diff --git a/README.md b/README.md
index 015d45ea6..8ef958264 100644
--- a/README.md
+++ b/README.md
@@ -196,83 +196,88 @@ Detailed documentation is available [here](https://go-acme.github.io/lego/dns).
| Namesilo |
NearlyFreeSpeech.NET |
+ Neodigit |
Netcup |
- Netlify |
+ | Netlify |
Nicmanager |
NIFCloud |
Njalla |
- Nodion |
+ | Nodion |
NS1 |
Octenium |
Open Telekom Cloud |
- Oracle Cloud |
+ | Oracle Cloud |
OVH |
plesk.com |
Porkbun |
- PowerDNS |
+ | PowerDNS |
Rackspace |
Rain Yun/雨云 |
RcodeZero |
- reg.ru |
+ | reg.ru |
Regfish |
RFC2136 |
RimuHosting |
- RU CENTER |
+ | RU CENTER |
Sakura Cloud |
Scaleway |
Selectel |
- Selectel v2 |
+ | Selectel v2 |
SelfHost.(de|eu) |
Servercow |
Shellrent |
- Simply.com |
+ | Simply.com |
Sonic |
Spaceship |
Stackpath |
- Syse |
+ | Syse |
Technitium |
Tencent Cloud DNS |
Tencent EdgeOne |
- Timeweb Cloud |
+ | Timeweb Cloud |
TransIP |
UKFast SafeDNS |
Ultradns |
- United-Domains |
+ | United-Domains |
Variomedia |
VegaDNS |
Vercel |
- Versio.[nl|eu|uk] |
+ | Versio.[nl|eu|uk] |
VinylDNS |
VK Cloud |
Volcano Engine/火山引擎 |
- Vscale |
+ | Vscale |
Vultr |
webnames.ca |
webnames.ru |
- Websupport |
+ | Websupport |
WEDOS |
West.cn/西部数码 |
Yandex 360 |
- Yandex Cloud |
+ | Yandex Cloud |
Yandex PDD |
Zone.ee |
ZoneEdit |
+
| Zonomi |
+ |
+ |
+ |
diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go
index dda63b2a3..09667f572 100644
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@@ -122,6 +122,7 @@ func allDNSCodes() string {
"namedotcom",
"namesilo",
"nearlyfreespeech",
+ "neodigit",
"netcup",
"netlify",
"nicmanager",
@@ -2534,6 +2535,26 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln()
ew.writeln(`More information: https://go-acme.github.io/lego/dns/nearlyfreespeech`)
+ case "neodigit":
+ // generated from: providers/dns/neodigit/neodigit.toml
+ ew.writeln(`Configuration for Neodigit.`)
+ ew.writeln(`Code: 'neodigit'`)
+ ew.writeln(`Since: 'v4.30.0'`)
+ ew.writeln()
+
+ ew.writeln(`Credentials:`)
+ ew.writeln(` - "NEODIGIT_TOKEN": API token`)
+ ew.writeln()
+
+ ew.writeln(`Additional Configuration:`)
+ ew.writeln(` - "NEODIGIT_HTTP_TIMEOUT": API request timeout in seconds (Default: 30)`)
+ ew.writeln(` - "NEODIGIT_POLLING_INTERVAL": Time between DNS propagation check in seconds (Default: 10)`)
+ ew.writeln(` - "NEODIGIT_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation in seconds (Default: 300)`)
+ ew.writeln(` - "NEODIGIT_TTL": The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)`)
+
+ ew.writeln()
+ ew.writeln(`More information: https://go-acme.github.io/lego/dns/neodigit`)
+
case "netcup":
// generated from: providers/dns/netcup/netcup.toml
ew.writeln(`Configuration for Netcup.`)
diff --git a/docs/content/dns/zz_gen_neodigit.md b/docs/content/dns/zz_gen_neodigit.md
new file mode 100644
index 000000000..70dfb6343
--- /dev/null
+++ b/docs/content/dns/zz_gen_neodigit.md
@@ -0,0 +1,67 @@
+---
+title: "Neodigit"
+date: 2019-03-03T16:39:46+01:00
+draft: false
+slug: neodigit
+dnsprovider:
+ since: "v4.30.0"
+ code: "neodigit"
+ url: "https://www.neodigit.net"
+---
+
+
+
+
+
+
+Configuration for [Neodigit](https://www.neodigit.net).
