diff --git a/README.md b/README.md
index 45ab93455..e90e94962 100644
--- a/README.md
+++ b/README.md
@@ -141,165 +141,165 @@ If your DNS provider is not supported, please open an [issue](https://github.com
| Epik |
EuroDNS |
+ | Excedo |
Exoscale |
External program |
F5 XC |
- freemyip.com |
+ | freemyip.com |
FusionLayer NameSurfer |
G-Core |
Gandi |
- Gandi Live DNS (v5) |
+ | Gandi Live DNS (v5) |
Gigahost.no |
Glesys |
Go Daddy |
- Google Cloud |
+ | Google Cloud |
Google Domains |
Gravity |
Hetzner |
- Hosting.de |
+ | Hosting.de |
Hosting.nl |
Hostinger |
Hosttech |
- HTTP request |
+ | HTTP request |
http.net |
Huawei Cloud |
Hurricane Electric DNS |
- HyperOne |
+ | HyperOne |
IBM Cloud (SoftLayer) |
IIJ DNS Platform Service |
Infoblox |
- Infomaniak |
+ | Infomaniak |
Internet Initiative Japan |
Internet.bs |
INWX |
- Ionos |
+ | Ionos |
Ionos Cloud |
IPv64 |
ISPConfig 3 |
- ISPConfig 3 - Dynamic DNS (DDNS) Module |
+ | ISPConfig 3 - Dynamic DNS (DDNS) Module |
iwantmyname (Deprecated) |
JD Cloud |
Joker |
- Joohoi's ACME-DNS |
+ | Joohoi's ACME-DNS |
KeyHelp |
Leaseweb |
Liara |
- Lima-City |
+ | Lima-City |
Linode (v4) |
Liquid Web |
Loopia |
- LuaDNS |
+ | LuaDNS |
Mail-in-a-Box |
ManageEngine CloudDNS |
Manual |
- Metaname |
+ | Metaname |
Metaregistrar |
mijn.host |
Mittwald |
- myaddr.{tools,dev,io} |
+ | myaddr.{tools,dev,io} |
MyDNS.jp |
MythicBeasts |
Name.com |
- Namecheap |
+ | Namecheap |
Namesilo |
NearlyFreeSpeech.NET |
Neodigit |
- Netcup |
+ | Netcup |
Netlify |
Nicmanager |
NIFCloud |
- Njalla |
+ | Njalla |
Nodion |
NS1 |
Octenium |
- Open Telekom Cloud |
+ | Open Telekom Cloud |
Oracle Cloud |
OVH |
plesk.com |
- Porkbun |
+ | Porkbun |
PowerDNS |
Rackspace |
Rain Yun/雨云 |
- RcodeZero |
+ | RcodeZero |
reg.ru |
Regfish |
RFC2136 |
- RimuHosting |
+ | RimuHosting |
RU CENTER |
Sakura Cloud |
Scaleway |
- Selectel |
+ | Selectel |
Selectel v2 |
SelfHost.(de|eu) |
Servercow |
- Shellrent |
+ | Shellrent |
Simply.com |
Sonic |
Spaceship |
- Stackpath |
+ | Stackpath |
Syse |
Technitium |
Tencent Cloud DNS |
- Tencent EdgeOne |
+ | Tencent EdgeOne |
Timeweb Cloud |
TodayNIC/时代互联 |
TransIP |
- Ultradns |
+ | Ultradns |
United-Domains |
Variomedia |
VegaDNS |
- Vercel |
+ | Vercel |
Versio.[nl|eu|uk] |
VinylDNS |
Virtualname |
- VK Cloud |
+ | VK Cloud |
Volcano Engine/火山引擎 |
Vscale |
Vultr |
- webnames.ca |
+ | webnames.ca |
webnames.ru |
Websupport |
WEDOS |
- West.cn/西部数码 |
+ | West.cn/西部数码 |
Yandex 360 |
Yandex Cloud |
Yandex PDD |
- Zone.ee |
+ | Zone.ee |
ZoneEdit |
Zonomi |
|
- |
diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go
index 0ecc012b3..f73f3920b 100644
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@@ -75,6 +75,7 @@ func allDNSCodes() string {
"efficientip",
"epik",
"eurodns",
+ "excedo",
"exec",
"exoscale",
"f5xc",
@@ -1584,6 +1585,27 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln()
ew.writeln(`More information: https://go-acme.github.io/lego/dns/eurodns`)
+ case "excedo":
+ // generated from: providers/dns/excedo/excedo.toml
+ ew.writeln(`Configuration for Excedo.`)
+ ew.writeln(`Code: 'excedo'`)
+ ew.writeln(`Since: 'v4.33.0'`)
+ ew.writeln()
+
+ ew.writeln(`Credentials:`)
+ ew.writeln(` - "EXCEDO_API_KEY": API key`)
+ ew.writeln(` - "EXCEDO_API_URL": API base URL`)
+ ew.writeln()
+
+ ew.writeln(`Additional Configuration:`)
+ ew.writeln(` - "EXCEDO_HTTP_TIMEOUT": API request timeout in seconds (Default: 30)`)
+ ew.writeln(` - "EXCEDO_POLLING_INTERVAL": Time between DNS propagation check in seconds (Default: 10)`)
+ ew.writeln(` - "EXCEDO_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation in seconds (Default: 300)`)
+ ew.writeln(` - "EXCEDO_TTL": The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)`)
+
+ ew.writeln()
+ ew.writeln(`More information: https://go-acme.github.io/lego/dns/excedo`)
+
case "exec":
// generated from: providers/dns/exec/exec.toml
ew.writeln(`Configuration for External program.`)
diff --git a/docs/content/dns/zz_gen_excedo.md b/docs/content/dns/zz_gen_excedo.md
new file mode 100644
index 000000000..456e6f60a
--- /dev/null
+++ b/docs/content/dns/zz_gen_excedo.md
@@ -0,0 +1,69 @@
+---
+title: "Excedo"
+date: 2019-03-03T16:39:46+01:00
+draft: false
+slug: excedo
+dnsprovider:
+ since: "v4.33.0"
+ code: "excedo"
+ url: "https://excedo.se/"
+---
+
+
+
+
+
+
+Configuration for [Excedo](https://excedo.se/).
+
+
+
+
+- Code: `excedo`
+- Since: v4.33.0
+
+
+Here is an example bash command using the Excedo provider:
+
+```bash
+EXCEDO_API_KEY=your-api-key \
+EXCEDO_API_URL=your-base-url \
+lego --dns excedo -d '*.example.com' -d example.com run
+```
+
+
+
+
+## Credentials
+
+| Environment Variable Name | Description |
+|-----------------------|-------------|
+| `EXCEDO_API_KEY` | API key |
+| `EXCEDO_API_URL` | API base URL |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+## Additional Configuration
+
+| Environment Variable Name | Description |
+|--------------------------------|-------------|
+| `EXCEDO_HTTP_TIMEOUT` | API request timeout in seconds (Default: 30) |
+| `EXCEDO_POLLING_INTERVAL` | Time between DNS propagation check in seconds (Default: 10) |
+| `EXCEDO_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation in seconds (Default: 300) |
+| `EXCEDO_TTL` | The TTL of the TXT record used for the DNS challenge in seconds (Default: 60) |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+
+
+## More information
+
+- [API documentation](none)
+
+
+
+
diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml
index 5736d0ae8..139143b17 100644
--- a/docs/data/zz_cli_help.toml
+++ b/docs/data/zz_cli_help.toml
@@ -152,7 +152,7 @@ To display the documentation for a specific DNS provider, run:
$ lego dnshelp -c code
Supported DNS providers:
- acme-dns, active24, alidns, aliesa, allinkl, alwaysdata, anexia, artfiles, arvancloud, auroradns, autodns, axelname, azion, azure, azuredns, baiducloud, beget, binarylane, bindman, bluecat, bluecatv2, bookmyname, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, com35, conoha, conohav3, constellix, corenetworks, cpanel, czechia, ddnss, derak, desec, designate, digitalocean, directadmin, dnsexit, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dyndnsfree, dynu, easydns, edgecenter, edgedns, edgeone, efficientip, epik, eurodns, exec, exoscale, f5xc, freemyip, gandi, gandiv5, gcloud, gcore, gigahostno, glesys, godaddy, googledomains, gravity, hetzner, hostingde, hostinger, hostingnl, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ionoscloud, ipv64, ispconfig, ispconfigddns, iwantmyname, jdcloud, joker, keyhelp, leaseweb, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, metaregistrar, mijnhost, mittwald, myaddr, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, namesurfer, nearlyfreespeech, neodigit, netcup, netlify, nicmanager, nicru, nifcloud, njalla, nodion, ns1, octenium, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, spaceship, stackpath, syse, technitium, tencentcloud, timewebcloud, todaynic, transip, ultradns, uniteddomains, variomedia, vegadns, vercel, versio, vinyldns, virtualname, vkcloud, volcengine, vscale, vultr, webnames, webnamesca, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneedit, zoneee, zonomi
+ acme-dns, active24, alidns, aliesa, allinkl, alwaysdata, anexia, artfiles, arvancloud, auroradns, autodns, axelname, azion, azure, azuredns, baiducloud, beget, binarylane, bindman, bluecat, bluecatv2, bookmyname, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, com35, conoha, conohav3, constellix, corenetworks, cpanel, czechia, ddnss, derak, desec, designate, digitalocean, directadmin, dnsexit, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dyndnsfree, dynu, easydns, edgecenter, edgedns, edgeone, efficientip, epik, eurodns, excedo, exec, exoscale, f5xc, freemyip, gandi, gandiv5, gcloud, gcore, gigahostno, glesys, godaddy, googledomains, gravity, hetzner, hostingde, hostinger, hostingnl, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ionoscloud, ipv64, ispconfig, ispconfigddns, iwantmyname, jdcloud, joker, keyhelp, leaseweb, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, metaregistrar, mijnhost, mittwald, myaddr, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, namesurfer, nearlyfreespeech, neodigit, netcup, netlify, nicmanager, nicru, nifcloud, njalla, nodion, ns1, octenium, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, spaceship, stackpath, syse, technitium, tencentcloud, timewebcloud, todaynic, transip, ultradns, uniteddomains, variomedia, vegadns, vercel, versio, vinyldns, virtualname, vkcloud, volcengine, vscale, vultr, webnames, webnamesca, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneedit, zoneee, zonomi
More information: https://go-acme.github.io/lego/dns
"""
diff --git a/providers/dns/excedo/excedo.go b/providers/dns/excedo/excedo.go
new file mode 100644
index 000000000..ae9128b94
--- /dev/null
+++ b/providers/dns/excedo/excedo.go
@@ -0,0 +1,176 @@
+// Package excedo implements a DNS provider for solving the DNS-01 challenge using Excedo.
+package excedo
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/excedo/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "EXCEDO_"
+
+ EnvAPIURL = envNamespace + "API_URL"
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIURL string
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, 60),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 5*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordsMu sync.Mutex
+ records map[string]int64
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Excedo.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIURL, EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("excedo: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIURL = values[EnvAPIURL]
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Excedo.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("excedo: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.APIURL, config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("excedo: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ records: make(map[string]int64),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("excedo: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("excedo: %w", err)
+ }
+
+ record := internal.Record{
+ DomainName: dns01.UnFqdn(authZone),
+ Name: subDomain,
+ Type: "TXT",
+ Content: info.Value,
+ TTL: strconv.Itoa(d.config.TTL),
+ }
+
+ recordID, err := d.client.AddRecord(ctx, record)
+ if err != nil {
+ return fmt.Errorf("excedo: add record: %w", err)
+ }
+
+ d.recordsMu.Lock()
+ d.records[token] = recordID
+ d.recordsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("excedo: could not find zone for domain %q: %w", domain, err)
+ }
+
+ d.recordsMu.Lock()
+ recordID, ok := d.records[token]
+ d.recordsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("excedo: unknown record ID for '%s'", info.EffectiveFQDN)
+ }
+
+ err = d.client.DeleteRecord(ctx, dns01.UnFqdn(authZone), strconv.FormatInt(recordID, 10))
+ if err != nil {
+ return fmt.Errorf("excedo: delete record: %w", err)
+ }
+
+ d.recordsMu.Lock()
+ delete(d.records, token)
+ d.recordsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/excedo/excedo.toml b/providers/dns/excedo/excedo.toml
new file mode 100644
index 000000000..9f9874c62
--- /dev/null
+++ b/providers/dns/excedo/excedo.toml
@@ -0,0 +1,24 @@
+Name = "Excedo"
+Description = ''''''
+URL = "https://excedo.se/"
+Code = "excedo"
+Since = "v4.33.0"
+
+Example = '''
+EXCEDO_API_KEY=your-api-key \
+EXCEDO_API_URL=your-base-url \
+lego --dns excedo -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ EXCEDO_API_KEY = "API key"
+ EXCEDO_API_URL = "API base URL"
+ [Configuration.Additional]
+ EXCEDO_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
+ EXCEDO_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 300)"
+ EXCEDO_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)"
+ EXCEDO_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "none"
diff --git a/providers/dns/excedo/excedo_test.go b/providers/dns/excedo/excedo_test.go
new file mode 100644
index 000000000..f2350c035
--- /dev/null
+++ b/providers/dns/excedo/excedo_test.go
@@ -0,0 +1,210 @@
+package excedo
+
+import (
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIURL, EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIURL: "https://example.com",
+ EnvAPIKey: "secret",
+ },
+ },
+ {
+ desc: "missing the API key",
+ envVars: map[string]string{
+ EnvAPIURL: "https://example.com",
+ EnvAPIKey: "",
+ },
+ expected: "excedo: some credentials information are missing: EXCEDO_API_KEY",
+ },
+ {
+ desc: "missing the API URL",
+ envVars: map[string]string{
+ EnvAPIURL: "",
+ EnvAPIKey: "secret",
+ },
+ expected: "excedo: some credentials information are missing: EXCEDO_API_URL",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "excedo: some credentials information are missing: EXCEDO_API_URL,EXCEDO_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiURL string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiURL: "https://example.com",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing the API key",
+ apiURL: "https://example.com",
+ expected: "excedo: credentials missing",
+ },
+ {
+ desc: "missing the API URL",
+ apiKey: "secret",
+ expected: "excedo: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "excedo: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIURL = test.apiURL
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIURL = server.URL
+ config.APIKey = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ return p, nil
+ },
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /authenticate/login/",
+ servermock.ResponseFromInternal("login.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret"),
+ ).
+ Route("POST /dns/addrecord/",
+ servermock.ResponseFromInternal("addrecord.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ servermock.CheckForm().Strict().
+ With("content", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ With("domainName", "example.com").
+ With("name", "_acme-challenge").
+ With("ttl", "60").
+ With("type", "TXT"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /authenticate/login/",
+ servermock.ResponseFromInternal("login.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret"),
+ ).
+ Route("POST /dns/deleterecord/",
+ servermock.ResponseFromInternal("deleterecord.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ ).
+ Build(t)
+
+ provider.records["abc"] = 19695822
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/excedo/internal/client.go b/providers/dns/excedo/internal/client.go
new file mode 100644
index 000000000..a5d8be88b
--- /dev/null
+++ b/providers/dns/excedo/internal/client.go
@@ -0,0 +1,205 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "mime/multipart"
+ "net/http"
+ "net/url"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ querystring "github.com/google/go-querystring/query"
+)
+
+type responseChecker interface {
+ Check() error
+}
+
+// Client the Excedo API client.
+type Client struct {
+ apiKey string
+
+ baseURL *url.URL
+ HTTPClient *http.Client
+
+ token *ExpirableToken
+ muToken sync.Mutex
+}
+
+// NewClient creates a new Client.
+func NewClient(apiURL, apiKey string) (*Client, error) {
+ if apiURL == "" || apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, err := url.Parse(apiURL)
+ if err != nil {
+ return nil, err
+ }
+
+ return &Client{
+ apiKey: apiKey,
+ baseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) AddRecord(ctx context.Context, record Record) (int64, error) {
+ payload, err := querystring.Values(record)
+ if err != nil {
+ return 0, err
+ }
+
+ endpoint := c.baseURL.JoinPath("/dns/addrecord/")
+
+ req, err := newFormRequest(ctx, http.MethodPost, endpoint, payload)
+ if err != nil {
+ return 0, err
+ }
+
+ result := new(AddRecordResponse)
+
+ err = c.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return 0, err
+ }
+
+ return result.RecordID, nil
+}
+
+func (c *Client) DeleteRecord(ctx context.Context, zone, recordID string) error {
+ endpoint := c.baseURL.JoinPath("/dns/deleterecord/")
+
+ data := map[string]string{
+ "domainname": dns01.UnFqdn(zone),
+ "recordid": recordID,
+ }
+
+ req, err := newMultipartRequest(ctx, http.MethodPost, endpoint, data)
+ if err != nil {
+ return err
+ }
+
+ result := new(BaseResponse)
+
+ err = c.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (c *Client) GetRecords(ctx context.Context, zone string) (map[string]Zone, error) {
+ endpoint := c.baseURL.JoinPath("/dns/getrecords/")
+
+ query := endpoint.Query()
+ query.Set("domainname", zone)
+
+ endpoint.RawQuery = query.Encode()
+
+ req, err := newFormRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ result := new(GetRecordsResponse)
+
+ err = c.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.DNS, nil
+}
+
+func (c *Client) do(req *http.Request, result responseChecker) error {
+ useragent.SetHeader(req.Header)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return result.Check()
+}
+
+func newMultipartRequest(ctx context.Context, method string, endpoint *url.URL, data map[string]string) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ writer := multipart.NewWriter(buf)
+
+ for k, v := range data {
+ err := writer.WriteField(k, v)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ err := writer.Close()
+ if err != nil {
+ return nil, err
+ }
+
+ body := bytes.NewReader(buf.Bytes())
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), body)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Content-Type", writer.FormDataContentType())
+
+ return req, nil
+}
+
+func newFormRequest(ctx context.Context, method string, endpoint *url.URL, form url.Values) (*http.Request, error) {
+ var body io.Reader
+
+ if len(form) > 0 {
+ body = bytes.NewReader([]byte(form.Encode()))
+ } else {
+ body = http.NoBody
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), body)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ if method == http.MethodPost {
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+ }
+
+ return req, nil
+}
diff --git a/providers/dns/excedo/internal/client_test.go b/providers/dns/excedo/internal/client_test.go
new file mode 100644
index 000000000..f4fd52c00
--- /dev/null
+++ b/providers/dns/excedo/internal/client_test.go
@@ -0,0 +1,137 @@
+package internal
+
+import (
+ "net/http/httptest"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL, "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ )
+}
+
+func TestClient_AddRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/addrecord/",
+ servermock.ResponseFromFixture("addrecord.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ servermock.CheckForm().Strict().
+ With("content", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ With("domainName", "example.com").
+ With("name", "_acme-challenge").
+ With("ttl", "60").
+ With("type", "TXT"),
+ ).
+ Build(t)
+
+ client.token = &ExpirableToken{
+ Token: "session-token",
+ Expires: time.Now().Add(6 * time.Hour),
+ }
+
+ record := Record{
+ DomainName: "example.com",
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: "60",
+ }
+
+ recordID, err := client.AddRecord(t.Context(), record)
+ require.NoError(t, err)
+
+ assert.EqualValues(t, 19695822, recordID)
+}
+
+func TestClient_AddRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/addrecord/",
+ servermock.ResponseFromFixture("error.json"),
+ ).
+ Build(t)
+
+ client.token = &ExpirableToken{
+ Token: "session-token",
+ Expires: time.Now().Add(6 * time.Hour),
+ }
+
+ record := Record{
+ DomainName: "example.com",
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: "60",
+ }
+
+ _, err := client.AddRecord(t.Context(), record)
+ require.EqualError(t, err, "2003: Required parameter missing")
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/deleterecord/",
+ servermock.ResponseFromFixture("deleterecord.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ ).
+ Build(t)
+
+ client.token = &ExpirableToken{
+ Token: "session-token",
+ Expires: time.Now().Add(6 * time.Hour),
+ }
+
+ err := client.DeleteRecord(t.Context(), "example.com", "19695822")
+ require.NoError(t, err)
+}
+
+func TestClient_GetRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/getrecords/",
+ servermock.ResponseFromFixture("getrecords.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ servermock.CheckQueryParameter().Strict().
+ With("domainname", "example.com"),
+ ).
