\
-lego --email you@example.com --dns bindman -d '*.example.com' -d example.com run
+lego --dns bindman -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/bindman/bindman_test.go b/providers/dns/bindman/bindman_test.go
index a0db025e7..978a1d006 100644
--- a/providers/dns/bindman/bindman_test.go
+++ b/providers/dns/bindman/bindman_test.go
@@ -1,14 +1,13 @@
-// Package bindman implements a DNS provider for solving the DNS-01 challenge.
package bindman
import (
- "errors"
"net/http"
+ "net/http/httptest"
"testing"
"time"
"github.com/go-acme/lego/v4/platform/tester"
- bindmanClient "github.com/labbsr0x/bindman-dns-webhook/src/client"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
"github.com/stretchr/testify/require"
)
@@ -47,6 +46,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -106,10 +106,24 @@ func TestNewDNSProviderConfig(t *testing.T) {
}
}
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.BaseURL = server.URL
+ config.HTTPClient = server.Client()
+
+ return NewDNSProviderConfig(config)
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With("User-Agent", "bindman-dns-webhook-client"))
+}
+
func TestDNSProvider_Present(t *testing.T) {
testCases := []struct {
name string
- client *bindmanClient.DNSWebhookClient
+ mock *servermock.Builder[*DNSProvider]
domain string
token string
keyAuth string
@@ -117,28 +131,31 @@ func TestDNSProvider_Present(t *testing.T) {
}{
{
name: "success when add record function return no error",
- client: &bindmanClient.DNSWebhookClient{
- ClientAPI: &MockHTTPClientAPI{Status: http.StatusNoContent},
- },
- domain: "hello.test.com",
+ mock: mockBuilder().
+ Route("POST /records",
+ servermock.Noop().WithStatusCode(http.StatusNoContent),
+ servermock.CheckRequestJSONBodyFromFixture("add_record-request.json"),
+ ),
+ domain: "example.com",
keyAuth: "szDTG4zmM0GsKG91QAGO2M4UYOJMwU8oFpWOP7eTjCw",
expectError: false,
},
{
name: "error when add record function return an error",
- client: &bindmanClient.DNSWebhookClient{
- ClientAPI: &MockHTTPClientAPI{Error: errors.New("error adding record")},
- },
- domain: "hello.test.com",
+ mock: mockBuilder().
+ Route("POST /records",
+ servermock.ResponseFromFixture("error.json"),
+ ),
+ domain: "example.com",
keyAuth: "szDTG4zmM0GsKG91QAGO2M4UYOJMwU8oFpWOP7eTjCw",
expectError: true,
},
}
for _, test := range testCases {
t.Run(test.name, func(t *testing.T) {
- d := &DNSProvider{client: test.client}
+ provider := test.mock.Build(t)
- err := d.Present(test.domain, test.token, test.keyAuth)
+ err := provider.Present(test.domain, test.token, test.keyAuth)
if test.expectError {
require.Error(t, err)
} else {
@@ -151,7 +168,7 @@ func TestDNSProvider_Present(t *testing.T) {
func TestDNSProvider_CleanUp(t *testing.T) {
testCases := []struct {
name string
- client *bindmanClient.DNSWebhookClient
+ mock *servermock.Builder[*DNSProvider]
domain string
token string
keyAuth string
@@ -159,30 +176,33 @@ func TestDNSProvider_CleanUp(t *testing.T) {
}{
{
name: "success when remove record function return no error",
- client: &bindmanClient.DNSWebhookClient{
- ClientAPI: &MockHTTPClientAPI{Status: http.StatusNoContent},
- },
- domain: "hello.test.com",
+ mock: mockBuilder().
+ Route("DELETE /records/_acme-challenge.example.com./TXT",
+ servermock.Noop().WithStatusCode(http.StatusNoContent),
+ ),
+ domain: "example.com",
keyAuth: "szDTG4zmM0GsKG91QAGO2M4UYOJMwU8oFpWOP7eTjCw",
expectError: false,
},
{
name: "error when remove record function return an error",
- client: &bindmanClient.DNSWebhookClient{
- ClientAPI: &MockHTTPClientAPI{Error: errors.New("error adding record")},
- },
- domain: "hello.test.com",
+ mock: mockBuilder().
+ Route("DELETE /records/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromFixture("error.json"),
+ ),
+ domain: "example.com",
keyAuth: "szDTG4zmM0GsKG91QAGO2M4UYOJMwU8oFpWOP7eTjCw",
expectError: true,
},
}
+
for _, test := range testCases {
t.Run(test.name, func(t *testing.T) {
- d := &DNSProvider{client: test.client}
+ provider := test.mock.Build(t)
- err := d.CleanUp(test.domain, test.token, test.keyAuth)
+ err := provider.CleanUp(test.domain, test.token, test.keyAuth)
if test.expectError {
- require.Error(t, err)
+ require.ErrorContains(t, err, "bindman: ERROR (400): bar; ")
} else {
require.NoError(t, err)
}
@@ -196,6 +216,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -209,6 +230,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -217,25 +239,3 @@ func TestLiveCleanUp(t *testing.T) {
err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
require.NoError(t, err)
}
-
-type MockHTTPClientAPI struct {
- Data []byte
- Status int
- Error error
-}
-
-func (m *MockHTTPClientAPI) Put(url string, data []byte) (*http.Response, []byte, error) {
- return &http.Response{StatusCode: m.Status}, m.Data, m.Error
-}
-
-func (m *MockHTTPClientAPI) Post(url string, data []byte) (*http.Response, []byte, error) {
- return &http.Response{StatusCode: m.Status}, m.Data, m.Error
-}
-
-func (m *MockHTTPClientAPI) Get(url string) (*http.Response, []byte, error) {
- return &http.Response{StatusCode: m.Status}, m.Data, m.Error
-}
-
-func (m *MockHTTPClientAPI) Delete(url string) (*http.Response, []byte, error) {
- return &http.Response{StatusCode: m.Status}, m.Data, m.Error
-}
diff --git a/providers/dns/bindman/fixtures/add_record-request.json b/providers/dns/bindman/fixtures/add_record-request.json
new file mode 100644
index 000000000..9585565b8
--- /dev/null
+++ b/providers/dns/bindman/fixtures/add_record-request.json
@@ -0,0 +1,5 @@
+{
+ "name": "_acme-challenge.example.com.",
+ "value": "_EYMkjukXEMcXbnvpT6WLESzfYhxH190NKTBo3cpu-E",
+ "type": "TXT"
+}
diff --git a/providers/dns/bindman/fixtures/error.json b/providers/dns/bindman/fixtures/error.json
new file mode 100644
index 000000000..c8a014510
--- /dev/null
+++ b/providers/dns/bindman/fixtures/error.json
@@ -0,0 +1,5 @@
+{
+ "message": "bar",
+ "code": 400,
+ "details": ["foo"]
+}
diff --git a/providers/dns/bluecat/bluecat.go b/providers/dns/bluecat/bluecat.go
index 8ba026f49..b26fab8be 100644
--- a/providers/dns/bluecat/bluecat.go
+++ b/providers/dns/bluecat/bluecat.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/bluecat/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -110,6 +111,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/bluecat/bluecat.toml b/providers/dns/bluecat/bluecat.toml
index a01a5918d..15df6ed34 100644
--- a/providers/dns/bluecat/bluecat.toml
+++ b/providers/dns/bluecat/bluecat.toml
@@ -11,7 +11,7 @@ BLUECAT_USER_NAME=myusername \
BLUECAT_CONFIG_NAME=myconfig \
BLUECAT_SERVER_URL=https://bam.example.com \
BLUECAT_TTL=30 \
-lego --email you@example.com --dns bluecat -d '*.example.com' -d example.com run
+lego --dns bluecat -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/bluecat/bluecat_test.go b/providers/dns/bluecat/bluecat_test.go
index 5a3670e3a..38b110470 100644
--- a/providers/dns/bluecat/bluecat_test.go
+++ b/providers/dns/bluecat/bluecat_test.go
@@ -105,6 +105,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -219,6 +220,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -232,6 +234,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/bluecat/internal/client.go b/providers/dns/bluecat/internal/client.go
index de31579ea..d517ea857 100644
--- a/providers/dns/bluecat/internal/client.go
+++ b/providers/dns/bluecat/internal/client.go
@@ -106,6 +106,7 @@ func (c *Client) AddEntity(ctx context.Context, parentID uint, entity Entity) (u
// addEntity responds only with body text containing the ID of the created record
addTxtResp := string(raw)
+
id, err := strconv.ParseUint(addTxtResp, 10, 64)
if err != nil {
return 0, fmt.Errorf("addEntity request failed: %s", addTxtResp)
@@ -147,6 +148,7 @@ func (c *Client) GetEntityByName(ctx context.Context, parentID uint, name, objTy
}
var entity EntityResponse
+
err = json.Unmarshal(raw, &entity)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/bluecat/internal/client_test.go b/providers/dns/bluecat/internal/client_test.go
index 9d79f46b3..d4776b8a1 100644
--- a/providers/dns/bluecat/internal/client_test.go
+++ b/providers/dns/bluecat/internal/client_test.go
@@ -31,6 +31,7 @@ func TestClient_LookupParentZoneID(t *testing.T) {
Type: ZoneType,
Properties: "test",
})
+
return
}
diff --git a/providers/dns/bluecatv2/bluecatv2.go b/providers/dns/bluecatv2/bluecatv2.go
new file mode 100644
index 000000000..0efe99661
--- /dev/null
+++ b/providers/dns/bluecatv2/bluecatv2.go
@@ -0,0 +1,249 @@
+// Package bluecatv2 implements a DNS provider for solving the DNS-01 challenge using Bluecat v2.
+package bluecatv2
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/bluecatv2/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "BLUECATV2_"
+
+ EnvServerURL = envNamespace + "SERVER_URL"
+ EnvUsername = envNamespace + "USERNAME"
+ EnvPassword = envNamespace + "PASSWORD"
+ EnvConfigName = envNamespace + "CONFIG_NAME"
+ EnvViewName = envNamespace + "VIEW_NAME"
+ EnvSkipDeploy = envNamespace + "SKIP_DEPLOY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ ServerURL string
+ Username string
+ Password string
+ ConfigName string
+ ViewName string
+ SkipDeploy bool
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ SkipDeploy: env.GetOrDefaultBool(EnvSkipDeploy, false),
+
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ zoneIDs map[string]int64
+ recordIDs map[string]int64
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Bluecat v2.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvServerURL, EnvUsername, EnvPassword, EnvConfigName, EnvViewName)
+ if err != nil {
+ return nil, fmt.Errorf("bluecatv2: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.ServerURL = values[EnvServerURL]
+ config.Username = values[EnvUsername]
+ config.Password = values[EnvPassword]
+ config.ConfigName = values[EnvConfigName]
+ config.ViewName = values[EnvViewName]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Bluecat v2.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("bluecatv2: the configuration of the DNS provider is nil")
+ }
+
+ if config.ServerURL == "" {
+ return nil, errors.New("bluecatv2: missing server URL")
+ }
+
+ if config.ConfigName == "" {
+ return nil, errors.New("bluecatv2: missing configuration name")
+ }
+
+ if config.ViewName == "" {
+ return nil, errors.New("bluecatv2: missing view name")
+ }
+
+ client, err := internal.NewClient(config.ServerURL, config.Username, config.Password)
+ if err != nil {
+ return nil, fmt.Errorf("bluecatv2: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]int64),
+ zoneIDs: make(map[string]int64),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx, err := d.client.CreateAuthenticatedContext(context.Background())
+ if err != nil {
+ return fmt.Errorf("bluecatv2: %w", err)
+ }
+
+ zone, err := d.findZone(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("bluecatv2: %w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone.AbsoluteName)
+ if err != nil {
+ return fmt.Errorf("bluecatv2: %w", err)
+ }
+
+ record := internal.RecordTXT{
+ CommonResource: internal.CommonResource{
+ Type: "TXTRecord",
+ Name: subDomain,
+ },
+ Text: info.Value,
+ TTL: d.config.TTL,
+ RecordType: "TXT",
+ }
+
+ newRecord, err := d.client.CreateZoneResourceRecord(ctx, zone.ID, record)
+ if err != nil {
+ return fmt.Errorf("bluecatv2: create resource record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.zoneIDs[token] = zone.ID
+ d.recordIDs[token] = newRecord.ID
+ d.recordIDsMu.Unlock()
+
+ if d.config.SkipDeploy {
+ return nil
+ }
+
+ _, err = d.client.CreateZoneDeployment(ctx, zone.ID)
+ if err != nil {
+ return fmt.Errorf("bluecat: deploy zone: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.recordIDsMu.Lock()
+ recordID, recordOK := d.recordIDs[token]
+ zoneID, zoneOK := d.zoneIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !recordOK {
+ return fmt.Errorf("bluecatv2: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ if !zoneOK {
+ return fmt.Errorf("bluecatv2: unknown zone ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ ctx, err := d.client.CreateAuthenticatedContext(context.Background())
+ if err != nil {
+ return fmt.Errorf("bluecatv2: %w", err)
+ }
+
+ err = d.client.DeleteResourceRecord(ctx, recordID)
+ if err != nil {
+ return fmt.Errorf("bluecatv2: delete resource record: %w", err)
+ }
+
+ if d.config.SkipDeploy {
+ return nil
+ }
+
+ _, err = d.client.CreateZoneDeployment(ctx, zoneID)
+ if err != nil {
+ return fmt.Errorf("bluecat: deploy zone: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, fqdn string) (*internal.ZoneResource, error) {
+ for name := range dns01.UnFqdnDomainsSeq(fqdn) {
+ opts := &internal.CollectionOptions{
+ Fields: "id,absoluteName,configuration.id,configuration.name,view.id,view.name",
+ Filter: internal.And(
+ internal.Eq("absoluteName", name),
+ internal.Eq("configuration.name", d.config.ConfigName),
+ internal.Eq("view.name", d.config.ViewName),
+ ).String(),
+ }
+
+ zones, err := d.client.RetrieveZones(ctx, opts)
+ if err != nil {
+ // TODO(ldez) maybe add a log in v5.
+ continue
+ }
+
+ for _, zone := range zones {
+ if zone.AbsoluteName == name {
+ return &zone, nil
+ }
+ }
+ }
+
+ return nil, fmt.Errorf("no zone found for fqdn: %s", fqdn)
+}
diff --git a/providers/dns/bluecatv2/bluecatv2.toml b/providers/dns/bluecatv2/bluecatv2.toml
new file mode 100644
index 000000000..6ec3781c6
--- /dev/null
+++ b/providers/dns/bluecatv2/bluecatv2.toml
@@ -0,0 +1,33 @@
+Name = "Bluecat v2"
+Description = ''''''
+URL = "https://www.bluecatnetworks.com"
+Code = "bluecatv2"
+Since = "v4.32.0"
+
+Example = '''
+BLUECATV2_SERVER_URL="https://example.com" \
+BLUECATV2_USERNAME="xxx" \
+BLUECATV2_PASSWORD="yyy" \
+BLUECATV2_CONFIG_NAME="myConfiguration" \
+BLUECATV2_VIEW_NAME="myView" \
+lego --dns bluecatv2 -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ BLUECAT_SERVER_URL = "The server URL: it should have a scheme, hostname, and port (if required) of the authoritative Bluecat BAM serve"
+ BLUECATV2_USERNAME = "API username"
+ BLUECATV2_PASSWORD = "API password"
+ BLUECATV2_CONFIG_NAME = "Configuration name"
+ BLUECATV2_VIEW_NAME = "DNS View Name"
+ [Configuration.Additional]
+ BLUECATV2_SKIP_DEPLOY = "Skip quick deployements"
+ BLUECATV2_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ BLUECATV2_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ BLUECATV2_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ BLUECATV2_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Introduction/9.6.0"
+ Swagger = "http://{Address_Manager_IP}/api/openapi.json"
+ SwaggerDump = "https://github.com/go-acme/lego/discussions/2218#discussioncomment-13060545"
diff --git a/providers/dns/bluecatv2/bluecatv2_test.go b/providers/dns/bluecatv2/bluecatv2_test.go
new file mode 100644
index 000000000..d852f0e18
--- /dev/null
+++ b/providers/dns/bluecatv2/bluecatv2_test.go
@@ -0,0 +1,414 @@
+package bluecatv2
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "strings"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/go-acme/lego/v4/providers/dns/bluecatv2/internal"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvServerURL,
+ EnvUsername,
+ EnvPassword,
+ EnvConfigName,
+ EnvViewName,
+ EnvSkipDeploy,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com/",
+ EnvUsername: "userA",
+ EnvPassword: "secret",
+ EnvConfigName: "myConfig",
+ EnvViewName: "myView",
+ },
+ },
+ {
+ desc: "missing server URL",
+ envVars: map[string]string{
+ EnvServerURL: "",
+ EnvUsername: "userA",
+ EnvPassword: "secret",
+ EnvConfigName: "myConfig",
+ EnvViewName: "myView",
+ },
+ expected: "bluecatv2: some credentials information are missing: BLUECATV2_SERVER_URL",
+ },
+ {
+ desc: "missing username",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com/",
+ EnvUsername: "",
+ EnvPassword: "secret",
+ EnvConfigName: "myConfig",
+ EnvViewName: "myView",
+ },
+ expected: "bluecatv2: some credentials information are missing: BLUECATV2_USERNAME",
+ },
+ {
+ desc: "missing password",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com/",
+ EnvUsername: "userA",
+ EnvPassword: "",
+ EnvConfigName: "myConfig",
+ EnvViewName: "myView",
+ },
+ expected: "bluecatv2: some credentials information are missing: BLUECATV2_PASSWORD",
+ },
+ {
+ desc: "missing configuration name",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com/",
+ EnvUsername: "userA",
+ EnvPassword: "secret",
+ EnvConfigName: "",
+ EnvViewName: "myView",
+ },
+ expected: "bluecatv2: some credentials information are missing: BLUECATV2_CONFIG_NAME",
+ },
+ {
+ desc: "missing view name",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com/",
+ EnvUsername: "userA",
+ EnvPassword: "secret",
+ EnvConfigName: "myConfig",
+ EnvViewName: "",
+ },
+ expected: "bluecatv2: some credentials information are missing: BLUECATV2_VIEW_NAME",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "bluecatv2: some credentials information are missing: BLUECATV2_SERVER_URL,BLUECATV2_USERNAME,BLUECATV2_PASSWORD,BLUECATV2_CONFIG_NAME,BLUECATV2_VIEW_NAME",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ serverURL string
+ username string
+ password string
+ configName string
+ viewName string
+ expected string
+ }{
+ {
+ desc: "success",
+ serverURL: "https://example.com/",
+ username: "userA",
+ password: "secret",
+ configName: "myConfig",
+ viewName: "myView",
+ },
+ {
+ desc: "missing server URL",
+ username: "userA",
+ password: "secret",
+ configName: "myConfig",
+ viewName: "myView",
+ expected: "bluecatv2: missing server URL",
+ },
+ {
+ desc: "missing username",
+ serverURL: "https://example.com/",
+ password: "secret",
+ configName: "myConfig",
+ viewName: "myView",
+ expected: "bluecatv2: credentials missing",
+ },
+ {
+ desc: "missing password",
+ serverURL: "https://example.com/",
+ username: "userA",
+ configName: "myConfig",
+ viewName: "myView",
+ expected: "bluecatv2: credentials missing",
+ },
+ {
+ desc: "missing configuration name",
+ serverURL: "https://example.com/",
+ username: "userA",
+ password: "secret",
+ viewName: "myView",
+ expected: "bluecatv2: missing configuration name",
+ },
+ {
+ desc: "missing view name",
+ serverURL: "https://example.com/",
+ username: "userA",
+ password: "secret",
+ configName: "myConfig",
+ expected: "bluecatv2: missing view name",
+ },
+ {
+ desc: "missing credentials",
+ expected: "bluecatv2: missing server URL",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.ServerURL = test.serverURL
+ config.Username = test.username
+ config.Password = test.password
+ config.ConfigName = test.configName
+ config.ViewName = test.viewName
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+
+ config.ServerURL = server.URL
+ config.Username = "userA"
+ config.Password = "secret"
+ config.ConfigName = "myConfiguration"
+ config.ViewName = "myView"
+
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /api/v2/sessions",
+ servermock.ResponseFromInternal("postSession.json"),
+ servermock.CheckRequestJSONBodyFromInternal("postSession-request.json"),
+ ).
+ Route("GET /api/v2/configurations",
+ servermock.ResponseFromInternal("configurations.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("filter", "name:eq('myConfiguration')"),
+ ).
+ Route("GET /api/v2/configurations/12345/views",
+ servermock.ResponseFromInternal("views.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("filter", "name:eq('myView')"),
+ ).
+ Route("GET /api/v2/zones",
+ http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+ filter := req.URL.Query().Get("filter")
+
+ if strings.Contains(filter, internal.Eq("absoluteName", "example.com").String()) {
+ servermock.ResponseFromInternal("zones.json").ServeHTTP(rw, req)
+
+ return
+ }
+
+ servermock.ResponseFromInternal("error.json").
+ WithStatusCode(http.StatusNotFound).ServeHTTP(rw, req)
+ }),
+ ).
+ Route("POST /api/v2/zones/12345/resourceRecords",
+ servermock.ResponseFromInternal("postZoneResourceRecord.json"),
+ servermock.CheckRequestJSONBodyFromInternal("postZoneResourceRecord-request.json"),
+ ).
+ Route("POST /api/v2/zones/12345/deployments",
+ servermock.ResponseFromInternal("postZoneDeployment.json").
+ WithStatusCode(http.StatusCreated),
+ servermock.CheckRequestJSONBodyFromInternal("postZoneDeployment-request.json"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_Present_skipDeploy(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(map[string]string{
+ EnvSkipDeploy: "true",
+ })
+
+ provider := mockBuilder().
+ Route("POST /api/v2/sessions",
+ servermock.ResponseFromInternal("postSession.json"),
+ servermock.CheckRequestJSONBodyFromInternal("postSession-request.json"),
+ ).
+ Route("GET /api/v2/configurations",
+ servermock.ResponseFromInternal("configurations.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("filter", "name:eq('myConfiguration')"),
+ ).
+ Route("GET /api/v2/configurations/12345/views",
+ servermock.ResponseFromInternal("views.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("filter", "name:eq('myView')"),
+ ).
+ Route("GET /api/v2/zones",
+ http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+ filter := req.URL.Query().Get("filter")
+
+ if strings.Contains(filter, internal.Eq("absoluteName", "example.com").String()) {
+ servermock.ResponseFromInternal("zones.json").ServeHTTP(rw, req)
+
+ return
+ }
+
+ servermock.ResponseFromInternal("error.json").
+ WithStatusCode(http.StatusNotFound).ServeHTTP(rw, req)
+ }),
+ ).
+ Route("POST /api/v2/zones/12345/resourceRecords",
+ servermock.ResponseFromInternal("postZoneResourceRecord.json"),
+ servermock.CheckRequestJSONBodyFromInternal("postZoneResourceRecord-request.json"),
+ ).
+ Route("POST /api/v2/zones/456789/deployments",
+ servermock.Noop().
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /api/v2/sessions",
+ servermock.ResponseFromInternal("postSession.json"),
+ servermock.CheckRequestJSONBodyFromInternal("postSession-request.json"),
+ ).
+ Route("DELETE /api/v2/resourceRecords/12345",
+ servermock.ResponseFromInternal("deleteResourceRecord.json"),
+ ).
+ Route("POST /api/v2/zones/456789/deployments",
+ servermock.ResponseFromInternal("postZoneDeployment.json").
+ WithStatusCode(http.StatusCreated),
+ servermock.CheckRequestJSONBodyFromInternal("postZoneDeployment-request.json"),
+ ).
+ Build(t)
+
+ provider.zoneIDs["abc"] = 456789
+ provider.recordIDs["abc"] = 12345
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp_skipDeploy(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(map[string]string{
+ EnvSkipDeploy: "true",
+ })
+
+ provider := mockBuilder().
+ Route("POST /api/v2/sessions",
+ servermock.ResponseFromInternal("postSession.json"),
+ servermock.CheckRequestJSONBodyFromInternal("postSession-request.json"),
+ ).
+ Route("DELETE /api/v2/resourceRecords/12345",
+ servermock.ResponseFromInternal("deleteResourceRecord.json"),
+ ).
+ Route("POST /api/v2/zones/456789/deployments",
+ servermock.Noop().
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ provider.zoneIDs["abc"] = 456789
+ provider.recordIDs["abc"] = 12345
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/bluecatv2/internal/client.go b/providers/dns/bluecatv2/internal/client.go
new file mode 100644
index 000000000..d3c801154
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/client.go
@@ -0,0 +1,221 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ querystring "github.com/google/go-querystring/query"
+)
+
+// Client the Bluecat v2 API client.
+type Client struct {
+ username string
+ password string
+
+ baseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(serverURL, username, password string) (*Client, error) {
+ if serverURL == "" {
+ return nil, errors.New("server URL missing")
+ }
+
+ if username == "" || password == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, err := url.Parse(serverURL)
+ if err != nil {
+ return nil, err
+ }
+
+ return &Client{
+ username: username,
+ password: password,
+ baseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+// RetrieveZones retrieves all zones.
+func (c *Client) RetrieveZones(ctx context.Context, opts *CollectionOptions) ([]ZoneResource, error) {
+ endpoint := c.baseURL.JoinPath("api", "v2", "zones")
+
+ collection, err := retrieveCollection[ZoneResource](ctx, c, endpoint, opts)
+ if err != nil {
+ return nil, err
+ }
+
+ return collection.Data, nil
+}
+
+// RetrieveZoneDeployments retrieves all deployments for a zone.
+func (c *Client) RetrieveZoneDeployments(ctx context.Context, zoneID int64, opts *CollectionOptions) ([]QuickDeployment, error) {
+ endpoint := c.baseURL.JoinPath("api", "v2", "zones", strconv.FormatInt(zoneID, 10), "deployments")
+
+ collection, err := retrieveCollection[QuickDeployment](ctx, c, endpoint, opts)
+ if err != nil {
+ return nil, err
+ }
+
+ return collection.Data, nil
+}
+
+// CreateZoneDeployment creates a new deployment for a zone.
+func (c *Client) CreateZoneDeployment(ctx context.Context, zoneID int64) (*QuickDeployment, error) {
+ endpoint := c.baseURL.JoinPath("api", "v2", "zones", strconv.FormatInt(zoneID, 10), "deployments")
+
+ payload := CommonResource{
+ Type: "QuickDeployment",
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, payload)
+ if err != nil {
+ return nil, err
+ }
+
+ result := new(QuickDeployment)
+
+ err = c.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// CreateZoneResourceRecord creates a new TXT record in a zone.
+func (c *Client) CreateZoneResourceRecord(ctx context.Context, zoneID int64, record RecordTXT) (*RecordTXT, error) {
+ endpoint := c.baseURL.JoinPath("api", "v2", "zones", strconv.FormatInt(zoneID, 10), "resourceRecords")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, record)
+ if err != nil {
+ return nil, err
+ }
+
+ result := new(RecordTXT)
+
+ err = c.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// DeleteResourceRecord deletes a resource record.
+func (c *Client) DeleteResourceRecord(ctx context.Context, recordID int64) error {
+ endpoint := c.baseURL.JoinPath("api", "v2", "resourceRecords", strconv.FormatInt(recordID, 10))
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ return c.doAuthenticated(ctx, req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func retrieveCollection[T any](ctx context.Context, client *Client, endpoint *url.URL, opts *CollectionOptions) (*Collection[T], error) {
+ if opts != nil {
+ values, err := querystring.Values(opts)
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint.RawQuery = values.Encode()
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &Collection[T]{}
+
+ err = client.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/bluecatv2/internal/client_test.go b/providers/dns/bluecatv2/internal/client_test.go
new file mode 100644
index 000000000..2559af66e
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/client_test.go
@@ -0,0 +1,208 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilderAuthenticated() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL, "userA", "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.baseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ servermock.CheckHeader().
+ WithAuthorization("Basic secretToken"),
+ )
+}
+
+func TestClient_RetrieveZones(t *testing.T) {
+ client := mockBuilderAuthenticated().
+ Route("GET /api/v2/zones",
+ servermock.ResponseFromFixture("zones.json"),
+ servermock.CheckQueryParameter().Strict().
+ With(
+ "filter",
+ "absoluteName:eq('example.com') and configuration.name:eq('myConfiguration') and view.name:eq('myView')",
+ ),
+ ).
+ Build(t)
+
+ opts := &CollectionOptions{
+ Filter: And(
+ Eq("absoluteName", "example.com"),
+ Eq("configuration.name", "myConfiguration"),
+ Eq("view.name", "myView"),
+ ).String(),
+ }
+
+ result, err := client.RetrieveZones(mockToken(t.Context()), opts)
+ require.NoError(t, err)
+
+ expected := []ZoneResource{
+ {
+ CommonResource: CommonResource{ID: 12345, Type: "ENUMZone", Name: "5678"},
+ AbsoluteName: "string",
+ },
+ {
+ CommonResource: CommonResource{ID: 12345, Type: "ExternalHostsZone", Name: "name"},
+ },
+ {
+ CommonResource: CommonResource{ID: 12345, Type: "InternalRootZone", Name: "name"},
+ },
+ {
+ CommonResource: CommonResource{ID: 12345, Type: "ResponsePolicyZone", Name: "name"},
+ },
+ {
+ CommonResource: CommonResource{ID: 12345, Type: "Zone", Name: "example.com"},
+ AbsoluteName: "example.com",
+ },
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_RetrieveZones_error(t *testing.T) {
+ client := mockBuilderAuthenticated().
+ Route("GET /api/v2/zones",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ opts := &CollectionOptions{
+ Filter: And(
+ Eq("absoluteName", "example.com"),
+ Eq("configuration.name", "myConfiguration"),
+ Eq("view.name", "myView"),
+ ).String(),
+ }
+
+ _, err := client.RetrieveZones(mockToken(t.Context()), opts)
+ require.EqualError(t, err, "401: Unauthorized: InvalidAuthorizationToken: The provided authorization token is invalid")
+}
+
+func TestClient_RetrieveZoneDeployments(t *testing.T) {
+ client := mockBuilderAuthenticated().
+ Route("GET /api/v2/zones/456789/deployments",
+ servermock.ResponseFromFixture("getZoneDeployments.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("filter", "id:eq('12345')"),
+ ).
+ Build(t)
+
+ opts := &CollectionOptions{
+ Filter: Eq("id", "12345").String(),
+ }
+
+ result, err := client.RetrieveZoneDeployments(mockToken(t.Context()), 456789, opts)
+ require.NoError(t, err)
+
+ expected := []QuickDeployment{
+ {
+ CommonResource: CommonResource{ID: 12345, Type: "QuickDeployment", Name: ""},
+ State: "PENDING",
+ Status: "CANCEL",
+ Message: "string",
+ PercentComplete: 50,
+ CreationDateTime: time.Date(2022, time.November, 23, 2, 53, 0, 0, time.UTC),
+ StartDateTime: time.Date(2022, time.November, 23, 2, 53, 3, 0, time.UTC),
+ CompletionDateTime: time.Date(2022, time.November, 23, 2, 54, 5, 0, time.UTC),
+ Method: "SCHEDULED",
+ },
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_CreateZoneDeployment(t *testing.T) {
+ client := mockBuilderAuthenticated().
+ Route("POST /api/v2/zones/12345/deployments",
+ servermock.ResponseFromFixture("postZoneDeployment.json").
+ WithStatusCode(http.StatusCreated),
+ servermock.CheckRequestJSONBodyFromFixture("postZoneDeployment-request.json"),
+ ).
+ Build(t)
+
+ quickDeployment, err := client.CreateZoneDeployment(mockToken(t.Context()), 12345)
+ require.NoError(t, err)
+
+ expected := &QuickDeployment{
+ CommonResource: CommonResource{ID: 12345, Type: "QuickDeployment"},
+ State: "PENDING",
+ Status: "CANCEL",
+ Message: "string",
+ PercentComplete: 50,
+ CreationDateTime: time.Date(2022, time.November, 23, 2, 53, 0, 0, time.UTC),
+ StartDateTime: time.Date(2022, time.November, 23, 2, 53, 3, 0, time.UTC),
+ CompletionDateTime: time.Date(2022, time.November, 23, 2, 54, 5, 0, time.UTC),
+ Method: "SCHEDULED",
+ }
+
+ assert.Equal(t, expected, quickDeployment)
+}
+
+func TestClient_CreateZoneResourceRecord(t *testing.T) {
+ client := mockBuilderAuthenticated().
+ Route("POST /api/v2/zones/12345/resourceRecords",
+ servermock.ResponseFromFixture("postZoneResourceRecord.json"),
+ servermock.CheckRequestJSONBodyFromFixture("postZoneResourceRecord-request.json"),
+ ).
+ Build(t)
+
+ record := RecordTXT{
+ CommonResource: CommonResource{
+ Type: "TXTRecord",
+ Name: "_acme-challenge",
+ },
+ Text: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ RecordType: "TXT",
+ }
+
+ result, err := client.CreateZoneResourceRecord(mockToken(t.Context()), 12345, record)
+ require.NoError(t, err)
+
+ expected := &RecordTXT{
+ CommonResource: CommonResource{
+ ID: 12345,
+ Type: "ResourceRecord",
+ Name: "name",
+ },
+ TTL: 3600,
+ AbsoluteName: "host1.example.com",
+ Comment: "Sample comment.",
+ Dynamic: true,
+ RecordType: "CNAME",
+ Text: "",
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_DeleteResourceRecord(t *testing.T) {
+ client := mockBuilderAuthenticated().
+ Route("DELETE /api/v2/resourceRecords/12345",
+ servermock.ResponseFromFixture("deleteResourceRecord.json"),
+ ).
+ Build(t)
+
+ err := client.DeleteResourceRecord(mockToken(t.Context()), 12345)
+ require.NoError(t, err)
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/deleteResourceRecord.json b/providers/dns/bluecatv2/internal/fixtures/deleteResourceRecord.json
new file mode 100644
index 000000000..38ae2db6e
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/deleteResourceRecord.json
@@ -0,0 +1,75 @@
+{
+ "id": 12345,
+ "type": "WorkflowRequest",
+ "state": "APPROVED",
+ "operation": "ADD_ALIAS_RECORD",
+ "creator": {
+ "id": 103307,
+ "type": "User",
+ "name": "admin",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "authenticator": {
+ "id": 12345,
+ "type": "Authenticator",
+ "name": "LDAP authenticator"
+ },
+ "email": "user@example.com",
+ "phoneNumber": "555-1234",
+ "securityPrivilege": "NO_ACCESS",
+ "historyPrivilege": "HIDE",
+ "accessType": "GUI",
+ "passwordResetRequired": true,
+ "accountLocked": true,
+ "x509Required": true,
+ "administrativeAccessRights": [
+ {
+ "resourceType": "Event",
+ "accessLevel": "HIDE"
+ }
+ ]
+ },
+ "resourceId": 0,
+ "resourceType": "ACL",
+ "fieldUpdates": [
+ {
+ "name": "string",
+ "value": {},
+ "previousValue": {}
+ }
+ ],
+ "dependentRequest": "string",
+ "modifier": {
+ "id": 103307,
+ "type": "User",
+ "name": "admin",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "authenticator": {
+ "id": 12345,
+ "type": "Authenticator",
+ "name": "LDAP authenticator"
+ },
+ "email": "user@example.com",
+ "phoneNumber": "555-1234",
+ "securityPrivilege": "NO_ACCESS",
+ "historyPrivilege": "HIDE",
+ "accessType": "GUI",
+ "passwordResetRequired": true,
+ "accountLocked": true,
+ "x509Required": true,
+ "administrativeAccessRights": [
+ {
+ "resourceType": "Event",
+ "accessLevel": "HIDE"
+ }
+ ]
+ },
+ "creationDateTime": "2022-10-17T19:11:45Z",
+ "modificationDateTime": "2022-10-18T19:11:45Z",
+ "comment": "Sample comment."
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/error.json b/providers/dns/bluecatv2/internal/fixtures/error.json
new file mode 100644
index 000000000..d3d2b8b5f
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/error.json
@@ -0,0 +1,6 @@
+{
+ "status": 401,
+ "reason": "Unauthorized",
+ "code": "InvalidAuthorizationToken",
+ "message": "The provided authorization token is invalid"
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/getZoneDeployments.json b/providers/dns/bluecatv2/internal/fixtures/getZoneDeployments.json
new file mode 100644
index 000000000..b1a4938ad
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/getZoneDeployments.json
@@ -0,0 +1,46 @@
+{
+ "count": 0,
+ "totalCount": 0,
+ "data": [
+ {
+ "id": 12345,
+ "type": "QuickDeployment",
+ "state": "PENDING",
+ "status": "CANCEL",
+ "message": "string",
+ "percentComplete": 50,
+ "creationDateTime": "2022-11-23T02:53:00Z",
+ "startDateTime": "2022-11-23T02:53:03Z",
+ "completionDateTime": "2022-11-23T02:54:05Z",
+ "user": {
+ "id": 103307,
+ "type": "User",
+ "name": "admin",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "authenticator": {
+ "id": 12345,
+ "type": "Authenticator",
+ "name": "LDAP authenticator"
+ },
+ "email": "user@example.com",
+ "phoneNumber": "555-1234",
+ "securityPrivilege": "NO_ACCESS",
+ "historyPrivilege": "HIDE",
+ "accessType": "GUI",
+ "passwordResetRequired": true,
+ "accountLocked": true,
+ "x509Required": true,
+ "administrativeAccessRights": [
+ {
+ "resourceType": "Event",
+ "accessLevel": "HIDE"
+ }
+ ]
+ },
+ "method": "SCHEDULED"
+ }
+ ]
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/postSession-request.json b/providers/dns/bluecatv2/internal/fixtures/postSession-request.json
new file mode 100644
index 000000000..e62048eb9
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/postSession-request.json
@@ -0,0 +1,4 @@
+{
+ "username": "userA",
+ "password": "secret"
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/postSession.json b/providers/dns/bluecatv2/internal/fixtures/postSession.json
new file mode 100644
index 000000000..4599ad0ad
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/postSession.json
@@ -0,0 +1,50 @@
+{
+ "id": 12345,
+ "type": "UserSession",
+ "apiToken": "VZoO2Z0BjBaJyvuhE4vNJRWqI9upwDHk70UNi0Ez",
+ "apiTokenExpirationDateTime": "2022-09-15T17:52:07Z",
+ "basicAuthenticationCredentials": "YXBpOlQ0OExOT3VIRGhDcnVBNEo1bGFES3JuS3hTZC9QK3pjczZXTzBJMDY=",
+ "remoteAddress": "192.168.1.1",
+ "readOnly": true,
+ "loginDateTime": "2022-09-14T17:45:03Z",
+ "logoutDateTime": "2022-09-14T19:45:03Z",
+ "state": "LOGGED_IN",
+ "response": "Authentication Error: Ensure that your username and password are correct.",
+ "user": {
+ "id": 103307,
+ "type": "User",
+ "name": "admin",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "authenticator": {
+ "id": 12345,
+ "type": "Authenticator",
+ "name": "LDAP authenticator"
+ },
+ "email": "user@example.com",
+ "phoneNumber": "555-1234",
+ "securityPrivilege": "NO_ACCESS",
+ "historyPrivilege": "HIDE",
+ "accessType": "GUI",
+ "passwordResetRequired": true,
+ "accountLocked": true,
+ "x509Required": true,
+ "administrativeAccessRights": [
+ {
+ "resourceType": "Event",
+ "accessLevel": "HIDE"
+ }
+ ]
+ },
+ "authenticator": {
+ "id": 12345,
+ "type": "Authenticator",
+ "name": "LDAP authenticator",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ }
+ }
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/postZoneDeployment-request.json b/providers/dns/bluecatv2/internal/fixtures/postZoneDeployment-request.json
new file mode 100644
index 000000000..099573a84
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/postZoneDeployment-request.json
@@ -0,0 +1,3 @@
+{
+ "type": "QuickDeployment"
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/postZoneDeployment.json b/providers/dns/bluecatv2/internal/fixtures/postZoneDeployment.json
new file mode 100644
index 000000000..fd26781fb
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/postZoneDeployment.json
@@ -0,0 +1,40 @@
+{
+ "id": 12345,
+ "type": "QuickDeployment",
+ "state": "PENDING",
+ "status": "CANCEL",
+ "message": "string",
+ "percentComplete": 50,
+ "creationDateTime": "2022-11-23T02:53:00Z",
+ "startDateTime": "2022-11-23T02:53:03Z",
+ "completionDateTime": "2022-11-23T02:54:05Z",
+ "user": {
+ "id": 103307,
+ "type": "User",
+ "name": "admin",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "authenticator": {
+ "id": 12345,
+ "type": "Authenticator",
+ "name": "LDAP authenticator"
+ },
+ "email": "user@example.com",
+ "phoneNumber": "555-1234",
+ "securityPrivilege": "NO_ACCESS",
+ "historyPrivilege": "HIDE",
+ "accessType": "GUI",
+ "passwordResetRequired": true,
+ "accountLocked": true,
+ "x509Required": true,
+ "administrativeAccessRights": [
+ {
+ "resourceType": "Event",
+ "accessLevel": "HIDE"
+ }
+ ]
+ },
+ "method": "SCHEDULED"
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/postZoneResourceRecord-request.json b/providers/dns/bluecatv2/internal/fixtures/postZoneResourceRecord-request.json
new file mode 100644
index 000000000..2de733c71
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/postZoneResourceRecord-request.json
@@ -0,0 +1,7 @@
+{
+ "type": "TXTRecord",
+ "name": "_acme-challenge",
+ "ttl": 120,
+ "recordType": "TXT",
+ "text": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/postZoneResourceRecord.json b/providers/dns/bluecatv2/internal/fixtures/postZoneResourceRecord.json
new file mode 100644
index 000000000..78d028ee3
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/postZoneResourceRecord.json
@@ -0,0 +1,25 @@
+{
+ "id": 12345,
+ "type": "ResourceRecord",
+ "name": "name",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "ttl": 3600,
+ "absoluteName": "host1.example.com",
+ "comment": "Sample comment.",
+ "dynamic": true,
+ "recordType": "CNAME",
+ "linkedRecord": {
+ "id": 12345,
+ "type": "ResourceRecord",
+ "name": "name",
+ "absoluteName": "host1.example.com"
+ }
+}
diff --git a/providers/dns/bluecatv2/internal/fixtures/zones.json b/providers/dns/bluecatv2/internal/fixtures/zones.json
new file mode 100644
index 000000000..b9f2dfa8f
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/fixtures/zones.json
@@ -0,0 +1,185 @@
+{
+ "count": 0,
+ "totalCount": 0,
+ "data": [
+ {
+ "id": 12345,
+ "type": "ENUMZone",
+ "name": "5678",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "view": {
+ "id": 12345,
+ "type": "View",
+ "name": "default",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "deviceRegistrationEnabled": true,
+ "deviceRegistrationPortalAddress": "10.10.10.10"
+ },
+ "deploymentEnabled": true,
+ "absoluteName": "string"
+ },
+ {
+ "id": 12345,
+ "type": "ExternalHostsZone",
+ "name": "name",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "view": {
+ "id": 12345,
+ "type": "View",
+ "name": "default",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "deviceRegistrationEnabled": true,
+ "deviceRegistrationPortalAddress": "10.10.10.10"
+ }
+ },
+ {
+ "id": 12345,
+ "type": "InternalRootZone",
+ "name": "name",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "view": {
+ "id": 12345,
+ "type": "View",
+ "name": "default",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "deviceRegistrationEnabled": true,
+ "deviceRegistrationPortalAddress": "10.10.10.10"
+ },
+ "deploymentEnabled": true
+ },
+ {
+ "id": 12345,
+ "type": "ResponsePolicyZone",
+ "name": "name",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "view": {
+ "id": 12345,
+ "type": "View",
+ "name": "default",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "deviceRegistrationEnabled": true,
+ "deviceRegistrationPortalAddress": "10.10.10.10"
+ },
+ "responsePolicyZoneType": "LOCAL",
+ "responsePolicy": {
+ "id": 12345,
+ "type": "ResponsePolicy",
+ "name": "Block Response Policy"
+ },
+ "overridePolicyType": "ALLOWLIST",
+ "overrideRefreshTime": "string",
+ "redirectTarget": "string",
+ "feedCategories": [
+ "string"
+ ]
+ },
+ {
+ "id": 12345,
+ "type": "Zone",
+ "name": "example.com",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "view": {
+ "id": 12345,
+ "type": "View",
+ "name": "default",
+ "userDefinedFields": {
+ "udf1": "value1",
+ "udf2": "value2"
+ },
+ "configuration": {
+ "id": 12345,
+ "type": "Configuration",
+ "name": "name"
+ },
+ "deviceRegistrationEnabled": true,
+ "deviceRegistrationPortalAddress": "10.10.10.10"
+ },
+ "deploymentEnabled": true,
+ "dynamicUpdateEnabled": true,
+ "template": {
+ "id": 12345,
+ "type": "ZoneTemplate",
+ "name": "name"
+ },
+ "signed": true,
+ "signingPolicy": {
+ "id": 12345,
+ "type": "DNSSECSigningPolicy",
+ "name": "name"
+ },
+ "absoluteName": "example.com"
+ }
+ ]
+}
diff --git a/providers/dns/bluecatv2/internal/identity.go b/providers/dns/bluecatv2/internal/identity.go
new file mode 100644
index 000000000..af9355ab2
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/identity.go
@@ -0,0 +1,60 @@
+package internal
+
+import (
+ "context"
+ "fmt"
+ "net/http"
+)
+
+type token string
+
+const tokenKey token = "token"
+
+const authorizationHeader = "Authorization"
+
+// CreateSession creates a new session.
+func (c *Client) CreateSession(ctx context.Context, info LoginInfo) (*Session, error) {
+ endpoint := c.baseURL.JoinPath("api", "v2", "sessions")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, info)
+ if err != nil {
+ return nil, err
+ }
+
+ result := new(Session)
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// CreateAuthenticatedContext creates a new authenticated context.
+func (c *Client) CreateAuthenticatedContext(ctx context.Context) (context.Context, error) {
+ tok, err := c.CreateSession(ctx, LoginInfo{Username: c.username, Password: c.password})
+ if err != nil {
+ return nil, fmt.Errorf("create session: %w", err)
+ }
+
+ return context.WithValue(ctx, tokenKey, tok.BasicAuthenticationCredentials), nil
+}
+
+func (c *Client) doAuthenticated(ctx context.Context, req *http.Request, result any) error {
+ tok := getToken(ctx)
+ if tok != "" {
+ req.Header.Set(authorizationHeader, "Basic "+tok)
+ }
+
+ return c.do(req, result)
+}
+
+func getToken(ctx context.Context) string {
+ tok, ok := ctx.Value(tokenKey).(string)
+ if !ok {
+ return ""
+ }
+
+ return tok
+}
diff --git a/providers/dns/bluecatv2/internal/identity_test.go b/providers/dns/bluecatv2/internal/identity_test.go
new file mode 100644
index 000000000..3a1c4d2a2
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/identity_test.go
@@ -0,0 +1,82 @@
+package internal
+
+import (
+ "context"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL, "userA", "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.baseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func mockToken(ctx context.Context) context.Context {
+ return context.WithValue(ctx, tokenKey, "secretToken")
+}
+
+func TestClient_CreateSession(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /api/v2/sessions",
+ servermock.ResponseFromFixture("postSession.json"),
+ servermock.CheckRequestJSONBodyFromFixture("postSession-request.json"),
+ ).
+ Build(t)
+
+ info := LoginInfo{
+ Username: "userA",
+ Password: "secret",
+ }
+
+ result, err := client.CreateSession(mockToken(t.Context()), info)
+ require.NoError(t, err)
+
+ expected := &Session{
+ ID: 12345,
+ Type: "UserSession",
+ APIToken: "VZoO2Z0BjBaJyvuhE4vNJRWqI9upwDHk70UNi0Ez",
+ APITokenExpirationDateTime: time.Date(2022, time.September, 15, 17, 52, 7, 0, time.UTC),
+ BasicAuthenticationCredentials: "YXBpOlQ0OExOT3VIRGhDcnVBNEo1bGFES3JuS3hTZC9QK3pjczZXTzBJMDY=",
+ RemoteAddress: "192.168.1.1",
+ ReadOnly: true,
+ LoginDateTime: time.Date(2022, time.September, 14, 17, 45, 3, 0, time.UTC),
+ LogoutDateTime: time.Date(2022, time.September, 14, 19, 45, 3, 0, time.UTC),
+ State: "LOGGED_IN",
+ Response: "Authentication Error: Ensure that your username and password are correct.",
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_CreateAuthenticatedContext(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /api/v2/sessions",
+ servermock.ResponseFromFixture("postSession.json"),
+ servermock.CheckRequestJSONBodyFromFixture("postSession-request.json"),
+ ).
+ Build(t)
+
+ ctx, err := client.CreateAuthenticatedContext(t.Context())
+ require.NoError(t, err)
+
+ assert.Equal(t, "YXBpOlQ0OExOT3VIRGhDcnVBNEo1bGFES3JuS3hTZC9QK3pjczZXTzBJMDY=", getToken(ctx))
+}
diff --git a/providers/dns/bluecatv2/internal/predicates.go b/providers/dns/bluecatv2/internal/predicates.go
new file mode 100644
index 000000000..8ed6f714b
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/predicates.go
@@ -0,0 +1,64 @@
+package internal
+
+import (
+ "fmt"
+ "strings"
+)
+
+type Predicate struct {
+ field string
+ operator string
+ values []string
+}
+
+func (p *Predicate) String() string {
+ var values []string
+ for _, v := range p.values {
+ values = append(values, fmt.Sprintf("'%s'", v))
+ }
+
+ return fmt.Sprintf("%s:%s(%s)", p.field, p.operator, strings.Join(values, ", "))
+}
+
+func Eq(field, value string) *Predicate {
+ return &Predicate{field: field, operator: "eq", values: []string{value}}
+}
+
+func Contains(field, value string) *Predicate {
+ return &Predicate{field: field, operator: "contains", values: []string{value}}
+}
+
+func StartsWith(field, value string) *Predicate {
+ return &Predicate{field: field, operator: "startsWith", values: []string{value}}
+}
+
+func EndsWith(field, value string) *Predicate {
+ return &Predicate{field: field, operator: "endsWith", values: []string{value}}
+}
+
+func In(field string, values ...string) *Predicate {
+ return &Predicate{field: field, operator: "in", values: values}
+}
+
+type Combined struct {
+ predicates []*Predicate
+ operator string
+}
+
+func (o *Combined) String() string {
+ var parts []string
+
+ for _, predicate := range o.predicates {
+ parts = append(parts, predicate.String())
+ }
+
+ return strings.Join(parts, " "+o.operator+" ")
+}
+
+func And(predicates ...*Predicate) *Combined {
+ return &Combined{predicates: predicates, operator: "and"}
+}
+
+func Or(predicates ...*Predicate) *Combined {
+ return &Combined{predicates: predicates, operator: "or"}
+}
diff --git a/providers/dns/bluecatv2/internal/predicates_test.go b/providers/dns/bluecatv2/internal/predicates_test.go
new file mode 100644
index 000000000..6913e8729
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/predicates_test.go
@@ -0,0 +1,78 @@
+package internal
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestPredicate(t *testing.T) {
+ testCases := []struct {
+ desc string
+ predicate fmt.Stringer
+ expected string
+ }{
+ {
+ desc: "Equals",
+ predicate: Eq("foo", "bar"),
+ expected: "foo:eq('bar')",
+ },
+ {
+ desc: "Contains",
+ predicate: Contains("foo", "bar"),
+ expected: "foo:contains('bar')",
+ },
+ {
+ desc: "Starts with",
+ predicate: StartsWith("foo", "bar"),
+ expected: "foo:startsWith('bar')",
+ },
+ {
+ desc: "Ends with",
+ predicate: EndsWith("foo", "bar"),
+ expected: "foo:endsWith('bar')",
+ },
+ {
+ desc: "Match a list of values",
+ predicate: In("foo", "bar", "bir"),
+ expected: "foo:in('bar', 'bir')",
+ },
+ {
+ desc: "Combined: and",
+ predicate: And(Eq("foo", "bar"), Eq("fii", "bir")),
+ expected: "foo:eq('bar') and fii:eq('bir')",
+ },
+ {
+ desc: "Combined: multiple and",
+ predicate: And(
+ Eq("foo", "bar"),
+ Eq("fii", "bir"),
+ Eq("fuu", "bur"),
+ ),
+ expected: "foo:eq('bar') and fii:eq('bir') and fuu:eq('bur')",
+ },
+ {
+ desc: "Combined: or",
+ predicate: Or(Eq("foo", "bar"), Eq("foo", "bir")),
+ expected: "foo:eq('bar') or foo:eq('bir')",
+ },
+ {
+ desc: "Combined: multiple or",
+ predicate: Or(
+ Eq("foo", "bar"),
+ Eq("foo", "bir"),
+ Eq("foo", "bur"),
+ ),
+ expected: "foo:eq('bar') or foo:eq('bir') or foo:eq('bur')",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ assert.Equal(t, test.expected, test.predicate.String())
+ })
+ }
+}
diff --git a/providers/dns/bluecatv2/internal/types.go b/providers/dns/bluecatv2/internal/types.go
new file mode 100644
index 000000000..562fd60b0
--- /dev/null
+++ b/providers/dns/bluecatv2/internal/types.go
@@ -0,0 +1,122 @@
+package internal
+
+import (
+ "fmt"
+ "time"
+)
+
+// Quick deployment states.
+//
+//nolint:misspell // US vs UK
+const (
+ QDStatePending = "PENDING"
+ QDStateQueued = "QUEUED"
+ QDStateRunning = "RUNNING"
+ QDStateCancelled = "CANCELLED"
+ QDStateCancelling = "CANCELLING"
+ QDStateCompleted = "COMPLETED"
+ QDStateCompletedWithErrors = "COMPLETED_WITH_ERRORS"
+ QDStateCompletedWithWarnings = "COMPLETED_WITH_WARNINGS"
+ QDStateFailed = "FAILED"
+ QDStateUnknown = "UNKNOWN"
+)
+
+// APIError represents an error.
+// https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Errors/9.6.0
+type APIError struct {
+ Status int `json:"status"`
+ Reason string `json:"reason"`
+ Code string `json:"code"`
+ Message string `json:"message"`
+}
+
+func (a *APIError) Error() string {
+ return fmt.Sprintf("%d: %s: %s: %s", a.Status, a.Reason, a.Code, a.Message)
+}
+
+// CommonResource represents the common resource fields.
+// https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Resources/9.6.0
+type CommonResource struct {
+ ID int64 `json:"id,omitempty"`
+ Type string `json:"type,omitempty"`
+ Name string `json:"name,omitempty"`
+}
+
+// Collection represents a collection of resources.
