Letsencrypt: Add support for Porkbun DNS challenge (#3353)

* Post-merge of newest branch from main repo Re-added changes back in * Amend line 163 for consistency with other providers Also remove the blank line on 159 Co-authored-by: Stefan Agner <[email protected]> * Apply suggestions from code review --------- Co-authored-by: Stefan Agner <[email protected]>
home-assistant · Dec 12, 2023 · 1df365d · 1df365d
1 parent f127777
commit 1df365d
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 1 deletion.
diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.0.7
+
+- Add Porkbun DNS challenge support
+
 ## 5.0.6
 
 - Add Infomaniak DNS challenge support

diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md
@@ -97,6 +97,8 @@ transip_api_key: ''
 inwx_username: ''
 inwx_password: ''
 inwx_shared_secret: ''
+porkbun_key: ''
+porkbun_secret: ''
 ```
 
 ## Advanced
@@ -561,6 +563,29 @@ on the DNS zone to be used for authentication.
 
 </details>
 
+<details>
+  <summary>Porkbun</summary>
+
+In order to use a domain with this challenge, API access will need enabling on the domain. In order to
+do this go to domain management -> select the domain -> details and click the API access toggle.
+Then go to the menu in the top right select API access and then create a new api key.
+The title does not matter and is not used by certbot, make note of the key and the secret as both are required.
+
+```yaml
+email: [email protected]
+domains:
+  - your.domain.tld
+certfile: fullchain.pem
+keyfile: privkey.pem
+challenge: dns
+dns:
+  provider: dns-porkbun
+  porkbun_key: 0123456789abcdef0123456789abcdef01234
+  porkbun_secret: 0123456789abcdef0123456789abcdef01234
+```
+
+</details>
+
 ## Certificate files
 
 The certificate files will be available within the "ssl" share after successful request of the certificates.
@@ -596,6 +621,7 @@ dns-netcup
 dns-gandi
 dns-transip
 dns-inwx
+dns-porkbun
 ```
 
 ## Support

diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile
@@ -16,6 +16,7 @@ ARG \
     CERTBOT_DNS_INWX_VERSION \
     CERTBOT_DNS_NAMECHEAP_VERSION \
     CERTBOT_DNS_TRANSIP_VERSION \
+    CERTBOT_DNS_PORKBUN_VERSION \
     CERTBOT_NETCUP_VERSION \
     CERTBOT_NJALLA_VERSION \
     CERTBOT_GANDI_VERSION \
@@ -54,6 +55,7 @@ RUN \
         certbot-dns-luadns==${CERTBOT_VERSION} \
         certbot-dns-njalla==${CERTBOT_NJALLA_VERSION} \
         certbot-dns-nsone==${CERTBOT_VERSION} \
+        certbot-dns-porkbun==${CERTBOT_DNS_PORKBUN_VERSION} \
         certbot-dns-ovh==${CERTBOT_VERSION} \
         certbot-dns-rfc2136==${CERTBOT_VERSION} \
         certbot-dns-route53==${CERTBOT_VERSION} \

diff --git a/letsencrypt/build.yaml b/letsencrypt/build.yaml
@@ -20,6 +20,7 @@ args:
   CERTBOT_DNS_NAMECHEAP_VERSION: 1.0.0
   CERTBOT_DNS_GOOGLE_DOMAINS_VERSION: 0.1.11
   CERTBOT_DNS_TRANSIP_VERSION: 0.5.2
+  CERTBOT_DNS_PORKBUN_VERSION: 0.8.0
   CERTBOT_GANDI_VERSION: 1.5.0
   CERTBOT_NETCUP_VERSION: 1.4.3
   CERTBOT_NJALLA_VERSION: 1.0.0

diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml
@@ -71,6 +71,8 @@ schema:
     netcup_customer_id: str?
     njalla_token: str?
     nsone_api_key: str?
+    porkbun_key: str?
+    porkbun_secret: str?
     ovh_application_key: str?
     ovh_application_secret: str?
     ovh_consumer_key: str?
@@ -80,7 +82,7 @@ schema:
       dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|dns-duckdns|\
       dns-gehirn|dns-google|dns-google-domains|\
       dns-hetzner|dns-infomaniak|dns-linode|dns-luadns|dns-njalla|dns-nsone|\
-      dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-namecheap|\
+      dns-porkbun|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-namecheap|\
       dns-netcup|dns-gandi|dns-transip|dns-inwx)?"
     rfc2136_algorithm: str?
     rfc2136_name: str?

diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
@@ -30,6 +30,8 @@ echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \
       "dns_netcup_api_password = $(bashio::config 'dns.netcup_api_password')\n" \
       "dns_njalla_token = $(bashio::config 'dns.njalla_token')\n" \
       "dns_nsone_api_key = $(bashio::config 'dns.nsone_api_key')\n" \
+      "dns_porkbun_key = $(bashio::config 'dns.porkbun_key')\n" \
+      "dns_porkbun_secret = $(bashio::config 'dns.porkbun_secret')\n" \
       "dns_ovh_endpoint = $(bashio::config 'dns.ovh_endpoint')\n" \
       "dns_ovh_application_key = $(bashio::config 'dns.ovh_application_key')\n" \
       "dns_ovh_application_secret = $(bashio::config 'dns.ovh_application_secret')\n" \

diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
@@ -155,6 +155,12 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-desec" ]; then
     bashio::config.require 'dns.desec_token'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
 
+#Porkbun
+elif  [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-porkbun" ]; then
+    bashio::config.require 'dns.porkbun_key'
+    bashio::config.require 'dns.porkbun_secret'
+    PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
+
 #All others
 else
     PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey")