You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

262 lines
6.7 KiB

9 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
  1. # How to use DNS API
  2. ## 1. Use CloudFlare domain API to automatically issue cert
  3. First you need to login to your CloudFlare account to get your API key.
  4. ```
  5. export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  6. export CF_Email="xxxx@sss.com"
  7. ```
  8. Ok, let's issue a cert now:
  9. ```
  10. acme.sh --issue --dns dns_cf -d example.com -d www.example.com
  11. ```
  12. The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  13. ## 2. Use DNSPod.cn domain API to automatically issue cert
  14. First you need to login to your DNSPod account to get your API Key and ID.
  15. ```
  16. export DP_Id="1234"
  17. export DP_Key="sADDsdasdgdsf"
  18. ```
  19. Ok, let's issue a cert now:
  20. ```
  21. acme.sh --issue --dns dns_dp -d example.com -d www.example.com
  22. ```
  23. The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  24. ## 3. Use CloudXNS.com domain API to automatically issue cert
  25. First you need to login to your CloudXNS account to get your API Key and Secret.
  26. ```
  27. export CX_Key="1234"
  28. export CX_Secret="sADDsdasdgdsf"
  29. ```
  30. Ok, let's issue a cert now:
  31. ```
  32. acme.sh --issue --dns dns_cx -d example.com -d www.example.com
  33. ```
  34. The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  35. ## 4. Use GoDaddy.com domain API to automatically issue cert
  36. First you need to login to your GoDaddy account to get your API Key and Secret.
  37. https://developer.godaddy.com/keys/
  38. Please create a Production key, instead of a Test key.
  39. ```
  40. export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  41. export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
  42. ```
  43. Ok, let's issue a cert now:
  44. ```
  45. acme.sh --issue --dns dns_gd -d example.com -d www.example.com
  46. ```
  47. The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  48. ## 5. Use PowerDNS embedded API to automatically issue cert
  49. First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration.
  50. https://doc.powerdns.com/md/httpapi/README/
  51. ```
  52. export PDNS_Url="http://ns.example.com:8081"
  53. export PDNS_ServerId="localhost"
  54. export PDNS_Token="0123456789ABCDEF"
  55. export PDNS_Ttl=60
  56. ```
  57. Ok, let's issue a cert now:
  58. ```
  59. acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
  60. ```
  61. The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  62. ## 6. Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert
  63. https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
  64. ## 7. Use nsupdate to automatically issue cert
  65. First, generate a key for updating the zone
  66. ```
  67. b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo)
  68. cat > /etc/named/keys/update.key <<EOF
  69. key "update" {
  70. algorithm hmac-sha512;
  71. secret "$(awk '/^Key/{print $2}' /tmp/$b.private)";
  72. };
  73. EOF
  74. rm -f /tmp/$b.{private,key}
  75. ```
  76. Include this key in your named configuration
  77. ```
  78. include "/etc/named/keys/update.key";
  79. ```
  80. Next, configure your zone to allow dynamic updates.
  81. Depending on your named version, use either
  82. ```
  83. zone "example.com" {
  84. type master;
  85. allow-update { key "update"; };
  86. };
  87. ```
  88. or
  89. ```
  90. zone "example.com" {
  91. type master;
  92. update-policy {
  93. grant update subdomain example.com.;
  94. };
  95. }
  96. ```
  97. Finally, make the DNS server and update Key available to `acme.sh`
  98. ```
  99. export NSUPDATE_SERVER="dns.example.com"
  100. export NSUPDATE_KEY="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=="
  101. ```
  102. Ok, let's issue a cert now:
  103. ```
  104. acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
  105. ```
  106. The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  107. ## 8. Use LuaDNS domain API
  108. Get your API token at https://api.luadns.com/settings
  109. ```
  110. export LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  111. export LUA_Email="xxxx@sss.com"
  112. ```
  113. To issue a cert:
  114. ```
  115. acme.sh --issue --dns dns_lua -d example.com -d www.example.com
  116. ```
  117. The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  118. ## 9. Use DNSMadeEasy domain API
  119. Get your API credentials at https://cp.dnsmadeeasy.com/account/info
  120. ```
  121. export ME_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  122. export ME_Secret="qdfqsdfkjdskfj"
  123. ```
  124. To issue a cert:
  125. ```
  126. acme.sh --issue --dns dns_me -d example.com -d www.example.com
  127. ```
  128. The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  129. ## 10. Use Amazon Route53 domain API
  130. https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API
  131. ```
  132. export AWS_ACCESS_KEY_ID=XXXXXXXXXX
  133. export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX
  134. ```
  135. To issue a cert:
  136. ```
  137. acme.sh --issue --dns dns_aws -d example.com -d www.example.com
  138. ```
  139. The `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  140. ## 11. Use Aliyun domain API to automatically issue cert
  141. First you need to login to your Aliyun account to get your API key.
  142. [https://ak-console.aliyun.com/#/accesskey](https://ak-console.aliyun.com/#/accesskey)
  143. ```
  144. export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  145. export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
  146. ```
  147. Ok, let's issue a cert now:
  148. ```
  149. acme.sh --issue --dns dns_ali -d example.com -d www.example.com
  150. ```
  151. The `Ali_Key` and `Ali_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  152. ## 12. Use ISPConfig 3.1 API
  153. This only works for ISPConfig 3.1 (and newer).
  154. Create a Remote User in the ISPConfig Control Panel. The Remote User must have access to at least `DNS zone functions` and `DNS txt functions`.
  155. ```
  156. export ISPC_User="xxx"
  157. export ISPC_Password="xxx"
  158. export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php"
  159. export ISPC_Api_Insecure=1
  160. ```
  161. If you have installed ISPConfig on a different port, then alter the 8080 accordingly.
  162. Leaver ISPC_Api_Insecure set to 1 if you have not a valid ssl cert for your installation. Change it to 0 if you have a valid ssl cert.
  163. To issue a cert:
  164. ```
  165. acme.sh --issue --dns dns_ispconfig -d example.com -d www.example.com
  166. ```
  167. The `ISPC_User`, `ISPC_Password`, `ISPC_Api`and `ISPC_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
  168. # 13. Use custom API
  169. If your API is not supported yet, you can write your own DNS API.
  170. Let's assume you want to name it 'myapi':
  171. 1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
  172. 2. In the script you must have a function named `dns_myapi_add()` which will be called by acme.sh to add the DNS records.
  173. 3. Then you can use your API to issue cert like this:
  174. ```
  175. acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
  176. ```
  177. For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
  178. ## 14. Use lexicon DNS API
  179. https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api