letsencrypt: Add support for Hurricane Electric

letsencrypt/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.0.10
+
+- Add HE DNS challenge support
+
 ## 5.0.9
 
 - Add option to specify Private Key type

letsencrypt/DOCS.md

@@ -91,6 +91,8 @@ duckdns_token: ''
 google_creds: ''
 google_domains_access_token: ''
 google_domains_zone: ''
+he_user: ''
+he_pass: ''
 hetzner_api_token: ''
 gehirn_api_token: ''
 gehirn_api_secret: ''
@@ -705,6 +707,23 @@ dns:
     dreamhost_api_key: XXXXXX
   ```
 </details>
+<details>
+  <summary>Hurricane Electric (HE)</summary>
+
+  ```yaml
+  email: your.email@example.com
+  domains:
+    - your.domain.tld
+  certfile: fullchain.pem
+  keyfile: privkey.pem
+  challenge: dns
+  dns:
+    provider: dns-he
+    dns_he_user: Me
+    dns_he_pass: "my HE password"
+  ```
+</details>
+
 
 ## Certificate files
 
@@ -727,6 +746,7 @@ dns-duckdns
 dns-dreamhost
 dns-gehirn
 dns-google
+dns-he
 dns-hetzner
 dns-infomaniak
 dns-linode

letsencrypt/Dockerfile

@@ -12,6 +12,7 @@ ARG \
     CERTBOT_DNS_DREAMHOST_VERSION \
     CERTBOT_DNS_DUCKDNS_VERSION \
     CERTBOT_DNS_GOOGLE_DOMAINS_VERSION \
+    CERTBOT_DNS_HE_VERSION \
     CERTBOT_DNS_HETZNER_VERSION \
     CERTBOT_DNS_INFOMANIAK_VERSION \
     CERTBOT_DNS_INWX_VERSION \
@@ -67,6 +68,7 @@ RUN \
         certbot-dns-transip==${CERTBOT_DNS_TRANSIP_VERSION} \
         certbot-dns-inwx==${CERTBOT_DNS_INWX_VERSION} \
         certbot-dns-dreamhost==${CERTBOT_DNS_DREAMHOST_VERSION} \
+        certbot-dns-he==${CERTBOT_DNS_HE_VERSION} \
         acme==${ACME_VERSION} \
     && apk del .build-dependencies
 

letsencrypt/build.yaml

@@ -14,6 +14,7 @@ args:
   CERTBOT_DNS_DESEC_VERSION: 1.2.1
   CERTBOT_DNS_DIRECTADMIN_VERSION: 1.0.3
   CERTBOT_DNS_DUCKDNS_VERSION: 1.3
+  CERTBOT_DNS_HE_VERSION: 1.0.0
   CERTBOT_DNS_HETZNER_VERSION: 2.0.0
   CERTBOT_DNS_INFOMANIAK_VERSION: 0.2.1
   CERTBOT_DNS_INWX_VERSION: 2.2.0

letsencrypt/config.yaml

@@ -1,5 +1,5 @@
 ---
-version: 5.0.9
+version: 5.0.10
 slug: letsencrypt
 name: Let's Encrypt
 description: Manage certificate from Let's Encrypt
@@ -85,7 +85,7 @@ schema:
       dns-gehirn|dns-google|dns-google-domains|\
       dns-hetzner|dns-infomaniak|dns-linode|dns-luadns|dns-njalla|dns-nsone|\
       dns-porkbun|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-namecheap|\
-      dns-netcup|dns-gandi|dns-transip|dns-inwx|dns-dreamhost)?"
+      dns-netcup|dns-gandi|dns-transip|dns-inwx|dns-dreamhost|dns-he)?"
     rfc2136_algorithm: str?
     rfc2136_name: str?
     rfc2136_port: str?
@@ -100,4 +100,6 @@ schema:
     inwx_shared_secret: str?
     dreamhost_api_key: str?
     dreamhost_baseurl: str?
+    he_user: str?
+    he_pass: str?
 startup: once

letsencrypt/rootfs/etc/cont-init.d/file-structure.sh

@@ -54,7 +54,9 @@ echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \
       "dns_inwx_shared_secret = $(bashio::config 'dns.inwx_shared_secret')\n" \
       "dns_google_domains_access_token = $(bashio::config 'dns.google_domains_access_token')\n" \
       "dns_dreamhost_baseurl = $(bashio::config 'dns.dreamhost_baseurl')\n" \
-      "dns_dreamhost_api_key = $(bashio::config 'dns.dreamhost_api_key')\n" > /data/dnsapikey
+      "dns_dreamhost_api_key = $(bashio::config 'dns.dreamhost_api_key')\n" \
+      "dns_he_user = $(bashio::config 'dns.he_user')\n" \
+      "dns_he_pass = $(bashio::config 'dns.he_pass')\n" > /data/dnsapikey
 
 if bashio::config.exists 'dns.google_domains_zone'; then
       echo -e "dns_google_domains_zone = $(bashio::config 'dns.google_domains_zone')\n" >> /data/dnsapikey

letsencrypt/rootfs/etc/services.d/lets-encrypt/run

@@ -169,6 +169,12 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-dreamhost" ]; th
     bashio::config.require 'dns.dreamhost_api_key'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--dns-dreamhost-credentials" "/data/dnsapikey")
 
+# Hurricane Electric
+elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-he" ]; then
+    bashio::config.require 'dns.he_user'
+    bashio::config.require 'dns.he_pass'
+    PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--dns-he-credentials" "/data/dnsapikey")
+
 #All others
 else
     PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey")