add acmedns to the letsencrypt dns plugins

letsencrypt/DOCS.md

@@ -40,6 +40,7 @@ There are two options to obtain certificates.
   <summary>Supported DNS providers</summary>
 
 ```txt
+dns-acmedns
 dns-azure
 dns-cloudflare
 dns-cloudns
@@ -87,6 +88,8 @@ dns-websupport
 
 ```yaml
 propagation_seconds: 60
+acmedns_url: ''
+acmedns_credentials: ''
 azure_config: ''
 cloudflare_email: ''
 cloudflare_api_key: ''
@@ -250,7 +253,7 @@ If your custom ACME server uses a certificate signed by an untrusted certificate
 
 <details>
   <summary>Selecting the ECDSA Elliptic Curve</summary>
-  
+
   You can choose from the following ECDSA elliptic curves: `secp256r1`, `secp384r1`
 
   ```yaml
@@ -332,6 +335,54 @@ into the *DNS Provider configuration* field.
 
 </details>
 
+<details>
+  <summary>acme-dns challenge</summary>
+
+```yaml
+email: [email protected]
+domains:
+  - home-assistant.io
+certfile: fullchain.pem
+keyfile: privkey.pem
+challenge: dns
+dns:
+  provider: dns-acmedns
+  acmedns_url: YOUR_ACMEDNS_API_BASE_URL
+  acmedns_credentials: acmedns.json
+```
+
+This plugin does not do ACME-DNS registration and you are responsible to make sure /share/acme-registration.json (in the example above) contains the registration data in the following format:
+
+```json
+{
+    "something.acme.com": {
+        "username": "eabcdb41-d89f-4580-826f-3e62e9755ef2",
+        "password": "pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0",
+        "fulldomain": "d420c923-bbd7-4056-ab64-c3ca54c9b3cf.auth.example.org",
+        "subdomain": "d420c923-bbd7-4056-ab64-c3ca54c9b3cf",
+        "allowfrom": []
+    },
+    "foo.bar.com": {
+        "username": "64570f82-d5ca-4839-8306-c4e392d8ae82",
+        "password": "bkhMQIkcwoHO0ek2j4Q0pbAXVjlIOE01xbut7YnA",
+        "fulldomain": "179adbde-4a06-4f47-af17-1c250106fb9f.auth.example.org",
+        "subdomain": "179adbde-4a06-4f47-af17-1c250106fb9f",
+        "allowfrom": []
+    }
+}
+```
+registration_file here is the JSON file containing as key the domain
+and as value the response returned during ACME-DNS registration
+
+To register an useraccount you need to call the register API directly at the acmedns server:
+```bash
+curl -X POST http://auth.example.com/register
+```
+read on the [acmedns github repository][acmedns].
+
+[acmedns]: https://github.com/joohoi/acme-dns
+</details>
+
 <details>
   <summary>Azure DNS challenge</summary>
 
@@ -749,16 +800,16 @@ You will need to set up a server with RFC2136 (Dynamic Update) support with a TK
 
 You don't need to publish this; just copy the key data into your named.conf file:
   ```
-  
+
   key "letsencrypt" {
     algorithm hmac-sha512;
     secret "G/adDW8hh7FDlZq5ZDW3JjpU/I7DzzU1PDvp26DvPQWMLg/LfM2apEOejbfdp5BXu78v/ruWbFvSK5dwYY7bIw==";
   };
-  
+
   ```
 And ensure you have an update policy in place in the zone that uses this key to enable update of the correct domain (which must match the domain in your yaml configuration):
   ```
-  
+
      update-policy {
         grant letsencrypt name _acme-challenge.home-assistant.io. txt;
      };
@@ -850,7 +901,7 @@ dns:
 </details>
 <details>
   <summary>ClouDNS</summary>
-In order to use a domain with this challenge, you first need to log into your control panel and create a 
+In order to use a domain with this challenge, you first need to log into your control panel and create a
 new HTTP API user from the "API & Resellers" page on top of your control panel.
 
