diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
index c2ed1ce3b4..655427c761 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
@@ -21,7 +21,7 @@
validation.method
dropdown
-
+ Set the Let's Encrypt challenge type. You'll have to add configuration for the selected challenge type below.
@@ -92,7 +92,7 @@
validation.dns_sleep
text
-
+ The time in seconds to wait for all the TXT records to take effect after adding them to the DNS API. Defaults to 120 seconds.
@@ -119,6 +119,26 @@
text
+
+
+ header
+
+
+
+ validation.dns_autodns_user
+
+ text
+
+
+ validation.dns_autodns_password
+
+ password
+
+
+ validation.dns_autodns_context
+
+ text
+
header
@@ -134,6 +154,31 @@
text
+
+
+ header
+
+
+
+ validation.dns_azuredns_subscriptionid
+
+ text
+
+
+ validation.dns_azuredns_tenantid
+
+ text
+
+
+ validation.dns_azuredns_appid
+
+ text
+
+
+ validation.dns_azuredns_clientsecret
+
+ text
+
header
@@ -199,6 +244,22 @@
password
+
+
+ header
+
+
+
+ validation.dns_da_key
+
+ text
+
+
+ validation.dns_da_insecure
+
+ checkbox
+ Uncheck this box if you have a valid SSL certificate for your DirectAdmin installation.
+
header
@@ -218,6 +279,7 @@
validation.dns_dnsimple_token
text
+ Note that this is the account token not the user token.
@@ -249,6 +311,16 @@
text
+
+
+ header
+
+
+
+ validation.dns_dh_key
+
+ text
+
header
@@ -366,6 +438,21 @@
text
Enter either the IP address or FQDN of your Infoblox appliance.
+
+
+ header
+
+
+
+ validation.dns_inwx_user
+
+ text
+
+
+ validation.dns_inws_password
+
+ password
+
header
@@ -390,6 +477,39 @@
validation.dns_ispconfig_insecure
checkbox
+ Uncheck this box if you have a valid SSL certificate for your ISPConfig installation.
+
+
+
+ header
+
+
+
+ validation.dns_kinghost_username
+
+ text
+
+
+ validation.dns_kinghost_password
+
+ password
+
+
+
+ header
+
+
+
+ validation.dns_knot_server
+
+ text
+ Knot server address, like: dns.example.com
+
+
+ validation.dns_knot_key
+
+ text
+ Specify the location of the generated TSIG Key inside the TSIG file using grep and cut, example: grep \# /etc/knot/acme.key | cut -d' ' -f2
@@ -466,6 +586,16 @@
text
+
+
+ header
+
+
+
+ validation.dns_namesilo_key
+
+ text
+
header
@@ -490,7 +620,7 @@
validation.dns_nsupdate_key
textbox
-
+ Requires the whole key file in a format that is compatible with nsupdate.
@@ -527,19 +657,59 @@
validation.dns_pdns_url
text
-
+ Specify the URL for your PowerDNS server, i.e. http://ns.example.com:8081.
validation.dns_pdns_serverid
text
-
+ Specify the Server ID of your PowerDNS server, i.e. localhost.