+// https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Collections/9.6.0
+type Collection[T any] struct {
+ Count int64 `json:"count"`
+ TotalCount int64 `json:"totalCount"`
+ Data []T `json:"data"`
+}
+
+type CollectionOptions struct {
+ // https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Fields/9.6.0
+ Fields string `url:"fields,omitempty"`
+
+ // https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Pagination/9.6.0
+ Limit int `url:"limit,omitempty"`
+ Offset int `url:"offset,omitempty"`
+
+ // https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Filter/9.6.0
+ Filter string `url:"filter,omitempty"`
+
+ // https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Ordering/9.6.0
+ OrderBy string `url:"orderBy,omitempty"`
+
+ // Should return or not the total number of resources matching the query.
+ Total bool `url:"total,omitempty"`
+}
+
+type RecordTXT struct {
+ CommonResource
+
+ TTL int `json:"ttl,omitempty"`
+ AbsoluteName string `json:"absoluteName,omitempty"`
+ Comment string `json:"comment,omitempty"`
+ Dynamic bool `json:"dynamic,omitempty"`
+ RecordType string `json:"recordType,omitempty"`
+ Text string `json:"text,omitempty"`
+}
+
+type ZoneResource struct {
+ CommonResource
+
+ AbsoluteName string `json:"absoluteName,omitempty"`
+}
+
+type QuickDeployment struct {
+ CommonResource
+
+ State string `json:"state,omitempty"`
+ Status string `json:"status,omitempty"`
+ Message string `json:"message,omitempty"`
+ PercentComplete int `json:"percentComplete,omitempty"`
+ CreationDateTime time.Time `json:"creationDateTime,omitzero"`
+ StartDateTime time.Time `json:"startDateTime,omitzero"`
+ CompletionDateTime time.Time `json:"completionDateTime,omitzero"`
+ Method string `json:"method,omitempty"`
+}
+
+// LoginInfo represents the login information.
+// https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Creating-an-API-session/9.6.0
+type LoginInfo struct {
+ Username string `json:"username"`
+ Password string `json:"password"`
+}
+
+// Session represents the session.
+// https://docs.bluecatnetworks.com/r/Address-Manager-RESTful-v2-API-Guide/Creating-an-API-session/9.6.0
+type Session struct {
+ ID int `json:"id"`
+ Type string `json:"type"`
+ APIToken string `json:"apiToken"`
+ APITokenExpirationDateTime time.Time `json:"apiTokenExpirationDateTime"`
+ BasicAuthenticationCredentials string `json:"basicAuthenticationCredentials"`
+ RemoteAddress string `json:"remoteAddress"`
+ ReadOnly bool `json:"readOnly"`
+ LoginDateTime time.Time `json:"loginDateTime"`
+ LogoutDateTime time.Time `json:"logoutDateTime"`
+ State string `json:"state"`
+ Response string `json:"response"`
+}
diff --git a/providers/dns/bookmyname/bookmyname.go b/providers/dns/bookmyname/bookmyname.go
index 991420619..6f42dfd78 100644
--- a/providers/dns/bookmyname/bookmyname.go
+++ b/providers/dns/bookmyname/bookmyname.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/bookmyname/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -87,6 +88,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/bookmyname/bookmyname.toml b/providers/dns/bookmyname/bookmyname.toml
index 5111c4fbd..76fcb85e7 100644
--- a/providers/dns/bookmyname/bookmyname.toml
+++ b/providers/dns/bookmyname/bookmyname.toml
@@ -7,7 +7,7 @@ Since = "v4.23.0"
Example = '''
BOOKMYNAME_USERNAME="xxx" \
BOOKMYNAME_PASSWORD="yyy" \
-lego --email you@example.com --dns bookmyname -d '*.example.com' -d example.com run
+lego --dns bookmyname -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/bookmyname/bookmyname_test.go b/providers/dns/bookmyname/bookmyname_test.go
index dd02d63d7..8b3fa21e6 100644
--- a/providers/dns/bookmyname/bookmyname_test.go
+++ b/providers/dns/bookmyname/bookmyname_test.go
@@ -50,6 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -122,6 +123,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -135,6 +137,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/brandit/brandit.go b/providers/dns/brandit/brandit.go
index 437d1642a..fe3b52239 100644
--- a/providers/dns/brandit/brandit.go
+++ b/providers/dns/brandit/brandit.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/brandit/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -92,6 +93,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -165,6 +168,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordsMu.Lock()
dnsRecord, ok := d.records[token]
d.recordsMu.Unlock()
+
if !ok {
return fmt.Errorf("brandit: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
@@ -183,6 +187,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var recordID int
+
for i, r := range records.RR {
if r == dnsRecord {
recordID = i
diff --git a/providers/dns/brandit/brandit.toml b/providers/dns/brandit/brandit.toml
index 32d15c15c..4c43e27a9 100644
--- a/providers/dns/brandit/brandit.toml
+++ b/providers/dns/brandit/brandit.toml
@@ -12,7 +12,7 @@ Since = "v4.11.0"
Example = '''
BRANDIT_API_KEY=xxxxxxxxxxxxxxxxxxxxx \
BRANDIT_API_USERNAME=yyyyyyyyyyyyyyyyyyyy \
-lego --email you@example.com --dns brandit -d '*.example.com' -d example.com run
+lego --dns brandit -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/brandit/brandit_test.go b/providers/dns/brandit/brandit_test.go
index 156e7c3f4..40abdd3d0 100644
--- a/providers/dns/brandit/brandit_test.go
+++ b/providers/dns/brandit/brandit_test.go
@@ -48,6 +48,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -120,6 +121,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -133,6 +135,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/brandit/internal/client.go b/providers/dns/brandit/internal/client.go
index 59c57419a..cda3be5a2 100644
--- a/providers/dns/brandit/internal/client.go
+++ b/providers/dns/brandit/internal/client.go
@@ -62,6 +62,7 @@ func (c *Client) ListRecords(ctx context.Context, account, dnsZone string) (*Lis
query.Add("first", strconv.Itoa(result.Response.Last[0]+1))
tmp := &Response[*ListRecordsResponse]{}
+
err := c.do(ctx, query, tmp)
if err != nil {
return nil, err
@@ -156,6 +157,7 @@ func (c *Client) do(ctx context.Context, query url.Values, result any) error {
// Unmarshal the error response, because the API returns a 200 OK even if there is an error.
var apiError APIError
+
err = json.Unmarshal(raw, &apiError)
if err != nil {
return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -183,6 +185,7 @@ func sign(apiUsername, apiKey string, query url.Values) (url.Values, error) {
canonicalRequest := fmt.Sprintf("%s%s%s", apiUsername, timestamp, defaultBaseURL)
mac := hmac.New(sha256.New, []byte(apiKey))
+
_, err := mac.Write([]byte(canonicalRequest))
if err != nil {
return nil, err
diff --git a/providers/dns/bunny/bunny.go b/providers/dns/bunny/bunny.go
index 1489d1c5e..29949608b 100644
--- a/providers/dns/bunny/bunny.go
+++ b/providers/dns/bunny/bunny.go
@@ -5,13 +5,16 @@ import (
"context"
"errors"
"fmt"
+ "net/http"
"slices"
"time"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/ptr"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
"github.com/nrdcg/bunny-go"
"golang.org/x/net/publicsuffix"
)
@@ -25,6 +28,7 @@ const (
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
const minTTL = 60
@@ -33,10 +37,12 @@ var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- APIKey string
+ APIKey string
+
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
+ HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
@@ -45,6 +51,9 @@ func NewDefaultConfig() *Config {
TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
}
}
@@ -82,9 +91,19 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, fmt.Errorf("bunny: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
}
- client := bunny.NewClient(config.APIKey)
+ if config.HTTPClient == nil {
+ config.HTTPClient = &http.Client{Timeout: 30 * time.Second}
+ }
- return &DNSProvider{config: config, client: client}, nil
+ config.HTTPClient = clientdebug.Wrap(config.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: bunny.NewClient(config.APIKey,
+ bunny.WithUserAgent(useragent.Get()),
+ bunny.WithHTTPClient(config.HTTPClient),
+ ),
+ }, nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
@@ -140,10 +159,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var record *bunny.DNSRecord
+
for _, r := range zone.Records {
if ptr.Deref(r.Name) == subDomain && ptr.Deref(r.Type) == bunny.DNSRecordTypeTXT {
r := r
record = &r
+
break
}
}
@@ -179,6 +200,7 @@ func findZone(zones *bunny.DNSZones, domain string) *bunny.DNSZone {
var domainLength int
var zone *bunny.DNSZone
+
for _, item := range zones.Items {
if item == nil {
continue
diff --git a/providers/dns/bunny/bunny.toml b/providers/dns/bunny/bunny.toml
index bdbbf3177..758c4f202 100644
--- a/providers/dns/bunny/bunny.toml
+++ b/providers/dns/bunny/bunny.toml
@@ -6,7 +6,7 @@ Since = "v4.11.0"
Example = '''
BUNNY_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
-lego --email you@example.com --dns bunny -d '*.example.com' -d example.com run
+lego --dns bunny -d '*.example.com' -d example.com run
'''
[Configuration]
@@ -16,6 +16,7 @@ lego --email you@example.com --dns bunny -d '*.example.com' -d example.com run
BUNNY_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
BUNNY_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
BUNNY_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)"
+ BUNNY_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
[Links]
API = "https://docs.bunny.net/reference/dnszonepublic_index"
diff --git a/providers/dns/bunny/bunny_test.go b/providers/dns/bunny/bunny_test.go
index 4cf0f6b01..ca4e821e0 100644
--- a/providers/dns/bunny/bunny_test.go
+++ b/providers/dns/bunny/bunny_test.go
@@ -40,6 +40,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -107,6 +108,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -120,6 +122,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/checkdomain/checkdomain.go b/providers/dns/checkdomain/checkdomain.go
index e2d7a05aa..4bc926ed9 100644
--- a/providers/dns/checkdomain/checkdomain.go
+++ b/providers/dns/checkdomain/checkdomain.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/checkdomain/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -72,6 +73,7 @@ func NewDNSProvider() (*DNSProvider, error) {
if err != nil {
return nil, fmt.Errorf("checkdomain: invalid %s: %w", EnvEndpoint, err)
}
+
config.Endpoint = endpoint
return NewDNSProviderConfig(config)
@@ -86,7 +88,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("checkdomain: missing token")
}
- client := internal.NewClient(internal.OAuthStaticAccessToken(config.HTTPClient, config.Token))
+ client := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.Token),
+ ),
+ )
if config.Endpoint != nil {
client.BaseURL = config.Endpoint
diff --git a/providers/dns/checkdomain/checkdomain.toml b/providers/dns/checkdomain/checkdomain.toml
index c3ac14e36..0b93058ba 100644
--- a/providers/dns/checkdomain/checkdomain.toml
+++ b/providers/dns/checkdomain/checkdomain.toml
@@ -6,7 +6,7 @@ Since = "v3.3.0"
Example = '''
CHECKDOMAIN_TOKEN=yoursecrettoken \
-lego --email you@example.com --dns checkdomain -d '*.example.com' -d example.com run
+lego --dns checkdomain -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/checkdomain/checkdomain_test.go b/providers/dns/checkdomain/checkdomain_test.go
index d9d0b62a6..b2c940f7a 100644
--- a/providers/dns/checkdomain/checkdomain_test.go
+++ b/providers/dns/checkdomain/checkdomain_test.go
@@ -46,6 +46,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -108,6 +109,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -121,6 +123,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/checkdomain/internal/client.go b/providers/dns/checkdomain/internal/client.go
index 74189dee4..68d090755 100644
--- a/providers/dns/checkdomain/internal/client.go
+++ b/providers/dns/checkdomain/internal/client.go
@@ -36,11 +36,11 @@ const maxInt = int((^uint(0)) >> 1)
// Client the Autodns API client.
type Client struct {
- domainIDMapping map[string]int
- domainIDMu sync.Mutex
-
BaseURL *url.URL
httpClient *http.Client
+
+ domainIDMapping map[string]int
+ domainIDMu sync.Mutex
}
// NewClient creates a new Client.
@@ -63,6 +63,7 @@ func (c *Client) GetDomainIDByName(ctx context.Context, name string) (int, error
c.domainIDMu.Lock()
id, ok := c.domainIDMapping[name]
c.domainIDMu.Unlock()
+
if ok {
return id, nil
}
@@ -100,6 +101,7 @@ func (c *Client) listDomains(ctx context.Context) ([]*Domain, error) {
totalPages := maxInt
var domainList []*Domain
+
for currentPage <= totalPages {
q.Set("page", strconv.Itoa(currentPage))
endpoint.RawQuery = q.Encode()
@@ -151,6 +153,7 @@ func (c *Client) CheckNameservers(ctx context.Context, domainID int) error {
}
var found1, found2 bool
+
for _, item := range info.Nameservers {
switch item.Name {
case ns1:
@@ -229,6 +232,7 @@ func (c *Client) getDomainInfo(ctx context.Context, domainID int) (*DomainRespon
}
var res DomainResponse
+
err = c.do(req, &res)
if err != nil {
return nil, err
@@ -242,6 +246,7 @@ func (c *Client) listRecords(ctx context.Context, domainID int, recordType strin
q := endpoint.Query()
q.Set("limit", strconv.Itoa(maxLimit))
+
if recordType != "" {
q.Set("type", recordType)
}
@@ -250,6 +255,7 @@ func (c *Client) listRecords(ctx context.Context, domainID int, recordType strin
totalPages := maxInt
var recordList []*Record
+
for currentPage <= totalPages {
q.Set("page", strconv.Itoa(currentPage))
endpoint.RawQuery = q.Encode()
diff --git a/providers/dns/civo/civo.go b/providers/dns/civo/civo.go
index 46c474b52..dfb7c307f 100644
--- a/providers/dns/civo/civo.go
+++ b/providers/dns/civo/civo.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/civo/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -91,7 +92,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
}
// Create a Civo client - DNS is region independent, we can use any region
- client, err := internal.NewClient(internal.OAuthStaticAccessToken(config.HTTPClient, config.Token), "LON1")
+ client, err := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.Token),
+ ),
+ "LON1")
if err != nil {
return nil, fmt.Errorf("civo: %w", err)
}
@@ -164,6 +169,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var dnsRecord internal.Record
+
for _, entry := range dnsRecords {
if entry.Name == subDomain && entry.Value == info.Value {
dnsRecord = entry
diff --git a/providers/dns/civo/civo.toml b/providers/dns/civo/civo.toml
index 9458f01c3..b525712c8 100644
--- a/providers/dns/civo/civo.toml
+++ b/providers/dns/civo/civo.toml
@@ -6,7 +6,7 @@ Since = "v4.9.0"
Example = '''
CIVO_TOKEN=xxxxxx \
-lego --email you@example.com --dns civo -d '*.example.com' -d example.com run
+lego --dns civo -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/civo/civo_test.go b/providers/dns/civo/civo_test.go
index eb215fbcb..416dbac1d 100644
--- a/providers/dns/civo/civo_test.go
+++ b/providers/dns/civo/civo_test.go
@@ -42,6 +42,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -106,6 +107,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -119,6 +121,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -132,6 +135,7 @@ func mockBuilder() *servermock.Builder[*DNSProvider] {
return servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
config.Token = "secret"
p, err := NewDNSProviderConfig(config)
diff --git a/providers/dns/civo/internal/client.go b/providers/dns/civo/internal/client.go
index 25a11ef60..dc1d57793 100644
--- a/providers/dns/civo/internal/client.go
+++ b/providers/dns/civo/internal/client.go
@@ -188,6 +188,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/civo/internal/client_test.go b/providers/dns/civo/internal/client_test.go
index 5b47c185e..ad56b75de 100644
--- a/providers/dns/civo/internal/client_test.go
+++ b/providers/dns/civo/internal/client_test.go
@@ -93,7 +93,6 @@ func TestClient_ListDNSRecords_error_raw(t *testing.T) {
// > So, for example, 404 Not Found pages are a standard page of text
// > but 403 Unauthorized requests may have a reason attribute available in the JSON object.
// https://www.civo.com/api#parameters-and-responses
-
client := mockBuilder().
Route("GET /dns/7088fcea-7658-43e6-97fa-273f901978fd/records",
servermock.RawStringResponse(http.StatusText(http.StatusNotFound)).
diff --git a/providers/dns/clouddns/clouddns.go b/providers/dns/clouddns/clouddns.go
index 379dd3cf2..77b673738 100644
--- a/providers/dns/clouddns/clouddns.go
+++ b/providers/dns/clouddns/clouddns.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/clouddns/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -93,6 +94,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{client: client, config: config}, nil
}
diff --git a/providers/dns/clouddns/clouddns.toml b/providers/dns/clouddns/clouddns.toml
index 154d4da67..6f516e834 100644
--- a/providers/dns/clouddns/clouddns.toml
+++ b/providers/dns/clouddns/clouddns.toml
@@ -8,7 +8,7 @@ Example = '''
CLOUDDNS_CLIENT_ID=bLsdFAks23429841238feb177a572aX \
CLOUDDNS_EMAIL=you@example.com \
CLOUDDNS_PASSWORD=b9841238feb177a84330f \
-lego --email you@example.com --dns clouddns -d '*.example.com' -d example.com run
+lego --dns clouddns -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/clouddns/clouddns_test.go b/providers/dns/clouddns/clouddns_test.go
index d7bfc4a1f..f1e2a196e 100644
--- a/providers/dns/clouddns/clouddns_test.go
+++ b/providers/dns/clouddns/clouddns_test.go
@@ -63,6 +63,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -148,6 +149,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -161,6 +163,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/clouddns/internal/client.go b/providers/dns/clouddns/internal/client.go
index cd3da50c7..9fb6902de 100644
--- a/providers/dns/clouddns/internal/client.go
+++ b/providers/dns/clouddns/internal/client.go
@@ -122,6 +122,7 @@ func (c *Client) getDomain(ctx context.Context, zone string) (Domain, error) {
}
var result SearchResponse
+
err = c.do(req, &result)
if err != nil {
return Domain{}, err
@@ -143,6 +144,7 @@ func (c *Client) getRecord(ctx context.Context, domainID, recordName string) (Re
}
var result DomainInfo
+
err = c.do(req, &result)
if err != nil {
return Record{}, err
@@ -232,6 +234,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var response APIError
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/clouddns/internal/identity.go b/providers/dns/clouddns/internal/identity.go
index 4ea5c5049..6b20ad814 100644
--- a/providers/dns/clouddns/internal/identity.go
+++ b/providers/dns/clouddns/internal/identity.go
@@ -20,6 +20,7 @@ func (c *Client) login(ctx context.Context) (*AuthResponse, error) {
}
var result AuthResponse
+
err = c.do(req, &result)
if err != nil {
return nil, err
diff --git a/providers/dns/clouddns/internal/types.go b/providers/dns/clouddns/internal/types.go
index a53c958a7..9de11d848 100644
--- a/providers/dns/clouddns/internal/types.go
+++ b/providers/dns/clouddns/internal/types.go
@@ -21,7 +21,7 @@ type Authorization struct {
}
type AuthResponse struct {
- Auth Auth `json:"auth,omitempty"`
+ Auth Auth `json:"auth"`
}
type Auth struct {
diff --git a/providers/dns/cloudflare/cloudflare.go b/providers/dns/cloudflare/cloudflare.go
index 5fd350925..98b3495bb 100644
--- a/providers/dns/cloudflare/cloudflare.go
+++ b/providers/dns/cloudflare/cloudflare.go
@@ -104,6 +104,7 @@ func NewDNSProvider() (*DNSProvider, error) {
)
if err != nil {
var errT error
+
values, errT = env.GetWithFallback(
[]string{EnvDNSAPIToken, altEnvName(EnvDNSAPIToken)},
[]string{EnvZoneAPIToken, altEnvName(EnvZoneAPIToken), EnvDNSAPIToken, altEnvName(EnvDNSAPIToken)},
@@ -154,10 +155,10 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
ctx := context.Background()
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
if err != nil {
return fmt.Errorf("cloudflare: could not find zone for domain %q: %w", domain, err)
@@ -191,6 +192,8 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
@@ -198,7 +201,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("cloudflare: could not find zone for domain %q: %w", domain, err)
}
- zoneID, err := d.client.ZoneIDByName(context.Background(), authZone)
+ zoneID, err := d.client.ZoneIDByName(ctx, authZone)
if err != nil {
return fmt.Errorf("cloudflare: failed to find zone %s: %w", authZone, err)
}
@@ -207,11 +210,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("cloudflare: unknown record ID for '%s'", info.EffectiveFQDN)
}
- err = d.client.DeleteDNSRecord(context.Background(), zoneID, recordID)
+ err = d.client.DeleteDNSRecord(ctx, zoneID, recordID)
if err != nil {
log.Printf("cloudflare: failed to delete TXT record: %v", err)
}
diff --git a/providers/dns/cloudflare/cloudflare.toml b/providers/dns/cloudflare/cloudflare.toml
index caf132bb4..c46130fe6 100644
--- a/providers/dns/cloudflare/cloudflare.toml
+++ b/providers/dns/cloudflare/cloudflare.toml
@@ -7,12 +7,12 @@ Since = "v0.3.0"
Example = '''
CLOUDFLARE_EMAIL=you@example.com \
CLOUDFLARE_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \
-lego --email you@example.com --dns cloudflare -d '*.example.com' -d example.com run
+lego --dns cloudflare -d '*.example.com' -d example.com run
# or
CLOUDFLARE_DNS_API_TOKEN=1234567890abcdefghijklmnopqrstuvwxyz \
-lego --email you@example.com --dns cloudflare -d '*.example.com' -d example.com run
+lego --dns cloudflare -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/cloudflare/cloudflare_test.go b/providers/dns/cloudflare/cloudflare_test.go
index 10e96503a..8de9dd848 100644
--- a/providers/dns/cloudflare/cloudflare_test.go
+++ b/providers/dns/cloudflare/cloudflare_test.go
@@ -81,6 +81,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -177,15 +178,18 @@ func TestNewDNSProviderWithToken(t *testing.T) {
}
defer envTest.RestoreEnv()
+
localEnvTest := tester.NewEnvTest(
EnvDNSAPIToken, altEnvName(EnvDNSAPIToken),
EnvZoneAPIToken, altEnvName(EnvZoneAPIToken),
).WithDomain(envDomain)
+
envTest.ClearEnv()
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer localEnvTest.RestoreEnv()
+
localEnvTest.ClearEnv()
localEnvTest.Apply(test.envVars)
@@ -200,6 +204,7 @@ func TestNewDNSProviderWithToken(t *testing.T) {
require.NotNil(t, p)
assert.Equal(t, test.expected.dnsToken, p.config.AuthToken)
assert.Equal(t, test.expected.zoneToken, p.config.ZoneToken)
+
if test.expected.sameClient {
assert.Equal(t, p.client.clientRead, p.client.clientEdit)
} else {
@@ -275,6 +280,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -288,6 +294,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -304,6 +311,7 @@ func mockBuilder() *servermock.Builder[*DNSProvider] {
config.AuthEmail = "foo@example.com"
config.AuthKey = "secret"
config.BaseURL = server.URL
+ config.HTTPClient = server.Client()
return NewDNSProviderConfig(config)
},
diff --git a/providers/dns/cloudflare/internal/client.go b/providers/dns/cloudflare/internal/client.go
index 495ba5618..b63612ce2 100644
--- a/providers/dns/cloudflare/internal/client.go
+++ b/providers/dns/cloudflare/internal/client.go
@@ -17,6 +17,7 @@ import (
"net/url"
"time"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
)
@@ -61,6 +62,8 @@ func NewClient(opts ...Option) (*Client, error) {
return nil, errors.New("invalid credentials: authEmail and authKey must be set together")
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return client, nil
}
@@ -84,7 +87,7 @@ func (c *Client) CreateDNSRecord(ctx context.Context, zoneID string, record Reco
return &result.Result, nil
}
-// DeleteDNSRecord Delete DNS record.
+// DeleteDNSRecord deletes DNS record.
// https://developers.cloudflare.com/api/resources/dns/subresources/records/methods/delete/
func (c *Client) DeleteDNSRecord(ctx context.Context, zoneID, recordID string) error {
endpoint := c.baseURL.JoinPath("zones", zoneID, "dns_records", recordID)
@@ -97,6 +100,7 @@ func (c *Client) DeleteDNSRecord(ctx context.Context, zoneID, recordID string) e
return c.do(req, nil)
}
+// ZonesByName returns a list of zones matching the given name.
// https://developers.cloudflare.com/api/resources/zones/methods/list/
func (c *Client) ZonesByName(ctx context.Context, name string) ([]Zone, error) {
endpoint := c.baseURL.JoinPath("zones")
@@ -188,6 +192,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var response APIResponse[any]
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/cloudflare/internal/types.go b/providers/dns/cloudflare/internal/types.go
index 2b6d2e2b6..50a7bbbf9 100644
--- a/providers/dns/cloudflare/internal/types.go
+++ b/providers/dns/cloudflare/internal/types.go
@@ -1,6 +1,9 @@
package internal
-import "fmt"
+import (
+ "fmt"
+ "strings"
+)
type Record struct {
ID string `json:"id,omitempty"`
@@ -39,17 +42,17 @@ type ErrorChain struct {
type Errors []Message
func (e Errors) Error() string {
- var msg string
+ msg := new(strings.Builder)
for _, item := range e {
- msg = fmt.Sprintf("%d: %s", item.Code, item.Message)
+ _, _ = fmt.Fprintf(msg, "%d: %s", item.Code, item.Message)
for _, link := range item.ErrorChain {
- msg += fmt.Sprintf("; %d: %s", link.Code, link.Message)
+ _, _ = fmt.Fprintf(msg, "; %d: %s", link.Code, link.Message)
}
}
- return msg
+ return msg.String()
}
type ResultInfo struct {
diff --git a/providers/dns/cloudflare/wrapper.go b/providers/dns/cloudflare/wrapper.go
index 1ab36800d..286c20ecd 100644
--- a/providers/dns/cloudflare/wrapper.go
+++ b/providers/dns/cloudflare/wrapper.go
@@ -99,6 +99,7 @@ func (m *metaClient) ZoneIDByName(ctx context.Context, fdqn string) (string, err
m.zonesMu.Lock()
m.zones[fdqn] = id
m.zonesMu.Unlock()
+
return id, nil
}
diff --git a/providers/dns/cloudns/cloudns.go b/providers/dns/cloudns/cloudns.go
index ef6524c4d..916d73bde 100644
--- a/providers/dns/cloudns/cloudns.go
+++ b/providers/dns/cloudns/cloudns.go
@@ -8,12 +8,14 @@ import (
"net/http"
"time"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/platform/wait"
"github.com/go-acme/lego/v4/providers/dns/cloudns/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -66,6 +68,7 @@ type DNSProvider struct {
// CLOUDNS_AUTH_ID and CLOUDNS_AUTH_PASSWORD.
func NewDNSProvider() (*DNSProvider, error) {
var subAuthID string
+
authID := env.GetOrFile(EnvAuthID)
if authID == "" {
subAuthID = env.GetOrFile(EnvSubAuthID)
@@ -99,7 +102,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, fmt.Errorf("ClouDNS: %w", err)
}
- client.HTTPClient = config.HTTPClient
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
return &DNSProvider{client: client, config: config}, nil
}
@@ -162,14 +169,22 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
// waitNameservers At the time of writing 4 servers are found as authoritative, but 8 are reported during the sync.
// If this is not done, the secondary verification done by Let's Encrypt server will fail quire a bit.
func (d *DNSProvider) waitNameservers(ctx context.Context, domain string, zone *internal.Zone) error {
- return wait.For("Nameserver sync on "+domain, d.config.PropagationTimeout, d.config.PollingInterval, func() (bool, error) {
- syncProgress, err := d.client.GetUpdateStatus(ctx, zone.Name)
- if err != nil {
- return false, err
- }
+ return wait.Retry(ctx,
+ func() error {
+ syncProgress, err := d.client.GetUpdateStatus(ctx, zone.Name)
+ if err != nil {
+ return fmt.Errorf("nameserver sync on %s: %w", domain, err)
+ }
- log.Infof("[%s] Sync %d/%d complete", domain, syncProgress.Updated, syncProgress.Total)
+ log.Infof("[%s] Sync %d/%d complete", domain, syncProgress.Updated, syncProgress.Total)
- return syncProgress.Complete, nil
- })
+ if !syncProgress.Complete {
+ return fmt.Errorf("nameserver sync on %s not complete", domain)
+ }
+
+ return nil
+ },
+ backoff.WithBackOff(backoff.NewConstantBackOff(d.config.PollingInterval)),
+ backoff.WithMaxElapsedTime(d.config.PropagationTimeout),
+ )
}
diff --git a/providers/dns/cloudns/cloudns.toml b/providers/dns/cloudns/cloudns.toml
index dd191f06a..ad52ef5b1 100644
--- a/providers/dns/cloudns/cloudns.toml
+++ b/providers/dns/cloudns/cloudns.toml
@@ -7,7 +7,7 @@ Since = "v2.3.0"
Example = '''
CLOUDNS_AUTH_ID=xxxx \
CLOUDNS_AUTH_PASSWORD=yyyy \
-lego --email you@example.com --dns cloudns -d '*.example.com' -d example.com run
+lego --dns cloudns -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/cloudns/cloudns_test.go b/providers/dns/cloudns/cloudns_test.go
index ea4f25c95..024bd93d8 100644
--- a/providers/dns/cloudns/cloudns_test.go
+++ b/providers/dns/cloudns/cloudns_test.go
@@ -79,6 +79,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -169,6 +170,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -182,6 +184,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/cloudns/internal/client.go b/providers/dns/cloudns/internal/client.go
index 60d7e6bbe..278b8de49 100644
--- a/providers/dns/cloudns/internal/client.go
+++ b/providers/dns/cloudns/internal/client.go
@@ -171,6 +171,7 @@ func (c *Client) ListTxtRecords(ctx context.Context, zoneName, fqdn string) ([]T
}
var records []TXTRecord
+
for _, record := range raw {
if record.Host == subDomain && record.Type == "TXT" {
records = append(records, record)
@@ -279,6 +280,7 @@ func (c *Client) GetUpdateStatus(ctx context.Context, zoneName string) (*SyncPro
}
updatedCount := 0
+
for _, record := range records {
if record.Updated {
updatedCount++
diff --git a/providers/dns/cloudns/internal/client_test.go b/providers/dns/cloudns/internal/client_test.go
index dbfa32aee..b9f6c5431 100644
--- a/providers/dns/cloudns/internal/client_test.go
+++ b/providers/dns/cloudns/internal/client_test.go
@@ -19,6 +19,7 @@ func setupClient(subAuthID string) func(server *httptest.Server) (*Client, error
client.BaseURL, _ = url.Parse(server.URL)
client.HTTPClient = server.Client()
+
return client, nil
}
}
diff --git a/providers/dns/cloudru/cloudru.go b/providers/dns/cloudru/cloudru.go
index 314c20445..dd597952a 100644
--- a/providers/dns/cloudru/cloudru.go
+++ b/providers/dns/cloudru/cloudru.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/cloudru/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -60,8 +61,9 @@ func NewDefaultConfig() *Config {
}
type DNSProvider struct {
- config *Config
- client *internal.Client
+ config *Config
+ client *internal.Client
+
records map[string]*internal.Record
recordsMu sync.Mutex
}
@@ -99,6 +101,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/cloudru/cloudru.toml b/providers/dns/cloudru/cloudru.toml
index a6563a3df..b74098a72 100644
--- a/providers/dns/cloudru/cloudru.toml
+++ b/providers/dns/cloudru/cloudru.toml
@@ -8,7 +8,7 @@ Example = '''
CLOUDRU_SERVICE_INSTANCE_ID=ppp \
CLOUDRU_KEY_ID=xxx \
CLOUDRU_SECRET=yyy \
-lego --email you@example.com --dns cloudru -d '*.example.com' -d example.com run
+lego --dns cloudru -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/cloudru/cloudru_test.go b/providers/dns/cloudru/cloudru_test.go
index 88addde93..3e506cb1c 100644
--- a/providers/dns/cloudru/cloudru_test.go
+++ b/providers/dns/cloudru/cloudru_test.go
@@ -67,6 +67,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -153,6 +154,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -166,6 +168,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/cloudru/internal/client.go b/providers/dns/cloudru/internal/client.go
index cb62c5bca..a00ae6ea8 100644
--- a/providers/dns/cloudru/internal/client.go
+++ b/providers/dns/cloudru/internal/client.go
@@ -61,6 +61,7 @@ func (c *Client) GetZones(ctx context.Context, parentID string) ([]Zone, error)
}
var zones APIResponse[Zone]
+
err = c.do(req, &zones)
if err != nil {
return nil, err
@@ -78,6 +79,7 @@ func (c *Client) GetRecords(ctx context.Context, zoneID string) ([]Record, error
}
var records APIResponse[Record]
+
err = c.do(req, &records)
if err != nil {
return nil, err
@@ -95,6 +97,7 @@ func (c *Client) CreateRecord(ctx context.Context, zoneID string, record Record)
}
var result Record
+
err = c.do(req, &result)
if err != nil {
return nil, err
diff --git a/providers/dns/cloudru/internal/identity.go b/providers/dns/cloudru/internal/identity.go
index 79df3c297..3bb09f3fa 100644
--- a/providers/dns/cloudru/internal/identity.go
+++ b/providers/dns/cloudru/internal/identity.go
@@ -49,6 +49,7 @@ func (c *Client) obtainToken(ctx context.Context) (*Token, error) {
}
tok := Token{}
+
err = json.Unmarshal(raw, &tok)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -88,6 +89,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errResp := &authResponseError{}
+
err := json.Unmarshal(raw, errResp)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/cloudru/internal/types.go b/providers/dns/cloudru/internal/types.go
index d233c73bc..713fd459a 100644
--- a/providers/dns/cloudru/internal/types.go
+++ b/providers/dns/cloudru/internal/types.go
@@ -38,9 +38,9 @@ type Zone struct {
Valid bool `json:"valid,omitempty"`
ValidationText string `json:"validationText,omitempty"`
Delegated bool `json:"delegated,omitempty"`
- LastCheck time.Time `json:"lastCheck,omitempty"`
- CreatedAt time.Time `json:"created_at,omitempty"`
- UpdatedAt time.Time `json:"updated_at,omitempty"`
+ LastCheck time.Time `json:"lastCheck,omitzero"`
+ CreatedAt time.Time `json:"created_at,omitzero"`
+ UpdatedAt time.Time `json:"updated_at,omitzero"`
}
type Record struct {
diff --git a/providers/dns/cloudxns/cloudxns.toml b/providers/dns/cloudxns/cloudxns.toml
index e87a741df..32eae8beb 100644
--- a/providers/dns/cloudxns/cloudxns.toml
+++ b/providers/dns/cloudxns/cloudxns.toml
@@ -9,7 +9,7 @@ Since = "v0.5.0"
Example = '''
CLOUDXNS_API_KEY=xxxx \
CLOUDXNS_SECRET_KEY=yyyy \
-lego --email you@example.com --dns cloudxns -d '*.example.com' -d example.com run
+lego --dns cloudxns -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/com35/com35.go b/providers/dns/com35/com35.go
new file mode 100644
index 000000000..4a9de3a18
--- /dev/null
+++ b/providers/dns/com35/com35.go
@@ -0,0 +1,104 @@
+// Package com35 implements a DNS provider for solving the DNS-01 challenge using 35.com/三五互联.
+package com35
+
+import (
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/westcn"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "COM35_"
+
+ EnvUsername = envNamespace + "USERNAME"
+ EnvPassword = envNamespace + "PASSWORD"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+const defaultBaseURL = "https://api.35.cn/api/v2"
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config = westcn.Config
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, 60),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ prv challenge.ProviderTimeout
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for 35.com/三五互联.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvUsername, EnvPassword)
+ if err != nil {
+ return nil, fmt.Errorf("35com: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.Username = values[EnvUsername]
+ config.Password = values[EnvPassword]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for 35.com/三五互联.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("35com: the configuration of the DNS provider is nil")
+ }
+
+ provider, err := westcn.NewDNSProviderConfig(config, defaultBaseURL)
+ if err != nil {
+ return nil, fmt.Errorf("35com: %w", err)
+ }
+
+ return &DNSProvider{prv: provider}, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ err := d.prv.Present(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("35com: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ err := d.prv.CleanUp(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("35com: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
+}
diff --git a/providers/dns/com35/com35.toml b/providers/dns/com35/com35.toml
new file mode 100644
index 000000000..386ee0043
--- /dev/null
+++ b/providers/dns/com35/com35.toml
@@ -0,0 +1,24 @@
+Name = "35.com/三五互联"
+Description = ''''''
+URL = "https://www.35.cn/"
+Code = "com35"
+Since = "v4.31.0"
+
+Example = '''
+COM35_USERNAME="xxx" \
+COM35_PASSWORD="yyy" \
+lego --dns com35 -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ COM35_USERNAME = "Username"
+ COM35_PASSWORD = "API password"
+ [Configuration.Additional]
+ COM35_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
+ COM35_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
+ COM35_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)"
+ COM35_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://api.35.cn/CustomerCenter/doc/domain_v2.html"
diff --git a/providers/dns/iwantmyname/iwantmyname_test.go b/providers/dns/com35/com35_test.go
similarity index 77%
rename from providers/dns/iwantmyname/iwantmyname_test.go
rename to providers/dns/com35/com35_test.go
index 7ae4545b2..78fd8f829 100644
--- a/providers/dns/iwantmyname/iwantmyname_test.go
+++ b/providers/dns/com35/com35_test.go
@@ -1,4 +1,4 @@
-package iwantmyname
+package com35
import (
"testing"
@@ -9,8 +9,7 @@ import (
const envDomain = envNamespace + "DOMAIN"
-var envTest = tester.NewEnvTest(EnvUsername, EnvPassword).
- WithDomain(envDomain)
+var envTest = tester.NewEnvTest(EnvUsername, EnvPassword).WithDomain(envDomain)
func TestNewDNSProvider(t *testing.T) {
testCases := []struct {
@@ -25,30 +24,33 @@ func TestNewDNSProvider(t *testing.T) {
EnvPassword: "secret",
},
},
- {
- desc: "missing credentials",
- envVars: map[string]string{},
- expected: "iwantmyname: some credentials information are missing: IWANTMYNAME_USERNAME,IWANTMYNAME_PASSWORD",
- },
{
desc: "missing username",
envVars: map[string]string{
+ EnvUsername: "",
EnvPassword: "secret",
},
- expected: "iwantmyname: some credentials information are missing: IWANTMYNAME_USERNAME",
+ expected: "35com: some credentials information are missing: COM35_USERNAME",
},
{
desc: "missing password",
envVars: map[string]string{
EnvUsername: "user",
+ EnvPassword: "",
},
- expected: "iwantmyname: some credentials information are missing: IWANTMYNAME_PASSWORD",
+ expected: "35com: some credentials information are missing: COM35_PASSWORD",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "35com: some credentials information are missing: COM35_USERNAME,COM35_PASSWORD",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -58,8 +60,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -79,19 +80,19 @@ func TestNewDNSProviderConfig(t *testing.T) {
username: "user",
password: "secret",
},
- {
- desc: "missing credentials",
- expected: "iwantmyname: credentials missing",
- },
{
desc: "missing username",
password: "secret",
- expected: "iwantmyname: credentials missing",
+ expected: "35com: credentials missing",
},
{
desc: "missing password",
username: "user",
- expected: "iwantmyname: credentials missing",
+ expected: "35com: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "35com: credentials missing",
},
}
@@ -106,8 +107,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -121,6 +121,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -134,6 +135,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/conoha/conoha.go b/providers/dns/conoha/conoha.go
index aa6c68ce9..f7658647c 100644
--- a/providers/dns/conoha/conoha.go
+++ b/providers/dns/conoha/conoha.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/conoha/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -98,6 +99,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
identifier.HTTPClient = config.HTTPClient
}
+ identifier.HTTPClient = clientdebug.Wrap(identifier.HTTPClient)
+
auth := internal.Auth{
TenantID: config.TenantID,
PasswordCredentials: internal.PasswordCredentials{
@@ -120,6 +123,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/conoha/conoha.toml b/providers/dns/conoha/conoha.toml
index 8bd83247e..be90acb0d 100644
--- a/providers/dns/conoha/conoha.toml
+++ b/providers/dns/conoha/conoha.toml
@@ -8,7 +8,7 @@ Example = '''
CONOHA_TENANT_ID=487727e3921d44e3bfe7ebb337bf085e \
CONOHA_API_USERNAME=xxxx \
CONOHA_API_PASSWORD=yyyy \
-lego --email you@example.com --dns conoha -d '*.example.com' -d example.com run
+lego --dns conoha -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/conoha/conoha_test.go b/providers/dns/conoha/conoha_test.go
index 9db5ba79f..c1c445d48 100644
--- a/providers/dns/conoha/conoha_test.go
+++ b/providers/dns/conoha/conoha_test.go
@@ -72,6 +72,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -155,6 +156,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -168,6 +170,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/conoha/internal/client.go b/providers/dns/conoha/internal/client.go
index 60d7fd6dc..2f039489b 100644
--- a/providers/dns/conoha/internal/client.go
+++ b/providers/dns/conoha/internal/client.go
@@ -124,6 +124,7 @@ func (c *Client) createRecord(ctx context.Context, domainID string, record Recor
}
newRecord := &Record{}
+
err = c.do(req, newRecord)
if err != nil {
return nil, err
diff --git a/providers/dns/conoha/internal/client_test.go b/providers/dns/conoha/internal/client_test.go
index 0b9242c08..5e06ffc1d 100644
--- a/providers/dns/conoha/internal/client_test.go
+++ b/providers/dns/conoha/internal/client_test.go
@@ -97,6 +97,7 @@ func TestClient_CreateRecord(t *testing.T) {
http.Error(rw, err.Error(), http.StatusBadRequest)
return
}
+
defer func() { _ = req.Body.Close() }()
if string(bytes.TrimSpace(raw)) != `{"name":"lego.com.","type":"TXT","data":"txtTXTtxt","ttl":300}` {
@@ -109,6 +110,7 @@ func TestClient_CreateRecord(t *testing.T) {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
+
defer func() { _ = file.Close() }()
_, _ = io.Copy(rw, file)
diff --git a/providers/dns/conohav3/conohav3.go b/providers/dns/conohav3/conohav3.go
index a6cb12cb1..c1eace827 100644
--- a/providers/dns/conohav3/conohav3.go
+++ b/providers/dns/conohav3/conohav3.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/conohav3/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -98,6 +99,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
identifier.HTTPClient = config.HTTPClient
}
+ identifier.HTTPClient = clientdebug.Wrap(identifier.HTTPClient)
+
auth := internal.Auth{
Identity: internal.Identity{
Methods: []string{"password"},
@@ -129,6 +132,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/conohav3/conohav3.toml b/providers/dns/conohav3/conohav3.toml
index 7608e6742..e2c80259d 100644
--- a/providers/dns/conohav3/conohav3.toml
+++ b/providers/dns/conohav3/conohav3.toml
@@ -8,7 +8,7 @@ Example = '''
CONOHAV3_TENANT_ID=487727e3921d44e3bfe7ebb337bf085e \
CONOHAV3_API_USER_ID=xxxx \
CONOHAV3_API_PASSWORD=yyyy \
-lego --email you@example.com --dns conohav3 -d '*.example.com' -d example.com run
+lego --dns conohav3 -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/conohav3/conohav3_test.go b/providers/dns/conohav3/conohav3_test.go
index 7bba8f0b5..d68ea3ebb 100644
--- a/providers/dns/conohav3/conohav3_test.go
+++ b/providers/dns/conohav3/conohav3_test.go
@@ -72,6 +72,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -155,6 +156,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -168,6 +170,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/conohav3/internal/client.go b/providers/dns/conohav3/internal/client.go
index fcbd7f5ac..2a9e7c2bc 100644
--- a/providers/dns/conohav3/internal/client.go
+++ b/providers/dns/conohav3/internal/client.go
@@ -124,6 +124,7 @@ func (c *Client) createRecord(ctx context.Context, domainID string, record Recor
}
newRecord := &Record{}
+
err = c.do(req, newRecord)
if err != nil {
return nil, err
diff --git a/providers/dns/conohav3/internal/client_test.go b/providers/dns/conohav3/internal/client_test.go
index babdadf7e..66babae49 100644
--- a/providers/dns/conohav3/internal/client_test.go
+++ b/providers/dns/conohav3/internal/client_test.go
@@ -98,6 +98,7 @@ func TestClient_CreateRecord(t *testing.T) {
http.Error(rw, err.Error(), http.StatusBadRequest)
return
}
+
defer func() { _ = req.Body.Close() }()
if string(bytes.TrimSpace(raw)) != `{"name":"lego.com.","type":"TXT","data":"txtTXTtxt","ttl":300}` {
@@ -110,6 +111,7 @@ func TestClient_CreateRecord(t *testing.T) {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
+
defer func() { _ = file.Close() }()
_, _ = io.Copy(rw, file)
diff --git a/providers/dns/conohav3/internal/identity.go b/providers/dns/conohav3/internal/identity.go
index 3bb7355ae..6a9ad7f1e 100644
--- a/providers/dns/conohav3/internal/identity.go
+++ b/providers/dns/conohav3/internal/identity.go
@@ -53,6 +53,7 @@ func (c *Identifier) do(req *http.Request) (string, error) {
if err != nil {
return "", errutils.NewHTTPDoError(req, err)
}
+
defer func() { _ = resp.Body.Close() }()
if resp.StatusCode != http.StatusCreated {
diff --git a/providers/dns/constellix/constellix.go b/providers/dns/constellix/constellix.go
index f981b4974..777e93308 100644
--- a/providers/dns/constellix/constellix.go
+++ b/providers/dns/constellix/constellix.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/constellix/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/hashicorp/go-retryablehttp"
)
@@ -96,7 +97,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
retryClient.HTTPClient = tr.Wrap(config.HTTPClient)
retryClient.Backoff = backoff
- client := internal.NewClient(retryClient.StandardClient())
+ client := internal.NewClient(clientdebug.Wrap(retryClient.StandardClient()))
return &DNSProvider{config: config, client: client}, nil
}
@@ -199,6 +200,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("constellix: failed to delete TXT records: %w", err)
}
+
return nil
}
diff --git a/providers/dns/constellix/constellix.toml b/providers/dns/constellix/constellix.toml
index c4ae0a194..171a0de99 100644
--- a/providers/dns/constellix/constellix.toml
+++ b/providers/dns/constellix/constellix.toml
@@ -7,7 +7,7 @@ Since = "v3.4.0"
Example = '''
CONSTELLIX_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
CONSTELLIX_SECRET_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
-lego --email you@example.com --dns constellix -d '*.example.com' -d example.com run
+lego --dns constellix -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/constellix/constellix_test.go b/providers/dns/constellix/constellix_test.go
index e3a30caca..e38258292 100644
--- a/providers/dns/constellix/constellix_test.go
+++ b/providers/dns/constellix/constellix_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -129,6 +130,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -142,6 +144,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/constellix/internal/auth.go b/providers/dns/constellix/internal/auth.go
index 1a136012d..9193572eb 100644
--- a/providers/dns/constellix/internal/auth.go
+++ b/providers/dns/constellix/internal/auth.go
@@ -28,6 +28,7 @@ func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) {
if apiKey == "" {
return nil, errors.New("credentials missing: API key")
}
+
if secretKey == "" {
return nil, errors.New("credentials missing: secret key")
}
@@ -57,6 +58,7 @@ func (t *TokenTransport) transport() http.RoundTripper {
if t.Transport != nil {
return t.Transport
}
+
return http.DefaultTransport
}
diff --git a/providers/dns/constellix/internal/domains.go b/providers/dns/constellix/internal/domains.go
index 485f0d537..fa7027f55 100644
--- a/providers/dns/constellix/internal/domains.go
+++ b/providers/dns/constellix/internal/domains.go
@@ -30,10 +30,12 @@ func (s *DomainService) GetAll(ctx context.Context, params *PaginationParameters
if errQ != nil {
return nil, errQ
}
+
req.URL.RawQuery = v.Encode()
}
var domains []Domain
+
err = s.client.do(req, &domains)
if err != nil {
return nil, err
@@ -78,6 +80,7 @@ func (s *DomainService) Search(ctx context.Context, filter searchFilter, value s
req.URL.RawQuery = query.Encode()
var domains []Domain
+
err = s.client.do(req, &domains)
if err != nil {
var nf *NotFound
diff --git a/providers/dns/constellix/internal/domains_test.go b/providers/dns/constellix/internal/domains_test.go
index 2d92fb8f3..468db4613 100644
--- a/providers/dns/constellix/internal/domains_test.go
+++ b/providers/dns/constellix/internal/domains_test.go
@@ -30,10 +30,10 @@ func TestDomainService_GetAll(t *testing.T) {
require.NoError(t, err)
expected := []Domain{
- {ID: 273301, Name: "aaa.wtf", TypeID: 1, Version: 9, Status: "ACTIVE"},
- {ID: 273302, Name: "bbb.wtf", TypeID: 1, Version: 9, Status: "ACTIVE"},
- {ID: 273303, Name: "ccc.wtf", TypeID: 1, Version: 9, Status: "ACTIVE"},
- {ID: 273304, Name: "ddd.wtf", TypeID: 1, Version: 9, Status: "ACTIVE"},
+ {ID: 273301, Name: "aaa.example", TypeID: 1, Version: 9, Status: "ACTIVE"},
+ {ID: 273302, Name: "bbb.example", TypeID: 1, Version: 9, Status: "ACTIVE"},
+ {ID: 273303, Name: "ccc.example", TypeID: 1, Version: 9, Status: "ACTIVE"},
+ {ID: 273304, Name: "ddd.example", TypeID: 1, Version: 9, Status: "ACTIVE"},
}
assert.Equal(t, expected, data)
@@ -44,14 +44,14 @@ func TestDomainService_Search(t *testing.T) {
Route("GET /v1/domains/search",
servermock.ResponseFromFixture("domains-Search.json"),
servermock.CheckQueryParameter().Strict().
- With("exact", "lego.wtf")).
+ With("exact", "example.com")).
Build(t)
- data, err := client.Domains.Search(t.Context(), Exact, "lego.wtf")
+ data, err := client.Domains.Search(t.Context(), Exact, "example.com")
require.NoError(t, err)
expected := []Domain{
- {ID: 273302, Name: "lego.wtf", TypeID: 1, Version: 9, Status: "ACTIVE"},
+ {ID: 273302, Name: "example.com", TypeID: 1, Version: 9, Status: "ACTIVE"},
}
assert.Equal(t, expected, data)
diff --git a/providers/dns/constellix/internal/fixtures/domains-GetAll.json b/providers/dns/constellix/internal/fixtures/domains-GetAll.json
index 5ff2ad41d..8ccb4e52c 100644
--- a/providers/dns/constellix/internal/fixtures/domains-GetAll.json
+++ b/providers/dns/constellix/internal/fixtures/domains-GetAll.json
@@ -1,7 +1,7 @@
[
{
"id": 273301,
- "name": "aaa.wtf",
+ "name": "aaa.example",
"soa": {
"primaryNameserver": "ns11.constellix.com.",
"email": "dns.constellix.com.",
@@ -36,7 +36,7 @@
},
{
"id": 273302,
- "name": "bbb.wtf",
+ "name": "bbb.example",
"soa": {
"primaryNameserver": "ns11.constellix.com.",
"email": "dns.constellix.com.",
@@ -71,7 +71,7 @@
},
{
"id": 273303,
- "name": "ccc.wtf",
+ "name": "ccc.example",
"soa": {
"primaryNameserver": "ns11.constellix.com.",
"email": "dns.constellix.com.",
@@ -106,7 +106,7 @@
},
{
"id": 273304,
- "name": "ddd.wtf",
+ "name": "ddd.example",
"soa": {
"primaryNameserver": "ns11.constellix.com.",
"email": "dns.constellix.com.",
diff --git a/providers/dns/constellix/internal/fixtures/domains-Search.json b/providers/dns/constellix/internal/fixtures/domains-Search.json
index 5d018a39a..c33272515 100644
--- a/providers/dns/constellix/internal/fixtures/domains-Search.json
+++ b/providers/dns/constellix/internal/fixtures/domains-Search.json
@@ -1,7 +1,7 @@
[
{
"id": 273302,
- "name": "lego.wtf",
+ "name": "example.com",
"soa": {
"primaryNameserver": "ns11.constellix.com.",
"email": "dns.constellix.com.",
diff --git a/providers/dns/constellix/internal/txtrecords.go b/providers/dns/constellix/internal/txtrecords.go
index 7880da4d2..bd00d84b7 100644
--- a/providers/dns/constellix/internal/txtrecords.go
+++ b/providers/dns/constellix/internal/txtrecords.go
@@ -32,6 +32,7 @@ func (s *TxtRecordService) Create(ctx context.Context, domainID int64, record Re
}
var records []Record
+
err = s.client.do(req, &records)
if err != nil {
return nil, err
@@ -54,6 +55,7 @@ func (s *TxtRecordService) GetAll(ctx context.Context, domainID int64) ([]Record
}
var records []Record
+
err = s.client.do(req, &records)
if err != nil {
return nil, err
@@ -76,6 +78,7 @@ func (s *TxtRecordService) Get(ctx context.Context, domainID, recordID int64) (*
}
var records Record
+
err = s.client.do(req, &records)
if err != nil {
return nil, err
@@ -103,6 +106,7 @@ func (s *TxtRecordService) Update(ctx context.Context, domainID, recordID int64,
}
var msg SuccessMessage
+
err = s.client.do(req, &msg)
if err != nil {
return nil, err
@@ -125,6 +129,7 @@ func (s *TxtRecordService) Delete(ctx context.Context, domainID, recordID int64)
}
var msg *SuccessMessage
+
err = s.client.do(req, &msg)
if err != nil {
return nil, err
diff --git a/providers/dns/corenetworks/corenetworks.go b/providers/dns/corenetworks/corenetworks.go
index 119b3c16b..cde58a2bf 100644
--- a/providers/dns/corenetworks/corenetworks.go
+++ b/providers/dns/corenetworks/corenetworks.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/corenetworks/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -90,6 +91,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/corenetworks/corenetworks.toml b/providers/dns/corenetworks/corenetworks.toml
index 8546d8723..09840bb1b 100644
--- a/providers/dns/corenetworks/corenetworks.toml
+++ b/providers/dns/corenetworks/corenetworks.toml
@@ -7,7 +7,7 @@ Since = "v4.20.0"
Example = '''
CORENETWORKS_LOGIN="xxxx" \
CORENETWORKS_PASSWORD="yyyy" \
-lego --email you@example.com --dns corenetworks -d '*.example.com' -d example.com run
+lego --dns corenetworks -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/corenetworks/corenetworks_test.go b/providers/dns/corenetworks/corenetworks_test.go
index 3cd80f88d..911693468 100644
--- a/providers/dns/corenetworks/corenetworks_test.go
+++ b/providers/dns/corenetworks/corenetworks_test.go
@@ -43,6 +43,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -111,6 +112,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -124,6 +126,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/corenetworks/internal/client.go b/providers/dns/corenetworks/internal/client.go
index ea2d7efa2..bdc17f2c1 100644
--- a/providers/dns/corenetworks/internal/client.go
+++ b/providers/dns/corenetworks/internal/client.go
@@ -47,6 +47,7 @@ func (c *Client) ListZone(ctx context.Context) ([]Zone, error) {
}
var zones []Zone
+
err = c.do(req, &zones)
if err != nil {
return nil, err
@@ -66,6 +67,7 @@ func (c *Client) GetZoneDetails(ctx context.Context, zone string) (*ZoneDetails,
}
var details ZoneDetails
+
err = c.do(req, &details)
if err != nil {
return nil, err
@@ -85,6 +87,7 @@ func (c *Client) ListRecords(ctx context.Context, zone string) ([]Record, error)
}
var records []Record
+
err = c.do(req, &records)
if err != nil {
return nil, err
diff --git a/providers/dns/corenetworks/internal/identity.go b/providers/dns/corenetworks/internal/identity.go
index 8f5a2ee9a..a7e7448c0 100644
--- a/providers/dns/corenetworks/internal/identity.go
+++ b/providers/dns/corenetworks/internal/identity.go
@@ -22,6 +22,7 @@ func (c *Client) CreateAuthenticationToken(ctx context.Context) (*Token, error)
}
var token Token
+
err = c.do(req, &token)
if err != nil {
return nil, err
diff --git a/providers/dns/cpanel/cpanel.go b/providers/dns/cpanel/cpanel.go
index 4c80e4db8..f335c0a8c 100644
--- a/providers/dns/cpanel/cpanel.go
+++ b/providers/dns/cpanel/cpanel.go
@@ -17,6 +17,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/cpanel/internal/cpanel"
"github.com/go-acme/lego/v4/providers/dns/cpanel/internal/shared"
"github.com/go-acme/lego/v4/providers/dns/cpanel/internal/whm"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -146,12 +147,16 @@ func (d *DNSProvider) Present(domain, _, keyAuth string) error {
valueB64 := base64.StdEncoding.EncodeToString([]byte(info.Value))
- var found bool
- var existingRecord shared.ZoneRecord
+ var (
+ found bool
+ existingRecord shared.ZoneRecord
+ )
+
for _, record := range zoneInfo {
if slices.Contains(record.DataB64, valueB64) {
existingRecord = record
found = true
+
break
}
}
@@ -220,12 +225,16 @@ func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
valueB64 := base64.StdEncoding.EncodeToString([]byte(info.Value))
- var found bool
- var existingRecord shared.ZoneRecord
+ var (
+ found bool
+ existingRecord shared.ZoneRecord
+ )
+
for _, record := range zoneInfo {
if slices.Contains(record.DataB64, valueB64) {
existingRecord = record
found = true
+
break
}
}
@@ -235,6 +244,7 @@ func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
}
var newData []string
+
for _, dataB64 := range existingRecord.DataB64 {
if dataB64 == valueB64 {
continue
@@ -291,6 +301,7 @@ func getZoneSerial(zoneFqdn string, zoneInfo []shared.ZoneRecord) (uint32, error
}
var newSerial uint32
+
_, err = fmt.Sscan(string(data), &newSerial)
if err != nil {
return 0, fmt.Errorf("decode serial DNameB64, invalid serial value %q: %w", string(data), err)
@@ -314,6 +325,8 @@ func createClient(config *Config) (apiClient, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return client, nil
case "whm":
@@ -326,6 +339,8 @@ func createClient(config *Config) (apiClient, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return client, nil
default:
diff --git a/providers/dns/cpanel/cpanel.toml b/providers/dns/cpanel/cpanel.toml
index faed2abe2..b64adf0cf 100644
--- a/providers/dns/cpanel/cpanel.toml
+++ b/providers/dns/cpanel/cpanel.toml
@@ -10,7 +10,7 @@ Example = '''
CPANEL_USERNAME="yyyy" \
CPANEL_TOKEN="xxxx" \
CPANEL_BASE_URL="https://example.com:2083" \
-lego --email you@example.com --dns cpanel -d '*.example.com' -d example.com run
+lego --dns cpanel -d '*.example.com' -d example.com run
## WHM
@@ -18,7 +18,7 @@ CPANEL_MODE=whm \
CPANEL_USERNAME="yyyy" \
CPANEL_TOKEN="xxxx" \
CPANEL_BASE_URL="https://example.com:2087" \
-lego --email you@example.com --dns cpanel -d '*.example.com' -d example.com run
+lego --dns cpanel -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/cpanel/cpanel_test.go b/providers/dns/cpanel/cpanel_test.go
index 614b9e1c7..5d85b8b5b 100644
--- a/providers/dns/cpanel/cpanel_test.go
+++ b/providers/dns/cpanel/cpanel_test.go
@@ -75,6 +75,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -282,6 +283,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -295,6 +297,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/cpanel/internal/cpanel/types.go b/providers/dns/cpanel/internal/cpanel/types.go
index cb4dbd535..0a3053647 100644
--- a/providers/dns/cpanel/internal/cpanel/types.go
+++ b/providers/dns/cpanel/internal/cpanel/types.go
@@ -6,7 +6,7 @@ import (
)
type APIResponse[T any] struct {
- Metadata Metadata `json:"metadata,omitempty"`
+ Metadata Metadata `json:"metadata"`
Data T `json:"data,omitempty"`
Status int `json:"status,omitempty"`
diff --git a/providers/dns/cpanel/internal/whm/types.go b/providers/dns/cpanel/internal/whm/types.go
index f1884a04d..d0604a565 100644
--- a/providers/dns/cpanel/internal/whm/types.go
+++ b/providers/dns/cpanel/internal/whm/types.go
@@ -7,7 +7,7 @@ import (
)
type APIResponse[T any] struct {
- Metadata Metadata `json:"metadata,omitempty"`
+ Metadata Metadata `json:"metadata"`
Data T `json:"data,omitempty"`
}
diff --git a/providers/dns/czechia/czechia.go b/providers/dns/czechia/czechia.go
new file mode 100644
index 000000000..3ff397c35
--- /dev/null
+++ b/providers/dns/czechia/czechia.go
@@ -0,0 +1,159 @@
+// Package czechia implements a DNS provider for solving the DNS-01 challenge using Czechia.
+package czechia
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/czechia/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "CZECHIA_"
+
+ EnvToken = envNamespace + "TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Token string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Czechia.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvToken)
+ if err != nil {
+ return nil, fmt.Errorf("czechia: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.Token = values[EnvToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Czechia.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("czechia: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.Token)
+ if err != nil {
+ return nil, fmt.Errorf("czechia: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("czechia: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("czechia: %w", err)
+ }
+
+ record := internal.TXTRecord{
+ Hostname: subDomain,
+ Text: info.Value,
+ TTL: d.config.TTL,
+ PublishZone: 1,
+ }
+
+ err = d.client.AddTXTRecord(ctx, dns01.UnFqdn(authZone), record)
+ if err != nil {
+ return fmt.Errorf("czechia: add TXT record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("czechia: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("czechia: %w", err)
+ }
+
+ record := internal.TXTRecord{
+ Hostname: subDomain,
+ Text: info.Value,
+ TTL: d.config.TTL,
+ PublishZone: 1,
+ }
+
+ err = d.client.DeleteTXTRecord(ctx, dns01.UnFqdn(authZone), record)
+ if err != nil {
+ return fmt.Errorf("czechia: delete TXT record: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/czechia/czechia.toml b/providers/dns/czechia/czechia.toml
new file mode 100644
index 000000000..2a66d2054
--- /dev/null
+++ b/providers/dns/czechia/czechia.toml
@@ -0,0 +1,22 @@
+Name = "Czechia"
+Description = ''''''
+URL = "https://www.czechia.com/"
+Code = "czechia"
+Since = "v4.33.0"
+
+Example = '''
+CZECHIA_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
+lego --dns czechia -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ CZECHIA_TOKEN = "Authorization token"
+ [Configuration.Additional]
+ CZECHIA_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ CZECHIA_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ CZECHIA_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ CZECHIA_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://api.czechia.com/swagger/index.html"
diff --git a/providers/dns/czechia/czechia_test.go b/providers/dns/czechia/czechia_test.go
new file mode 100644
index 000000000..7d9a2676c
--- /dev/null
+++ b/providers/dns/czechia/czechia_test.go
@@ -0,0 +1,165 @@
+package czechia
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvToken).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvToken: "secret",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "czechia: some credentials information are missing: CZECHIA_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ token string
+ expected string
+ }{
+ {
+ desc: "success",
+ token: "secret",
+ },
+ {
+ desc: "missing credentials",
+ expected: "czechia: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.Token = test.token
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.Token = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With("AuthorizationToken", "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /DNS/example.com/TXT",
+ servermock.Noop(),
+ servermock.CheckRequestJSONBodyFromInternal("add_txt_record-request.json"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /DNS/example.com/TXT",
+ servermock.Noop(),
+ servermock.CheckRequestJSONBodyFromInternal("add_txt_record-request.json"),
+ ).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/czechia/internal/client.go b/providers/dns/czechia/internal/client.go
new file mode 100644
index 000000000..f3e0e462e
--- /dev/null
+++ b/providers/dns/czechia/internal/client.go
@@ -0,0 +1,124 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+const defaultBaseURL = "https://api.czechia.com/api"
+
+const authorizationTokenHeader = "AuthorizationToken"
+
+// Client the Czechia API client.
+type Client struct {
+ token string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(token string) (*Client, error) {
+ if token == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ token: token,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) AddTXTRecord(ctx context.Context, domain string, record TXTRecord) error {
+ endpoint := c.BaseURL.JoinPath("DNS", domain, "TXT")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, record)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) DeleteTXTRecord(ctx context.Context, domain string, record TXTRecord) error {
+ endpoint := c.BaseURL.JoinPath("DNS", domain, "TXT")
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, record)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Set(authorizationTokenHeader, c.token)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
diff --git a/providers/dns/czechia/internal/client_test.go b/providers/dns/czechia/internal/client_test.go
new file mode 100644
index 000000000..c6f1141c5
--- /dev/null
+++ b/providers/dns/czechia/internal/client_test.go
@@ -0,0 +1,67 @@
+package internal
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With(authorizationTokenHeader, "secret"),
+ )
+}
+
+func TestClient_AddTXTRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /DNS/example.com/TXT",
+ servermock.Noop(),
+ servermock.CheckRequestJSONBodyFromFixture("add_txt_record-request.json"),
+ ).
+ Build(t)
+
+ record := TXTRecord{
+ Hostname: "_acme-challenge",
+ Text: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ PublishZone: 1,
+ }
+
+ err := client.AddTXTRecord(t.Context(), "example.com", record)
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteTXTRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /DNS/example.com/TXT",
+ servermock.Noop(),
+ servermock.CheckRequestJSONBodyFromFixture("add_txt_record-request.json"),
+ ).
+ Build(t)
+
+ record := TXTRecord{
+ Hostname: "_acme-challenge",
+ Text: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ PublishZone: 1,
+ }
+
+ err := client.DeleteTXTRecord(t.Context(), "example.com", record)
+ require.NoError(t, err)
+}
diff --git a/providers/dns/czechia/internal/fixtures/add_txt_record-request.json b/providers/dns/czechia/internal/fixtures/add_txt_record-request.json
new file mode 100644
index 000000000..ed5830093
--- /dev/null
+++ b/providers/dns/czechia/internal/fixtures/add_txt_record-request.json
@@ -0,0 +1,6 @@
+{
+ "hostName": "_acme-challenge",
+ "text": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120,
+ "publishZone": 1
+}
diff --git a/providers/dns/czechia/internal/fixtures/delete_txt_record-request.json b/providers/dns/czechia/internal/fixtures/delete_txt_record-request.json
new file mode 100644
index 000000000..ed5830093
--- /dev/null
+++ b/providers/dns/czechia/internal/fixtures/delete_txt_record-request.json
@@ -0,0 +1,6 @@
+{
+ "hostName": "_acme-challenge",
+ "text": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120,
+ "publishZone": 1
+}
diff --git a/providers/dns/czechia/internal/types.go b/providers/dns/czechia/internal/types.go
new file mode 100644
index 000000000..f4a9bfef7
--- /dev/null
+++ b/providers/dns/czechia/internal/types.go
@@ -0,0 +1,8 @@
+package internal
+
+type TXTRecord struct {
+ Hostname string `json:"hostName,omitempty"`
+ Text string `json:"text,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ PublishZone int `json:"publishZone,omitempty"`
+}
diff --git a/providers/dns/ddnss/ddnss.go b/providers/dns/ddnss/ddnss.go
new file mode 100644
index 000000000..381151c55
--- /dev/null
+++ b/providers/dns/ddnss/ddnss.go
@@ -0,0 +1,130 @@
+// Package ddnss implements a DNS provider for solving the DNS-01 challenge using DynDNS Service.
+package ddnss
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/ddnss/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "DDNSS_"
+
+ EnvKey = envNamespace + "KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+ EnvSequenceInterval = envNamespace + "SEQUENCE_INTERVAL"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Key string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ SequenceInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ SequenceInterval: env.GetOrDefaultSecond(EnvSequenceInterval, dns01.DefaultPropagationTimeout),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for DynDNS Service.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvKey)
+ if err != nil {
+ return nil, fmt.Errorf("ddnss: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.Key = values[EnvKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for DynDNS Service.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("ddnss: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(&internal.Authentication{Key: config.Key})
+ if err != nil {
+ return nil, fmt.Errorf("ddnss: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ err := d.client.AddTXTRecord(context.Background(), dns01.UnFqdn(info.EffectiveFQDN), info.Value)
+ if err != nil {
+ return fmt.Errorf("ddnss: add TXT record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ err := d.client.RemoveTXTRecord(context.Background(), dns01.UnFqdn(info.EffectiveFQDN))
+ if err != nil {
+ return fmt.Errorf("ddnss: remove TXT record: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Sequential All DNS challenges for this provider will be resolved sequentially.
+// Returns the interval between each iteration.
+func (d *DNSProvider) Sequential() time.Duration {
+ return d.config.SequenceInterval
+}
diff --git a/providers/dns/ddnss/ddnss.toml b/providers/dns/ddnss/ddnss.toml
new file mode 100644
index 000000000..0d0a7132c
--- /dev/null
+++ b/providers/dns/ddnss/ddnss.toml
@@ -0,0 +1,23 @@
+Name = "DDnss (DynDNS Service)"
+Description = ''''''
+URL = "https://ddnss.de/"
+Code = "ddnss"
+Since = "v4.32.0"
+
+Example = '''
+DDNSS_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --dns ddnss -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ DDNSS_KEY = "Update key"
+ [Configuration.Additional]
+ DDNSS_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ DDNSS_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ DDNSS_SEQUENCE_INTERVAL = "Time between sequential requests in seconds (Default: 60)"
+ DDNSS_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ DDNSS_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://ddnss.de/info.php"
diff --git a/providers/dns/ddnss/ddnss_test.go b/providers/dns/ddnss/ddnss_test.go
new file mode 100644
index 000000000..5b1d7df58
--- /dev/null
+++ b/providers/dns/ddnss/ddnss_test.go
@@ -0,0 +1,168 @@
+package ddnss
+
+import (
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvKey: "secret",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "ddnss: some credentials information are missing: DDNSS_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ Key string
+ expected string
+ }{
+ {
+ desc: "success",
+ Key: "secret",
+ },
+ {
+ desc: "missing credentials",
+ expected: "ddnss: missing credentials",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.Key = test.Key
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.Key = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL = server.URL
+
+ return p, nil
+ },
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /",
+ servermock.ResponseFromInternal("success.html"),
+ servermock.CheckQueryParameter().Strict().
+ With("host", "_acme-challenge.example.com").
+ With("key", "secret").
+ With("txt", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ With("txtm", "1"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /",
+ servermock.ResponseFromInternal("success.html"),
+ servermock.CheckQueryParameter().Strict().
+ With("host", "_acme-challenge.example.com").
+ With("key", "secret").
+ With("txtm", "2"),
+ ).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/ddnss/internal/client.go b/providers/dns/ddnss/internal/client.go
new file mode 100644
index 000000000..a0cf4b4a6
--- /dev/null
+++ b/providers/dns/ddnss/internal/client.go
@@ -0,0 +1,137 @@
+package internal
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strings"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ "golang.org/x/net/html"
+)
+
+const defaultBaseURL = "https://ddnss.de/upd.php"
+
+// Client the DDns API client.
+type Client struct {
+ auth *Authentication
+
+ BaseURL string
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(auth *Authentication) (*Client, error) {
+ if auth == nil {
+ return nil, errors.New("credentials missing")
+ }
+
+ err := auth.validate()
+ if err != nil {
+ return nil, err
+ }
+
+ return &Client{
+ auth: auth,
+ BaseURL: defaultBaseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) AddTXTRecord(ctx context.Context, host, value string) error {
+ return c.update(ctx, map[string]string{
+ "host": host,
+ "txt": value,
+ "txtm": "1",
+ })
+}
+
+func (c *Client) RemoveTXTRecord(ctx context.Context, host string) error {
+ return c.update(ctx, map[string]string{
+ "host": host,
+ "txtm": "2",
+ })
+}
+
+func (c *Client) update(ctx context.Context, params map[string]string) error {
+ endpoint, err := url.Parse(c.BaseURL)
+ if err != nil {
+ return err
+ }
+
+ query := endpoint.Query()
+
+ for k, v := range params {
+ query.Set(k, v)
+ }
+
+ c.auth.set(query)
+
+ endpoint.RawQuery = query.Encode()
+
+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint.String(), nil)
+ if err != nil {
+ return fmt.Errorf("unable to create request: %w", err)
+ }
+
+ useragent.SetHeader(req.Header)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ content, err := readPage(raw)
+ if err != nil {
+ return err
+ }
+
+ if strings.Contains(content, "Updated 1 hostname.") {
+ return nil
+ }
+
+ return fmt.Errorf("unexpected response: %s", content)
+}
+
+func readPage(raw []byte) (string, error) {
+ page, err := html.Parse(strings.NewReader(string(raw)))
+ if err != nil {
+ return "", err
+ }
+
+ var b strings.Builder
+ extractText(page, &b)
+
+ return strings.TrimSpace(b.String()), nil
+}
+
+func extractText(n *html.Node, b *strings.Builder) {
+ if n.Type == html.TextNode {
+ text := strings.TrimSpace(n.Data)
+ if text != "" {
+ b.WriteString(text + " ")
+ }
+ }
+
+ for c := n.FirstChild; c != nil; c = c.NextSibling {
+ extractText(c, b)
+ }
+}
diff --git a/providers/dns/ddnss/internal/client_test.go b/providers/dns/ddnss/internal/client_test.go
new file mode 100644
index 000000000..3faddded0
--- /dev/null
+++ b/providers/dns/ddnss/internal/client_test.go
@@ -0,0 +1,56 @@
+package internal
+
+import (
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(&Authentication{Key: "secret"})
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL = server.URL
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ )
+}
+
+func TestClient_AddTXTRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /",
+ servermock.ResponseFromFixture("success.html"),
+ servermock.CheckQueryParameter().Strict().
