add documentation for dns_nsupdate

README.md

@@ -244,6 +244,7 @@ You don't have do anything manually!
 7. PowerDNS API
 8. lexicon dns api: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
    (DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)
+9. nsupdate
 
 ##### More APIs are coming soon...
 

dnsapi/README.md

@@ -112,10 +112,60 @@ acme.sh   --issue   --dns dns_pdns   -d example.com  -d www.example.com
 
 The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`.
 
+
 ## Use OVH/kimsufi/soyoustart/runabove API
 
 https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
 
+## Use nsupdate to automatically issue cert
+
+First, generate a key for updating the zone
+```
+b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo)
+cat > /etc/named/keys/update.key <<EOF
+key "update" {
+    algorithm hmac-sha512;
+    secret "$(awk '/^Key/{print $2}' /tmp/$b.private)";
+};
+EOF
+rm -f /tmp/$b.{private,key}
+```
+
+Include this key in your named configuration
+```
+include "/etc/named/keys/update.key";
+```
+
+Next, configure your zone to allow dynamic updates.
+Depending on your named version, use either
+```
+zone "example.com" {
+    type master;
+    allow-update { key "update"; };
+};
+```
+or
+```
+zone "example.com" {
+    type master;
+    update-policy {
+        grant update subdomain example.com.;
+    };
+}
+```
+Finally, make the dns server and update key available to `acme.sh`
+```
+export NSUPDATE_SERVER=dns.example.com
+export NSUPDATE_KEY=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa==
+```
+
+Ok, let's issue cert now:
+```
+acme.sh   --issue   --dns dns_nsupdate   -d example.com  -d www.example.com
+```
+
+The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf`.
+
 # Use custom api
 
 If your api is not supported yet,  you can write your own dns api.