validation.dns_pdns_token
text
+
+
+ header
+
+
+
+ validation.dns_sl_key
+
+ text
+
+
+
+ header
+
+
+
+ validation.dns_servercow_username
+
+ text
+
+
+ validation.dns_servercow_password
+
+ password
+
+
+
+ header
+
+
+
+ validation.dns_uno_key
+
+ text
+
+
+ validation.dns_uno_user
+
+ text
+
header
@@ -560,4 +730,24 @@
text
-
+
+
+ header
+
+
+
+ validation.dns_zilore_key
+
+ text
+
+
+
+ header
+
+
+
+ validation.dns_zm_key
+
+ text
+
+
\ No newline at end of file
diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
index 001fe98ba3..42c77727db 100644
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@@ -338,16 +338,20 @@
Alwaysdata.com API
aliyun.com API
+ autoDNS (InternetX) API
AWS Route 53
+ Azure DNS API
CloudFlare.com API
ClouDNS API
CloudXNS.com API
cyon.ch API
+ DirectAdmin API
DigitalOcean API
DNSimple API
DNSMadeEasy.com API
- Domain-Offensive/Resellerinterface/Domainrobot API
DNSPod.cn API
+ Domain-Offensive/Resellerinterface/Domainrobot API
+ DreamHost DNS API
DuckDNS API
Dyn Managed DNS API
Dynu API
@@ -356,17 +360,26 @@
GoDaddy.com API
Hurricane Electric
Infoblox API
+ INWX XMLRPC API
ISPConfig 3.1+ API
+ KingHost DNS API
+ Knot (knsupdate) DNS API
lexicon DNS API
Linode API
LuaDNS.com API
Name.com API
+ Namesilo.com API
NS1.com API
nsupdate (RFC 2136)
OVH, kimsufi, soyoustart and runabove API
PowerDNS.com API
+ selectel.com / selectel.ru domain API
+ Servercow API v1
+ UnoEuro API
Vscale API
Yandex PDD API
+ Zilore DNS API
+ zonomi.com domain API
@@ -385,12 +398,33 @@
N
+
+ N
+
+
+ N
+
+
+ N
+
N
N
+
+ N
+
+
+ N
+
+
+ N
+
+
+ N
+
N
@@ -418,6 +452,13 @@
N
+
+ N
+
+
+ N
+ 1
+
N
@@ -436,6 +477,9 @@
N
+
+ N
+
N
@@ -481,6 +525,12 @@
N
+
+ N
+
+
+ N
+
N
@@ -494,6 +544,18 @@
N
1
+
+ N
+
+
+ N
+
+
+ N
+
+
+ N
+
N
cloudflare
@@ -529,6 +591,9 @@
N
+
+ N
+
N
@@ -560,12 +625,33 @@
N
+
+ N
+
+
+ N
+
+
+ N
+
+
+ N
+
+
+ N
+
N
N
+
+ N
+
+
+ N
+
diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
index 8960d15b5c..ee2220ee85 100755
--- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
+++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
@@ -600,10 +600,21 @@ function run_acme_validation($certObj, $valObj, $acctObj)
$proc_env['Ali_Key'] = (string)$valObj->dns_ali_key;
$proc_env['Ali_Secret'] = (string)$valObj->dns_ali_secret;
break;
+ case 'dns_autodns':
+ $proc_env['AUTODNS_USER'] = (string)$valObj->dns_autodns_user;
+ $proc_env['AUTODNS_PASSWORD'] = (string)$valObj->dns_autodns_password;
+ $proc_env['AUTODNS_CONTEXT'] = (string)$valObj->dns_autodns_context;
+ break;
case 'dns_aws':
$proc_env['AWS_ACCESS_KEY_ID'] = (string)$valObj->dns_aws_id;
$proc_env['AWS_SECRET_ACCESS_KEY'] = (string)$valObj->dns_aws_secret;
break;
+ case 'dns_azure':
+ $proc_env['AZUREDNS_SUBSCRIPTIONID'] = (string)$valObj->dns_azuredns_subscriptionid;
+ $proc_env['AZUREDNS_TENANTID'] = (string)$valObj->dns_azuredns_tenantid;
+ $proc_env['AZUREDNS_APPID'] = (string)$valObj->dns_azuredns_appid;
+ $proc_env['AZUREDNS_CLIENTSECRET'] = (string)$valObj->dns_azuredns_clientsecret;
+ break;
case 'dns_cf':
$proc_env['CF_Key'] = (string)$valObj->dns_cf_key;
$proc_env['CF_Email'] = (string)$valObj->dns_cf_email;
@@ -621,6 +632,10 @@ function run_acme_validation($certObj, $valObj, $acctObj)
$proc_env['CY_Username'] = (string)$valObj->dns_cyon_user;
$proc_env['CY_Password'] = (string)$valObj->dns_cyon_user;
break;
+ case 'dns_da':
+ $proc_env['DA_Api'] = (string)$valObj->dns_da_key;
+ $proc_env['DA_Api_Insecure'] = (string)$valObj->dns_da_insecure;
+ break;
case 'dns_dgon':
$proc_env['DO_API_KEY'] = (string)$valObj->dns_dgon_key;
break;
@@ -635,6 +650,9 @@ function run_acme_validation($certObj, $valObj, $acctObj)
$proc_env['DP_Id'] = (string)$valObj->dns_dp_id;
$proc_env['DP_Key'] = (string)$valObj->dns_dp_key;
break;
+ case 'dns_dreamhost':
+ $proc_env['DH_API_KEY'] = (string)$valObj->dns_dh_key;
+ break;
case 'dns_duckdns':
$proc_env['DuckDNS_Token'] = (string)$valObj->dns_duckdns_token;
break;
@@ -666,12 +684,24 @@ function run_acme_validation($certObj, $valObj, $acctObj)
$proc_env['Infoblox_Creds'] = (string)$valObj->dns_infoblox_credentials;
$proc_env['Infoblox_Server'] = (string)$valObj->dns_infoblox_server;
break;
+ case 'dns_inwx':
+ $proc_env['INWX_User'] = (string)$valObj->dns_inwx_user;
+ $proc_env['INWX_Password'] = (string)$valObj->dns_inws_password;
+ break;
case 'dns_ispconfig':
$proc_env['ISPC_User'] = (string)$valObj->dns_ispconfig_user;
$proc_env['ISPC_Password'] = (string)$valObj->dns_ispconfig_password;
$proc_env['ISPC_Api'] = (string)$valObj->dns_ispconfig_api;
$proc_env['ISPC_Api_Insecure'] = (string)$valObj->dns_ispconfig_insecure;
break;
+ case 'dns_kinghost':
+ $proc_env['KINGHOST_username'] = (string)$valObj->dns_kinghost_username;
+ $proc_env['KINGHOST_Password'] = (string)$valObj->dns_kinghost_password;
+ break;
+ case 'dns_knot':
+ $proc_env['KNOT_SERVER'] = (string)$valObj->dns_knot_server;
+ $proc_env['KNOT_KEY'] = (string)$valObj->dns_knot_key;
+ break;
case 'dns_lexicon':
$proc_env['PROVIDER'] = (string)$valObj->dns_lexicon_provider;
$proc_env['LEXICON_CLOUDFLARE_USERNAME'] = (string)$valObj->dns_lexicon_user;
@@ -699,6 +729,11 @@ function run_acme_validation($certObj, $valObj, $acctObj)
$proc_env['Namecom_Username'] = (string)$valObj->dns_namecom_user;
$proc_env['Namecom_Token'] = (string)$valObj->dns_namecom_token;
break;
+ case 'dns_namesilo':
+ $proc_env['Namesilo_Key'] = (string)$valObj->dns_namesilo_key;
+ // Namesilo applies changes to DNS records only every 15 minutes.
+ $acme_hook_options[] = "--dnssleep 960";
+ break;
case 'dns_nsone':
$proc_env['NS1_Key'] = (string)$valObj->dns_nsone_key;
break;
@@ -706,7 +741,6 @@ function run_acme_validation($certObj, $valObj, $acctObj)
// Write secret key to filesystem
$secret_key_data = (string)$valObj->dns_nsupdate_key . "\n";
file_put_contents($secret_key_filename, $secret_key_data);
-
$proc_env['NSUPDATE_KEY'] = $secret_key_filename;
$proc_env['NSUPDATE_SERVER'] = (string)$valObj->dns_nsupdate_server;
break;
@@ -721,12 +755,29 @@ function run_acme_validation($certObj, $valObj, $acctObj)
$proc_env['PDNS_ServerId'] = (string)$valObj->dns_pdns_serverid;
$proc_env['PDNS_Token'] = (string)$valObj->dns_pdns_token;
break;
+ case 'dns_selectel':
+ $proc_env['SL_Key'] = (string)$valObj->dns_sl_key;
+ break;
+ case 'dns_servercow':
+ $proc_env['SERVERCOW_API_Username'] = (string)$valObj->dns_servercow_username;
+ $proc_env['SERVERCOW_API_Password'] = (string)$valObj->dns_servercow_password;
+ break;
+ case 'dns_unoeuro':
+ $proc_env['UNO_Key'] = (string)$valObj->dns_uno_key;
+ $proc_env['UNO_User'] = (string)$valObj->dns_uno_user;
+ break;
case 'dns_vscale':
$proc_env['VSCALE_API_KEY'] = (string)$valObj->dns_vscale_key;
break;
case 'dns_yandex':
$proc_env['PDD_Token'] = (string)$valObj->dns_yandex_token;
break;
+ case 'dns_zilore':
+ $proc_env['Zilore_Key'] = (string)$valObj->dns_zilore_key;
+ break;
+ case 'dns_zonomi':
+ $proc_env['ZM_Key'] = (string)$valObj->dns_zm_key;
+ break;
default:
log_error("AcmeClient: invalid DNS-01 service specified: " . (string)$valObj->dns_service);
return(1);