Add DNS provider for ISPConfig (#2762)

2026-03-14 14:35:48 +01:00 · 2025-12-21 22:55:28 +01:00 · 2025-12-21 22:55:28 +01:00 · 96168f78de
commit 96168f78de
parent bb98b9a899
27 changed files with 1498 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -169,115 +169,120 @@ Detailed documentation is available [here](https://go-acme.github.io/lego/dns).
  <td><a href="https://go-acme.github.io/lego/dns/ionoscloud/">Ionos Cloud</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/ipv64/">IPv64</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/ispconfig/">ISPConfig</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/iwantmyname/">iwantmyname (Deprecated)</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/joker/">Joker</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/acme-dns/">Joohoi&#39;s ACME-DNS</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/keyhelp/">KeyHelp</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/keyhelp/">KeyHelp</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/liara/">Liara</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/limacity/">Lima-City</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/linode/">Linode (v4)</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/liquidweb/">Liquid Web</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/liquidweb/">Liquid Web</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/loopia/">Loopia</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/luadns/">LuaDNS</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/mailinabox/">Mail-in-a-Box</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/manageengine/">ManageEngine CloudDNS</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/manageengine/">ManageEngine CloudDNS</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/manual/">Manual</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/metaname/">Metaname</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/metaregistrar/">Metaregistrar</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/mijnhost/">mijn.host</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/mijnhost/">mijn.host</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/mittwald/">Mittwald</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/myaddr/">myaddr.{tools,dev,io}</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/mydnsjp/">MyDNS.jp</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/mythicbeasts/">MythicBeasts</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/mythicbeasts/">MythicBeasts</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/namedotcom/">Name.com</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/namecheap/">Namecheap</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/namesilo/">Namesilo</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/nearlyfreespeech/">NearlyFreeSpeech.NET</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/nearlyfreespeech/">NearlyFreeSpeech.NET</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/neodigit/">Neodigit</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/netcup/">Netcup</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/netlify/">Netlify</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/nicmanager/">Nicmanager</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/nicmanager/">Nicmanager</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/nifcloud/">NIFCloud</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/njalla/">Njalla</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/nodion/">Nodion</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/ns1/">NS1</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/ns1/">NS1</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/octenium/">Octenium</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/otc/">Open Telekom Cloud</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/oraclecloud/">Oracle Cloud</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/ovh/">OVH</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/ovh/">OVH</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/plesk/">plesk.com</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/porkbun/">Porkbun</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/pdns/">PowerDNS</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/rackspace/">Rackspace</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/rackspace/">Rackspace</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/rainyun/">Rain Yun/雨云</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/rcodezero/">RcodeZero</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/regru/">reg.ru</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/regfish/">Regfish</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/regfish/">Regfish</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/rfc2136/">RFC2136</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/rimuhosting/">RimuHosting</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/nicru/">RU CENTER</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/sakuracloud/">Sakura Cloud</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/sakuracloud/">Sakura Cloud</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/scaleway/">Scaleway</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/selectel/">Selectel</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/selectelv2/">Selectel v2</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/selfhostde/">SelfHost.(de|eu)</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/selfhostde/">SelfHost.(de|eu)</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/servercow/">Servercow</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/shellrent/">Shellrent</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/simply/">Simply.com</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/sonic/">Sonic</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/sonic/">Sonic</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/spaceship/">Spaceship</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/stackpath/">Stackpath</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/syse/">Syse</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/technitium/">Technitium</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/technitium/">Technitium</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/tencentcloud/">Tencent Cloud DNS</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/edgeone/">Tencent EdgeOne</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/timewebcloud/">Timeweb Cloud</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/transip/">TransIP</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/transip/">TransIP</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/safedns/">UKFast SafeDNS</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/ultradns/">Ultradns</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/uniteddomains/">United-Domains</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/variomedia/">Variomedia</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/variomedia/">Variomedia</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/vegadns/">VegaDNS</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/vercel/">Vercel</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/versio/">Versio.[nl|eu|uk]</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/vinyldns/">VinylDNS</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/vinyldns/">VinylDNS</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/virtualname/">Virtualname</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/vkcloud/">VK Cloud</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/volcengine/">Volcano Engine/火山引擎</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/vscale/">Vscale</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/vscale/">Vscale</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/vultr/">Vultr</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/webnamesca/">webnames.ca</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/webnames/">webnames.ru</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/websupport/">Websupport</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/websupport/">Websupport</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/wedos/">WEDOS</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/westcn/">West.cn/西部数码</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/yandex360/">Yandex 360</a></td>
-  <td><a href="https://go-acme.github.io/lego/dns/yandexcloud/">Yandex Cloud</a></td>
 </tr><tr>
+  <td><a href="https://go-acme.github.io/lego/dns/yandexcloud/">Yandex Cloud</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/yandex/">Yandex PDD</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/zoneee/">Zone.ee</a></td>
  <td><a href="https://go-acme.github.io/lego/dns/zoneedit/">ZoneEdit</a></td>
+</tr><tr>
  <td><a href="https://go-acme.github.io/lego/dns/zonomi/">Zonomi</a></td>
+  <td></td>
+  <td></td>
+  <td></td>
 </tr></table>

 <!-- END DNS PROVIDERS LIST -->
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@ -100,6 +100,7 @@ func allDNSCodes() string {
 		"ionos",
 		"ionoscloud",
 		"ipv64",
+		"ispconfig",
 		"iwantmyname",
 		"joker",
 		"keyhelp",
@ -2083,6 +2084,29 @@ func displayDNSHelp(w io.Writer, name string) error {
 		ew.writeln()
 		ew.writeln(`More information: https://go-acme.github.io/lego/dns/ipv64`)

+	case "ispconfig":
+		// generated from: providers/dns/ispconfig/ispconfig.toml
+		ew.writeln(`Configuration for ISPConfig.`)
+		ew.writeln(`Code:	'ispconfig'`)
+		ew.writeln(`Since:	'v4.31.0'`)
+		ew.writeln()
+
+		ew.writeln(`Credentials:`)
+		ew.writeln(`	- "ISPCONFIG_PASSWORD":	Password`)
+		ew.writeln(`	- "ISPCONFIG_SERVER_URL":	Server URL`)
+		ew.writeln(`	- "ISPCONFIG_USERNAME":	Username`)
+		ew.writeln()
+
+		ew.writeln(`Additional Configuration:`)
+		ew.writeln(`	- "ISPCONFIG_HTTP_TIMEOUT":	API request timeout in seconds (Default: 30)`)
+		ew.writeln(`	- "ISPCONFIG_INSECURE_SKIP_VERIFY":	Whether to verify the API certificate`)
+		ew.writeln(`	- "ISPCONFIG_POLLING_INTERVAL":	Time between DNS propagation check in seconds (Default: 2)`)
+		ew.writeln(`	- "ISPCONFIG_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation in seconds (Default: 60)`)
+		ew.writeln(`	- "ISPCONFIG_TTL":	The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)`)
+
+		ew.writeln()
+		ew.writeln(`More information: https://go-acme.github.io/lego/dns/ispconfig`)
+
 	case "iwantmyname":
 		// generated from: providers/dns/iwantmyname/iwantmyname.toml
 		ew.writeln(`Configuration for iwantmyname (Deprecated).`)
--- a/docs/content/dns/zz_gen_ispconfig.md
+++ b/docs/content/dns/zz_gen_ispconfig.md
@ -0,0 +1,72 @@
+---
+title: "ISPConfig"
+date: 2019-03-03T16:39:46+01:00
+draft: false
+slug: ispconfig
+dnsprovider:
+  since:    "v4.31.0"
+  code:     "ispconfig"
+  url:      "https://www.ispconfig.org/"
+---
+
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+<!-- providers/dns/ispconfig/ispconfig.toml -->
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+
+
+Configuration for [ISPConfig](https://www.ispconfig.org/).
+
+
+<!--more-->
+
+- Code: `ispconfig`
+- Since: v4.31.0
+
+
+Here is an example bash command using the ISPConfig provider:
+
+```bash
+ISPCONFIG_SERVER_URL="https://example.com:8080/remote/json.php" \
+ISPCONFIG_USERNAME="xxx" \
+ISPCONFIG_PASSWORD="yyy" \
+lego --email you@example.com --dns ispconfig -d '*.example.com' -d example.com run
+```
+
+
+
+
+## Credentials
+
+| Environment Variable Name | Description |
+|-----------------------|-------------|
+| `ISPCONFIG_PASSWORD` | Password |
+| `ISPCONFIG_SERVER_URL` | Server URL |
+| `ISPCONFIG_USERNAME` | Username |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+## Additional Configuration
+
+| Environment Variable Name | Description |
+|--------------------------------|-------------|
+| `ISPCONFIG_HTTP_TIMEOUT` | API request timeout in seconds (Default: 30) |
+| `ISPCONFIG_INSECURE_SKIP_VERIFY` | Whether to verify the API certificate |
+| `ISPCONFIG_POLLING_INTERVAL` | Time between DNS propagation check in seconds (Default: 2) |
+| `ISPCONFIG_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation in seconds (Default: 60) |
+| `ISPCONFIG_TTL` | The TTL of the TXT record used for the DNS challenge in seconds (Default: 120) |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+
+
+## More information
+
+- [API documentation](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/index.html)
+
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
+<!-- providers/dns/ispconfig/ispconfig.toml -->
+<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
--- a/docs/data/zz_cli_help.toml
+++ b/docs/data/zz_cli_help.toml
@ -152,7 +152,7 @@ To display the documentation for a specific DNS provider, run:
  $ lego dnshelp -c code

 Supported DNS providers:
-  acme-dns, active24, alidns, aliesa, allinkl, anexia, arvancloud, auroradns, autodns, axelname, azion, azure, azuredns, baiducloud, beget, binarylane, bindman, bluecat, bookmyname, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, conohav3, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dyndnsfree, dynu, easydns, edgecenter, edgedns, edgeone, efficientip, epik, exec, exoscale, f5xc, freemyip, gandi, gandiv5, gcloud, gcore, gigahostno, glesys, godaddy, googledomains, gravity, hetzner, hostingde, hostinger, hostingnl, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ionoscloud, ipv64, iwantmyname, joker, keyhelp, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, metaregistrar, mijnhost, mittwald, myaddr, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, neodigit, netcup, netlify, nicmanager, nicru, nifcloud, njalla, nodion, ns1, octenium, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, spaceship, stackpath, syse, technitium, tencentcloud, timewebcloud, transip, ultradns, uniteddomains, variomedia, vegadns, vercel, versio, vinyldns, virtualname, vkcloud, volcengine, vscale, vultr, webnames, webnamesca, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneedit, zoneee, zonomi
+  acme-dns, active24, alidns, aliesa, allinkl, anexia, arvancloud, auroradns, autodns, axelname, azion, azure, azuredns, baiducloud, beget, binarylane, bindman, bluecat, bookmyname, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, conohav3, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dyndnsfree, dynu, easydns, edgecenter, edgedns, edgeone, efficientip, epik, exec, exoscale, f5xc, freemyip, gandi, gandiv5, gcloud, gcore, gigahostno, glesys, godaddy, googledomains, gravity, hetzner, hostingde, hostinger, hostingnl, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ionoscloud, ipv64, ispconfig, iwantmyname, joker, keyhelp, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, metaregistrar, mijnhost, mittwald, myaddr, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, neodigit, netcup, netlify, nicmanager, nicru, nifcloud, njalla, nodion, ns1, octenium, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, spaceship, stackpath, syse, technitium, tencentcloud, timewebcloud, transip, ultradns, uniteddomains, variomedia, vegadns, vercel, versio, vinyldns, virtualname, vkcloud, volcengine, vscale, vultr, webnames, webnamesca, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneedit, zoneee, zonomi

 More information: https://go-acme.github.io/lego/dns
 """
--- a/providers/dns/ispconfig/internal/client.go
+++ b/providers/dns/ispconfig/internal/client.go
@ -0,0 +1,318 @@
+package internal
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+)
+
+type Client struct {
+	serverURL  string
+	HTTPClient *http.Client
+}
+
+func NewClient(serverURL string) (*Client, error) {
+	_, err := url.Parse(serverURL)
+	if err != nil {
+		return nil, fmt.Errorf("server URL: %w", err)
+	}
+
+	return &Client{
+		serverURL:  serverURL,
+		HTTPClient: &http.Client{Timeout: 10 * time.Second},
+	}, nil
+}
+
+func (c *Client) Login(ctx context.Context, username, password string) (string, error) {
+	payload := LoginRequest{
+		Username:    username,
+		Password:    password,
+		ClientLogin: false,
+	}
+
+	endpoint, err := url.Parse(c.serverURL)
+	if err != nil {
+		return "", err
+	}
+
+	endpoint.RawQuery = "login"
+
+	req, err := newJSONRequest(ctx, endpoint, payload)
+	if err != nil {
+		return "", err
+	}
+
+	var response APIResponse
+
+	err = c.do(req, &response)
+	if err != nil {
+		return "", err
+	}
+
+	return extractResponse[string](response)
+}
+
+func (c *Client) GetClientID(ctx context.Context, sessionID, sysUserID string) (int, error) {
+	payload := ClientIDRequest{
+		SessionID: sessionID,
+		SysUserID: sysUserID,
+	}
+
+	endpoint, err := url.Parse(c.serverURL)
+	if err != nil {
+		return 0, err
+	}
+
+	endpoint.RawQuery = "client_get_id"
+
+	req, err := newJSONRequest(ctx, endpoint, payload)
+	if err != nil {
+		return 0, err
+	}
+
+	var response APIResponse
+
+	err = c.do(req, &response)
+	if err != nil {
+		return 0, err
+	}
+
+	return extractResponse[int](response)
+}
+
+// GetZoneID returns the zone ID for the given name.
+func (c *Client) GetZoneID(ctx context.Context, sessionID, name string) (int, error) {
+	payload := map[string]any{
+		"session_id": sessionID,
+		"origin":     name,
+	}
+
+	endpoint, err := url.Parse(c.serverURL)
+	if err != nil {
+		return 0, err
+	}
+
+	endpoint.RawQuery = "dns_zone_get_id"
+
+	req, err := newJSONRequest(ctx, endpoint, payload)
+	if err != nil {
+		return 0, err
+	}
+
+	var response APIResponse
+
+	err = c.do(req, &response)
+	if err != nil {
+		return 0, err
+	}
+
+	return extractResponse[int](response)
+}
+
+// GetZone returns the zone information for the zone ID.
+func (c *Client) GetZone(ctx context.Context, sessionID, zoneID string) (*Zone, error) {
+	payload := map[string]any{
+		"session_id": sessionID,
+		"primary_id": zoneID,
+	}
+
+	endpoint, err := url.Parse(c.serverURL)
+	if err != nil {
+		return nil, err
+	}
+
+	endpoint.RawQuery = "dns_zone_get"
+
+	req, err := newJSONRequest(ctx, endpoint, payload)
+	if err != nil {
+		return nil, err
+	}
+
+	var response APIResponse
+
+	err = c.do(req, &response)
+	if err != nil {
+		return nil, err
+	}
+
+	return extractResponse[*Zone](response)
+}
+
+// GetTXT returns the TXT record for the given name.
+// `name` must be a fully qualified domain name, e.g. "example.com.".
+func (c *Client) GetTXT(ctx context.Context, sessionID, name string) (*Record, error) {
+	payload := GetTXTRequest{
+		SessionID: sessionID,
+		PrimaryID: struct {
+			Name string `json:"name"`
+			Type string `json:"type"`
+		}{
+			Name: name,
+			Type: "txt",
+		},
+	}
+
+	endpoint, err := url.Parse(c.serverURL)
+	if err != nil {
+		return nil, err
+	}
+
+	endpoint.RawQuery = "dns_txt_get"
+
+	req, err := newJSONRequest(ctx, endpoint, payload)
+	if err != nil {
+		return nil, err
+	}
+
+	var response APIResponse
+
+	err = c.do(req, &response)
+	if err != nil {
+		return nil, err
+	}
+
+	return extractResponse[*Record](response)
+}
+
+// AddTXT adds a TXT record.
+// It returns the ID of the newly created record.
+func (c *Client) AddTXT(ctx context.Context, sessionID, clientID string, params RecordParams) (string, error) {
+	payload := AddTXTRequest{
+		SessionID:    sessionID,
+		ClientID:     clientID,
+		Params:       &params,
+		UpdateSerial: true,
+	}
+
+	endpoint, err := url.Parse(c.serverURL)
+	if err != nil {
+		return "", err
+	}
+
+	endpoint.RawQuery = "dns_txt_add"
+
+	req, err := newJSONRequest(ctx, endpoint, payload)
+	if err != nil {
+		return "", err
+	}
+
+	var response APIResponse
+
+	err = c.do(req, &response)
+	if err != nil {
+		return "", err
+	}
+
+	return extractResponse[string](response)
+}
+
+// DeleteTXT deletes a TXT record.
+// It returns the number of deleted records.
+func (c *Client) DeleteTXT(ctx context.Context, sessionID, recordID string) (int, error) {
+	payload := DeleteTXTRequest{
+		SessionID:    sessionID,
+		PrimaryID:    recordID,
+		UpdateSerial: true,
+	}
+
+	endpoint, err := url.Parse(c.serverURL)
+	if err != nil {
+		return 0, err
+	}
+
+	endpoint.RawQuery = "dns_txt_delete"
+
+	req, err := newJSONRequest(ctx, endpoint, payload)
+	if err != nil {
+		return 0, err
+	}
+
+	var response APIResponse
+
+	err = c.do(req, &response)
+	if err != nil {
+		return 0, err
+	}
+
+	return extractResponse[int](response)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+	resp, err := c.HTTPClient.Do(req)
+	if err != nil {
+		return errutils.NewHTTPDoError(req, err)
+	}
+
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode/100 != 2 {
+		raw, _ := io.ReadAll(resp.Body)
+
+		return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+	}
+
+	if result == nil {
+		return nil
+	}
+
+	raw, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return errutils.NewReadResponseError(req, resp.StatusCode, err)
+	}
+
+	err = json.Unmarshal(raw, result)
+	if err != nil {
+		return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+	}
+
+	return nil
+}
+
+func newJSONRequest(ctx context.Context, endpoint *url.URL, payload any) (*http.Request, error) {
+	buf := new(bytes.Buffer)
+
+	if payload != nil {
+		err := json.NewEncoder(buf).Encode(payload)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+		}
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint.String(), buf)
+	if err != nil {
+		return nil, fmt.Errorf("unable to create request: %w", err)
+	}
+
+	req.Header.Set("Accept", "application/json")
+
+	if payload != nil {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	return req, nil
+}
+
+func extractResponse[T any](response APIResponse) (T, error) {
+	if response.Code != "ok" {
+		var zero T
+
+		return zero, &APIError{APIResponse: response}
+	}
+
+	var result T
+
+	err := json.Unmarshal(response.Response, &result)
+	if err != nil {
+		var zero T
+		return zero, fmt.Errorf("unable to unmarshal response: %s, %w", string(response.Response), err)
+	}
+
+	return result, nil
+}
--- a/providers/dns/ispconfig/internal/client_test.go
+++ b/providers/dns/ispconfig/internal/client_test.go
@ -0,0 +1,175 @@
+package internal
+
+import (
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/go-acme/lego/v4/platform/tester/servermock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+	return servermock.NewBuilder[*Client](
+		func(server *httptest.Server) (*Client, error) {
+			client, err := NewClient(server.URL)
+			if err != nil {
+				return nil, err
+			}
+
+			client.HTTPClient = server.Client()
+
+			return client, nil
+		})
+}
+
+func TestClient_Login(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /",
+			servermock.ResponseFromFixture("login.json"),
+			servermock.CheckRequestJSONBodyFromFixture("login-request.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("login", ""),
+		).
+		Build(t)
+
+	sessionID, err := client.Login(t.Context(), "user", "secret")
+	require.NoError(t, err)
+
+	assert.Equal(t, "abc", sessionID)
+}
+
+func TestClient_Login_error(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /",
+			servermock.ResponseFromFixture("error.json"),
+		).
+		Build(t)
+
+	_, err := client.Login(t.Context(), "user", "secret")
+	require.EqualError(t, err, `code: remote_fault, message: The login failed. Username or password wrong., response: false`)
+}
+
+func TestClient_GetClientID(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /",
+			servermock.ResponseFromFixture("client_get_id.json"),
+			servermock.CheckRequestJSONBodyFromFixture("client_get_id-request.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("client_get_id", ""),
+		).
+		Build(t)
+
+	id, err := client.GetClientID(t.Context(), "sessionA", "sysA")
+	require.NoError(t, err)
+
+	assert.Equal(t, 123, id)
+}
+
+func TestClient_GetZoneID(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /",
+			servermock.ResponseFromFixture("dns_zone_get_id.json"),
+			servermock.CheckRequestJSONBodyFromFixture("dns_zone_get_id-request.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("dns_zone_get_id", ""),
+		).
+		Build(t)
+
+	zoneID, err := client.GetZoneID(t.Context(), "sessionA", "example.com")
+	require.NoError(t, err)
+
+	assert.Equal(t, 123, zoneID)
+}
+
+func TestClient_GetZone(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /",
+			servermock.ResponseFromFixture("dns_zone_get.json"),
+			servermock.CheckRequestJSONBodyFromFixture("dns_zone_get-request.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("dns_zone_get", ""),
+		).
+		Build(t)
+
+	zone, err := client.GetZone(t.Context(), "sessionA", "example.com.")
+	require.NoError(t, err)
+
+	expected := &Zone{
+		ID:         "456",
+		ServerID:   "123",
+		SysUserID:  "789",
+		SysGroupID: "2",
+		Origin:     "example.com.",
+		Serial:     "2025102902",
+		Active:     "Y",
+	}
+
+	assert.Equal(t, expected, zone)
+}
+
+func TestClient_GetTXT(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /",
+			servermock.ResponseFromFixture("dns_txt_get.json"),
+			servermock.CheckRequestJSONBodyFromFixture("dns_txt_get-request.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("dns_txt_get", ""),
+		).
+		Build(t)
+
+	record, err := client.GetTXT(t.Context(), "sessionA", "example.com.")
+	require.NoError(t, err)
+
+	expected := &Record{ID: 123}
+
+	assert.Equal(t, expected, record)
+}
+
+func TestClient_AddTXT(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /",
+			servermock.ResponseFromFixture("dns_txt_add.json"),
+			servermock.CheckRequestJSONBodyFromFixture("dns_txt_add-request.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("dns_txt_add", ""),
+		).
+		Build(t)
+
+	now := time.Date(2025, 12, 25, 1, 1, 1, 0, time.UTC)
+
+	params := RecordParams{
+		ServerID:     "serverA",
+		Zone:         "example.com.",
+		Name:         "foo.example.com.",
+		Type:         "txt",
+		Data:         "txtTXTtxt",
+		Aux:          "0",
+		TTL:          "3600",
+		Active:       "y",
+		Stamp:        now.Format("2006-01-02 15:04:05"),
+		UpdateSerial: true,
+	}
+
+	recordID, err := client.AddTXT(t.Context(), "sessionA", "clientA", params)
+	require.NoError(t, err)
+
+	assert.Equal(t, "123", recordID)
+}
+
+func TestClient_DeleteTXT(t *testing.T) {
+	client := mockBuilder().
+		Route("POST /",
+			servermock.ResponseFromFixture("dns_txt_delete.json"),
+			servermock.CheckRequestJSONBodyFromFixture("dns_txt_delete-request.json"),
+			servermock.CheckQueryParameter().Strict().
+				With("dns_txt_delete", ""),
+		).
+		Build(t)
+
+	count, err := client.DeleteTXT(t.Context(), "sessionA", "123")
+	require.NoError(t, err)
+
+	assert.Equal(t, 1, count)
+}
--- a/providers/dns/ispconfig/internal/fixtures/client_get_id-request.json
+++ b/providers/dns/ispconfig/internal/fixtures/client_get_id-request.json
@ -0,0 +1,4 @@
+{
+  "session_id": "sessionA",
+  "sys_userid": "sysA"
+}
--- a/providers/dns/ispconfig/internal/fixtures/client_get_id.json
+++ b/providers/dns/ispconfig/internal/fixtures/client_get_id.json
@ -0,0 +1,5 @@
+{
+  "code": "ok",
+  "message": "foo",
+  "response": 123
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_txt_add-request.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_add-request.json
@ -0,0 +1,17 @@
+{
+  "session_id": "sessionA",
+  "client_id": "clientA",
+  "params": {
+    "server_id": "serverA",
+    "zone": "example.com.",
+    "name": "foo.example.com.",
+    "type": "txt",
+    "data": "txtTXTtxt",
+    "aux": "0",
+    "ttl": "3600",
+    "active": "y",
+    "stamp": "2025-12-25 01:01:01",
+    "update_serial": true
+  },
+  "update_serial": true
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_txt_add.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_add.json
@ -0,0 +1,5 @@
+{
+  "code": "ok",
+  "message": "foo",
+  "response": "123"
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_txt_delete-request.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete-request.json
@ -0,0 +1,5 @@
+{
+  "session_id": "sessionA",
+  "primary_id": "123",
+  "update_serial": true
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_txt_delete.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete.json
@ -0,0 +1,5 @@
+{
+  "code": "ok",
+  "message": "foo",
+  "response": 1
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_txt_get-request.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_get-request.json
@ -0,0 +1,7 @@
+{
+  "session_id": "sessionA",
+  "primary_id": {
+    "name": "example.com.",
+    "type": "txt"
+  }
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_txt_get.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_get.json
@ -0,0 +1,7 @@
+{
+  "code": "ok",
+  "message": "foo",
+  "response": {
+    "id": 123
+  }
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_zone_get-request.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get-request.json
@ -0,0 +1,4 @@
+{
+  "primary_id": "example.com.",
+  "session_id": "sessionA"
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_zone_get.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get.json
@ -0,0 +1,32 @@
+{
+  "code": "ok",
+  "message": "foo",
+  "response": {
+    "id": "456",
+    "sys_userid": "789",
+    "sys_groupid": "2",
+    "sys_perm_user": "riud",
+    "sys_perm_group": "riud",
+    "sys_perm_other": "",
+    "server_id": "123",
+    "origin": "example.com.",
+    "ns": "ns1.example.org.",
+    "mbox": "support.example.net.",
+    "serial": "2025102902",
+    "refresh": "7200",
+    "retry": "540",
+    "expire": "604800",
+    "minimum": "3600",
+    "ttl": "3600",
+    "active": "Y",
+    "xfer": "",
+    "also_notify": "",
+    "update_acl": "",
+    "dnssec_initialized": "N",
+    "dnssec_wanted": "N",
+    "dnssec_algo": "ECDSAP256SHA256",
+    "dnssec_last_signed": "0",
+    "dnssec_info": "",
+    "rendered_zone": ""
+  }
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id-request.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id-request.json
@ -0,0 +1,4 @@
+{
+  "origin": "example.com",
+  "session_id": "sessionA"
+}
--- a/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id.json
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id.json
@ -0,0 +1,5 @@
+{
+  "code": "ok",
+  "message": "foo",
+  "response": 123
+}
--- a/providers/dns/ispconfig/internal/fixtures/error.json
+++ b/providers/dns/ispconfig/internal/fixtures/error.json
@ -0,0 +1,5 @@
+{
+  "code": "remote_fault",
+  "message": "The login failed. Username or password wrong.",
+  "response": false
+}
--- a/providers/dns/ispconfig/internal/fixtures/login-request.json
+++ b/providers/dns/ispconfig/internal/fixtures/login-request.json
@ -0,0 +1,5 @@
+{
+  "username": "user",
+  "password": "secret",
+  "client_login": false
+}
--- a/providers/dns/ispconfig/internal/fixtures/login.json
+++ b/providers/dns/ispconfig/internal/fixtures/login.json
@ -0,0 +1,5 @@
+{
+  "code": "ok",
+  "message": "foo",
+  "response": "abc"
+}
--- a/providers/dns/ispconfig/internal/readme.md
+++ b/providers/dns/ispconfig/internal/readme.md
@ -0,0 +1,249 @@
+## Error Response
+
+```json
+{
+  "code":  "<TODO>",
+  "message":  "<TODO>",
+  "response": false
+}
+```
+
+## Login Endpoint
+
+* URL: `<server>?login`
+* HTTP Method: `POST`
+
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/login.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/login.php
+
+### Request Body (JSON)
+
+```json
+{
+  "username": "<username>",
+  "password": "<password>",
+  "client_login": false
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+  "code": "ok",
+  "message": "foo",
+  "response": "abc"
+}
+```
+
+- `response`: is the `sessionID`
+
+## Get Client ID Endpoint
+
+* URL: `<server>?client_get_id`
+* HTTP Method: `POST`
+
+- function `client_get_id`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/client.inc.php#L97
+- TABLE `sys_user`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L1852
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/client_get_id.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/client_get_id.php
+
+### Request Body (JSON)
+
+```json
+{
+  "session_id": "<sessionID>",
+  "sys_userid": "<sys_userid>"
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+  "code": "ok",
+  "message": "foo",
+  "response": 123
+}
+```
+
+## DNS Zone Get ID Endpoint
+
+* URL: `<server>?dns_zone_get_id`
+* HTTP Method: `POST`
+
+- function `dns_zone_get_id`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L142
+- TABLE `dns_soa`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L615
+
+### Request Body (JSON)
+
+```json
+{
+  "session_id": "<session_id>",
+  "origin": "<zone_name>"
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+  "code": "ok",
+  "message": "foo",
+  "response": 123
+}
+```
+
+## DNS Zone Get Endpoint
+
+* URL: `<server>?dns_zone_get`
+* HTTP Method: `POST`
+
+- function `dns_zone_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L87
+- function `getDataRecord`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remoting_lib.inc.php#L248
+- TABLE `dns_soa`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L615
+- Depending on the request, the response may be an array or an object (`primary_id` can be a string, an array or an object).
