LetsEncrypt: Lego dnsproviders for wildcard certs on various remote dns services

Version 1.61.4


Wildcard certificates for LetsEncrypt requires DNS confirmation. If you're running at some remote DNS provider, not currently supported by the multi-server setup, then this tool lets you use wildcard certs with those DNS providers. ============= INSTALL To get this to work, you'll need to update your letsnecrypt.sh script to also download the the: files.directadmin.com//services/custombuild/lego/dnsproviders-X.X.X.json from your chosen download server. RUN: cd /usr/local/directadmin/custombuild ./build update ./build letsencrypt ========================= JSON To get the list of dns providers, include &dnsproviders=yes in the request, eg: CMD_SSL?domain=domain.com&dnsproviders=yes&json=yes as the file is somewhat large, so only load it if the given skin knows how to use it. It will be loaded in a top-level array called: dnsproviders["data"] = { "version" : "3.7.0", "acme-dns": ...} and any info about the current domain settings will be in: dnsproviders["dnsprovider"] where the "dnsprovider" (singular) is a dump of the domain.com.dnsprovider file, used to auto-fill the pre-selected choice. If this file contains "inherit=creator" or "inherit=global", it will use the respective dnsprovider.conf file. ========================= INHERIT DNS PROVIDER An Admin/Creator can setup 2 possible inherit files: Global: /usr/local/directadmin/data/admin/dnsprovider.conf Creator: /usr/local/directadmin/data/users/resellerbob/dnsprovider.conf Should either of these exist, where creator=resellerbob is in the given User's user.conf, they'll be included in the list of dnsproviders["data"] output as: dnsproviders["data"]["inherit-creator"] dnsproviders["data"]["inherit-global"] where each would still have the correct "Name" bug the type is prefixed, eg: dnsproviders["data"]["inherit-creator"]["name"] = "Inherit Creator : Cloudflare" where the "Inherit Creator : " or "Inherit Global" would be prefixed, beside the name from the used type for that inherited dnsprovider.conf type. The inherit-creator or inherit-global arrays will have an empty "credientials" array, and zero credentials are allowed to be passed if the master (including inhertied configs) have zero creds. If the "dnsprovider" is empty (nothing picked yet), check for: dnsproviders["settings"]["default"] to know which selection should be used by default. It should be either "local", "inherit-creator" or "inherit-global". The Global/Creator dnsprovider.conf files may contain one of: default=inherit-creator default=inherit-global default=local which is what specifies the default value for User to have selected. ========================= RESELLERS/ADMINS: SETTING THE INHERITED VALUES Resellers/Admins can set an 'inherit-creator' dnsprovider.conf file. Admins can also set the 'inherit-global' dnsprovider.conf file. ----------- VIEW Either can view that config (if exists) via: CMD_SSL?action=dnsprovider&json=yes or: CMD_SSL?action=dnsprovider&json=yes&type=global which provides a similar array, eg: dnsproviders["data"] dnsproviders["dnsprovider"] dnsproviders["type"] = "creator" | "global" ----------- SAVE CMD_SSL method: POST action=dnsprovider default=local|inherit-global|inherit-creator (optional) dnsprovider=cloudflare (type=global|creator) CLOUDFLARE_EMAIL=foo@bar.com CLOUDFLARE_API_KEY=sdgsd7681afn where the last 3 depend on which "dnsprovider" was selected, similar to below for Users. The default is optional and is used to tell the User which default selection to use. Saved in creator/reseller dnsprovider.conf If no "type" is passed, "creator" is used. A Reseller is not allowed to set type=global. ----------- RESET CMD_SSL method: POST action=dnsprovider dnsprovider_reset=yes (type=global|creator) which simply deletes the given Admin/Reselelr dnsprovider.conf file. ========================= POST When saving data for a LetsEncrypt request for Users, include "dnsprovider=NAME" to activate the rest of the checks, eg: CMD_SSL method: POST domain=domain.com action=save background=auto type=create request=letsencrypt name=domain.com wildcard=yes keysize=secp384r1 encryption=sha256 le_wc_select0=domain.com le_wc_select1=*.domain.com submit=Save dnsprovider=cloudflare CLOUDFLARE_EMAIL=foo@bar.com CLOUDFLARE_API_KEY=sdgsd7681afn for example, assuming cloudflare is the desired remote dnsprovider. Note, for inherited dnsprovider, do not pass a dnsprovider, else it will override the inherited value with the passed value. ------------------------------------------- ONLY SAVE DNSPROVIDER INFO If you wish to only save the dnsprovider info, use: CMD_SSL method: POST domain=domain.com action=save type=dnsprovider dnsprovider=cloudflare CLOUDFLARE_EMAIL=foo@bar.com CLOUDFLARE_API_KEY=sdgsd7681afn ------------------------------------------- RESET to remove the domain.com.dnsprovider file (resetting to Local), include: dnsprovider_reset=yes to either of the above requests. The "dnsprovider=" nor it's related fields are needed when dnsprovider_reset=yes is passed. Eg: CMD_SSL method: POST domain=domain.com action=save type=dnsprovider dnsprovider_reset=yes ========================= USER / DOMAIN DATA When a selection is made by a User (or by creator default choice), the domain's dns setting will be stored in: /usr/local/directadmin/data/users/USERNAME/domains/DOMAIN.COM.dnsprovider sample data: dnsprovider=cloudflare CLOUDFLARE_EMAIL=foo@bar.com CLOUDFLARE_API_KEY=sdgsd7681afn OR: inherit=yes (or something similar) which is loaded into the ENV and passed onto the letsencrypt.sh script.

Interested to try DirectAdmin? Get a 30-day Free Trial!