You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

919 lines
26 KiB

9 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
8 years ago
  1. # How to use DNS API
  2. If your dns provider doesn't provide api access, you can use our dns alias mode:
  3. https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
  4. ## 1. Use CloudFlare domain API to automatically issue cert
  5. First you need to login to your CloudFlare account to get your API key.
  6. ```
  7. export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  8. export CF_Email="xxxx@sss.com"
  9. ```
  10. Ok, let's issue a cert now:
  11. ```
  12. acme.sh --issue --dns dns_cf -d example.com -d www.example.com
  13. ```
  14. The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  15. ## 2. Use DNSPod.cn domain API to automatically issue cert
  16. First you need to login to your DNSPod account to get your API Key and ID.
  17. ```
  18. export DP_Id="1234"
  19. export DP_Key="sADDsdasdgdsf"
  20. ```
  21. Ok, let's issue a cert now:
  22. ```
  23. acme.sh --issue --dns dns_dp -d example.com -d www.example.com
  24. ```
  25. The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  26. ## 3. Use CloudXNS.com domain API to automatically issue cert
  27. First you need to login to your CloudXNS account to get your API Key and Secret.
  28. ```
  29. export CX_Key="1234"
  30. export CX_Secret="sADDsdasdgdsf"
  31. ```
  32. Ok, let's issue a cert now:
  33. ```
  34. acme.sh --issue --dns dns_cx -d example.com -d www.example.com
  35. ```
  36. The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  37. ## 4. Use GoDaddy.com domain API to automatically issue cert
  38. First you need to login to your GoDaddy account to get your API Key and Secret.
  39. https://developer.godaddy.com/keys/
  40. Please create a Production key, instead of a Test key.
  41. ```
  42. export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  43. export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
  44. ```
  45. Ok, let's issue a cert now:
  46. ```
  47. acme.sh --issue --dns dns_gd -d example.com -d www.example.com
  48. ```
  49. The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  50. ## 5. Use PowerDNS embedded API to automatically issue cert
  51. First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration.
  52. https://doc.powerdns.com/md/httpapi/README/
  53. ```
  54. export PDNS_Url="http://ns.example.com:8081"
  55. export PDNS_ServerId="localhost"
  56. export PDNS_Token="0123456789ABCDEF"
  57. export PDNS_Ttl=60
  58. ```
  59. Ok, let's issue a cert now:
  60. ```
  61. acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
  62. ```
  63. The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  64. ## 6. Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert
  65. https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
  66. ## 7. Use nsupdate to automatically issue cert
  67. First, generate a key for updating the zone
  68. ```
  69. b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo)
  70. cat > /etc/named/keys/update.key <<EOF
  71. key "update" {
  72. algorithm hmac-sha512;
  73. secret "$(awk '/^Key/{print $2}' /tmp/$b.private)";
  74. };
  75. EOF
  76. rm -f /tmp/$b.{private,key}
  77. ```
  78. Include this key in your named configuration
  79. ```
  80. include "/etc/named/keys/update.key";
  81. ```
  82. Next, configure your zone to allow dynamic updates.
  83. Depending on your named version, use either
  84. ```
  85. zone "example.com" {
  86. type master;
  87. allow-update { key "update"; };
  88. };
  89. ```
  90. or
  91. ```
  92. zone "example.com" {
  93. type master;
  94. update-policy {
  95. grant update subdomain example.com.;
  96. };
  97. }
  98. ```
  99. Finally, make the DNS server and update Key available to `acme.sh`
  100. ```
  101. export NSUPDATE_SERVER="dns.example.com"
  102. export NSUPDATE_KEY="/path/to/your/nsupdate.key"
  103. ```
  104. Ok, let's issue a cert now:
  105. ```
  106. acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
  107. ```
  108. The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  109. ## 8. Use LuaDNS domain API
  110. Get your API token at https://api.luadns.com/settings
  111. ```
  112. export LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  113. export LUA_Email="xxxx@sss.com"
  114. ```
  115. To issue a cert:
  116. ```
  117. acme.sh --issue --dns dns_lua -d example.com -d www.example.com
  118. ```
  119. The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  120. ## 9. Use DNSMadeEasy domain API
  121. Get your API credentials at https://cp.dnsmadeeasy.com/account/info
  122. ```
  123. export ME_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  124. export ME_Secret="qdfqsdfkjdskfj"
  125. ```
  126. To issue a cert:
  127. ```
  128. acme.sh --issue --dns dns_me -d example.com -d www.example.com
  129. ```
  130. The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  131. ## 10. Use Amazon Route53 domain API
  132. https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API
  133. ```
  134. export AWS_ACCESS_KEY_ID=XXXXXXXXXX
  135. export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX
  136. ```
  137. To issue a cert:
  138. ```
  139. acme.sh --issue --dns dns_aws -d example.com -d www.example.com
  140. ```
  141. The `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  142. ## 11. Use Aliyun domain API to automatically issue cert
  143. First you need to login to your Aliyun account to get your API key.
  144. [https://ak-console.aliyun.com/#/accesskey](https://ak-console.aliyun.com/#/accesskey)
  145. ```
  146. export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  147. export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
  148. ```
  149. Ok, let's issue a cert now:
  150. ```
  151. acme.sh --issue --dns dns_ali -d example.com -d www.example.com
  152. ```
  153. The `Ali_Key` and `Ali_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  154. ## 12. Use ISPConfig 3.1 API
  155. This only works for ISPConfig 3.1 (and newer).
  156. Create a Remote User in the ISPConfig Control Panel. The Remote User must have access to at least `DNS zone functions` and `DNS txt functions`.
  157. ```
  158. export ISPC_User="xxx"
  159. export ISPC_Password="xxx"
  160. export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php"
  161. export ISPC_Api_Insecure=1
  162. ```
  163. If you have installed ISPConfig on a different port, then alter the 8080 accordingly.
  164. Leaver ISPC_Api_Insecure set to 1 if you have not a valid ssl cert for your installation. Change it to 0 if you have a valid ssl cert.
  165. To issue a cert:
  166. ```
  167. acme.sh --issue --dns dns_ispconfig -d example.com -d www.example.com
  168. ```
  169. The `ISPC_User`, `ISPC_Password`, `ISPC_Api`and `ISPC_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  170. ## 13. Use Alwaysdata domain API
  171. First you need to login to your Alwaysdata account to get your API Key.
  172. ```sh
  173. export AD_API_KEY="myalwaysdataapikey"
  174. ```
  175. Ok, let's issue a cert now:
  176. ```sh
  177. acme.sh --issue --dns dns_ad -d example.com -d www.example.com
  178. ```
  179. The `AD_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused
  180. when needed.
  181. ## 14. Use Linode domain API
  182. First you need to login to your Linode account to get your API Key.
  183. [https://manager.linode.com/profile/api](https://manager.linode.com/profile/api)
  184. Then add an API key with label *ACME* and copy the new key.
  185. ```sh
  186. export LINODE_API_KEY="..."
  187. ```
  188. Due to the reload time of any changes in the DNS records, we have to use the `dnssleep` option to wait at least 15 minutes for the changes to take effect.
  189. Ok, let's issue a cert now:
  190. ```sh
  191. acme.sh --issue --dns dns_linode --dnssleep 900 -d example.com -d www.example.com
  192. ```
  193. The `LINODE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  194. ## 15. Use FreeDNS
  195. FreeDNS (https://freedns.afraid.org/) does not provide an API to update DNS records (other than IPv4 and IPv6
  196. dynamic DNS addresses). The acme.sh plugin therefore retrieves and updates domain TXT records by logging
  197. into the FreeDNS website to read the HTML and posting updates as HTTP. The plugin needs to know your
  198. userid and password for the FreeDNS website.
  199. ```sh
  200. export FREEDNS_User="..."
  201. export FREEDNS_Password="..."
  202. ```
  203. You need only provide this the first time you run the acme.sh client with FreeDNS validation and then again
  204. whenever you change your password at the FreeDNS site. The acme.sh FreeDNS plugin does not store your userid
  205. or password but rather saves an authentication token returned by FreeDNS in `~/.acme.sh/account.conf` and
  206. reuses that when needed.
  207. Now you can issue a certificate.
  208. ```sh
  209. acme.sh --issue --dns dns_freedns -d example.com -d www.example.com
  210. ```
  211. Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that
  212. you create under a FreeDNS public domain. You must own the top level domain in order to automatically
  213. validate with acme.sh at FreeDNS.
  214. ## 16. Use cyon.ch
  215. You only need to set your cyon.ch login credentials.
  216. If you also have 2 Factor Authentication (OTP) enabled, you need to set your secret token too and have `oathtool` installed.
  217. ```
  218. export CY_Username="your_cyon_username"
  219. export CY_Password="your_cyon_password"
  220. export CY_OTP_Secret="your_otp_secret" # Only required if using 2FA
  221. ```
  222. To issue a cert:
  223. ```
  224. acme.sh --issue --dns dns_cyon -d example.com -d www.example.com
  225. ```
  226. The `CY_Username`, `CY_Password` and `CY_OTP_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  227. ## 17. Use Domain-Offensive/Resellerinterface/Domainrobot API
  228. ATTENTION: You need to be a registered Reseller to be able to use the ResellerInterface. As a normal user you can not use this method.
  229. You will need your login credentials (Partner ID+Password) to the Resellerinterface, and export them before you run `acme.sh`:
  230. ```
  231. export DO_PID="KD-1234567"
  232. export DO_PW="cdfkjl3n2"
  233. ```
  234. Ok, let's issue a cert now:
  235. ```
  236. acme.sh --issue --dns dns_do -d example.com -d www.example.com
  237. ```
  238. ## 18. Use Gandi LiveDNS API
  239. You must enable the new Gandi LiveDNS API first and the create your api key, See: http://doc.livedns.gandi.net/
  240. ```
  241. export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
  242. ```
  243. Ok, let's issue a cert now:
  244. ```
  245. acme.sh --issue --dns dns_gandi_livedns -d example.com -d www.example.com
  246. ```
  247. ## 19. Use Knot (knsupdate) DNS API to automatically issue cert
  248. First, generate a TSIG key for updating the zone.
  249. ```
  250. keymgr tsig generate -t acme_key hmac-sha512 > /etc/knot/acme.key
  251. ```
  252. Include this key in your knot configuration file.
  253. ```
  254. include: /etc/knot/acme.key
  255. ```
  256. Next, configure your zone to allow dynamic updates.
  257. Dynamic updates for the zone are allowed via proper ACL rule with the `update` action. For in-depth instructions, please see [Knot DNS's documentation](https://www.knot-dns.cz/documentation/).
  258. ```
  259. acl:
  260. - id: acme_acl
  261. address: 192.168.1.0/24
  262. key: acme_key
  263. action: update
  264. zone:
  265. - domain: example.com
  266. file: example.com.zone
  267. acl: acme_acl
  268. ```
  269. Finally, make the DNS server and TSIG Key available to `acme.sh`
  270. ```
  271. export KNOT_SERVER="dns.example.com"
  272. export KNOT_KEY=`grep \# /etc/knot/acme.key | cut -d' ' -f2`
  273. ```
  274. Ok, let's issue a cert now:
  275. ```
  276. acme.sh --issue --dns dns_knot -d example.com -d www.example.com
  277. ```
  278. The `KNOT_SERVER` and `KNOT_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  279. ## 20. Use DigitalOcean API (native)
  280. You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/
  281. ```
  282. export DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc"
  283. ```
  284. Ok, let's issue a cert now:
  285. ```
  286. acme.sh --issue --dns dns_dgon -d example.com -d www.example.com
  287. ```
  288. ## 21. Use ClouDNS.net API
  289. You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/. For security reasons, it's recommended to use a sub user ID that only has access to the necessary zones, as a regular API user has access to your entire account.
