add dns-XXX-rm in dnsapi

[backbohne]

Hi,

Would it be possible to add support to remove "_acme-challenge" TXT records after validation via DNSAPI?

Regrads
Frank

[Neilpang]

yes, maybe later.

[AnalogJ]

I wrote a tiny library called lexicon that provides a generic way to manipulate (create/update/delete) DNS records on DNS providers who have API's. There are 10 providers supported right now, but we're adding more all the time.

[Neilpang]

Oh, you are sooooo cool. I will play with it soon, and maybe we can make a way to work with lexicon.

[Neilpang]

@AnalogJ I just added support for lexicon: 2ed01ff

Please correct me if there is anything wrong.
Thanks for your work.

[AnalogJ]

Hey @Neilpang that looks good. 👍

[oskar456]

I second the original request. Would it also be possible to add a commit hook called after setting up all the records?
In my scenario, I write the ACME challenges into a text file, which is included into the zone file. After inserting each one record, I have to resign the zone and reload the server. It would be more appropriate to do this only once, after all challenges are in place.

[dschaper]

Is there a need for some help with this? Looks like a call to a DNS delete function would be good at around line 1747. If the record is deleted from the DNS server, does ACME.sh have the logic to create a new certificate and a new record, or will it attempt to use the old record and fail out of the process? From what I understand if you use DNS based authentication you basically create a new cert every renewal cycle instead of actually renewing the existing cert?

[Neilpang]

@dschaper
Yes, you are correct, each time the cert is issued/renewed, the txt record is new created/updated.

The txt record should be deleted after the validation. it's no use anymore.

I just don't have enough time to implement for all the dns apis.

And, if implemented, it should not be added at line 1747, it should be added in the function "_clearup" function.

[dschaper]

Thanks! I think I know where to start and I'll PR when/if I have anything worth submitting.

[noplanman]

If I may add a request.

As parameters for the _cleanup function, it would be great to add the 2 that get passed to the _add function (fulldomain & txtvalue) PLUS a third one with the output of the _add function.

Explanation: When creating a new entry, a nice API would return an ID of the newly created entry. This could be used to easily and securely remove it again. If the API does not return such a value, then the fulldomain and txtvalue parameters can be used to find the proper entry to remove.

Thanks for all the great work! 🎉

[Neilpang]

@noplanman
Thanks for you advice, but it's not as easy as it seems.

All the api functions will be run in a sub shell, in ( ... ). we already used the return value, and the output of the sub shell can not be used too.

If you want to passed something from the add function to the delete function, here is a workaround.

In the add function:

_savedomainconf  "myDomainId"  "$domainId"
_savedomainconf  "myRecordId"  "$recordId"

In the delete function, you can read the saved values:

domainId="$(_readdomainconf  myDomainId )"
recordId="$(_readdomainconf  myRecordId)"


#after using, please remove them from the conf file.
_cleardomainconf   myDomainId 
_cleardomainconf   myRecordId

It will be a better idea that: in the delete function, you detect the domain Id and record id by yourself.

Please save the really important values in the conf file.

[noplanman]

Ok, that works perfectly too, thanks for pointing that out!

In that case, I'll happily wait for this to be implemented and supply you with some good vibes 😺

[Neilpang]

@noplanman
Good.

[Neilpang]

@noplanman added. Please take a look.

[noplanman]

@Neilpang Thanks a million, works perfectly 🎉