Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns_api feature request: Add and delete TXT records only #4472

Closed
klaboor opened this issue Jan 23, 2023 · 4 comments
Closed

dns_api feature request: Add and delete TXT records only #4472

klaboor opened this issue Jan 23, 2023 · 4 comments

Comments

@klaboor
Copy link

klaboor commented Jan 23, 2023

Hello,

Is it possible to add feature where we can control ONLY DNS TXT records creation/removal process without issuing the certificate?
For example
./acme.sh --issue --dns <provider> -d mydomain.eu --create_dns_record_only --txt_value "some43charactersLongTxtString"
./acme.sh --issue --dns <provider> -d mydomain.eu --delete_dns_record_only --txt_value "some43charactersLongTxtString"
There are a lot of Truenas Scale users using acmesh project to issue certificates, but it does not install certificate for them so they need to supply it by another custom scripts.
However latest Truenas Scale version added option to run shell script as ACME challenge authenticator, but there is numerous providers issue. Since acmesh already covers wide variety of providers it's make sense to ask for help here.
With such features we can use acmesh as ACME challange authenticator and let Truenas to issue, import, renew certificate.
Thank you.
@Neilpang
Copy link
Member

Yes, you can write a simple script to call the dns api easily:

#1.  source the whole acme.sh file for utils functions.
source  /root/.acme.sh/acme.sh  >/dev/null


#2.  source the  dns api that you want to use:
source  /root/.acme.sh/dnsapi/dns_cf.sh  >/dev/null


#3. OK, you can export the dns variables and use the api:

export  CF_Email=xxxxx@xxxx.com
export  CF_Key="xcccccc"

dns_cf_add    _acme-challenge.mydomain.tld    "TXTValue_to_add.........."


#4.  After use, you can remove the txt record:

dns_cf_rm    _acme-challenge.mydomain.tld    "TXTValue_to_add.........."

@acmesh-official acmesh-official deleted a comment from github-actions bot Jan 24, 2023
@klaboor
Copy link
Author

klaboor commented Jan 24, 2023

Awesome. I created my own script based on functions I found for my provider but I totally forgot I can source main script. Tried that and it's working. Thank you very much.

@cron0mat
Copy link

Awesome. I created my own script based on functions I found for my provider but I totally forgot I can source main script. Tried that and it's working. Thank you very much.

Could you provide your bash script ?
I get error mesages "config file is empty, can not save and can not clear ..."

acme.sh is installed as root and letsencrypt as server is registered.
I also added acme.sh.env to the .bashrc

@Siress
Copy link

Siress commented Aug 7, 2023

Could you provide your bash script ? I get error mesages "config file is empty, can not save and can not clear ..."

See other post here: https://www.truenas.com/community/threads/acme-dns-authenticator-shell-script.106589/post-739605

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Neilpang @Siress @cron0mat @klaboor