diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md index 9883cb921ee..59ff9d23304 100644 --- a/letsencrypt/CHANGELOG.md +++ b/letsencrypt/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 5.0.10 + +- Add HE DNS challenge support + ## 5.0.9 - Add option to specify Private Key type diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md index c83c9a8e949..8d1b40f9c86 100644 --- a/letsencrypt/DOCS.md +++ b/letsencrypt/DOCS.md @@ -91,6 +91,8 @@ duckdns_token: '' google_creds: '' google_domains_access_token: '' google_domains_zone: '' +he_user: '' +he_pass: '' hetzner_api_token: '' gehirn_api_token: '' gehirn_api_secret: '' @@ -705,6 +707,23 @@ dns: dreamhost_api_key: XXXXXX ``` +
+ Hurricane Electric (HE) + + ```yaml + email: your.email@example.com + domains: + - your.domain.tld + certfile: fullchain.pem + keyfile: privkey.pem + challenge: dns + dns: + provider: dns-he + dns_he_user: Me + dns_he_pass: "my HE password" + ``` +
+ ## Certificate files @@ -727,6 +746,7 @@ dns-duckdns dns-dreamhost dns-gehirn dns-google +dns-he dns-hetzner dns-infomaniak dns-linode diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile index 81722cb59e2..da86226ba22 100644 --- a/letsencrypt/Dockerfile +++ b/letsencrypt/Dockerfile @@ -12,6 +12,7 @@ ARG \ CERTBOT_DNS_DREAMHOST_VERSION \ CERTBOT_DNS_DUCKDNS_VERSION \ CERTBOT_DNS_GOOGLE_DOMAINS_VERSION \ + CERTBOT_DNS_HE_VERSION \ CERTBOT_DNS_HETZNER_VERSION \ CERTBOT_DNS_INFOMANIAK_VERSION \ CERTBOT_DNS_INWX_VERSION \ @@ -67,6 +68,7 @@ RUN \ certbot-dns-transip==${CERTBOT_DNS_TRANSIP_VERSION} \ certbot-dns-inwx==${CERTBOT_DNS_INWX_VERSION} \ certbot-dns-dreamhost==${CERTBOT_DNS_DREAMHOST_VERSION} \ + certbot-dns-he==${CERTBOT_DNS_HE_VERSION} \ acme==${ACME_VERSION} \ && apk del .build-dependencies diff --git a/letsencrypt/build.yaml b/letsencrypt/build.yaml index 44c518a0031..5a1765bd257 100644 --- a/letsencrypt/build.yaml +++ b/letsencrypt/build.yaml @@ -14,6 +14,7 @@ args: CERTBOT_DNS_DESEC_VERSION: 1.2.1 CERTBOT_DNS_DIRECTADMIN_VERSION: 1.0.3 CERTBOT_DNS_DUCKDNS_VERSION: 1.3 + CERTBOT_DNS_HE_VERSION: 1.0.0 CERTBOT_DNS_HETZNER_VERSION: 2.0.0 CERTBOT_DNS_INFOMANIAK_VERSION: 0.2.1 CERTBOT_DNS_INWX_VERSION: 2.2.0 diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml index cbd3698cfff..193c28ca486 100644 --- a/letsencrypt/config.yaml +++ b/letsencrypt/config.yaml @@ -1,5 +1,5 @@ --- -version: 5.0.9 +version: 5.0.10 slug: letsencrypt name: Let's Encrypt description: Manage certificate from Let's Encrypt @@ -85,7 +85,7 @@ schema: dns-gehirn|dns-google|dns-google-domains|\ dns-hetzner|dns-infomaniak|dns-linode|dns-luadns|dns-njalla|dns-nsone|\ dns-porkbun|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-namecheap|\ - dns-netcup|dns-gandi|dns-transip|dns-inwx|dns-dreamhost)?" + dns-netcup|dns-gandi|dns-transip|dns-inwx|dns-dreamhost|dns-he)?" rfc2136_algorithm: str? rfc2136_name: str? rfc2136_port: str? @@ -100,4 +100,6 @@ schema: inwx_shared_secret: str? dreamhost_api_key: str? dreamhost_baseurl: str? + he_user: str? + he_pass: str? startup: once diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh index 29e1a578a1e..060be554c6e 100755 --- a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh +++ b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh @@ -54,7 +54,9 @@ echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \ "dns_inwx_shared_secret = $(bashio::config 'dns.inwx_shared_secret')\n" \ "dns_google_domains_access_token = $(bashio::config 'dns.google_domains_access_token')\n" \ "dns_dreamhost_baseurl = $(bashio::config 'dns.dreamhost_baseurl')\n" \ - "dns_dreamhost_api_key = $(bashio::config 'dns.dreamhost_api_key')\n" > /data/dnsapikey + "dns_dreamhost_api_key = $(bashio::config 'dns.dreamhost_api_key')\n" \ + "dns_he_user = $(bashio::config 'dns.he_user')\n" \ + "dns_he_pass = $(bashio::config 'dns.he_pass')\n" > /data/dnsapikey if bashio::config.exists 'dns.google_domains_zone'; then echo -e "dns_google_domains_zone = $(bashio::config 'dns.google_domains_zone')\n" >> /data/dnsapikey diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run index 9ca8048c668..5eedb481a1f 100755 --- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run +++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run @@ -169,6 +169,12 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-dreamhost" ]; th bashio::config.require 'dns.dreamhost_api_key' PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--dns-dreamhost-credentials" "/data/dnsapikey") +# Hurricane Electric +elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-he" ]; then + bashio::config.require 'dns.he_user' + bashio::config.require 'dns.he_pass' + PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--dns-he-credentials" "/data/dnsapikey") + #All others else PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey")