14:42:44 [INFO] [le.braunoeder.at] acme: Could not find solver for: tls-alpn-01
2023/06/29 14:42:44 [INFO] [le.braunoeder.at] acme: Could not find solver for: http-01
2023/06/29 14:42:44 [INFO] [le.braunoeder.at] acme: use dns-01 solver
2023/06/29 14:42:44 [INFO] [*.le.braunoeder.at] acme: Preparing to solve DNS-01
2023/06/29 14:42:45 [INFO] [le.braunoeder.at] acme: Preparing to solve DNS-01
2023/06/29 14:42:45 [INFO] [*.le.braunoeder.at] acme: Trying to solve DNS-01
2023/06/29 14:42:45 [INFO] [*.le.braunoeder.at] acme: Checking DNS record propagation using [10.10.7.7:53 10.17.9.3:53 1.1.1.1:53]
2023/06/29 14:42:55 [INFO] Wait for propagation [timeout: 4m0s, interval: 10s]
2023/06/29 14:42:56 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:43:06 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:43:16 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:43:26 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:43:36 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:43:46 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:43:56 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:44:06 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:44:16 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:44:26 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:44:38 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:44:58 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:45:08 [INFO] [*.le.braunoeder.at] acme: Waiting for DNS record propagation.
2023/06/29 14:45:21 [INFO] [*.le.braunoeder.at] The server validated our request
2023/06/29 14:45:21 [INFO] [le.braunoeder.at] acme: Trying to solve DNS-01
2023/06/29 14:45:23 [INFO] [le.braunoeder.at] acme: Checking DNS record propagation using [10.10.7.7:53 10.17.9.3:53 1.1.1.1:53]
2023/06/29 14:45:33 [INFO] Wait for propagation [timeout: 4m0s, interval: 10s]
2023/06/29 14:45:33 [INFO] [le.braunoeder.at] The server validated our request
2023/06/29 14:45:33 [INFO] [*.le.braunoeder.at] acme: Cleaning DNS-01 challenge
2023/06/29 14:45:33 [INFO] [le.braunoeder.at] acme: Cleaning DNS-01 challenge
2023/06/29 14:45:33 [INFO] [*.le.braunoeder.at, le.braunoeder.at] acme: Validations succeeded; requesting certificates
2023/06/29 14:45:34 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2023/06/29 14:45:35 [INFO] [*.le.braunoeder.at] Server responded with a certificate.
❯

[ldez]

Everything seems right, I always wait a few days before merging a PR to be able to do a "second" review with fresh eyes.