From b217bb6827ce2740a9b509f1f7f06696335dad61 Mon Sep 17 00:00:00 2001 From: Davide Beatrici Date: Sat, 9 Dec 2023 13:18:08 +0100 Subject: [PATCH] letsencrypt: Add Infomaniak DNS provider (#3320) --- letsencrypt/CHANGELOG.md | 4 +++ letsencrypt/DOCS.md | 25 +++++++++++++++++++ letsencrypt/Dockerfile | 2 ++ letsencrypt/build.yaml | 1 + letsencrypt/config.yaml | 9 ++++--- .../rootfs/etc/cont-init.d/file-structure.sh | 1 + .../rootfs/etc/services.d/lets-encrypt/run | 5 ++++ 7 files changed, 43 insertions(+), 4 deletions(-) diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md index 9563bffdd48..5a476df23b9 100644 --- a/letsencrypt/CHANGELOG.md +++ b/letsencrypt/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 5.0.6 + +- Add Infomaniak DNS challenge support + ## 5.0.5 - Fix DirectAdmin DNS challenge support diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md index f110a472775..f583b5b31d9 100644 --- a/letsencrypt/DOCS.md +++ b/letsencrypt/DOCS.md @@ -65,6 +65,7 @@ google_domains_zone: '' hetzner_api_token: '' gehirn_api_token: '' gehirn_api_secret: '' +infomaniak_api_token: '' linode_key: '' linode_version: '' luadns_email: '' @@ -238,6 +239,29 @@ on the DNS zone to be used for authentication. +
+ Infomaniak DNS challenge + + ```yaml + email: your.email@example.com + domains: + - subdomain.home-assistant.io + certfile: fullchain.pem + keyfile: privkey.pem + challenge: dns + dns: + provider: dns-infomaniak + infomaniak_api_token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + ``` + + To obtain the DNS API token follow the instructions here: + + + + Choose "Domain" as the scope. + +
+
route53 DNS challenge @@ -558,6 +582,7 @@ dns-duckdns dns-gehirn dns-google dns-hetzner +dns-infomaniak dns-linode dns-luadns dns-njalla diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile index c0e7aaa4289..5f0d5067a43 100644 --- a/letsencrypt/Dockerfile +++ b/letsencrypt/Dockerfile @@ -12,6 +12,7 @@ ARG \ CERTBOT_DNS_DUCKDNS_VERSION \ CERTBOT_DNS_GOOGLE_DOMAINS_VERSION \ CERTBOT_DNS_HETZNER_VERSION \ + CERTBOT_DNS_INFOMANIAK_VERSION \ CERTBOT_DNS_INWX_VERSION \ CERTBOT_DNS_NAMECHEAP_VERSION \ CERTBOT_DNS_TRANSIP_VERSION \ @@ -48,6 +49,7 @@ RUN \ certbot-dns-google==${CERTBOT_VERSION} \ certbot-dns-google-domains==${CERTBOT_DNS_GOOGLE_DOMAINS_VERSION} \ certbot-dns-hetzner==${CERTBOT_DNS_HETZNER_VERSION} \ + certbot-dns-infomaniak==${CERTBOT_DNS_INFOMANIAK_VERSION} \ certbot-dns-linode==${CERTBOT_VERSION} \ certbot-dns-luadns==${CERTBOT_VERSION} \ certbot-dns-njalla==${CERTBOT_NJALLA_VERSION} \ diff --git a/letsencrypt/build.yaml b/letsencrypt/build.yaml index 470d62ca86d..c0bba85e82e 100644 --- a/letsencrypt/build.yaml +++ b/letsencrypt/build.yaml @@ -15,6 +15,7 @@ args: CERTBOT_DNS_DIRECTADMIN_VERSION: 1.0.3 CERTBOT_DNS_DUCKDNS_VERSION: 1.3 CERTBOT_DNS_HETZNER_VERSION: 2.0.0 + CERTBOT_DNS_INFOMANIAK_VERSION: 0.2.1 CERTBOT_DNS_INWX_VERSION: 2.2.0 CERTBOT_DNS_NAMECHEAP_VERSION: 1.0.0 CERTBOT_DNS_GOOGLE_DOMAINS_VERSION: 0.1.11 diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml index a516a729661..fcc8f55da81 100644 --- a/letsencrypt/config.yaml +++ b/letsencrypt/config.yaml @@ -1,5 +1,5 @@ --- -version: 5.0.5 +version: 5.0.6 slug: letsencrypt name: Let's Encrypt description: Manage certificate from Let's Encrypt @@ -59,6 +59,7 @@ schema: google_domains_access_token: str? google_domains_zone: str? hetzner_api_token: str? + infomaniak_api_token: str? linode_key: str? linode_version: str? luadns_email: email? @@ -78,9 +79,9 @@ schema: provider: "list(dns-azure|dns-cloudflare|dns-desec|dns-digitalocean|\ dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|dns-duckdns|\ dns-gehirn|dns-google|dns-google-domains|\ - dns-hetzner|dns-linode|dns-luadns|dns-njalla|dns-nsone|dns-ovh|\ - dns-rfc2136|dns-route53|dns-sakuracloud|dns-namecheap|dns-netcup|\ - dns-gandi|dns-transip|dns-inwx)?" + dns-hetzner|dns-infomaniak|dns-linode|dns-luadns|dns-njalla|dns-nsone|\ + dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-namecheap|\ + dns-netcup|dns-gandi|dns-transip|dns-inwx)?" rfc2136_algorithm: str? rfc2136_name: str? rfc2136_port: str? diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh index 3a0aa03a5e6..d950a3da7e1 100755 --- a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh +++ b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh @@ -18,6 +18,7 @@ echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \ "dns_gehirn_api_token = $(bashio::config 'dns.gehirn_api_token')\n" \ "dns_gehirn_api_secret = $(bashio::config 'dns.gehirn_api_secret')\n" \ "dns_hetzner_api_token = $(bashio::config 'dns.hetzner_api_token')\n" \ + "dns_infomaniak_token = $(bashio::config 'dns.infomaniak_api_token')\n" \ "dns_linode_key = $(bashio::config 'dns.linode_key')\n" \ "dns_linode_version = $(bashio::config 'dns.linode_version')\n" \ "dns_luadns_email = $(bashio::config 'dns.luadns_email')\n" \ diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run index 435d91d37db..c1c80768e95 100755 --- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run +++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run @@ -116,6 +116,11 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-hetzner" ]; then bashio::config.require 'dns.hetzner_api_token' PROVIDER_ARGUMENTS+=("--authenticator" "dns-hetzner" "--dns-hetzner-credentials" "/data/dnsapikey" "--dns-hetzner-propagation-seconds" "${PROPAGATION_SECONDS}") +# Infomaniak +elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-infomaniak" ]; then + bashio::config.require 'dns.infomaniak_api_token' + PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}") + # Njalla elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-njalla" ]; then bashio::config.require 'dns.njalla_token'