+ Build(t)
+
+ client.token = &ExpirableToken{
+ Token: "session-token",
+ Expires: time.Now().Add(6 * time.Hour),
+ }
+
+ zones, err := client.GetRecords(t.Context(), "example.com")
+ require.NoError(t, err)
+
+ expected := map[string]Zone{
+ "example.com": {
+ DNSType: "type",
+ Records: []Record{{
+ RecordID: "1234",
+ Name: "_acme-challenge.example.com",
+ Type: "TXT",
+ Content: "txt-value",
+ TTL: "60",
+ }},
+ },
+ }
+
+ assert.Equal(t, expected, zones)
+}
diff --git a/providers/dns/excedo/internal/fixtures/addrecord.json b/providers/dns/excedo/internal/fixtures/addrecord.json
new file mode 100644
index 000000000..f1f7bf958
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/addrecord.json
@@ -0,0 +1,15 @@
+{
+ "code": 1000,
+ "desc": "Command completed successfully",
+ "recordid": 19695822,
+ "session": {
+ "accID": "1234",
+ "usrID": "1234",
+ "status": "active",
+ "expire": {
+ "date": "2026-03-10 19:03:18",
+ "seconds": 5678
+ }
+ },
+ "runtime": 0.2852
+}
diff --git a/providers/dns/excedo/internal/fixtures/deleterecord.json b/providers/dns/excedo/internal/fixtures/deleterecord.json
new file mode 100644
index 000000000..5c2431b1c
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/deleterecord.json
@@ -0,0 +1,14 @@
+{
+ "code": 1000,
+ "desc": "Command completed successfully",
+ "session": {
+ "accID": "1234",
+ "usrID": "1234",
+ "status": "active",
+ "expire": {
+ "date": "2026-03-10 19:03:18",
+ "seconds": 5678
+ }
+ },
+ "runtime": 0.2852
+}
diff --git a/providers/dns/excedo/internal/fixtures/error.json b/providers/dns/excedo/internal/fixtures/error.json
new file mode 100644
index 000000000..5a24ec247
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/error.json
@@ -0,0 +1,18 @@
+{
+ "code": 2003,
+ "desc": "Required parameter missing",
+ "missing": [
+ "domainname",
+ "recordid"
+ ],
+ "session": {
+ "accID": "1234",
+ "usrID": "1234",
+ "status": "active",
+ "expire": {
+ "date": "2026-03-10 19:03:18",
+ "seconds": 5485
+ }
+ },
+ "runtime": 0.0534
+}
diff --git a/providers/dns/excedo/internal/fixtures/getrecords.json b/providers/dns/excedo/internal/fixtures/getrecords.json
new file mode 100644
index 000000000..215a8abb2
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/getrecords.json
@@ -0,0 +1,23 @@
+{
+ "code": 1000,
+ "desc": "Command completed successfully",
+ "dns": {
+ "example.com": {
+ "dnstype": "type",
+ "recordusage": {
+ "used": 74
+ },
+ "records": [
+ {
+ "recordid": "1234",
+ "name": "_acme-challenge.example.com",
+ "type": "TXT",
+ "content": "txt-value",
+ "ttl": "60",
+ "prio": null,
+ "change_date": null
+ }
+ ]
+ }
+ }
+}
diff --git a/providers/dns/excedo/internal/fixtures/login.json b/providers/dns/excedo/internal/fixtures/login.json
new file mode 100644
index 000000000..2defb9843
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/login.json
@@ -0,0 +1,7 @@
+{
+ "code": 1000,
+ "desc": "Command completed successfully",
+ "parameters": {
+ "token": "session-token"
+ }
+}
diff --git a/providers/dns/excedo/internal/identity.go b/providers/dns/excedo/internal/identity.go
new file mode 100644
index 000000000..5c9ca119d
--- /dev/null
+++ b/providers/dns/excedo/internal/identity.go
@@ -0,0 +1,75 @@
+package internal
+
+import (
+ "context"
+ "fmt"
+ "net/http"
+ "time"
+)
+
+type ExpirableToken struct {
+ Token string
+ Expires time.Time
+}
+
+func (t *ExpirableToken) IsExpired() bool {
+ return time.Now().After(t.Expires)
+}
+
+func (c *Client) Login(ctx context.Context) (string, error) {
+ endpoint := c.baseURL.JoinPath("/authenticate/login/")
+
+ req, err := newFormRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return "", err
+ }
+
+ req.Header.Set("Authorization", "Bearer "+c.apiKey)
+
+ result := new(LoginResponse)
+
+ err = c.do(req, result)
+ if err != nil {
+ return "", err
+ }
+
+ if result.Code != 1000 && result.Code != 1300 {
+ return "", fmt.Errorf("%d: %s", result.Code, result.Description)
+ }
+
+ return result.Parameters.Token, nil
+}
+
+func (c *Client) authenticate(ctx context.Context) (string, error) {
+ c.muToken.Lock()
+ defer c.muToken.Unlock()
+
+ if c.token == nil || c.token.IsExpired() {
+ token, err := c.Login(ctx)
+ if err != nil {
+ return "", err
+ }
+
+ c.token = &ExpirableToken{
+ Token: token,
+ Expires: time.Now().Add(2*time.Hour - time.Minute),
+ }
+
+ return token, nil
+ }
+
+ return c.token.Token, nil
+}
+
+func (c *Client) doAuthenticated(ctx context.Context, req *http.Request, result responseChecker) error {
+ token, err := c.authenticate(ctx)
+ if err != nil {
+ return err
+ }
+
+ if token != "" {
+ req.Header.Set("Authorization", "Bearer "+token)
+ }
+
+ return c.do(req, result)
+}
diff --git a/providers/dns/excedo/internal/identity_test.go b/providers/dns/excedo/internal/identity_test.go
new file mode 100644
index 000000000..86b7eb9d8
--- /dev/null
+++ b/providers/dns/excedo/internal/identity_test.go
@@ -0,0 +1,35 @@
+package internal
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestClient_Login(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /authenticate/login/",
+ servermock.ResponseFromFixture("login.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret"),
+ ).
