From f9e3a2132f1d957b0190243cc703a472eb20ee7a Mon Sep 17 00:00:00 2001
From: Maarten den Braber <m@mdbraber.com>
Date: Thu, 9 May 2019 21:14:26 +0200
Subject: [PATCH 1/2] Username/password no longer required

---
 dnsapi/dns_acmeproxy.sh | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/dnsapi/dns_acmeproxy.sh b/dnsapi/dns_acmeproxy.sh
index 656e3104..8ca3eb0a 100644
--- a/dnsapi/dns_acmeproxy.sh
+++ b/dnsapi/dns_acmeproxy.sh
@@ -46,15 +46,6 @@ _acmeproxy_request() {
     return 1
   fi
 
-  ## Check for the credentials
-  if [ -z "$ACMEPROXY_USERNAME" ] || [ -z "$ACMEPROXY_PASSWORD" ]; then
-    ACMEPROXY_USERNAME=""
-    ACMEPROXY_PASSWORD=""
-    _err "You didn't set username and password"
-    _err "Please set them via 'export ACMEPROXY_USERNAME=...' and 'export ACMEPROXY_PASSWORD=...' and try again."
-    return 1
-  fi
-
   ## Save the credentials to the account file
   _saveaccountconf_mutable ACMEPROXY_ENDPOINT "$ACMEPROXY_ENDPOINT"
   _saveaccountconf_mutable ACMEPROXY_USERNAME "$ACMEPROXY_USERNAME"

From 5e165819a1df9d6eef5f55bd6fd464f231cec570 Mon Sep 17 00:00:00 2001
From: Maarten den Braber <m@mdbraber.com>
Date: Mon, 13 May 2019 08:45:57 +0200
Subject: [PATCH 2/2] Update authentication logic / info

---
 dnsapi/dns_acmeproxy.sh | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/dnsapi/dns_acmeproxy.sh b/dnsapi/dns_acmeproxy.sh
index 8ca3eb0a..d4a0e172 100644
--- a/dnsapi/dns_acmeproxy.sh
+++ b/dnsapi/dns_acmeproxy.sh
@@ -51,13 +51,19 @@ _acmeproxy_request() {
   _saveaccountconf_mutable ACMEPROXY_USERNAME "$ACMEPROXY_USERNAME"
   _saveaccountconf_mutable ACMEPROXY_PASSWORD "$ACMEPROXY_PASSWORD"
 
-  ## Base64 encode the credentials
-  credentials=$(printf "%b" "$ACMEPROXY_USERNAME:$ACMEPROXY_PASSWORD" | _base64)
+  if [ -z "$ACMEPROXY_USERNAME" ] || [ -z "$ACMEPROXY_PASSWORD" ]; then
+    _info "ACMEPROXY_USERNAME and/or ACMEPROXY_PASSWORD not set - using without client authentication! Make sure you're using server authentication (e.g. IP-based)"
+    export _H1="Accept: application/json"
+    export _H2="Content-Type: application/json"
+  else
+    ## Base64 encode the credentials
+    credentials=$(printf "%b" "$ACMEPROXY_USERNAME:$ACMEPROXY_PASSWORD" | _base64)
 
-  ## Construct the HTTP Authorization header
-  export _H1="Authorization: Basic $credentials"
-  export _H2="Accept: application/json"
-  export _H3="Content-Type: application/json"
+    ## Construct the HTTP Authorization header
+    export _H1="Authorization: Basic $credentials"
+    export _H2="Accept: application/json"
+    export _H3="Content-Type: application/json"
+  fi
 
   ## Add the challenge record to the acmeproxy grid member
   response="$(_post "{\"fqdn\": \"$fulldomain.\", \"value\": \"$txtvalue\"}" "$ACMEPROXY_ENDPOINT/$action" "" "POST")"