diff --git a/README.md b/README.md
index ff9473e58..5530028cb 100644
--- a/README.md
+++ b/README.md
@@ -169,115 +169,120 @@ Detailed documentation is available [here](https://go-acme.github.io/lego/dns).
| Ionos Cloud |
IPv64 |
+ | ISPConfig |
iwantmyname (Deprecated) |
Joker |
Joohoi's ACME-DNS |
- KeyHelp |
+ | KeyHelp |
Liara |
Lima-City |
Linode (v4) |
- Liquid Web |
+ | Liquid Web |
Loopia |
LuaDNS |
Mail-in-a-Box |
- ManageEngine CloudDNS |
+ | ManageEngine CloudDNS |
Manual |
Metaname |
Metaregistrar |
- mijn.host |
+ | mijn.host |
Mittwald |
myaddr.{tools,dev,io} |
MyDNS.jp |
- MythicBeasts |
+ | MythicBeasts |
Name.com |
Namecheap |
Namesilo |
- NearlyFreeSpeech.NET |
+ | NearlyFreeSpeech.NET |
Neodigit |
Netcup |
Netlify |
- Nicmanager |
+ | Nicmanager |
NIFCloud |
Njalla |
Nodion |
- NS1 |
+ | NS1 |
Octenium |
Open Telekom Cloud |
Oracle Cloud |
- OVH |
+ | OVH |
plesk.com |
Porkbun |
PowerDNS |
- Rackspace |
+ | Rackspace |
Rain Yun/雨云 |
RcodeZero |
reg.ru |
- Regfish |
+ | Regfish |
RFC2136 |
RimuHosting |
RU CENTER |
- Sakura Cloud |
+ | Sakura Cloud |
Scaleway |
Selectel |
Selectel v2 |
- SelfHost.(de|eu) |
+ | SelfHost.(de|eu) |
Servercow |
Shellrent |
Simply.com |
- Sonic |
+ | Sonic |
Spaceship |
Stackpath |
Syse |
- Technitium |
+ | Technitium |
Tencent Cloud DNS |
Tencent EdgeOne |
Timeweb Cloud |
- TransIP |
+ | TransIP |
UKFast SafeDNS |
Ultradns |
United-Domains |
- Variomedia |
+ | Variomedia |
VegaDNS |
Vercel |
Versio.[nl|eu|uk] |
- VinylDNS |
+ | VinylDNS |
Virtualname |
VK Cloud |
Volcano Engine/火山引擎 |
- Vscale |
+ | Vscale |
Vultr |
webnames.ca |
webnames.ru |
- Websupport |
+ | Websupport |
WEDOS |
West.cn/西部数码 |
Yandex 360 |
- Yandex Cloud |
+ | Yandex Cloud |
Yandex PDD |
Zone.ee |
ZoneEdit |
+
| Zonomi |
+ |
+ |
+ |
diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go
index e62c337ff..ac0a52427 100644
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@@ -100,6 +100,7 @@ func allDNSCodes() string {
"ionos",
"ionoscloud",
"ipv64",
+ "ispconfig",
"iwantmyname",
"joker",
"keyhelp",
@@ -2083,6 +2084,29 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln()
ew.writeln(`More information: https://go-acme.github.io/lego/dns/ipv64`)
+ case "ispconfig":
+ // generated from: providers/dns/ispconfig/ispconfig.toml
+ ew.writeln(`Configuration for ISPConfig.`)
+ ew.writeln(`Code: 'ispconfig'`)
+ ew.writeln(`Since: 'v4.31.0'`)
+ ew.writeln()
+
+ ew.writeln(`Credentials:`)
+ ew.writeln(` - "ISPCONFIG_PASSWORD": Password`)
+ ew.writeln(` - "ISPCONFIG_SERVER_URL": Server URL`)
+ ew.writeln(` - "ISPCONFIG_USERNAME": Username`)
+ ew.writeln()
+
+ ew.writeln(`Additional Configuration:`)
+ ew.writeln(` - "ISPCONFIG_HTTP_TIMEOUT": API request timeout in seconds (Default: 30)`)
+ ew.writeln(` - "ISPCONFIG_INSECURE_SKIP_VERIFY": Whether to verify the API certificate`)
+ ew.writeln(` - "ISPCONFIG_POLLING_INTERVAL": Time between DNS propagation check in seconds (Default: 2)`)
+ ew.writeln(` - "ISPCONFIG_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation in seconds (Default: 60)`)
+ ew.writeln(` - "ISPCONFIG_TTL": The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)`)
+
+ ew.writeln()
+ ew.writeln(`More information: https://go-acme.github.io/lego/dns/ispconfig`)
+
case "iwantmyname":
// generated from: providers/dns/iwantmyname/iwantmyname.toml
ew.writeln(`Configuration for iwantmyname (Deprecated).`)
diff --git a/docs/content/dns/zz_gen_ispconfig.md b/docs/content/dns/zz_gen_ispconfig.md
new file mode 100644
index 000000000..96b08a8e0
--- /dev/null
+++ b/docs/content/dns/zz_gen_ispconfig.md
@@ -0,0 +1,72 @@
+---
+title: "ISPConfig"
+date: 2019-03-03T16:39:46+01:00
+draft: false
+slug: ispconfig
+dnsprovider:
+ since: "v4.31.0"
+ code: "ispconfig"
+ url: "https://www.ispconfig.org/"
+---
+
+
+
+
+
+
+Configuration for [ISPConfig](https://www.ispconfig.org/).
+
+
+
+
+- Code: `ispconfig`
+- Since: v4.31.0
+
+
+Here is an example bash command using the ISPConfig provider:
+
+```bash
+ISPCONFIG_SERVER_URL="https://example.com:8080/remote/json.php" \
+ISPCONFIG_USERNAME="xxx" \
+ISPCONFIG_PASSWORD="yyy" \
+lego --email you@example.com --dns ispconfig -d '*.example.com' -d example.com run
+```
+
+
+
+
+## Credentials
+
+| Environment Variable Name | Description |
+|-----------------------|-------------|
+| `ISPCONFIG_PASSWORD` | Password |
+| `ISPCONFIG_SERVER_URL` | Server URL |
+| `ISPCONFIG_USERNAME` | Username |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+## Additional Configuration
+
+| Environment Variable Name | Description |
+|--------------------------------|-------------|
+| `ISPCONFIG_HTTP_TIMEOUT` | API request timeout in seconds (Default: 30) |
+| `ISPCONFIG_INSECURE_SKIP_VERIFY` | Whether to verify the API certificate |
+| `ISPCONFIG_POLLING_INTERVAL` | Time between DNS propagation check in seconds (Default: 2) |
+| `ISPCONFIG_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation in seconds (Default: 60) |
+| `ISPCONFIG_TTL` | The TTL of the TXT record used for the DNS challenge in seconds (Default: 120) |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+
+
+## More information
+
+- [API documentation](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/index.html)
+
+
+
+
diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml
index fdb13f57a..7de6ed5a1 100644
--- a/docs/data/zz_cli_help.toml
+++ b/docs/data/zz_cli_help.toml
@@ -152,7 +152,7 @@ To display the documentation for a specific DNS provider, run:
$ lego dnshelp -c code
Supported DNS providers:
- acme-dns, active24, alidns, aliesa, allinkl, anexia, arvancloud, auroradns, autodns, axelname, azion, azure, azuredns, baiducloud, beget, binarylane, bindman, bluecat, bookmyname, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, conohav3, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dyndnsfree, dynu, easydns, edgecenter, edgedns, edgeone, efficientip, epik, exec, exoscale, f5xc, freemyip, gandi, gandiv5, gcloud, gcore, gigahostno, glesys, godaddy, googledomains, gravity, hetzner, hostingde, hostinger, hostingnl, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ionoscloud, ipv64, iwantmyname, joker, keyhelp, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, metaregistrar, mijnhost, mittwald, myaddr, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, neodigit, netcup, netlify, nicmanager, nicru, nifcloud, njalla, nodion, ns1, octenium, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, spaceship, stackpath, syse, technitium, tencentcloud, timewebcloud, transip, ultradns, uniteddomains, variomedia, vegadns, vercel, versio, vinyldns, virtualname, vkcloud, volcengine, vscale, vultr, webnames, webnamesca, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneedit, zoneee, zonomi
+ acme-dns, active24, alidns, aliesa, allinkl, anexia, arvancloud, auroradns, autodns, axelname, azion, azure, azuredns, baiducloud, beget, binarylane, bindman, bluecat, bookmyname, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, conohav3, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dyndnsfree, dynu, easydns, edgecenter, edgedns, edgeone, efficientip, epik, exec, exoscale, f5xc, freemyip, gandi, gandiv5, gcloud, gcore, gigahostno, glesys, godaddy, googledomains, gravity, hetzner, hostingde, hostinger, hostingnl, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ionoscloud, ipv64, ispconfig, iwantmyname, joker, keyhelp, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, metaregistrar, mijnhost, mittwald, myaddr, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, neodigit, netcup, netlify, nicmanager, nicru, nifcloud, njalla, nodion, ns1, octenium, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, spaceship, stackpath, syse, technitium, tencentcloud, timewebcloud, transip, ultradns, uniteddomains, variomedia, vegadns, vercel, versio, vinyldns, virtualname, vkcloud, volcengine, vscale, vultr, webnames, webnamesca, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneedit, zoneee, zonomi
More information: https://go-acme.github.io/lego/dns
"""
diff --git a/providers/dns/ispconfig/internal/client.go b/providers/dns/ispconfig/internal/client.go
new file mode 100644
index 000000000..9280fdec1
--- /dev/null
+++ b/providers/dns/ispconfig/internal/client.go
@@ -0,0 +1,318 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+)
+
+type Client struct {
+ serverURL string
+ HTTPClient *http.Client
+}
+
+func NewClient(serverURL string) (*Client, error) {
+ _, err := url.Parse(serverURL)
+ if err != nil {
+ return nil, fmt.Errorf("server URL: %w", err)
+ }
+
+ return &Client{
+ serverURL: serverURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) Login(ctx context.Context, username, password string) (string, error) {
+ payload := LoginRequest{
+ Username: username,
+ Password: password,
+ ClientLogin: false,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return "", err
+ }
+
+ endpoint.RawQuery = "login"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return "", err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return "", err
+ }
+
+ return extractResponse[string](response)
+}
+
+func (c *Client) GetClientID(ctx context.Context, sessionID, sysUserID string) (int, error) {
+ payload := ClientIDRequest{
+ SessionID: sessionID,
+ SysUserID: sysUserID,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return 0, err
+ }
+
+ endpoint.RawQuery = "client_get_id"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return 0, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return 0, err
+ }
+
+ return extractResponse[int](response)
+}
+
+// GetZoneID returns the zone ID for the given name.
+func (c *Client) GetZoneID(ctx context.Context, sessionID, name string) (int, error) {
+ payload := map[string]any{
+ "session_id": sessionID,
+ "origin": name,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return 0, err
+ }
+
+ endpoint.RawQuery = "dns_zone_get_id"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return 0, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return 0, err
+ }
+
+ return extractResponse[int](response)
+}
+
+// GetZone returns the zone information for the zone ID.
+func (c *Client) GetZone(ctx context.Context, sessionID, zoneID string) (*Zone, error) {
+ payload := map[string]any{
+ "session_id": sessionID,
+ "primary_id": zoneID,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint.RawQuery = "dns_zone_get"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return nil, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return nil, err
+ }
+
+ return extractResponse[*Zone](response)
+}
+
+// GetTXT returns the TXT record for the given name.
+// `name` must be a fully qualified domain name, e.g. "example.com.".
+func (c *Client) GetTXT(ctx context.Context, sessionID, name string) (*Record, error) {
+ payload := GetTXTRequest{
+ SessionID: sessionID,
+ PrimaryID: struct {
+ Name string `json:"name"`
+ Type string `json:"type"`
+ }{
+ Name: name,
+ Type: "txt",
+ },
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint.RawQuery = "dns_txt_get"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return nil, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return nil, err
+ }
+
+ return extractResponse[*Record](response)
+}
+
+// AddTXT adds a TXT record.
+// It returns the ID of the newly created record.
+func (c *Client) AddTXT(ctx context.Context, sessionID, clientID string, params RecordParams) (string, error) {
+ payload := AddTXTRequest{
+ SessionID: sessionID,
+ ClientID: clientID,
+ Params: ¶ms,
+ UpdateSerial: true,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return "", err
+ }
+
+ endpoint.RawQuery = "dns_txt_add"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return "", err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return "", err
+ }
+
+ return extractResponse[string](response)
+}
+
+// DeleteTXT deletes a TXT record.
+// It returns the number of deleted records.
+func (c *Client) DeleteTXT(ctx context.Context, sessionID, recordID string) (int, error) {
+ payload := DeleteTXTRequest{
+ SessionID: sessionID,
+ PrimaryID: recordID,
+ UpdateSerial: true,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return 0, err
+ }
+
+ endpoint.RawQuery = "dns_txt_delete"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return 0, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return 0, err
+ }
+
+ return extractResponse[int](response)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func extractResponse[T any](response APIResponse) (T, error) {
+ if response.Code != "ok" {
+ var zero T
+
+ return zero, &APIError{APIResponse: response}
+ }
+
+ var result T
+
+ err := json.Unmarshal(response.Response, &result)
+ if err != nil {
+ var zero T
+ return zero, fmt.Errorf("unable to unmarshal response: %s, %w", string(response.Response), err)
+ }
+
+ return result, nil
+}
diff --git a/providers/dns/ispconfig/internal/client_test.go b/providers/dns/ispconfig/internal/client_test.go
new file mode 100644
index 000000000..a4db3d5f7
--- /dev/null
+++ b/providers/dns/ispconfig/internal/client_test.go
@@ -0,0 +1,175 @@
+package internal
+
+import (
+ "net/http/httptest"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL)
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ })
+}
+
+func TestClient_Login(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("login.json"),
+ servermock.CheckRequestJSONBodyFromFixture("login-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("login", ""),
+ ).
+ Build(t)
+
+ sessionID, err := client.Login(t.Context(), "user", "secret")
+ require.NoError(t, err)
+
+ assert.Equal(t, "abc", sessionID)
+}
+
+func TestClient_Login_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("error.json"),
+ ).
+ Build(t)
+
+ _, err := client.Login(t.Context(), "user", "secret")
+ require.EqualError(t, err, `code: remote_fault, message: The login failed. Username or password wrong., response: false`)
+}
+
+func TestClient_GetClientID(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("client_get_id.json"),
+ servermock.CheckRequestJSONBodyFromFixture("client_get_id-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("client_get_id", ""),
+ ).
+ Build(t)
+
+ id, err := client.GetClientID(t.Context(), "sessionA", "sysA")
+ require.NoError(t, err)
+
+ assert.Equal(t, 123, id)
+}
+
+func TestClient_GetZoneID(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_zone_get_id.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_zone_get_id-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_zone_get_id", ""),
+ ).
+ Build(t)
+
+ zoneID, err := client.GetZoneID(t.Context(), "sessionA", "example.com")
+ require.NoError(t, err)
+
+ assert.Equal(t, 123, zoneID)
+}
+
+func TestClient_GetZone(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_zone_get.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_zone_get-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_zone_get", ""),
+ ).
+ Build(t)
+
+ zone, err := client.GetZone(t.Context(), "sessionA", "example.com.")
+ require.NoError(t, err)
+
+ expected := &Zone{
+ ID: "456",
+ ServerID: "123",
+ SysUserID: "789",
+ SysGroupID: "2",
+ Origin: "example.com.",
+ Serial: "2025102902",
+ Active: "Y",
+ }
+
+ assert.Equal(t, expected, zone)
+}
+
+func TestClient_GetTXT(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_txt_get.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_txt_get-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_txt_get", ""),
+ ).
+ Build(t)
+
+ record, err := client.GetTXT(t.Context(), "sessionA", "example.com.")
+ require.NoError(t, err)
+
+ expected := &Record{ID: 123}
+
+ assert.Equal(t, expected, record)
+}
+
+func TestClient_AddTXT(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_txt_add.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_txt_add-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_txt_add", ""),
+ ).
+ Build(t)
+
+ now := time.Date(2025, 12, 25, 1, 1, 1, 0, time.UTC)
+
+ params := RecordParams{
+ ServerID: "serverA",
+ Zone: "example.com.",
+ Name: "foo.example.com.",
+ Type: "txt",
+ Data: "txtTXTtxt",
+ Aux: "0",
+ TTL: "3600",
+ Active: "y",
+ Stamp: now.Format("2006-01-02 15:04:05"),
+ UpdateSerial: true,
+ }
+
+ recordID, err := client.AddTXT(t.Context(), "sessionA", "clientA", params)
+ require.NoError(t, err)
+
+ assert.Equal(t, "123", recordID)
+}
+
+func TestClient_DeleteTXT(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_txt_delete.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_txt_delete-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_txt_delete", ""),
+ ).
+ Build(t)
+
+ count, err := client.DeleteTXT(t.Context(), "sessionA", "123")
+ require.NoError(t, err)
+
+ assert.Equal(t, 1, count)
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/client_get_id-request.json b/providers/dns/ispconfig/internal/fixtures/client_get_id-request.json
new file mode 100644
index 000000000..ba573f824
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/client_get_id-request.json
@@ -0,0 +1,4 @@
+{
+ "session_id": "sessionA",
+ "sys_userid": "sysA"
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/client_get_id.json b/providers/dns/ispconfig/internal/fixtures/client_get_id.json
new file mode 100644
index 000000000..7b9f667a0
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/client_get_id.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 123
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_add-request.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_add-request.json
new file mode 100644
index 000000000..bf5242cd1
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_add-request.json
@@ -0,0 +1,17 @@
+{
+ "session_id": "sessionA",
+ "client_id": "clientA",
+ "params": {
+ "server_id": "serverA",
+ "zone": "example.com.",
+ "name": "foo.example.com.",
+ "type": "txt",
+ "data": "txtTXTtxt",
+ "aux": "0",
+ "ttl": "3600",
+ "active": "y",
+ "stamp": "2025-12-25 01:01:01",
+ "update_serial": true
+ },
+ "update_serial": true
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_add.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_add.json
new file mode 100644
index 000000000..7980619fe
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_add.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": "123"
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_delete-request.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete-request.json
new file mode 100644
index 000000000..240976654
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete-request.json
@@ -0,0 +1,5 @@
+{
+ "session_id": "sessionA",
+ "primary_id": "123",
+ "update_serial": true
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_delete.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete.json
new file mode 100644
index 000000000..960b650bd
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 1
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_get-request.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_get-request.json
new file mode 100644
index 000000000..8bda44067
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_get-request.json
@@ -0,0 +1,7 @@
+{
+ "session_id": "sessionA",
+ "primary_id": {
+ "name": "example.com.",
+ "type": "txt"
+ }
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_get.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_get.json
new file mode 100644
index 000000000..f707d50c3
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_get.json
@@ -0,0 +1,7 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": {
+ "id": 123
+ }
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_zone_get-request.json b/providers/dns/ispconfig/internal/fixtures/dns_zone_get-request.json
new file mode 100644
index 000000000..3d44d468f
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get-request.json
@@ -0,0 +1,4 @@
+{
+ "primary_id": "example.com.",
+ "session_id": "sessionA"
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_zone_get.json b/providers/dns/ispconfig/internal/fixtures/dns_zone_get.json
new file mode 100644
index 000000000..37975d0e6
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get.json
@@ -0,0 +1,32 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": {
+ "id": "456",
+ "sys_userid": "789",
+ "sys_groupid": "2",
+ "sys_perm_user": "riud",
+ "sys_perm_group": "riud",
+ "sys_perm_other": "",
+ "server_id": "123",
+ "origin": "example.com.",
+ "ns": "ns1.example.org.",
+ "mbox": "support.example.net.",
+ "serial": "2025102902",
+ "refresh": "7200",
+ "retry": "540",
+ "expire": "604800",
+ "minimum": "3600",
+ "ttl": "3600",
+ "active": "Y",
+ "xfer": "",
+ "also_notify": "",
+ "update_acl": "",
+ "dnssec_initialized": "N",
+ "dnssec_wanted": "N",
+ "dnssec_algo": "ECDSAP256SHA256",
+ "dnssec_last_signed": "0",
+ "dnssec_info": "",
+ "rendered_zone": ""
+ }
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id-request.json b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id-request.json
new file mode 100644
index 000000000..e3084242e
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id-request.json
@@ -0,0 +1,4 @@
+{
+ "origin": "example.com",
+ "session_id": "sessionA"
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id.json b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id.json
new file mode 100644
index 000000000..7b9f667a0
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 123
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/error.json b/providers/dns/ispconfig/internal/fixtures/error.json
new file mode 100644
index 000000000..a9c76546c
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/error.json
@@ -0,0 +1,5 @@
+{
+ "code": "remote_fault",
+ "message": "The login failed. Username or password wrong.",
+ "response": false
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/login-request.json b/providers/dns/ispconfig/internal/fixtures/login-request.json
new file mode 100644
index 000000000..c3293a2e8
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/login-request.json
@@ -0,0 +1,5 @@
+{
+ "username": "user",
+ "password": "secret",
+ "client_login": false
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/login.json b/providers/dns/ispconfig/internal/fixtures/login.json
new file mode 100644
index 000000000..e380a86ec
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/login.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": "abc"
+}
diff --git a/providers/dns/ispconfig/internal/readme.md b/providers/dns/ispconfig/internal/readme.md
new file mode 100644
index 000000000..2284c338f
--- /dev/null
+++ b/providers/dns/ispconfig/internal/readme.md
@@ -0,0 +1,249 @@
+## Error Response
+
+```json
+{
+ "code": "",
+ "message": "",
+ "response": false
+}
+```
+
+## Login Endpoint
+
+* URL: `?login`
+* HTTP Method: `POST`
+
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/login.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/login.php
+
+### Request Body (JSON)
+
+```json
+{
+ "username": "",
+ "password": "",
+ "client_login": false
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": "abc"
+}
+```
+
+- `response`: is the `sessionID`
+
+## Get Client ID Endpoint
+
+* URL: `?client_get_id`
+* HTTP Method: `POST`
+
+- function `client_get_id`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/client.inc.php#L97
+- TABLE `sys_user`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L1852
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/client_get_id.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/client_get_id.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "sys_userid": ""
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 123
+}
+```
+
+## DNS Zone Get ID Endpoint
+
+* URL: `?dns_zone_get_id`
+* HTTP Method: `POST`
+
+- function `dns_zone_get_id`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L142
+- TABLE `dns_soa`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L615
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "origin": ""
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 123
+}
+```
+
+## DNS Zone Get Endpoint
+
+* URL: `?dns_zone_get`
+* HTTP Method: `POST`
+
+- function `dns_zone_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L87
+- function `getDataRecord`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remoting_lib.inc.php#L248
+- TABLE `dns_soa`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L615
+- Depending on the request, the response may be an array or an object (`primary_id` can be a string, an array or an object).
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_zone_get.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_zone_get.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "primary_id": ""
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": {
+ "id": 456,
+ "server_id": 123,
+ "sys_userid": 789
+ }
+}
+```
+
+## DNS TXT Get Endpoint
+
+* URL: `?dns_txt_get`
+* HTTP Method: `POST`
+
+- function `dns_txt_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L640
+- function `dns_rr_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L195
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- TABLE `dns_rr`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L490
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_get.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_get.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "primary_id": {
+ "name": ".",
+ "type": "TXT"
+ }
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": {
+ "id": 123
+ }
+}
+```
+
+## DNS TXT Add Endpoint
+
+* URL: `?dns_txt_add`
+* HTTP Method: `POST`
+
+- function `dns_txt_add`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L645
+- function `dns_rr_add` https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L212
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_add.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_add.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "client_id": "",
+ "params": {
+ "server_id": "",
+ "zone": "",
+ "name": ".",
+ "type": "txt",
+ "data": "",
+ "aux": "0",
+ "ttl": "3600",
+ "active": "y",
+ "stamp": "",
+ "update_serial": true
+ },
+ "update_serial": true
+}
+```
+
+- `stamp`: (ex: `2025-12-17 23:35:58`)
+- `serial`: (ex: `1766010947`)
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": "123"
+}
+```
+
+## DNS TXT Delete Endpoint
+
+* URL: `?dns_txt_delete`
+* HTTP Method: `POST`
+
+- function `dns_txt_delete`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L655
+- function `dns_rr_delete`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L247
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_delete.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_delete.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "primary_id": "",
+ "update_serial": true
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 1
+}
+```
+
+---
+
+https://www.ispconfig.org/
+https://git.ispconfig.org/ispconfig/ispconfig3
+https://forum.howtoforge.com/#ispconfig-3.23
diff --git a/providers/dns/ispconfig/internal/types.go b/providers/dns/ispconfig/internal/types.go
new file mode 100644
index 000000000..7db0846cc
--- /dev/null
+++ b/providers/dns/ispconfig/internal/types.go
@@ -0,0 +1,95 @@
+package internal
+
+import (
+ "encoding/json"
+ "strings"
+)
+
+type APIError struct {
+ APIResponse
+}
+
+func (e *APIError) Error() string {
+ var msg strings.Builder
+
+ msg.WriteString("code: " + e.Code)
+
+ if e.Message != "" {
+ msg.WriteString(", message: " + e.Message)
+ }
+
+ if len(e.Response) > 0 {
+ msg.WriteString(", response: " + string(e.Response))
+ }
+
+ return msg.String()
+}
+
+type APIResponse struct {
+ Code string `json:"code"`
+ Message string `json:"message"`
+ Response json.RawMessage `json:"response"`
+}
+
+type LoginRequest struct {
+ Username string `json:"username"`
+ Password string `json:"password"`
+ ClientLogin bool `json:"client_login"`
+}
+
+type ClientIDRequest struct {
+ SessionID string `json:"session_id"`
+ SysUserID string `json:"sys_userid"`
+}
+
+type Zone struct {
+ ID string `json:"id"`
+ ServerID string `json:"server_id"`
+ SysUserID string `json:"sys_userid"`
+ SysGroupID string `json:"sys_groupid"`
+ Origin string `json:"origin"`
+ Serial string `json:"serial"`
+ Active string `json:"active"`
+}
+
+type GetTXTRequest struct {
+ SessionID string `json:"session_id"`
+ PrimaryID struct {
+ Name string `json:"name"`
+ Type string `json:"type"`
+ } `json:"primary_id"`
+}
+
+type Record struct {
+ ID int `json:"id"`
+}
+
+type AddTXTRequest struct {
+ SessionID string `json:"session_id"`
+ ClientID string `json:"client_id"`
+ Params *RecordParams `json:"params,omitempty"`
+ UpdateSerial bool `json:"update_serial"`
+}
+
+type RecordParams struct {
+ ServerID string `json:"server_id"`
+ Zone string `json:"zone"`
+ Name string `json:"name"`
+ // 'a','aaaa','alias','cname','hinfo','mx','naptr','ns','ds','ptr','rp','srv','txt'
+ Type string `json:"type"`
+ Data string `json:"data"`
+ // "0"
+ Aux string `json:"aux"`
+ TTL string `json:"ttl"`
+ // 'n','y'
+ Active string `json:"active"`
+ // `2025-12-17 23:35:58`
+ Stamp string `json:"stamp"`
+ UpdateSerial bool `json:"update_serial"`
+}
+
+type DeleteTXTRequest struct {
+ SessionID string `json:"session_id"`
+ PrimaryID string `json:"primary_id"`
+ UpdateSerial bool `json:"update_serial"`
+}
diff --git a/providers/dns/ispconfig/ispconfig.go b/providers/dns/ispconfig/ispconfig.go
new file mode 100644
index 000000000..9396430b7
--- /dev/null
+++ b/providers/dns/ispconfig/ispconfig.go
@@ -0,0 +1,220 @@
+// Package ispconfig implements a DNS provider for solving the DNS-01 challenge using ISPConfig.