  290. ```
  291. # Use this for a sub auth ID
  292. export CLOUDNS_SUB_AUTH_ID=XXXXX
  293. # Use this for a regular auth ID
  294. #export CLOUDNS_AUTH_ID=XXXXX
  295. export CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
  296. ```
  297. Ok, let's issue a cert now:
  298. ```
  299. acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com
  300. ```
  301. The `CLOUDNS_AUTH_ID` and `CLOUDNS_AUTH_PASSWORD` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  302. ## 22. Use Infoblox API
  303. First you need to create/obtain API credentials on your Infoblox appliance.
  304. ```
  305. export Infoblox_Creds="username:password"
  306. export Infoblox_Server="ip or fqdn of infoblox appliance"
  307. ```
  308. Ok, let's issue a cert now:
  309. ```
  310. acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com
  311. ```
  312. Note: This script will automatically create and delete the ephemeral txt record.
  313. The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  314. ## 23. Use VSCALE API
  315. First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/).
  316. ```
  317. VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
  318. ```
  319. Ok, let's issue a cert now:
  320. ```
  321. acme.sh --issue --dns dns_vscale -d example.com -d www.example.com
  322. ```
  323. ## 24. Use Dynu API
  324. First you need to create/obtain API credentials from your Dynu account. See: https://www.dynu.com/resources/api/documentation
  325. ```
  326. export Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  327. export Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"
  328. ```
  329. Ok, let's issue a cert now:
  330. ```
  331. acme.sh --issue --dns dns_dynu -d example.com -d www.example.com
  332. ```
  333. The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  334. ## 25. Use DNSimple API
  335. First you need to login to your DNSimple account and generate a new oauth token.
  336. https://dnsimple.com/a/{your account id}/account/access_tokens
  337. Note that this is an _account_ token and not a user token. The account token is
  338. needed to infer the `account_id` used in requests. A user token will not be able
  339. to determine the correct account to use.
  340. ```
  341. export DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje"
  342. ```
  343. To issue the cert just specify the `dns_dnsimple` API.
  344. ```
  345. acme.sh --issue --dns dns_dnsimple -d example.com
  346. ```
  347. The `DNSimple_OAUTH_TOKEN` will be saved in `~/.acme.sh/account.conf` and will
  348. be reused when needed.
  349. If you have any issues with this integration please report them to
  350. https://github.com/pho3nixf1re/acme.sh/issues.
  351. ## 26. Use NS1.com API
  352. ```
  353. export NS1_Key="fdmlfsdklmfdkmqsdfk"
  354. ```
  355. Ok, let's issue a cert now:
  356. ```
  357. acme.sh --issue --dns dns_nsone -d example.com -d www.example.com
  358. ```
  359. ## 27. Use DuckDNS.org API
  360. ```
  361. export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
  362. ```
  363. Please note that since DuckDNS uses StartSSL as their cert provider, thus
  364. --insecure may need to be used when issuing certs:
  365. ```
  366. acme.sh --insecure --issue --dns dns_duckdns -d mydomain.duckdns.org
  367. ```
  368. For issues, please report to https://github.com/raidenii/acme.sh/issues.
  369. ## 28. Use Name.com API
  370. Create your API token here: https://www.name.com/account/settings/api
  371. Note: `Namecom_Username` should be your Name.com username and not the token name. If you accidentally run the script with the token name as the username see `~/.acme.sh/account.conf` to fix the issue
  372. ```
  373. export Namecom_Username="testuser"
  374. export Namecom_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  375. ```
  376. And now you can issue certs with:
  377. ```
  378. acme.sh --issue --dns dns_namecom -d example.com -d www.example.com
  379. ```
  380. For issues, please report to https://github.com/raidenii/acme.sh/issues.
  381. ## 29. Use Dyn Managed DNS API to automatically issue cert
  382. First, login to your Dyn Managed DNS account: https://portal.dynect.net/login/
  383. It is recommended to add a new user specific for API access.
  384. The minimum "Zones & Records Permissions" required are:
  385. ```
  386. RecordAdd
  387. RecordUpdate
  388. RecordDelete
  389. RecordGet
  390. ZoneGet
  391. ZoneAddNode
  392. ZoneRemoveNode
  393. ZonePublish
  394. ```
  395. Pass the API user credentials to the environment:
  396. ```
  397. export DYN_Customer="customer"
  398. export DYN_Username="apiuser"
  399. export DYN_Password="secret"
  400. ```
  401. Ok, let's issue a cert now:
  402. ```
  403. acme.sh --issue --dns dns_dyn -d example.com -d www.example.com
  404. ```
  405. The `DYN_Customer`, `DYN_Username` and `DYN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  406. ## 30. Use pdd.yandex.ru API
  407. ```
  408. export PDD_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  409. ```
  410. Follow these instructions to get the token for your domain https://tech.yandex.com/domain/doc/concepts/access-docpage/
  411. ```
  412. acme.sh --issue --dns dns_yandex -d mydomain.example.org
  413. ```
  414. For issues, please report to https://github.com/non7top/acme.sh/issues.
  415. ## 31. Use Hurricane Electric
  416. Hurricane Electric (https://dns.he.net/) doesn't have an API so just set your login credentials like so:
  417. ```
  418. export HE_Username="yourusername"
  419. export HE_Password="password"
  420. ```
  421. Then you can issue your certificate:
  422. ```
  423. acme.sh --issue --dns dns_he -d example.com -d www.example.com
  424. ```
  425. The `HE_Username` and `HE_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  426. Please report any issues to https://github.com/angel333/acme.sh or to <me@ondrejsimek.com>.
  427. ## 32. Use UnoEuro API to automatically issue cert
  428. First you need to login to your UnoEuro account to get your API key.
  429. ```
  430. export UNO_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  431. export UNO_User="UExxxxxx"
  432. ```
  433. Ok, let's issue a cert now:
  434. ```
  435. acme.sh --issue --dns dns_unoeuro -d example.com -d www.example.com
  436. ```
  437. The `UNO_Key` and `UNO_User` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  438. ## 33. Use INWX
  439. [INWX](https://www.inwx.de/) offers an [xmlrpc api](https://www.inwx.de/de/help/apidoc) with your standard login credentials, set them like so:
  440. ```
  441. export INWX_User="yourusername"
  442. export INWX_Password="password"
  443. ```
  444. Then you can issue your certificates with:
  445. ```
  446. acme.sh --issue --dns dns_inwx -d example.com -d www.example.com
  447. ```
  448. The `INWX_User` and `INWX_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  449. If your account is secured by mobile tan you have also defined the shared secret.
  450. ```
  451. export INWX_Shared_Secret="shared secret"
  452. ```
  453. You may need to re-enable the mobile tan to gain the shared secret.
  454. ## 34. User Servercow API v1
  455. Create a new user from the servercow control center. Don't forget to activate **DNS API** for this user.
  456. ```
  457. export SERVERCOW_API_Username=username
  458. export SERVERCOW_API_Password=password
  459. ```
  460. Now you cann issue a cert:
  461. ```
  462. acme.sh --issue --dns dns_servercow -d example.com -d www.example.com
  463. ```
  464. Both, `SERVERCOW_API_Username` and `SERVERCOW_API_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  465. ## 35. Use Namesilo.com API
  466. You'll need to generate an API key at https://www.namesilo.com/account_api.php
  467. Optionally you may restrict the access to an IP range there.
  468. ```
  469. export Namesilo_Key="xxxxxxxxxxxxxxxxxxxxxxxx"
  470. ```
  471. And now you can issue certs with:
  472. ```
  473. acme.sh --issue --dns dns_namesilo --dnssleep 900 -d example.com -d www.example.com
  474. ```
  475. ## 36. Use autoDNS (InternetX)
  476. [InternetX](https://www.internetx.com/) offers an [xml api](https://help.internetx.com/display/API/AutoDNS+XML-API) with your standard login credentials, set them like so:
  477. ```
  478. export AUTODNS_USER="yourusername"
  479. export AUTODNS_PASSWORD="password"
  480. export AUTODNS_CONTEXT="context"
  481. ```
  482. Then you can issue your certificates with:
  483. ```
  484. acme.sh --issue --dns dns_autodns -d example.com -d www.example.com
  485. ```
  486. The `AUTODNS_USER`, `AUTODNS_PASSWORD` and `AUTODNS_CONTEXT` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  487. ## 37. Use Azure DNS
  488. You have to create a service principal first. See:[How to use Azure DNS](../../../wiki/How-to-use-Azure-DNS)
  489. ```
  490. export AZUREDNS_SUBSCRIPTIONID="12345678-9abc-def0-1234-567890abcdef"
  491. export AZUREDNS_TENANTID="11111111-2222-3333-4444-555555555555"
  492. export AZUREDNS_APPID="3b5033b5-7a66-43a5-b3b9-a36b9e7c25ed"
  493. export AZUREDNS_CLIENTSECRET="1b0224ef-34d4-5af9-110f-77f527d561bd"
  494. ```
  495. Then you can issue your certificates with:
  496. ```
  497. acme.sh --issue --dns dns_azure -d example.com -d www.example.com
  498. ```
  499. `AZUREDNS_SUBSCRIPTIONID`, `AZUREDNS_TENANTID`,`AZUREDNS_APPID` and `AZUREDNS_CLIENTSECRET` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  500. ## 38. Use selectel.com(selectel.ru) domain API to automatically issue cert
  501. First you need to login to your account to get your API key from: https://my.selectel.ru/profile/apikeys.
  502. ```sh
  503. export SL_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  504. ```
  505. Ok, let's issue a cert now:
  506. ```
  507. acme.sh --issue --dns dns_selectel -d example.com -d www.example.com
  508. ```
  509. The `SL_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  510. ## 39. Use zonomi.com domain API to automatically issue cert
  511. First you need to login to your account to find your API key from: http://zonomi.com/app/dns/dyndns.jsp
  512. Your will find your api key in the example urls:
  513. ```sh
  514. https://zonomi.com/app/dns/dyndns.jsp?host=example.com&api_key=1063364558943540954358668888888888
  515. ```
  516. ```sh
  517. export ZM_Key="1063364558943540954358668888888888"
  518. ```
  519. Ok, let's issue a cert now:
  520. ```
  521. acme.sh --issue --dns dns_zonomi -d example.com -d www.example.com
  522. ```
  523. The `ZM_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  524. ## 40. Use DreamHost DNS API
  525. DNS API keys may be created at https://panel.dreamhost.com/?tree=home.api.
  526. Ensure the created key has add and remove privelages.
  527. ```
  528. export DH_API_KEY="<api key>"
  529. acme.sh --issue --dns dns_dreamhost -d example.com -d www.example.com
  530. ```
  531. The 'DH_API_KEY' will be saved in `~/.acme.sh/account.conf` and will
  532. be reused when needed.
  533. ## 41. Use DirectAdmin API
  534. The DirectAdmin interface has it's own Let's encrypt functionality, but this
  535. script can be used to generate certificates for names which are not hosted on
  536. DirectAdmin
  537. User must provide login data and URL to the DirectAdmin incl. port.
  538. You can create an user which only has access to
  539. - CMD_API_DNS_CONTROL
  540. - CMD_API_SHOW_DOMAINS
  541. By using the Login Keys function.
  542. See also https://www.directadmin.com/api.php and https://www.directadmin.com/features.php?id=1298
  543. ```
  544. export DA_Api="https://remoteUser:remotePassword@da.domain.tld:8443"
  545. export DA_Api_Insecure=1
  546. ```
  547. Set `DA_Api_Insecure` to 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
  548. Ok, let's issue a cert now:
  549. ```
  550. acme.sh --issue --dns dns_da -d example.com -d www.example.com
  551. ```
  552. The `DA_Api` and `DA_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  553. ## 42. Use KingHost DNS API
  554. API access must be enabled at https://painel.kinghost.com.br/painel.api.php
  555. ```
  556. export KINGHOST_Username="yourusername"
  557. export KINGHOST_Password="yourpassword"
  558. acme.sh --issue --dns dns_kinghost -d example.com -d *.example.com
  559. ```
  560. The `KINGHOST_username` and `KINGHOST_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  561. ## 43. Use Zilore DNS API
  562. First, get your API key at https://my.zilore.com/account/api
  563. ```
  564. export Zilore_Key="5dcad3a2-36cb-50e8-cb92-000002f9"
  565. ```
  566. Ok, let's issue a cert now:
  567. ```
  568. acme.sh --issue --dns dns_zilore -d example.com -d *.example.com
  569. ```
  570. The `Zilore_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  571. ## 44. Use Loopia.se API
  572. User must provide login credentials to the Loopia API.
  573. The user needs the following permissions:
  574. - addSubdomain
  575. - updateZoneRecord
  576. - getDomains
  577. - removeSubdomain
  578. Set the login credentials:
  579. ```
  580. export LOOPIA_User="user@loopiaapi"
  581. export LOOPIA_Password="password"
  582. ```
  583. And to issue a cert:
  584. ```
  585. acme.sh --issue --dns dns_loopia -d example.com -d *.example.com
  586. ```
  587. The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  588. ## 45. Use ACME DNS API
  589. ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
  590. https://github.com/joohoi/acme-dns
  591. ```
  592. export ACMEDNS_UPDATE_URL="https://auth.acme-dns.io/update"
  593. export ACMEDNS_USERNAME="<username>"
  594. export ACMEDNS_PASSWORD="<password>"
  595. export ACMEDNS_SUBDOMAIN="<subdomain>"
  596. acme.sh --issue --dns dns_acmedns -d example.com -d www.example.com
  597. ```
  598. The credentials will be saved in `~/.acme.sh/account.conf` and will
  599. be reused when needed.
  600. ## 46. Use TELE3 API
  601. First you need to login to your TELE3 account to set your API-KEY.
  602. https://www.tele3.cz/system-acme-api.html
  603. ```
  604. export TELE3_Key="MS2I4uPPaI..."
  605. export TELE3_Secret="kjhOIHGJKHg"
  606. acme.sh --issue --dns dns_tele3 -d example.com -d *.example.com
  607. ```
  608. The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.
  609. ## 47. Use Euserv.eu API
  610. First you need to login to your euserv.eu account and activate your API Administration (API Verwaltung).
  611. [https://support.euserv.com](https://support.euserv.com)
  612. Once you've activate, login to your API Admin Interface and create an API account.
  613. Please specify the scope (active groups: domain) and assign the allowed IPs.
  614. ```
  615. export EUSERV_Username="99999.user123"
  616. export EUSERV_Password="Asbe54gHde"
  617. ```
  618. Ok, let's issue a cert now: (Be aware to use the `--insecure` flag, cause euserv.eu is still using self-signed certificates!)
  619. ```
  620. acme.sh --issue --dns dns_euserv -d example.com -d *.example.com --insecure
  621. ```
  622. The `EUSERV_Username` and `EUSERV_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  623. Please report any issues to https://github.com/initit/acme.sh or to <github@initit.de>
  624. # Use custom API
  625. If your API is not supported yet, you can write your own DNS API.
  626. Let's assume you want to name it 'myapi':
  627. 1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
  628. 2. In the script you must have a function named `dns_myapi_add()` which will be called by acme.sh to add the DNS records.
  629. 3. Then you can use your API to issue cert like this:
  630. ```
  631. acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
  632. ```
  633. For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
  634. See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
  635. # Use lexicon DNS API
  636. https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api