letsencrypt: Add support for ClouDNS provider

Adds support for ClouDNS provider for Let's Encrypt SSL certificates. Uses the certbot-dns-cloudns plugin.
home-assistant · Jan 16, 2024 · c3b3ff3 · c3b3ff3
1 parent 2fb7ddd
commit c3b3ff3
Show file tree

Hide file tree

Showing 7 changed files with 76 additions and 6 deletions.
diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.0.10
+
+- Add ClouDNS DNS challenge support
+
 ## 5.0.9
 
 - Add option to specify Private Key type

diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md
@@ -42,6 +42,7 @@ There are two options to obtain certificates.
 ```txt
 dns-azure
 dns-cloudflare
+dns-cloudns
 dns-desec
 dns-digitalocean
 dns-directadmin
@@ -79,6 +80,10 @@ azure_config: ''
 cloudflare_email: ''
 cloudflare_api_key: ''
 cloudflare_api_token: ''
+cloudns_auth_id: ''
+cloudns_sub_auth_id: ''
+cloudns_sub_auth_user: ''
+cloudns_auth_password: ''
 desec_token: ''
 digitalocean_token: ''
 directadmin_url: ''
@@ -705,6 +710,50 @@ dns:
     dreamhost_api_key: XXXXXX
   ```
 </details>
+<details>
+  <summary>ClouDNS</summary>
+In order to use a domain with this challenge, you first need to log into your control panel and create a 
+new HTTP API user from the "API & Resellers" page on top of your control panel.
+
+  ```yaml
+  email: your.email@example.com
+  domains:
+    - your.domain.tld
+  certfile: fullchain.pem
+  keyfile: privkey.pem
+  challenge: dns
+  dns:
+    provider: dns-cloudns
+    cloudns_auth_id: 12345
+    cloudns_auth_password: ******
+  ```
+API Users have full account access.  It is recommended to create an API Sub-user, which can be limited in scope.  You can use either the `sub-auth-id` or the `sub-auth-user` as follows:
+
+  ```yaml
+  email: your.email@example.com
+  domains:
+    - your.domain.tld
+  certfile: fullchain.pem
+  keyfile: privkey.pem
+  challenge: dns
+  dns:
+    provider: dns-cloudns
+    cloudns_sub_auth_id: 12345
+    cloudns_auth_password: ******
+  ```
+  ```yaml
+  email: your.email@example.com
+  domains:
+    - your.domain.tld
+  certfile: fullchain.pem
+  keyfile: privkey.pem
+  challenge: dns
+  dns:
+    provider: dns-cloudns
+    cloudns_sub_auth_user: alice
+    cloudns_auth_password: ******
+  ```
+</details>
 