+
+
+
+
+- Code: `neodigit`
+- Since: v4.30.0
+
+
+Here is an example bash command using the Neodigit provider:
+
+```bash
+NEODIGIT_TOKEN=xxxxxx \
+lego --email you@example.com --dns neodigit -d '*.example.com' -d example.com run
+```
+
+
+
+
+## Credentials
+
+| Environment Variable Name | Description |
+|-----------------------|-------------|
+| `NEODIGIT_TOKEN` | API token |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+## Additional Configuration
+
+| Environment Variable Name | Description |
+|--------------------------------|-------------|
+| `NEODIGIT_HTTP_TIMEOUT` | API request timeout in seconds (Default: 30) |
+| `NEODIGIT_POLLING_INTERVAL` | Time between DNS propagation check in seconds (Default: 10) |
+| `NEODIGIT_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation in seconds (Default: 300) |
+| `NEODIGIT_TTL` | The TTL of the TXT record used for the DNS challenge in seconds (Default: 120) |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+
+
+## More information
+
+- [API documentation](https://developers.neodigit.net/#dns)
+
+
+
+
diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml
index 37d8700e8..b172beedb 100644
--- a/docs/data/zz_cli_help.toml
+++ b/docs/data/zz_cli_help.toml
@@ -152,7 +152,7 @@ To display the documentation for a specific DNS provider, run:
$ lego dnshelp -c code
Supported DNS providers:
- acme-dns, active24, alidns, aliesa, allinkl, anexia, arvancloud, auroradns, autodns, axelname, azion, azure, azuredns, baiducloud, beget, binarylane, bindman, bluecat, bookmyname, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, conohav3, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dyndnsfree, dynu, easydns, edgecenter, edgedns, edgeone, efficientip, epik, exec, exoscale, f5xc, freemyip, gandi, gandiv5, gcloud, gcore, gigahostno, glesys, godaddy, googledomains, gravity, hetzner, hostingde, hostinger, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, keyhelp, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, metaregistrar, mijnhost, mittwald, myaddr, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nicru, nifcloud, njalla, nodion, ns1, octenium, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, spaceship, stackpath, syse, technitium, tencentcloud, timewebcloud, transip, ultradns, uniteddomains, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, volcengine, vscale, vultr, webnames, webnamesca, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneedit, zoneee, zonomi
+ acme-dns, active24, alidns, aliesa, allinkl, anexia, arvancloud, auroradns, autodns, axelname, azion, azure, azuredns, baiducloud, beget, binarylane, bindman, bluecat, bookmyname, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, conohav3, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dyndnsfree, dynu, easydns, edgecenter, edgedns, edgeone, efficientip, epik, exec, exoscale, f5xc, freemyip, gandi, gandiv5, gcloud, gcore, gigahostno, glesys, godaddy, googledomains, gravity, hetzner, hostingde, hostinger, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, keyhelp, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manageengine, manual, metaname, metaregistrar, mijnhost, mittwald, myaddr, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, neodigit, netcup, netlify, nicmanager, nicru, nifcloud, njalla, nodion, ns1, octenium, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rainyun, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, spaceship, stackpath, syse, technitium, tencentcloud, timewebcloud, transip, ultradns, uniteddomains, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, volcengine, vscale, vultr, webnames, webnamesca, websupport, wedos, westcn, yandex, yandex360, yandexcloud, zoneedit, zoneee, zonomi
More information: https://go-acme.github.io/lego/dns
"""
diff --git a/providers/dns/neodigit/internal/client.go b/providers/dns/neodigit/internal/client.go
new file mode 100644
index 000000000..1e883c6d2
--- /dev/null
+++ b/providers/dns/neodigit/internal/client.go
@@ -0,0 +1,182 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+// DefaultBaseURL is the default API endpoint.
+const DefaultBaseURL = "https://api.neodigit.net/v1"
+
+// Client is a Neodigit API client.
+type Client struct {
+ token string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(token string) (*Client, error) {
+ if token == "" {
+ return nil, errors.New("credentials missing: token")
+ }
+
+ baseURL, err := url.Parse(DefaultBaseURL)
+ if err != nil {
+ return nil, err
+ }
+
+ return &Client{
+ token: token,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 30 * time.Second},
+ }, nil
+}
+
+// GetZones lists all DNS zones.
+func (c *Client) GetZones(ctx context.Context) ([]Zone, error) {
+ endpoint := c.BaseURL.JoinPath("dns", "zones")
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var zones []Zone
+
+ err = c.do(req, &zones)
+ if err != nil {
+ return nil, err
+ }
+
+ return zones, nil
+}
+
+// GetRecords lists all records in a zone.
+func (c *Client) GetRecords(ctx context.Context, zoneID int, recordType string) ([]Record, error) {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", strconv.Itoa(zoneID), "records")
+
+ if recordType != "" {
+ query := endpoint.Query()
+ query.Set("type", recordType)
+ endpoint.RawQuery = query.Encode()
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var records []Record
+
+ err = c.do(req, &records)
+ if err != nil {
+ return nil, err
+ }
+
+ return records, nil
+}
+
+// CreateRecord creates a new DNS record.
+func (c *Client) CreateRecord(ctx context.Context, zoneID int, record Record) (*Record, error) {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", strconv.Itoa(zoneID), "records")
+
+ payload := RecordRequest{Record: record}
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, payload)
+ if err != nil {
+ return nil, err
+ }
+
+ var result Record
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return &result, nil
+}
+
+// DeleteRecord deletes a DNS record.
+func (c *Client) DeleteRecord(ctx context.Context, zoneID, recordID int) error {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", strconv.Itoa(zoneID), "records", strconv.Itoa(recordID))
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Set("X-TCpanel-Token", c.token)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
diff --git a/providers/dns/neodigit/internal/client_test.go b/providers/dns/neodigit/internal/client_test.go
new file mode 100644
index 000000000..4e9cf3e85
--- /dev/null
+++ b/providers/dns/neodigit/internal/client_test.go
@@ -0,0 +1,174 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().WithJSONHeaders().
+ With("X-TCpanel-Token", "secret"))
+}
+
+func TestClient_GetZones(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.ResponseFromFixture("get_zones.json")).
+ Build(t)
+
+ zones, err := client.GetZones(t.Context())
+ require.NoError(t, err)
+
+ expected := []Zone{
+ {
+ ID: 6,
+ Name: "example.com",
+ HumanName: "example.com",
+ },
+ {
+ ID: 7,
+ Name: "example.org",
+ HumanName: "example.org",
+ },
+ }
+
+ assert.Equal(t, expected, zones)
+}
+
+func TestClient_GetZones_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.RawStringResponse(`{"error": "unauthorized"}`).
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ zones, err := client.GetZones(t.Context())
+ require.Error(t, err)
+
+ assert.Nil(t, zones)
+}
+
+func TestClient_GetRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones/6/records",
+ servermock.ResponseFromFixture("get_records.json")).
+ Build(t)
+
+ records, err := client.GetRecords(t.Context(), 6, "")
+ require.NoError(t, err)
+
+ expected := []Record{
+ {
+ ID: 98,
+ Name: "",
+ Type: "SOA",
+ Content: "ns1.example.org dns.example.org 2015092102 7200 7200 1209600 1800",
+ TTL: 7200,
+ },
+ {
+ ID: 99,
+ Name: "",
+ Type: "NS",
+ Content: "ns1.example.org",
+ TTL: 7200,
+ },
+ {
+ ID: 100,
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ },
+ }
+
+ assert.Equal(t, expected, records)
+}
+
+func TestClient_CreateRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/zones/6/records",
+ servermock.ResponseFromFixture("create_record.json").
+ WithStatusCode(http.StatusCreated),
+ servermock.CheckRequestJSONBodyFromFixture("create_record-request.json")).
+ Build(t)
+
+ record := Record{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ }
+
+ result, err := client.CreateRecord(t.Context(), 6, record)
+ require.NoError(t, err)
+
+ expected := &Record{
+ ID: 101,
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_CreateRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/zones/6/records",
+ servermock.RawStringResponse(`{"error": "bad request"}`).
+ WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ record := Record{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "test-value",
+ TTL: 120,
+ }
+
+ result, err := client.CreateRecord(t.Context(), 6, record)
+ require.Error(t, err)
+
+ assert.Nil(t, result)
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /dns/zones/6/records/101",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent)).
+ Build(t)
+
+ err := client.DeleteRecord(t.Context(), 6, 101)
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /dns/zones/6/records/999",
+ servermock.RawStringResponse(`{"error": "not found"}`).
+ WithStatusCode(http.StatusNotFound)).
+ Build(t)
+
+ err := client.DeleteRecord(t.Context(), 6, 999)
+ require.Error(t, err)
+}
diff --git a/providers/dns/neodigit/internal/fixtures/create_record-request.json b/providers/dns/neodigit/internal/fixtures/create_record-request.json
new file mode 100644
index 000000000..4cd339c98
--- /dev/null
+++ b/providers/dns/neodigit/internal/fixtures/create_record-request.json
@@ -0,0 +1,8 @@
+{
+ "record": {
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120
+ }
+}
diff --git a/providers/dns/neodigit/internal/fixtures/create_record.json b/providers/dns/neodigit/internal/fixtures/create_record.json
new file mode 100644
index 000000000..6f30010ac
--- /dev/null
+++ b/providers/dns/neodigit/internal/fixtures/create_record.json
@@ -0,0 +1,10 @@
+{
+ "id": 101,
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120,
+ "prio": null,
+ "created_at": "2015-09-21T14:40:27.127+02:00",
+ "updated_at": "2015-09-21T14:40:27.127+02:00"
+}
diff --git a/providers/dns/neodigit/internal/fixtures/get_records.json b/providers/dns/neodigit/internal/fixtures/get_records.json
new file mode 100644
index 000000000..00e09c37f
--- /dev/null
+++ b/providers/dns/neodigit/internal/fixtures/get_records.json
@@ -0,0 +1,26 @@
+[
+ {
+ "id": 98,
+ "name": "",
+ "type": "SOA",
+ "content": "ns1.example.org dns.example.org 2015092102 7200 7200 1209600 1800",
+ "ttl": 7200,
+ "prio": null
+ },
+ {
+ "id": 99,
+ "name": "",
+ "type": "NS",
+ "content": "ns1.example.org",
+ "ttl": 7200,
+ "prio": null
+ },
+ {
+ "id": 100,
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120,
+ "prio": null
+ }
+]
diff --git a/providers/dns/neodigit/internal/fixtures/get_zones.json b/providers/dns/neodigit/internal/fixtures/get_zones.json
new file mode 100644
index 000000000..01a08dced
--- /dev/null
+++ b/providers/dns/neodigit/internal/fixtures/get_zones.json
@@ -0,0 +1,16 @@
+[
+ {
+ "id": 6,
+ "name": "example.com",
+ "created_at": "2015-09-21T12:19:04.000+02:00",
+ "updated_at": "2015-09-21T12:19:04.000+02:00",
+ "human_name": "example.com"
+ },
+ {
+ "id": 7,
+ "name": "example.org",
+ "created_at": "2015-09-22T10:00:00.000+02:00",
+ "updated_at": "2015-09-22T10:00:00.000+02:00",
+ "human_name": "example.org"
+ }
+]
diff --git a/providers/dns/neodigit/internal/types.go b/providers/dns/neodigit/internal/types.go
new file mode 100644
index 000000000..505bfbced
--- /dev/null
+++ b/providers/dns/neodigit/internal/types.go
@@ -0,0 +1,23 @@
+package internal
+
+// Zone represents a DNS zone.
+type Zone struct {
+ ID int `json:"id"`
+ Name string `json:"name"`
+ HumanName string `json:"human_name"`
+}
+
+// Record represents a DNS record.
+type Record struct {
+ ID int `json:"id,omitempty"`
+ Name string `json:"name,omitempty"`
+ Type string `json:"type,omitempty"`
+ Content string `json:"content,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Priority int `json:"prio,omitempty"`
+}
+
+// RecordRequest is the request body for creating/updating a record.
+type RecordRequest struct {
+ Record Record `json:"record"`
+}
diff --git a/providers/dns/neodigit/neodigit.go b/providers/dns/neodigit/neodigit.go
new file mode 100644
index 000000000..08ff64e04
--- /dev/null
+++ b/providers/dns/neodigit/neodigit.go
@@ -0,0 +1,195 @@
+// Package neodigit implements a DNS provider for solving the DNS-01 challenge using Neodigit DNS.
+package neodigit
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/neodigit/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "NEODIGIT_"
+
+ EnvToken = envNamespace + "TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Token string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 5*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ zoneIDs map[string]int
+ recordIDs map[string]int
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Neodigit.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvToken)
+ if err != nil {
+ return nil, fmt.Errorf("neodigit: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.Token = values[EnvToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Neodigit.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("neodigit: the configuration of the DNS provider is nil")
+ }
+
+ if config.Token == "" {
+ return nil, errors.New("neodigit: missing credentials")
+ }
+
+ client, err := internal.NewClient(config.Token)
+ if err != nil {
+ return nil, fmt.Errorf("neodigit: create client: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ zoneIDs: make(map[string]int),
+ recordIDs: make(map[string]int),
+ }, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("neodigit: could not find zone for domain %q: %w", domain, err)
+ }
+
+ authZone = dns01.UnFqdn(authZone)
+
+ zone, err := d.findZone(ctx, authZone)
+ if err != nil {
+ return fmt.Errorf("neodigit: %w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("neodigit: %w", err)
+ }
+
+ record := internal.Record{
+ Name: subDomain,
+ Type: "TXT",
+ Content: info.Value,
+ TTL: d.config.TTL,
+ }
+
+ newRecord, err := d.client.CreateRecord(ctx, zone.ID, record)
+ if err != nil {
+ return fmt.Errorf("neodigit: create record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.zoneIDs[token] = zone.ID
+ d.recordIDs[token] = newRecord.ID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.recordIDsMu.Lock()
+ zoneID, zoneOK := d.zoneIDs[token]
+ recordID, recordOK := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !zoneOK || !recordOK {
+ return fmt.Errorf("neodigit: unknown record ID or zone ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ err := d.client.DeleteRecord(context.Background(), zoneID, recordID)
+ if err != nil {
+ return fmt.Errorf("neodigit: delete record: fqdn=%s, zoneID=%d, recordID=%d: %w",
+ info.EffectiveFQDN, zoneID, recordID, err)
+ }
+
+ d.recordIDsMu.Lock()
+ delete(d.zoneIDs, token)
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, zoneName string) (*internal.Zone, error) {
+ zones, err := d.client.GetZones(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("get zones: %w", err)
+ }
+
+ for _, zone := range zones {
+ if zone.Name == zoneName || zone.HumanName == zoneName {
+ return &zone, nil
+ }
+ }
+
+ return nil, fmt.Errorf("zone not found: %s", zoneName)
+}
diff --git a/providers/dns/neodigit/neodigit.toml b/providers/dns/neodigit/neodigit.toml
new file mode 100644
index 000000000..b391a6512
--- /dev/null
+++ b/providers/dns/neodigit/neodigit.toml
@@ -0,0 +1,22 @@
+Name = "Neodigit"
+Description = ''''''
+URL = "https://www.neodigit.net"
+Code = "neodigit"
+Since = "v4.30.0"
+
+Example = '''
+NEODIGIT_TOKEN=xxxxxx \
+lego --email you@example.com --dns neodigit -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ NEODIGIT_TOKEN = "API token"
+ [Configuration.Additional]
+ NEODIGIT_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
+ NEODIGIT_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 300)"
+ NEODIGIT_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ NEODIGIT_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://developers.neodigit.net/#dns"
diff --git a/providers/dns/neodigit/neodigit_test.go b/providers/dns/neodigit/neodigit_test.go
new file mode 100644
index 000000000..1f32d31a3
--- /dev/null
+++ b/providers/dns/neodigit/neodigit_test.go
@@ -0,0 +1,174 @@
+package neodigit
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvToken).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvToken: "secret",
+ },
+ },
+ {
+ desc: "missing credentials: token",
+ envVars: map[string]string{
+ EnvToken: "",
+ },
+ expected: "neodigit: some credentials information are missing: NEODIGIT_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ token string
+ expected string
+ }{
+ {
+ desc: "success",
+ token: "secret",
+ },
+ {
+ desc: "missing token",
+ expected: "neodigit: missing credentials",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.Token = test.token
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+
+ config.Token = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().WithJSONHeaders().
+ With("X-TCpanel-Token", "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.ResponseFromInternal("get_zones.json")).
+ Route("POST /dns/zones/6/records",
+ servermock.ResponseFromInternal("create_record.json").
+ WithStatusCode(http.StatusCreated),
+ servermock.CheckRequestJSONBodyFromInternal("create_record-request.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /dns/zones/456/records/123",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent)).
+ Build(t)
+
+ token := "abc"
+
+ provider.recordIDs[token] = 123
+ provider.zoneIDs[token] = 456
+
+ err := provider.CleanUp("example.com", token, "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/zz_gen_dns_providers.go b/providers/dns/zz_gen_dns_providers.go
index 9448e163f..5a068c3a5 100644
--- a/providers/dns/zz_gen_dns_providers.go
+++ b/providers/dns/zz_gen_dns_providers.go
@@ -116,6 +116,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/namedotcom"
"github.com/go-acme/lego/v4/providers/dns/namesilo"
"github.com/go-acme/lego/v4/providers/dns/nearlyfreespeech"
+ "github.com/go-acme/lego/v4/providers/dns/neodigit"
"github.com/go-acme/lego/v4/providers/dns/netcup"
"github.com/go-acme/lego/v4/providers/dns/netlify"
"github.com/go-acme/lego/v4/providers/dns/nicmanager"
@@ -403,6 +404,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return namesilo.NewDNSProvider()
case "nearlyfreespeech":
return nearlyfreespeech.NewDNSProvider()
+ case "neodigit":
+ return neodigit.NewDNSProvider()
case "netcup":
return netcup.NewDNSProvider()
case "netlify":