+ Build(t)
+
+ token, err := client.Login(t.Context())
+ require.NoError(t, err)
+
+ assert.Equal(t, "session-token", token)
+}
+
+func TestClient_Login_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /authenticate/login/",
+ servermock.ResponseFromFixture("error.json"),
+ ).
+ Build(t)
+
+ _, err := client.Login(t.Context())
+ require.EqualError(t, err, "2003: Required parameter missing")
+}
diff --git a/providers/dns/excedo/internal/types.go b/providers/dns/excedo/internal/types.go
new file mode 100644
index 000000000..eb6ce8462
--- /dev/null
+++ b/providers/dns/excedo/internal/types.go
@@ -0,0 +1,65 @@
+package internal
+
+import "fmt"
+
+type BaseResponse struct {
+ Code int `json:"code"`
+ Description string `json:"desc"`
+}
+
+func (r BaseResponse) Check() error {
+ // Response codes:
+ // - 1000: Command completed successfully
+ // - 1300: Command completed successfully; no messages
+ // - 2001: Command syntax error
+ // - 2002: Command use error
+ // - 2003: Required parameter missing
+ // - 2004: Parameter value range error
+ // - 2104: Billing failure
+ // - 2200: Authentication error
+ // - 2201: Authorization error
+ // - 2303: Object does not exist
+ // - 2304: Object status prohibits operation
+ // - 2309: Object duplicate found
+ // - 2400: Command failed
+ // - 2500: Command failed; server closing connection
+ if r.Code != 1000 && r.Code != 1300 {
+ return fmt.Errorf("%d: %s", r.Code, r.Description)
+ }
+
+ return nil
+}
+
+type GetRecordsResponse struct {
+ BaseResponse
+
+ DNS map[string]Zone `json:"dns"`
+}
+
+type Zone struct {
+ DNSType string `json:"dnstype"`
+ Records []Record `json:"records"`
+}
+
+type Record struct {
+ DomainName string `json:"domainName,omitempty" url:"domainName,omitempty"`
+ RecordID string `json:"recordid,omitempty" url:"recordid,omitempty"`
+ Name string `json:"name,omitempty" url:"name,omitempty"`
+ Type string `json:"type,omitempty" url:"type,omitempty"`
+ Content string `json:"content,omitempty" url:"content,omitempty"`
+ TTL string `json:"ttl,omitempty" url:"ttl,omitempty"`
+}
+
+type AddRecordResponse struct {
+ BaseResponse
+
+ RecordID int64 `json:"recordid"`
+}
+
+type LoginResponse struct {
+ BaseResponse
+
+ Parameters struct {
+ Token string `json:"token"`
+ } `json:"parameters"`
+}
diff --git a/providers/dns/zz_gen_dns_providers.go b/providers/dns/zz_gen_dns_providers.go
index 519cc93ec..9c4bc9e61 100644
--- a/providers/dns/zz_gen_dns_providers.go
+++ b/providers/dns/zz_gen_dns_providers.go
@@ -69,6 +69,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/efficientip"
"github.com/go-acme/lego/v4/providers/dns/epik"
"github.com/go-acme/lego/v4/providers/dns/eurodns"
+ "github.com/go-acme/lego/v4/providers/dns/excedo"
"github.com/go-acme/lego/v4/providers/dns/exec"
"github.com/go-acme/lego/v4/providers/dns/exoscale"
"github.com/go-acme/lego/v4/providers/dns/f5xc"
@@ -327,6 +328,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return epik.NewDNSProvider()
case "eurodns":
return eurodns.NewDNSProvider()
+ case "excedo":
+ return excedo.NewDNSProvider()
case "exec":
return exec.NewDNSProvider()
case "exoscale":