 ## Certificate files
 
@@ -717,6 +766,7 @@ You can in addition find the files via the "samba" addon within the "ssl" share.
 
 ```txt
 dns-azure
+dns-cloudns
 dns-cloudflare
 dns-desec
 dns-digitalocean

diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile
@@ -7,6 +7,7 @@ ARG \
     CRYPTOGRAPHY_VERSION \
     CERTBOT_VERSION \
     CERTBOT_DNS_AZURE_VERSION \
+    CERTBOT_DNS_CLOUDNS_VERSION \
     CERTBOT_DNS_DESEC_VERSION \
     CERTBOT_DNS_DIRECTADMIN_VERSION \
     CERTBOT_DNS_DREAMHOST_VERSION \
@@ -41,6 +42,7 @@ RUN \
         certbot==${CERTBOT_VERSION} \
         certbot-dns-azure==${CERTBOT_DNS_AZURE_VERSION} \
         certbot-dns-cloudflare==${CERTBOT_VERSION} \
+        certbot-dns-cloudns==${CERTBOT_DNS_CLOUDNS_VERSION} \
         certbot-dns-desec==${CERTBOT_DNS_DESEC_VERSION} \
         certbot-dns-digitalocean==${CERTBOT_VERSION} \
         certbot-dns-directadmin==${CERTBOT_DNS_DIRECTADMIN_VERSION} \

diff --git a/letsencrypt/build.yaml b/letsencrypt/build.yaml
@@ -11,6 +11,7 @@ codenotary:
 args:
   CRYPTOGRAPHY_VERSION: 41.0.5
   CERTBOT_DNS_AZURE_VERSION: 2.4.0
+  CERTBOT_DNS_CLOUDNS_VERSION: 0.6.0
   CERTBOT_DNS_DESEC_VERSION: 1.2.1
   CERTBOT_DNS_DIRECTADMIN_VERSION: 1.0.3
   CERTBOT_DNS_DUCKDNS_VERSION: 1.3

diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml
@@ -1,5 +1,5 @@
 ---
-version: 5.0.9
+version: 5.0.10
 slug: letsencrypt
 name: Let's Encrypt
 description: Manage certificate from Let's Encrypt
@@ -44,6 +44,10 @@ schema:
     cloudflare_api_key: str?
     cloudflare_api_token: str?
     cloudflare_email: email?
+    cloudns_auth_id: int?
+    cloudns_sub_auth_id: int?
+    cloudns_sub_auth_user: str?
+    cloudns_auth_password: str?
     desec_token: str?
     digitalocean_token: str?
     directadmin_password: str?
@@ -80,12 +84,12 @@ schema:
     ovh_consumer_key: str?
     ovh_endpoint: str?
     propagation_seconds: int(60,3600)?
-    provider: "list(dns-azure|dns-cloudflare|dns-desec|dns-digitalocean|\
-      dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|dns-duckdns|\
-      dns-gehirn|dns-google|dns-google-domains|\
+    provider: "list(dns-azure|dns-cloudflare|dns-cloudns|dns-desec|\
+      dns-digitalocean|dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|\
+      dns-duckdns|dns-gehirn|dns-google|dns-google-domains|\
       dns-hetzner|dns-infomaniak|dns-linode|dns-luadns|dns-njalla|dns-nsone|\
-      dns-porkbun|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-namecheap|\
-      dns-netcup|dns-gandi|dns-transip|dns-inwx|dns-dreamhost)?"
+      dns-porkbun|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|\
+      dns-namecheap|dns-netcup|dns-gandi|dns-transip|dns-inwx|dns-dreamhost)?"
     rfc2136_algorithm: str?
     rfc2136_name: str?
     rfc2136_port: str?

diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
@@ -53,6 +53,10 @@ echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \
       "dns_inwx_password = $(bashio::config 'dns.inwx_password')\n" \
       "dns_inwx_shared_secret = $(bashio::config 'dns.inwx_shared_secret')\n" \
       "dns_google_domains_access_token = $(bashio::config 'dns.google_domains_access_token')\n" \
+      "dns_cloudns_auth_id = $(bashio::config 'dns.cloudns_auth_id')\n" \
+      "dns_cloudns_sub_auth_id = $(bashio::config 'dns.cloudns_sub_auth_id')\n" \
+      "dns_cloudns_sub_auth_user = $(bashio::config 'dns.cloudns_sub_auth_user')\n" \
+      "dns_cloudns_auth_password = $(bashio::config 'dns.cloudns_auth_password')\n" \
       "dns_dreamhost_baseurl = $(bashio::config 'dns.dreamhost_baseurl')\n" \
       "dns_dreamhost_api_key = $(bashio::config 'dns.dreamhost_api_key')\n" > /data/dnsapikey
 

diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
@@ -163,6 +163,11 @@ elif  [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-porkbun" ]; the
     bashio::config.require 'dns.porkbun_secret'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
 
+# ClouDNS
+elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-cloudns" ]; then
+    bashio::config.require 'dns.cloudns_auth_password'
+    PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
+
 # Dreamhost
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-dreamhost" ]; then
     bashio::config.require 'dns.dreamhost_baseurl'