DNS Provider Configuration
Key Vault Acmebot supports the following DNS providers.
- Amazon Route 53
- Azure DNS
- Azure Private DNS
- Cloudflare
- DNS Made Easy
- Gandi LiveDNS
- GoDaddy
- Google Cloud DNS
- TransIP DNS
Tip
If you need to avoid setting secrets directly in Azure Functions App Settings, please use the Key Vault Reference.
Use Key Vault references - Azure App Service | Microsoft Learn
For DNS providers that are not supported, it is possible to implement your own API.
-
Acmebot:Route53:AccessKey- IAM access key
-
Acmebot:Route53:SecretKey- IAM secret key
-
Acmebot:Route53:Region- Default AWS region
Acmebot requires the following permissions for Route 53 and Hosted Zone.
route53:ChangeResourceRecordSetsroute53:ListResourceRecordSetsroute53:ListHostedZones
Example IAM Policy
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/YOUR_ZONE_ID"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "route53:ListHostedZones",
"Resource": "*"
}-
Acmebot:AzureDns:SubscriptionId- Subscription ID include Azure DNS
Open the Access Control (IAM) of the target DNS zone or resource group containing the DNS zone, and assign the role of DNS Zone Contributor to the deployed application.
-
Acmebot:AzurePrivateDns:SubscriptionId- Subscription ID include Azure Private DNS
Open the Access Control (IAM) of the target DNS zone or resource group containing the DNS zone, and assign the role of Private DNS Zone Contributor to the deployed application.
-
Acmebot:Cloudflare:ApiToken- API Token (requires
Zone:ReadandDNS:Editpermissions)
- API Token (requires
Acmebot:DnsMadeEasy:ApiKey-
Acmebot:DnsMadeEasy:SecretKey- DNS Made Easy API credentials
-
Acmebot:Gandi:ApiKey- Gandi LiveDNS API key
Acmebot:GoDaddy:ApiKey-
Acmebot:GoDaddy:ApiSecret- GoDaddy API credentials
Caution
GoDaddy is only open to users who have more than 50 domains with the necessary API access. If you are setting it correctly but still get a fetch error, it is likely that there is a restriction by GoDaddy.
Acmebot:GoogleDns:KeyFile64
- Create a service account for your project with DNS readwrite access. (https://www.googleapis.com/auth/ndev.clouddns.readwrite)
- Generate and download a json keyfile.
- Take keyfile contents and encode them in base64
- Create a new application setting named
Acmebot:Google:KeyFile64and paste the base64 encoded string into it.
-
Acmebot:TransIp:CustomerName- The customer name / username of your TransIp account
-
Acmebot:TransIp:PrivateKeyName- The name of the private key in the Azure Key Vault
-
Acmebot:CustomDns:Endpoint- Custom DNS API endpoint uri
-
Acmebot:CustomDns:ApiKey- Custom DNS API endpoint auth key
-
Acmebot:CustomDns:ApiKeyHeaderName- Custom DNS API endpoint auth HTTP header name. Default is
X-Api-Key
- Custom DNS API endpoint auth HTTP header name. Default is
-
Acmebot:CustomDns:PropagationSeconds- Time to wait for DNS changes to propagate. Default is
180
- Time to wait for DNS changes to propagate. Default is
-
List Zones
GET zones- Response body
[{ "id": "example_com", // Required "name": "example.com", // Required "nameServers": ["x.x.x.x", "y.y.y.y"] // Optional }] -
Upsert record
-
PUT zones/{zoneId}/records/{recordName}- Example
zones/example_com/records/_acme-challenge.example.com
- Example
- Request body
{ "type": "TXT", "ttl": 60, "values": ["xxxxxx", "yyyyyy"] } -
-
Delete record
DELETE zones/{zoneId}/records/{recordName}
- Official sample provider
- Loopia provider
- https://github.com/Yavari/Acmebot.Provider.Loopia Thanks @Yavari