From d638104db0ff6e5baea5d9a95e306de5918d53e6 Mon Sep 17 00:00:00 2001 From: NHurlock Date: Wed, 2 Aug 2023 22:34:55 -0400 Subject: [PATCH 1/4] letsencrypt: Add support for Namecheap DNS challenge --- letsencrypt/CHANGELOG.md | 4 +++ letsencrypt/DOCS.md | 25 +++++++++++++++++++ letsencrypt/Dockerfile | 2 ++ letsencrypt/build.yaml | 1 + letsencrypt/config.yaml | 8 +++--- .../rootfs/etc/cont-init.d/file-structure.sh | 2 ++ .../rootfs/etc/services.d/lets-encrypt/run | 3 +++ 7 files changed, 42 insertions(+), 3 deletions(-) diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md index 57c9ceceb4d..f43ce0adb03 100644 --- a/letsencrypt/CHANGELOG.md +++ b/letsencrypt/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 4.12.10 + +- Add Namecheap DNS challenge support + ## 4.12.9 - Add Google Domains DNS challenge support diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md index 201477b7605..c369bc673a6 100644 --- a/letsencrypt/DOCS.md +++ b/letsencrypt/DOCS.md @@ -84,6 +84,8 @@ aws_access_key_id: '' aws_secret_access_key: '' sakuracloud_api_token: '' sakuracloud_api_secret: '' +namecheap_username: '' +namecheap_api_key: '' netcup_customer_id: '' netcup_api_key: '' netcup_api_password: '' @@ -358,6 +360,28 @@ on the DNS zone to be used for authentication. +
+ Namecheap + + To use this addon with Namecheap, you must first enable API access on your account. See "Enabling API Access" and "Whitelisting IP" [here](https://www.namecheap.com/support/api/intro/) for details and requirements. + + Example configuration: + + ```yaml + email: your.email@example.com + domains: + - ha.yourdomain.com + certfile: fullchain.pem + keyfile: privkey.pem + challenge: dns + dns: + provider: dns-namecheap + namecheap_username: your-namecheap-username + namecheap_api_key: 0123456789abcdef0123456789abcdef01234567 + ``` + +
+
Njalla @@ -541,6 +565,7 @@ dns-ovh dns-rfc2136 dns-route53 dns-sakuracloud +dns-namecheap dns-netcup dns-gandi dns-transip diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile index 7e21cea7301..5cac650a780 100644 --- a/letsencrypt/Dockerfile +++ b/letsencrypt/Dockerfile @@ -10,6 +10,7 @@ ARG \ CERTBOT_DNS_DIRECTADMIN_VERSION \ CERTBOT_DNS_HETZNER_VERSION \ CERTBOT_DNS_GOOGLE_DOMAINS_VERSION \ + CERTBOT_NAMECHEAP_VERSION \ CERTBOT_NETCUP_VERSION \ CERTBOT_NJALLA_VERSION \ CERTBOT_GANDI_VERSION \ @@ -52,6 +53,7 @@ RUN \ certbot-dns-rfc2136==${CERTBOT_VERSION} \ certbot-dns-route53==${CERTBOT_VERSION} \ certbot-dns-sakuracloud==${CERTBOT_VERSION} \ + certbot-dns-namecheap==${CERTBOT_NAMECHEAP_VERSION} \ certbot-dns-netcup==${CERTBOT_NETCUP_VERSION} \ certbot-plugin-gandi==${CERTBOT_GANDI_VERSION} \ certbot-dns-transip==${CERTBOT_DNS_TRANSIP_VERSION} \ diff --git a/letsencrypt/build.yaml b/letsencrypt/build.yaml index c961820fc38..28ce6950afd 100644 --- a/letsencrypt/build.yaml +++ b/letsencrypt/build.yaml @@ -16,6 +16,7 @@ args: CERTBOT_DNS_GOOGLE_DOMAINS_VERSION: 0.1.11 CERTBOT_DNS_TRANSIP_VERSION: 0.4.3 CERTBOT_GANDI_VERSION: 1.3.2 + CERTBOT_NAMECHEAP_VERSION: 1.0.0 CERTBOT_NETCUP_VERSION: 1.1.1 CERTBOT_NJALLA_VERSION: 1.0.0 CERTBOT_VERSION: 1.32.0 diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml index 829c55925cb..b8a8cd1d9e3 100644 --- a/letsencrypt/config.yaml +++ b/letsencrypt/config.yaml @@ -1,5 +1,5 @@ --- -version: 4.12.9 +version: 4.12.10 slug: letsencrypt name: Let's Encrypt description: Manage certificate from Let's Encrypt @@ -63,6 +63,8 @@ schema: linode_version: str? luadns_email: email? luadns_token: str? + namecheap_username: str? + namecheap_api_key: str? netcup_api_key: str? netcup_api_password: str? netcup_customer_id: str? @@ -77,8 +79,8 @@ schema: dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|\ dns-google|dns-google-domains|\ dns-hetzner|dns-linode|dns-luadns|dns-njalla|dns-nsone|dns-ovh|\ - dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi|\ - dns-transip|dns-inwx)?" + dns-rfc2136|dns-route53|dns-sakuracloud|dns-namecheap|dns-netcup|\ + dns-gandi|dns-transip|dns-inwx)?" rfc2136_algorithm: str? rfc2136_name: str? rfc2136_port: str? diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh index 6ab3749fc84..2c3d488db4b 100755 --- a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh +++ b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh @@ -22,6 +22,8 @@ echo -e "dns_cloudxns_api_key = $(bashio::config 'dns.cloudxns_api_key')\n" \ "dns_linode_version = $(bashio::config 'dns.linode_version')\n" \ "dns_luadns_email = $(bashio::config 'dns.luadns_email')\n" \ "dns_luadns_token = $(bashio::config 'dns.luadns_token')\n" \ + "dns_namecheap_username = $(bashio::config 'dns.namecheap_username')\n" \ + "dns_namecheap_api_key = $(bashio::config 'dns.namecheap_api_key')\n" \ "certbot_dns_netcup:dns_netcup_customer_id = $(bashio::config 'dns.netcup_customer_id')\n" \ "certbot_dns_netcup:dns_netcup_api_key = $(bashio::config 'dns.netcup_api_key')\n" \ "certbot_dns_netcup:dns_netcup_api_password = $(bashio::config 'dns.netcup_api_password')\n" \ diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run index 21ea9104652..3d48a96a045 100755 --- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run +++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run @@ -52,6 +52,9 @@ elif bashio::config.exists 'dns.google_creds'; then elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-google-domains" ]; then bashio::config.require 'dns.google_domains_access_token' PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}") +#Namecheap +elif bashio::config.exists 'dns.namecheap_username' && bashio::config.exists 'dns.namecheap_api_key'; then + PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}") #Netcup elif bashio::config.exists 'dns.netcup_customer_id' && bashio::config.exists 'dns.netcup_api_key' && bashio::config.exists 'dns.netcup_api_password'; then PROVIDER_ARGUMENTS+=("--authenticator" "certbot-dns-netcup:dns-netcup" "--certbot-dns-netcup:dns-netcup-credentials" /data/dnsapikey "--certbot-dns-netcup:dns-netcup-propagation-seconds" "${PROPAGATION_SECONDS}") From 7e691304c6996bb24837212f67fcaab511c3d93b Mon Sep 17 00:00:00 2001 From: nhurlock Date: Fri, 1 Sep 2023 22:20:28 -0400 Subject: [PATCH 2/4] letsencrypt: Namecheap challenge consistency with other providers Co-authored-by: Mike Degatano --- letsencrypt/rootfs/etc/services.d/lets-encrypt/run | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run index 3d48a96a045..6b59a4f60c3 100755 --- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run +++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run @@ -53,7 +53,9 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-google-domains" bashio::config.require 'dns.google_domains_access_token' PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}") #Namecheap -elif bashio::config.exists 'dns.namecheap_username' && bashio::config.exists 'dns.namecheap_api_key'; then +elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-namecheap" ]; then + bashio::config.require 'dns.namecheap_username' + bashio::config.require 'dns.namecheap_api_key' PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}") #Netcup elif bashio::config.exists 'dns.netcup_customer_id' && bashio::config.exists 'dns.netcup_api_key' && bashio::config.exists 'dns.netcup_api_password'; then From b937ba48884e686b34dd2de9945f7d43afd46605 Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Tue, 5 Dec 2023 14:19:09 +0100 Subject: [PATCH 3/4] Apply suggestions from code review --- letsencrypt/Dockerfile | 2 +- letsencrypt/build.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile index d5c63f2faa5..c0e7aaa4289 100644 --- a/letsencrypt/Dockerfile +++ b/letsencrypt/Dockerfile @@ -11,9 +11,9 @@ ARG \ CERTBOT_DNS_DIRECTADMIN_VERSION \ CERTBOT_DNS_DUCKDNS_VERSION \ CERTBOT_DNS_GOOGLE_DOMAINS_VERSION \ - CERTBOT_DNS_NAMECHEAP_VERSION \ CERTBOT_DNS_HETZNER_VERSION \ CERTBOT_DNS_INWX_VERSION \ + CERTBOT_DNS_NAMECHEAP_VERSION \ CERTBOT_DNS_TRANSIP_VERSION \ CERTBOT_NETCUP_VERSION \ CERTBOT_NJALLA_VERSION \ diff --git a/letsencrypt/build.yaml b/letsencrypt/build.yaml index 4e66752aa17..470d62ca86d 100644 --- a/letsencrypt/build.yaml +++ b/letsencrypt/build.yaml @@ -16,9 +16,9 @@ args: CERTBOT_DNS_DUCKDNS_VERSION: 1.3 CERTBOT_DNS_HETZNER_VERSION: 2.0.0 CERTBOT_DNS_INWX_VERSION: 2.2.0 + CERTBOT_DNS_NAMECHEAP_VERSION: 1.0.0 CERTBOT_DNS_GOOGLE_DOMAINS_VERSION: 0.1.11 CERTBOT_DNS_TRANSIP_VERSION: 0.5.2 - CERTBOT_DNS_NAMECHEAP_VERSION: 1.0.0 CERTBOT_GANDI_VERSION: 1.5.0 CERTBOT_NETCUP_VERSION: 1.4.3 CERTBOT_NJALLA_VERSION: 1.0.0 From 8aec0a968fe606187c93d1a76a52486ceb323146 Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Tue, 5 Dec 2023 14:19:43 +0100 Subject: [PATCH 4/4] Apply suggestions from code review --- letsencrypt/rootfs/etc/services.d/lets-encrypt/run | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run index ec08be686c2..4997bf45189 100755 --- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run +++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run @@ -60,7 +60,7 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-google-domains" elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-namecheap" ]; then bashio::config.require 'dns.namecheap_username' bashio::config.require 'dns.namecheap_api_key' - PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}") + PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}") #Netcup elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-netcup" ]; then bashio::config.require 'dns.netcup_customer_id'