+package ispconfig
+
+import (
+ "context"
+ "crypto/tls"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/ispconfig/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "ISPCONFIG_"
+
+ EnvServerURL = envNamespace + "SERVER_URL"
+ EnvUsername = envNamespace + "USERNAME"
+ EnvPassword = envNamespace + "PASSWORD"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+ EnvInsecureSkipVerify = envNamespace + "INSECURE_SKIP_VERIFY"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ ServerURL string
+ Username string
+ Password string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+ InsecureSkipVerify bool
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordIDs map[string]string
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for ISPConfig.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvServerURL, EnvUsername, EnvPassword)
+ if err != nil {
+ return nil, fmt.Errorf("ispconfig: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.ServerURL = values[EnvServerURL]
+ config.Username = values[EnvUsername]
+ config.Password = values[EnvPassword]
+ config.InsecureSkipVerify = env.GetOrDefaultBool(EnvInsecureSkipVerify, false)
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for ISPConfig.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("ispconfig: the configuration of the DNS provider is nil")
+ }
+
+ if config.ServerURL == "" {
+ return nil, errors.New("ispconfig: missing server URL")
+ }
+
+ if config.Username == "" || config.Password == "" {
+ return nil, errors.New("ispconfig: credentials missing")
+ }
+
+ client, err := internal.NewClient(config.ServerURL)
+ if err != nil {
+ return nil, fmt.Errorf("ispconfig: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ if config.InsecureSkipVerify {
+ client.HTTPClient.Transport = &http.Transport{
+ TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+ }
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]string),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ sessionID, err := d.client.Login(ctx, d.config.Username, d.config.Password)
+ if err != nil {
+ return fmt.Errorf("ispconfig: login: %w", err)
+ }
+
+ zoneID, err := d.findZone(ctx, sessionID, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("ispconfig: get zone id: %w", err)
+ }
+
+ zone, err := d.client.GetZone(ctx, sessionID, strconv.Itoa(zoneID))
+ if err != nil {
+ return fmt.Errorf("ispconfig: get zone: %w", err)
+ }
+
+ clientID, err := d.client.GetClientID(ctx, sessionID, zone.SysUserID)
+ if err != nil {
+ return fmt.Errorf("ispconfig: get client id: %w", err)
+ }
+
+ params := internal.RecordParams{
+ ServerID: "serverA",
+ Zone: zone.ID,
+ Name: info.EffectiveFQDN,
+ Type: "txt",
+ Data: info.Value,
+ Aux: "0",
+ TTL: strconv.Itoa(d.config.TTL),
+ Active: "y",
+ Stamp: time.Now().UTC().Format("2006-01-02 15:04:05"),
+ }
+
+ recordID, err := d.client.AddTXT(ctx, sessionID, strconv.Itoa(clientID), params)
+ if err != nil {
+ return fmt.Errorf("ispconfig: add txt record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.recordIDs[token] = recordID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ // gets the record's unique ID
+ d.recordIDsMu.Lock()
+ recordID, ok := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("ispconfig: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ sessionID, err := d.client.Login(ctx, d.config.Username, d.config.Password)
+ if err != nil {
+ return fmt.Errorf("ispconfig: login: %w", err)
+ }
+
+ _, err = d.client.DeleteTXT(ctx, sessionID, recordID)
+ if err != nil {
+ return fmt.Errorf("ispconfig: delete txt record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, sessionID, fqdn string) (int, error) {
+ for domain := range dns01.UnFqdnDomainsSeq(fqdn) {
+ zoneID, err := d.client.GetZoneID(ctx, sessionID, domain)
+ if err == nil {
+ return zoneID, nil
+ }
+ }
+
+ return 0, fmt.Errorf("zone not found for %q", fqdn)
+}
diff --git a/providers/dns/ispconfig/ispconfig.toml b/providers/dns/ispconfig/ispconfig.toml
new file mode 100644
index 000000000..a1cb89210
--- /dev/null
+++ b/providers/dns/ispconfig/ispconfig.toml
@@ -0,0 +1,27 @@
+Name = "ISPConfig"
+Description = ''''''
+URL = "https://www.ispconfig.org/"
+Code = "ispconfig"
+Since = "v4.31.0"
+
+Example = '''
+ISPCONFIG_SERVER_URL="https://example.com:8080/remote/json.php" \
+ISPCONFIG_USERNAME="xxx" \
+ISPCONFIG_PASSWORD="yyy" \
+lego --email you@example.com --dns ispconfig -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ ISPCONFIG_SERVER_URL = "Server URL"
+ ISPCONFIG_USERNAME = "Username"
+ ISPCONFIG_PASSWORD = "Password"
+ [Configuration.Additional]
+ ISPCONFIG_INSECURE_SKIP_VERIFY = "Whether to verify the API certificate"
+ ISPCONFIG_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ ISPCONFIG_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ ISPCONFIG_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ ISPCONFIG_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/index.html"
diff --git a/providers/dns/ispconfig/ispconfig_test.go b/providers/dns/ispconfig/ispconfig_test.go
new file mode 100644
index 000000000..b03463aee
--- /dev/null
+++ b/providers/dns/ispconfig/ispconfig_test.go
@@ -0,0 +1,173 @@
+package ispconfig
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvServerURL,
+ EnvUsername,
+ EnvPassword,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com:80/",
+ EnvUsername: "user",
+ EnvPassword: "secret",
+ },
+ },
+ {
+ desc: "missing server URL",
+ envVars: map[string]string{
+ EnvServerURL: "",
+ EnvUsername: "user",
+ EnvPassword: "secret",
+ },
+ expected: "ispconfig: some credentials information are missing: ISPCONFIG_SERVER_URL",
+ },
+ {
+ desc: "missing username",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com:80/",
+ EnvUsername: "",
+ EnvPassword: "secret",
+ },
+ expected: "ispconfig: some credentials information are missing: ISPCONFIG_USERNAME",
+ },
+ {
+ desc: "missing password",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com:80/",
+ EnvUsername: "user",
+ EnvPassword: "",
+ },
+ expected: "ispconfig: some credentials information are missing: ISPCONFIG_PASSWORD",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "ispconfig: some credentials information are missing: ISPCONFIG_SERVER_URL,ISPCONFIG_USERNAME,ISPCONFIG_PASSWORD",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ serverURL string
+ username string
+ password string
+ expected string
+ }{
+ {
+ desc: "success",
+ serverURL: "https://example.com:80/",
+ username: "user",
+ password: "secret",
+ },
+ {
+ desc: "missing server URL",
+ username: "user",
+ password: "secret",
+ expected: "ispconfig: missing server URL",
+ },
+ {
+ desc: "missing username",
+ serverURL: "https://example.com:80/",
+ password: "secret",
+ expected: "ispconfig: credentials missing",
+ },
+ {
+ desc: "missing password",
+ serverURL: "https://example.com:80/",
+ username: "user",
+ expected: "ispconfig: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "ispconfig: missing server URL",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.ServerURL = test.serverURL
+ config.Username = test.username
+ config.Password = test.password
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/zz_gen_dns_providers.go b/providers/dns/zz_gen_dns_providers.go
index 1270e0f9d..3a17594e2 100644
--- a/providers/dns/zz_gen_dns_providers.go
+++ b/providers/dns/zz_gen_dns_providers.go
@@ -94,6 +94,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/ionos"
"github.com/go-acme/lego/v4/providers/dns/ionoscloud"
"github.com/go-acme/lego/v4/providers/dns/ipv64"
+ "github.com/go-acme/lego/v4/providers/dns/ispconfig"
"github.com/go-acme/lego/v4/providers/dns/iwantmyname"
"github.com/go-acme/lego/v4/providers/dns/joker"
"github.com/go-acme/lego/v4/providers/dns/keyhelp"
@@ -363,6 +364,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return ionoscloud.NewDNSProvider()
case "ipv64":
return ipv64.NewDNSProvider()
+ case "ispconfig":
+ return ispconfig.NewDNSProvider()
case "iwantmyname":
return iwantmyname.NewDNSProvider()
case "joker":