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_zone_get.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_zone_get.php
+
+### Request Body (JSON)
+
+```json
+{
+  "session_id": "<session_id>",
+  "primary_id": "<zone_id>"
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+  "code": "ok",
+  "message": "foo",
+  "response": {
+    "id": 456,
+    "server_id": 123,
+    "sys_userid": 789
+  }
+}
+```
+
+## DNS TXT Get Endpoint
+
+* URL: `<server>?dns_txt_get`
+* HTTP Method: `POST`
+
+- function `dns_txt_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L640
+- function `dns_rr_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L195
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- TABLE `dns_rr`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L490
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_get.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_get.php
+
+### Request Body (JSON)
+
+```json
+{
+  "session_id": "<session_id>",
+  "primary_id": {
+    "name": "<fulldomain>.",
+    "type": "TXT"
+  }
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+  "code": "ok",
+  "message": "foo",
+  "response": {
+    "id": 123
+  }
+}
+```
+
+## DNS TXT Add Endpoint
+
+* URL: `<server>?dns_txt_add`
+* HTTP Method: `POST`
+
+- function `dns_txt_add`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L645
+- function `dns_rr_add` https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L212
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_add.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_add.php
+
+### Request Body (JSON)
+
+```json
+{
+  "session_id": "<session_id>",
+  "client_id": "<client_id>",
+  "params": {
+    "server_id": "<server_id>",
+    "zone": "<zone>",
+    "name": "<fulldomain>.",
+    "type": "txt",
+    "data": "<txtvalue>",
+    "aux": "0",
+    "ttl": "3600",
+    "active": "y",
+    "stamp": "<curStamp>",
+    "update_serial": true
+  },
+  "update_serial": true
+}
+```
+
+- `stamp`: (ex: `2025-12-17 23:35:58`)
+- `serial`: (ex: `1766010947`)
+
+### Response Body (JSON)
+
+```json
+{
+  "code": "ok",
+  "message": "foo",
+  "response": "123"
+}
+```
+
+## DNS TXT Delete Endpoint
+
+* URL: `<server>?dns_txt_delete`
+* HTTP Method: `POST`
+
+- function `dns_txt_delete`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L655
+- function `dns_rr_delete`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L247
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_delete.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_delete.php
+
+### Request Body (JSON)
+
+```json
+{
+  "session_id": "<session_id>",
+  "primary_id": "<record_id>",
+  "update_serial": true
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+  "code": "ok",
+  "message": "foo",
+  "response": 1
+}
+```
+
+---
+
+https://www.ispconfig.org/
+https://git.ispconfig.org/ispconfig/ispconfig3
+https://forum.howtoforge.com/#ispconfig-3.23
--- a/providers/dns/ispconfig/internal/types.go
+++ b/providers/dns/ispconfig/internal/types.go
@ -0,0 +1,95 @@
+package internal
+
+import (
+	"encoding/json"
+	"strings"
+)
+
+type APIError struct {
+	APIResponse
+}
+
+func (e *APIError) Error() string {
+	var msg strings.Builder
+
+	msg.WriteString("code: " + e.Code)
+
+	if e.Message != "" {
+		msg.WriteString(", message: " + e.Message)
+	}
+
+	if len(e.Response) > 0 {
+		msg.WriteString(", response: " + string(e.Response))
+	}
+
+	return msg.String()
+}
+
+type APIResponse struct {
+	Code     string          `json:"code"`
+	Message  string          `json:"message"`
+	Response json.RawMessage `json:"response"`
+}
+
+type LoginRequest struct {
+	Username    string `json:"username"`
+	Password    string `json:"password"`
+	ClientLogin bool   `json:"client_login"`
+}
+
+type ClientIDRequest struct {
+	SessionID string `json:"session_id"`
+	SysUserID string `json:"sys_userid"`
+}
+
+type Zone struct {
+	ID         string `json:"id"`
+	ServerID   string `json:"server_id"`
+	SysUserID  string `json:"sys_userid"`
+	SysGroupID string `json:"sys_groupid"`
+	Origin     string `json:"origin"`
+	Serial     string `json:"serial"`
+	Active     string `json:"active"`
+}
+
+type GetTXTRequest struct {
+	SessionID string `json:"session_id"`
+	PrimaryID struct {
+		Name string `json:"name"`
+		Type string `json:"type"`
+	} `json:"primary_id"`
+}
+
+type Record struct {
+	ID int `json:"id"`
+}
+
+type AddTXTRequest struct {
+	SessionID    string        `json:"session_id"`
+	ClientID     string        `json:"client_id"`
+	Params       *RecordParams `json:"params,omitempty"`
+	UpdateSerial bool          `json:"update_serial"`
+}
+
+type RecordParams struct {
+	ServerID string `json:"server_id"`
+	Zone     string `json:"zone"`
+	Name     string `json:"name"`
+	// 'a','aaaa','alias','cname','hinfo','mx','naptr','ns','ds','ptr','rp','srv','txt'
+	Type string `json:"type"`
+	Data string `json:"data"`
+	// "0"
+	Aux string `json:"aux"`
+	TTL string `json:"ttl"`
+	// 'n','y'
+	Active string `json:"active"`
+	// `2025-12-17 23:35:58`
+	Stamp        string `json:"stamp"`
+	UpdateSerial bool   `json:"update_serial"`
+}
+
+type DeleteTXTRequest struct {
+	SessionID    string `json:"session_id"`
+	PrimaryID    string `json:"primary_id"`
+	UpdateSerial bool   `json:"update_serial"`
+}
--- a/providers/dns/ispconfig/ispconfig.go
+++ b/providers/dns/ispconfig/ispconfig.go
@ -0,0 +1,220 @@
+// Package ispconfig implements a DNS provider for solving the DNS-01 challenge using ISPConfig.
+package ispconfig
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"sync"
+	"time"
+
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/platform/config/env"
+	"github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+	"github.com/go-acme/lego/v4/providers/dns/ispconfig/internal"
+)
+
+// Environment variables names.
+const (
+	envNamespace = "ISPCONFIG_"
+
+	EnvServerURL = envNamespace + "SERVER_URL"
+	EnvUsername  = envNamespace + "USERNAME"
+	EnvPassword  = envNamespace + "PASSWORD"
+
+	EnvTTL                = envNamespace + "TTL"
+	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
+	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
+	EnvInsecureSkipVerify = envNamespace + "INSECURE_SKIP_VERIFY"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+	ServerURL string
+	Username  string
+	Password  string
+
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+	TTL                int
+	HTTPClient         *http.Client
+	InsecureSkipVerify bool
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+	return &Config{
+		TTL:                env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+		HTTPClient: &http.Client{
+			Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+		},
+	}
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+	config *Config
+	client *internal.Client
+
+	recordIDs   map[string]string
+	recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for ISPConfig.
+func NewDNSProvider() (*DNSProvider, error) {
+	values, err := env.Get(EnvServerURL, EnvUsername, EnvPassword)
+	if err != nil {
+		return nil, fmt.Errorf("ispconfig: %w", err)
+	}
+
+	config := NewDefaultConfig()
+	config.ServerURL = values[EnvServerURL]
+	config.Username = values[EnvUsername]
+	config.Password = values[EnvPassword]
+	config.InsecureSkipVerify = env.GetOrDefaultBool(EnvInsecureSkipVerify, false)
+
+	return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for ISPConfig.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+	if config == nil {
+		return nil, errors.New("ispconfig: the configuration of the DNS provider is nil")
+	}
+
+	if config.ServerURL == "" {
+		return nil, errors.New("ispconfig: missing server URL")
+	}
+
+	if config.Username == "" || config.Password == "" {
+		return nil, errors.New("ispconfig: credentials missing")
+	}
+
+	client, err := internal.NewClient(config.ServerURL)
+	if err != nil {
+		return nil, fmt.Errorf("ispconfig: %w", err)
+	}
+
+	if config.HTTPClient != nil {
+		client.HTTPClient = config.HTTPClient
+	}
+
+	if config.InsecureSkipVerify {
+		client.HTTPClient.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+	}
+
+	client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+	return &DNSProvider{
+		config:    config,
+		client:    client,
+		recordIDs: make(map[string]string),
+	}, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	ctx := context.Background()
+
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	sessionID, err := d.client.Login(ctx, d.config.Username, d.config.Password)
+	if err != nil {
+		return fmt.Errorf("ispconfig: login: %w", err)
+	}
+
+	zoneID, err := d.findZone(ctx, sessionID, info.EffectiveFQDN)
+	if err != nil {
+		return fmt.Errorf("ispconfig: get zone id: %w", err)
+	}
+
+	zone, err := d.client.GetZone(ctx, sessionID, strconv.Itoa(zoneID))
+	if err != nil {
+		return fmt.Errorf("ispconfig: get zone: %w", err)
+	}
+
+	clientID, err := d.client.GetClientID(ctx, sessionID, zone.SysUserID)
+	if err != nil {
+		return fmt.Errorf("ispconfig: get client id: %w", err)
+	}
+
+	params := internal.RecordParams{
+		ServerID: "serverA",
+		Zone:     zone.ID,
+		Name:     info.EffectiveFQDN,
+		Type:     "txt",
+		Data:     info.Value,
+		Aux:      "0",
+		TTL:      strconv.Itoa(d.config.TTL),
+		Active:   "y",
+		Stamp:    time.Now().UTC().Format("2006-01-02 15:04:05"),
+	}
+
+	recordID, err := d.client.AddTXT(ctx, sessionID, strconv.Itoa(clientID), params)
+	if err != nil {
+		return fmt.Errorf("ispconfig: add txt record: %w", err)
+	}
+
+	d.recordIDsMu.Lock()
+	d.recordIDs[token] = recordID
+	d.recordIDsMu.Unlock()
+
+	return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	ctx := context.Background()
+
+	info := dns01.GetChallengeInfo(domain, keyAuth)
+
+	// gets the record's unique ID
+	d.recordIDsMu.Lock()
+	recordID, ok := d.recordIDs[token]
+	d.recordIDsMu.Unlock()
+
+	if !ok {
+		return fmt.Errorf("ispconfig: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+	}
+
+	sessionID, err := d.client.Login(ctx, d.config.Username, d.config.Password)
+	if err != nil {
+		return fmt.Errorf("ispconfig: login: %w", err)
+	}
+
+	_, err = d.client.DeleteTXT(ctx, sessionID, recordID)
+	if err != nil {
+		return fmt.Errorf("ispconfig: delete txt record: %w", err)
+	}
+
+	d.recordIDsMu.Lock()
+	delete(d.recordIDs, token)
+	d.recordIDsMu.Unlock()
+
+	return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, sessionID, fqdn string) (int, error) {
+	for domain := range dns01.UnFqdnDomainsSeq(fqdn) {
+		zoneID, err := d.client.GetZoneID(ctx, sessionID, domain)
+		if err == nil {
+			return zoneID, nil
+		}
+	}
+
+	return 0, fmt.Errorf("zone not found for %q", fqdn)
+}
--- a/providers/dns/ispconfig/ispconfig.toml
+++ b/providers/dns/ispconfig/ispconfig.toml
@ -0,0 +1,27 @@
+Name = "ISPConfig"
+Description = ''''''
+URL = "https://www.ispconfig.org/"
+Code = "ispconfig"
+Since = "v4.31.0"
+
+Example = '''
+ISPCONFIG_SERVER_URL="https://example.com:8080/remote/json.php" \
+ISPCONFIG_USERNAME="xxx" \
+ISPCONFIG_PASSWORD="yyy" \
+lego --email you@example.com --dns ispconfig -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    ISPCONFIG_SERVER_URL = "Server URL"
+    ISPCONFIG_USERNAME = "Username"
+    ISPCONFIG_PASSWORD = "Password"
+  [Configuration.Additional]
+    ISPCONFIG_INSECURE_SKIP_VERIFY = "Whether to verify the API certificate"
+    ISPCONFIG_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+    ISPCONFIG_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+    ISPCONFIG_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+    ISPCONFIG_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+  API = "https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/index.html"
--- a/providers/dns/ispconfig/ispconfig_test.go
+++ b/providers/dns/ispconfig/ispconfig_test.go
@ -0,0 +1,173 @@
+package ispconfig
+
+import (
+	"testing"
+
+	"github.com/go-acme/lego/v4/platform/tester"
+	"github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+	EnvServerURL,
+	EnvUsername,
+	EnvPassword,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		envVars  map[string]string
+		expected string
+	}{
+		{
+			desc: "success",
+			envVars: map[string]string{
+				EnvServerURL: "https://example.com:80/",
+				EnvUsername:  "user",
+				EnvPassword:  "secret",
+			},
+		},
+		{
+			desc: "missing server URL",
+			envVars: map[string]string{
+				EnvServerURL: "",
+				EnvUsername:  "user",
+				EnvPassword:  "secret",
+			},
+			expected: "ispconfig: some credentials information are missing: ISPCONFIG_SERVER_URL",
+		},
+		{
+			desc: "missing username",
+			envVars: map[string]string{
+				EnvServerURL: "https://example.com:80/",
+				EnvUsername:  "",
+				EnvPassword:  "secret",
+			},
+			expected: "ispconfig: some credentials information are missing: ISPCONFIG_USERNAME",
+		},
+		{
+			desc: "missing password",
+			envVars: map[string]string{
+				EnvServerURL: "https://example.com:80/",
+				EnvUsername:  "user",
+				EnvPassword:  "",
+			},
+			expected: "ispconfig: some credentials information are missing: ISPCONFIG_PASSWORD",
+		},
+		{
+			desc:     "missing credentials",
+			envVars:  map[string]string{},
+			expected: "ispconfig: some credentials information are missing: ISPCONFIG_SERVER_URL,ISPCONFIG_USERNAME,ISPCONFIG_PASSWORD",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			defer envTest.RestoreEnv()
+
+			envTest.ClearEnv()
+
+			envTest.Apply(test.envVars)
+
+			p, err := NewDNSProvider()
+
+			if test.expected == "" {
+				require.NoError(t, err)
+				require.NotNil(t, p)
+				require.NotNil(t, p.config)
+				require.NotNil(t, p.client)
+			} else {
+				require.EqualError(t, err, test.expected)
+			}
+		})
+	}
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+	testCases := []struct {
+		desc      string
+		serverURL string
+		username  string
+		password  string
+		expected  string
+	}{
+		{
+			desc:      "success",
+			serverURL: "https://example.com:80/",
+			username:  "user",
+			password:  "secret",
+		},
+		{
+			desc:     "missing server URL",
+			username: "user",
+			password: "secret",
+			expected: "ispconfig: missing server URL",
+		},
+		{
+			desc:      "missing username",
+			serverURL: "https://example.com:80/",
+			password:  "secret",
+			expected:  "ispconfig: credentials missing",
+		},
+		{
+			desc:      "missing password",
+			serverURL: "https://example.com:80/",
+			username:  "user",
+			expected:  "ispconfig: credentials missing",
+		},
+		{
+			desc:     "missing credentials",
+			expected: "ispconfig: missing server URL",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			config := NewDefaultConfig()
+			config.ServerURL = test.serverURL
+			config.Username = test.username
+			config.Password = test.password
+
+			p, err := NewDNSProviderConfig(config)
+
+			if test.expected == "" {
+				require.NoError(t, err)
+				require.NotNil(t, p)
+				require.NotNil(t, p.config)
+				require.NotNil(t, p.client)
+			} else {
+				require.EqualError(t, err, test.expected)
+			}
+		})
+	}
+}
+
+func TestLivePresent(t *testing.T) {
+	if !envTest.IsLiveTest() {
+		t.Skip("skipping live test")
+	}
+
+	envTest.RestoreEnv()
+
+	provider, err := NewDNSProvider()
+	require.NoError(t, err)
+
+	err = provider.Present(envTest.GetDomain(), "", "123d==")
+	require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+	if !envTest.IsLiveTest() {
+		t.Skip("skipping live test")
+	}
+
+	envTest.RestoreEnv()
+
+	provider, err := NewDNSProvider()
+	require.NoError(t, err)
+
+	err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+	require.NoError(t, err)
+}
--- a/providers/dns/zz_gen_dns_providers.go
+++ b/providers/dns/zz_gen_dns_providers.go
@ -94,6 +94,7 @@ import (
 	"github.com/go-acme/lego/v4/providers/dns/ionos"
 	"github.com/go-acme/lego/v4/providers/dns/ionoscloud"
 	"github.com/go-acme/lego/v4/providers/dns/ipv64"
+	"github.com/go-acme/lego/v4/providers/dns/ispconfig"
 	"github.com/go-acme/lego/v4/providers/dns/iwantmyname"
 	"github.com/go-acme/lego/v4/providers/dns/joker"
 	"github.com/go-acme/lego/v4/providers/dns/keyhelp"
@ -363,6 +364,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
 		return ionoscloud.NewDNSProvider()
 	case "ipv64":
 		return ipv64.NewDNSProvider()
+	case "ispconfig":
+		return ispconfig.NewDNSProvider()
 	case "iwantmyname":
 		return iwantmyname.NewDNSProvider()
 	case "joker":