   ```yaml
@@ -937,7 +988,7 @@ References:
 <details>
   <summary>easyDNS</summary>
 
-easyDNS REST API access must be requested and granted in order to use this module: https://cp.easydns.com/manage/security/api/signup.php after logging into your account. 
+easyDNS REST API access must be requested and granted in order to use this module: https://cp.easydns.com/manage/security/api/signup.php after logging into your account.
 
   ```yaml
   email: [email protected]
@@ -1075,7 +1126,7 @@ You can define the `propagation_seconds` explicitly. Otherwise, it will use a cu
   dns:
     provider: dns-simply
     simply_account_name: Sxxxxxx
-    simply_api_key: YOUR_API_KEY # Replace 'YOUR_API_KEY' with your actual Simply.com API key. 
+    simply_api_key: YOUR_API_KEY # Replace 'YOUR_API_KEY' with your actual Simply.com API key.
   ```
 
 The `simply_account_name` refers to the Simply.com account number (Sxxxxxx), and the `simply_api_key` is the account's API key.

letsencrypt/Dockerfile

@@ -7,6 +7,7 @@ ARG \
     CLOUDFLARE_VERSION \
     CRYPTOGRAPHY_VERSION \
     CERTBOT_VERSION \
+    CERTBOT_DNS_ACMEDNS_VERSION \
     CERTBOT_DNS_AZURE_VERSION \
     CERTBOT_DNS_CLOUDNS_VERSION \
     CERTBOT_DNS_DESEC_VERSION \
@@ -54,6 +55,7 @@ RUN \
         cloudflare==${CLOUDFLARE_VERSION} \
         cryptography==${CRYPTOGRAPHY_VERSION} \
         certbot==${CERTBOT_VERSION} \
+        certbot-dns-acmedns==${CERTBOT_DNS_ACMEDNS_VERSION} \
         certbot-dns-azure==${CERTBOT_DNS_AZURE_VERSION} \
         certbot-dns-cloudflare==${CERTBOT_VERSION} \
         certbot-dns-cloudns==${CERTBOT_DNS_CLOUDNS_VERSION} \

letsencrypt/build.yaml

@@ -12,6 +12,7 @@ args:
   CLOUDFLARE_VERSION: 2.19.4
   CRYPTOGRAPHY_VERSION: 42.0.8
   CERTBOT_VERSION: 2.11.0
+  CERTBOT_DNS_ACMEDNS_VERSION: 0.1.0
   CERTBOT_DNS_AZURE_VERSION: 2.5.0
   CERTBOT_DNS_CLOUDNS_VERSION: 0.7.0
   CERTBOT_DNS_DESEC_VERSION: 1.2.1

letsencrypt/config.yaml

@@ -40,6 +40,8 @@ schema:
   key_type: list(ecdsa|rsa)?
   elliptic_curve: list(secp256r1|secp384r1)?
   dns:
+    acmedns_url: str?
+    acmedns_credentials: str?
     aws_access_key_id: str?
     aws_secret_access_key: str?
     azure_config: str?
@@ -103,7 +105,7 @@ schema:
     ovh_consumer_key: str?
     ovh_endpoint: str?
     propagation_seconds: int(60,3600)?
-    provider: "list(dns-azure|dns-cloudflare|dns-cloudns|dns-desec|\
+    provider: "list(dns-acmedns|dns-azure|dns-cloudflare|dns-cloudns|dns-desec|\
       dns-digitalocean|dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|\
       dns-duckdns|dns-dynu|dns-gehirn|dns-godaddy|dns-google|\
       dns-hetzner|dns-infomaniak|dns-ionos|dns-joker|dns-linode|dns-loopia|dns-luadns|\

letsencrypt/rootfs/etc/services.d/lets-encrypt/run

@@ -63,12 +63,12 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-namecheap" ]; th
     bashio::config.require 'dns.namecheap_username'
     bashio::config.require 'dns.namecheap_api_key'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
-    
+
 #mijn.host
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-mijn-host" ]; then
     bashio::config.require 'dns.mijn_host_api_key'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
-    
+
 #Netcup
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-netcup" ]; then
     bashio::config.require 'dns.netcup_customer_id'
@@ -202,6 +202,27 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-njalla" ]; then
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-rfc2136" ]; then
     PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--dns-rfc2136-propagation-seconds" "${PROPAGATION_SECONDS}")
 
+
+
+# AcmeDNS
+elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-acmedns" ]; then
+    bashio::config.require 'dns.acmedns_url'
+    bashio::config.require 'dns.acmedns_credentials'
+
+    echo -e "dns_acmedns_api_url = $(bashio::config 'dns.acmedns_url')\n" \
+            "dns_acmedns_registration_file = /data/dnsdomains\n" >> "/data/dnsconfig"
+
+    ACMEDNS_CREDENTIALS="$(bashio::config 'dns.acmedns_credentials')"
+    export ACMEDNS_CREDENTIALS
+    if [ -f "/share/${ACMEDNS_CREDENTIALS}" ]; then
+      cp -f "/share/${ACMEDNS_CREDENTIALS}" "/data/dnsdomains"
+      chmod 600 "/data/dnsdomains"
+    else
+      bashio::log.info "AcmeDNS domains file doesn't exist in folder share."
+    fi
+    PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsconfig")
+
+
 # Azure
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-azure" ]; then
     bashio::config.require 'dns.azure_config'
@@ -310,7 +331,7 @@ if bashio::config.exists 'key_type'; then
     fi
 else
     bashio::log.info "Detecting existing certificate type for ${DOMAIN_ARR[1]}"
-    readarray -t CBCERTS < <(certbot certificates --non-interactive --cert-name "${DOMAIN_ARR[1]}" --config-dir "$CERT_DIR" --work-dir "$WORK_DIR") 
+    readarray -t CBCERTS < <(certbot certificates --non-interactive --cert-name "${DOMAIN_ARR[1]}" --config-dir "$CERT_DIR" --work-dir "$WORK_DIR")
     for output in "${CBCERTS[@]}"; do
         # shellcheck disable=SC2076
         if [[ $output =~ "No certificates found." ]]; then