+ With("host", "_acme-challenge.example.com").
+ With("key", "secret").
+ With("txt", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ With("txtm", "1"),
+ ).
+ Build(t)
+
+ err := client.AddTXTRecord(t.Context(), "_acme-challenge.example.com", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY")
+ require.NoError(t, err)
+}
+
+func TestClient_RemoveTXTRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /",
+ servermock.ResponseFromFixture("success.html"),
+ servermock.CheckQueryParameter().Strict().
+ With("host", "_acme-challenge.example.com").
+ With("key", "secret").
+ With("txtm", "2"),
+ ).
+ Build(t)
+
+ err := client.RemoveTXTRecord(t.Context(), "_acme-challenge.example.com")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/ddnss/internal/fixtures/error.html b/providers/dns/ddnss/internal/fixtures/error.html
new file mode 100644
index 000000000..f0599ad9a
--- /dev/null
+++ b/providers/dns/ddnss/internal/fixtures/error.html
@@ -0,0 +1,12 @@
+
+
+ DDNSS - Kostenloser DynDNS Service : Re-ProutDNS v5.01v
+
+
+
+Error Occurred While Processing Request :
+
+ - badysys : Der System Parameter ist ungültig.
+ - badauth : Die Authorisation ist fehlgeschlagen. Die Parameter username und/oder password sind falsch.
+ - notfqdn : Hostname fehlt oder ist falsch.
+
diff --git a/providers/dns/ddnss/internal/fixtures/success.html b/providers/dns/ddnss/internal/fixtures/success.html
new file mode 100644
index 000000000..f51957334
--- /dev/null
+++ b/providers/dns/ddnss/internal/fixtures/success.html
@@ -0,0 +1,8 @@
+
+
+ DDNSS - Kostenloser DynDNS Service : Re-ProutDNS v5.01v
+
+
+
+Updated 1 hostname.
+
diff --git a/providers/dns/ddnss/internal/types.go b/providers/dns/ddnss/internal/types.go
new file mode 100644
index 000000000..37d41e076
--- /dev/null
+++ b/providers/dns/ddnss/internal/types.go
@@ -0,0 +1,39 @@
+package internal
+
+import (
+ "errors"
+ "net/url"
+)
+
+type Authentication struct {
+ Username string `url:"user,omitempty"`
+ Password string `url:"pwd,omitempty"`
+ Key string `url:"key,omitempty"`
+}
+
+func (a *Authentication) validate() error {
+ if a.Username == "" && a.Password == "" && a.Key == "" {
+ return errors.New("missing credentials")
+ }
+
+ if a.Username != "" && a.Password != "" && a.Key != "" {
+ return errors.New("only one of username, password or key can be set")
+ }
+
+ if (a.Username != "" && a.Password == "") || a.Username == "" && a.Password != "" {
+ return errors.New("username and password must be set together")
+ }
+
+ return nil
+}
+
+func (a *Authentication) set(query url.Values) {
+ if a.Key != "" {
+ query.Set("key", a.Key)
+
+ return
+ }
+
+ query.Set("user", a.Username)
+ query.Set("pwd", a.Password)
+}
diff --git a/providers/dns/derak/derak.go b/providers/dns/derak/derak.go
index 6e726620a..78165b936 100644
--- a/providers/dns/derak/derak.go
+++ b/providers/dns/derak/derak.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/derak/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/miekg/dns"
)
@@ -94,6 +95,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -160,6 +163,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("derak: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
diff --git a/providers/dns/derak/derak.toml b/providers/dns/derak/derak.toml
index 45d7e1fcf..72f49883a 100644
--- a/providers/dns/derak/derak.toml
+++ b/providers/dns/derak/derak.toml
@@ -6,7 +6,7 @@ Since = "v4.12.0"
Example = '''
DERAK_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns derak -d '*.example.com' -d example.com run
+lego --dns derak -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/derak/derak_test.go b/providers/dns/derak/derak_test.go
index e58cfb6c1..b83eb2c8c 100644
--- a/providers/dns/derak/derak_test.go
+++ b/providers/dns/derak/derak_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -92,6 +93,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -105,6 +107,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/derak/internal/client.go b/providers/dns/derak/internal/client.go
index a7c11f895..4352e198b 100644
--- a/providers/dns/derak/internal/client.go
+++ b/providers/dns/derak/internal/client.go
@@ -44,6 +44,7 @@ func (c *Client) GetRecords(ctx context.Context, zoneID string, params *GetRecor
if err != nil {
return nil, err
}
+
endpoint.RawQuery = v.Encode()
req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
@@ -52,6 +53,7 @@ func (c *Client) GetRecords(ctx context.Context, zoneID string, params *GetRecor
}
response := &GetRecordsResponse{}
+
err = c.do(req, response)
if err != nil {
return nil, err
@@ -70,6 +72,7 @@ func (c *Client) GetRecord(ctx context.Context, zoneID, recordID string) (*Recor
}
response := &Record{}
+
err = c.do(req, response)
if err != nil {
return nil, err
@@ -88,6 +91,7 @@ func (c *Client) CreateRecord(ctx context.Context, zoneID string, record Record)
}
response := &Record{}
+
err = c.do(req, response)
if err != nil {
return nil, err
@@ -106,6 +110,7 @@ func (c *Client) EditRecord(ctx context.Context, zoneID, recordID string, record
}
response := &Record{}
+
err = c.do(req, response)
if err != nil {
return nil, err
@@ -147,6 +152,7 @@ func (c *Client) GetZones(ctx context.Context) ([]Zone, error) {
}
response := &APIResponse[[]Zone]{}
+
err = c.do(req, response)
if err != nil {
return nil, err
@@ -221,6 +227,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var response APIResponse[any]
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/derak/internal/types.go b/providers/dns/derak/internal/types.go
index 15ed00617..02116314f 100644
--- a/providers/dns/derak/internal/types.go
+++ b/providers/dns/derak/internal/types.go
@@ -46,7 +46,7 @@ type Zone struct {
HumanReadable string `json:"humanReadable,omitempty"`
Serial string `json:"serial,omitempty"`
CreationTime int64 `json:"creationTime,omitempty"`
- CreationTimeDate time.Time `json:"creationTimeDate,omitempty"`
+ CreationTimeDate time.Time `json:"creationTimeDate,omitzero"`
Status string `json:"status,omitempty"`
IsMoved bool `json:"is_moved,omitempty"`
Paused bool `json:"paused,omitempty"`
diff --git a/providers/dns/desec/desec.go b/providers/dns/desec/desec.go
index 9d1e20e53..9cc54f65e 100644
--- a/providers/dns/desec/desec.go
+++ b/providers/dns/desec/desec.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/nrdcg/desec"
)
@@ -88,6 +89,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config.HTTPClient != nil {
opts.HTTPClient = config.HTTPClient
}
+
+ opts.HTTPClient = clientdebug.Wrap(opts.HTTPClient)
+
opts.Logger = log.Default()
client := desec.New(config.Token, opts)
@@ -176,6 +180,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
records := make([]string, 0)
+
for _, record := range rrSet.Records {
if record != fmt.Sprintf(`%q`, info.Value) {
records = append(records, record)
diff --git a/providers/dns/desec/desec.toml b/providers/dns/desec/desec.toml
index a79b38cd3..f7e66ae07 100644
--- a/providers/dns/desec/desec.toml
+++ b/providers/dns/desec/desec.toml
@@ -6,7 +6,7 @@ Since = "v3.7.0"
Example = '''
DESEC_TOKEN=x-xxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns desec -d '*.example.com' -d example.com run
+lego --dns desec -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/desec/desec_test.go b/providers/dns/desec/desec_test.go
index f91f9e82a..93d9bd010 100644
--- a/providers/dns/desec/desec_test.go
+++ b/providers/dns/desec/desec_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -93,6 +94,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -106,6 +108,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/designate/designate.go b/providers/dns/designate/designate.go
index c58baaace..41bf251f6 100644
--- a/providers/dns/designate/designate.go
+++ b/providers/dns/designate/designate.go
@@ -68,8 +68,9 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *gophercloud.ServiceClient
+ config *Config
+ client *gophercloud.ServiceClient
+
dnsEntriesMu sync.Mutex
}
@@ -85,7 +86,6 @@ func NewDNSProvider() (*DNSProvider, error) {
opts, erro := clientconfig.AuthOptions(&clientconfig.ClientOpts{
Cloud: val[EnvCloud],
})
-
if erro != nil {
return nil, fmt.Errorf("designate: %w", erro)
}
@@ -202,6 +202,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("designate: error for %s in CleanUp: %w", info.EffectiveFQDN, err)
}
+
return nil
}
@@ -241,6 +242,7 @@ func (d *DNSProvider) updateRecord(record *recordsets.RecordSet, value string) e
}
result := recordsets.Update(d.client, record.ZoneID, record.ID, updateOpts)
+
return result.Err
}
diff --git a/providers/dns/designate/designate.toml b/providers/dns/designate/designate.toml
index 3ea6260a6..a36034f64 100644
--- a/providers/dns/designate/designate.toml
+++ b/providers/dns/designate/designate.toml
@@ -7,7 +7,7 @@ Since = "v2.2.0"
Example = '''
# With a `clouds.yaml`
OS_CLOUD=my_openstack \
-lego --email you@example.com --dns designate -d '*.example.com' -d example.com run
+lego --dns designate -d '*.example.com' -d example.com run
# or
@@ -16,7 +16,7 @@ OS_REGION_NAME=RegionOne \
OS_PROJECT_ID=23d4522a987d4ab529f722a007c27846
OS_USERNAME=myuser \
OS_PASSWORD=passw0rd \
-lego --email you@example.com --dns designate -d '*.example.com' -d example.com run
+lego --dns designate -d '*.example.com' -d example.com run
# or
@@ -25,7 +25,7 @@ OS_REGION_NAME=RegionOne \
OS_AUTH_TYPE=v3applicationcredential \
OS_APPLICATION_CREDENTIAL_ID=imn74uq0or7dyzz20dwo1ytls4me8dry \
OS_APPLICATION_CREDENTIAL_SECRET=68FuSPSdQqkFQYH5X1OoriEIJOwyLtQ8QSqXZOc9XxFK1A9tzZT6He2PfPw0OMja \
-lego --email you@example.com --dns designate -d '*.example.com' -d example.com run
+lego --dns designate -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/designate/designate_test.go b/providers/dns/designate/designate_test.go
index 1045baa95..e5edf81f8 100644
--- a/providers/dns/designate/designate_test.go
+++ b/providers/dns/designate/designate_test.go
@@ -105,6 +105,7 @@ func TestNewDNSProvider_fromEnv(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -192,6 +193,7 @@ func TestNewDNSProvider_fromCloud(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(map[string]string{
@@ -331,6 +333,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -344,6 +347,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/digitalocean/digitalocean.go b/providers/dns/digitalocean/digitalocean.go
index 0b68aa5c9..26c6fb9d4 100644
--- a/providers/dns/digitalocean/digitalocean.go
+++ b/providers/dns/digitalocean/digitalocean.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/digitalocean/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -88,10 +89,15 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("digitalocean: credentials missing")
}
- client := internal.NewClient(internal.OAuthStaticAccessToken(config.HTTPClient, config.AuthToken))
+ client := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.AuthToken),
+ ),
+ )
if config.BaseURL != "" {
var err error
+
client.BaseURL, err = url.Parse(config.BaseURL)
if err != nil {
return nil, fmt.Errorf("digitalocean: %w", err)
@@ -147,6 +153,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("digitalocean: unknown record ID for '%s'", info.EffectiveFQDN)
}
diff --git a/providers/dns/digitalocean/digitalocean.toml b/providers/dns/digitalocean/digitalocean.toml
index b30d986f2..8f9107c26 100644
--- a/providers/dns/digitalocean/digitalocean.toml
+++ b/providers/dns/digitalocean/digitalocean.toml
@@ -6,7 +6,7 @@ Since = "v0.3.0"
Example = '''
DO_AUTH_TOKEN=xxxxxx \
-lego --email you@example.com --dns digitalocean -d '*.example.com' -d example.com run
+lego --dns digitalocean -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/digitalocean/digitalocean_test.go b/providers/dns/digitalocean/digitalocean_test.go
index a01906812..d066e12db 100644
--- a/providers/dns/digitalocean/digitalocean_test.go
+++ b/providers/dns/digitalocean/digitalocean_test.go
@@ -51,6 +51,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -138,5 +139,5 @@ func TestDNSProvider_CleanUp(t *testing.T) {
provider.recordIDsMu.Unlock()
err := provider.CleanUp("example.com", "token", "")
- require.NoError(t, err, "fail to remove TXT record")
+ require.NoError(t, err)
}
diff --git a/providers/dns/digitalocean/internal/client.go b/providers/dns/digitalocean/internal/client.go
index e7dd181b2..395de478c 100644
--- a/providers/dns/digitalocean/internal/client.go
+++ b/providers/dns/digitalocean/internal/client.go
@@ -45,6 +45,7 @@ func (c *Client) AddTxtRecord(ctx context.Context, zone string, record Record) (
}
respData := &TxtRecordResponse{}
+
err = c.do(req, respData)
if err != nil {
return nil, err
@@ -120,6 +121,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errInfo APIError
+
err := json.Unmarshal(raw, &errInfo)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/directadmin/directadmin.go b/providers/dns/directadmin/directadmin.go
index de9b14945..8dfa132ae 100644
--- a/providers/dns/directadmin/directadmin.go
+++ b/providers/dns/directadmin/directadmin.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/directadmin/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -99,6 +100,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{client: client, config: config}, nil
}
diff --git a/providers/dns/directadmin/directadmin.toml b/providers/dns/directadmin/directadmin.toml
index bd1c9316a..294eaca1c 100644
--- a/providers/dns/directadmin/directadmin.toml
+++ b/providers/dns/directadmin/directadmin.toml
@@ -8,7 +8,7 @@ Example = '''
DIRECTADMIN_API_URL="http://example.com:2222" \
DIRECTADMIN_USERNAME=xxxx \
DIRECTADMIN_PASSWORD=yyy \
-lego --email you@example.com --dns directadmin -d '*.example.com' -d example.com run
+lego --dns directadmin -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/directadmin/directadmin_test.go b/providers/dns/directadmin/directadmin_test.go
index 10c079f73..aed3ba505 100644
--- a/providers/dns/directadmin/directadmin_test.go
+++ b/providers/dns/directadmin/directadmin_test.go
@@ -59,6 +59,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -135,6 +136,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -148,6 +150,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/directadmin/internal/client.go b/providers/dns/directadmin/internal/client.go
index bf6d64371..64409a79d 100644
--- a/providers/dns/directadmin/internal/client.go
+++ b/providers/dns/directadmin/internal/client.go
@@ -94,6 +94,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errInfo APIError
+
err := json.Unmarshal(raw, &errInfo)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/dns_providers_test.go b/providers/dns/dns_providers_test.go
index 1f39e2bdd..3b82784b4 100644
--- a/providers/dns/dns_providers_test.go
+++ b/providers/dns/dns_providers_test.go
@@ -13,6 +13,7 @@ var envTest = tester.NewEnvTest("EXEC_PATH")
func TestKnownDNSProviderSuccess(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.Apply(map[string]string{
"EXEC_PATH": "abc",
})
@@ -26,6 +27,7 @@ func TestKnownDNSProviderSuccess(t *testing.T) {
func TestKnownDNSProviderError(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
provider, err := NewDNSChallengeProviderByName("exec")
diff --git a/providers/dns/dnsexit/dnsexit.go b/providers/dns/dnsexit/dnsexit.go
new file mode 100644
index 000000000..ce9373a50
--- /dev/null
+++ b/providers/dns/dnsexit/dnsexit.go
@@ -0,0 +1,163 @@
+// Package dnsexit implements a DNS provider for solving the DNS-01 challenge using DNSExit.
+package dnsexit
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/dnsexit/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "DNSEXIT_"
+
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 5*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for DNSExit.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("dnsexit: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for DNSExit.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("dnsexit: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("dnsexit: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("dnsexit: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("dnsexit: %w", err)
+ }
+
+ record := internal.Record{
+ Type: "TXT",
+ Name: subDomain,
+ Content: info.Value,
+ TTL: toMinutes(d.config.TTL),
+ }
+
+ err = d.client.AddRecord(context.Background(), dns01.UnFqdn(authZone), record)
+ if err != nil {
+ return fmt.Errorf("dnsexit: add record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("dnsexit: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("dnsexit: %w", err)
+ }
+
+ record := internal.Record{
+ Type: "TXT",
+ Name: subDomain,
+ Content: info.Value,
+ }
+
+ err = d.client.DeleteRecord(context.Background(), dns01.UnFqdn(authZone), record)
+ if err != nil {
+ return fmt.Errorf("dnsexit: add record: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func toMinutes(seconds int) int {
+ i := seconds / 60
+ if seconds%60 > 0 {
+ i++
+ }
+
+ return i
+}
diff --git a/providers/dns/dnsexit/dnsexit.toml b/providers/dns/dnsexit/dnsexit.toml
new file mode 100644
index 000000000..0d5321835
--- /dev/null
+++ b/providers/dns/dnsexit/dnsexit.toml
@@ -0,0 +1,22 @@
+Name = "DNSExit"
+Description = ''''''
+URL = "https://dnsexit.com"
+Code = "dnsexit"
+Since = "v4.32.0"
+
+Example = '''
+DNSEXIT_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --dns dnsexit -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ DNSEXIT_API_KEY = "API key"
+ [Configuration.Additional]
+ DNSEXIT_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
+ DNSEXIT_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 300)"
+ DNSEXIT_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ DNSEXIT_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://dnsexit.com/dns/dns-api/"
diff --git a/providers/dns/dnsexit/dnsexit_test.go b/providers/dns/dnsexit/dnsexit_test.go
new file mode 100644
index 000000000..31fe61497
--- /dev/null
+++ b/providers/dns/dnsexit/dnsexit_test.go
@@ -0,0 +1,165 @@
+package dnsexit
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIKey: "key",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "dnsexit: some credentials information are missing: DNSEXIT_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "key",
+ },
+ {
+ desc: "missing credentials",
+ expected: "dnsexit: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIKey = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With("apikey", "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromInternal("success.json"),
+ servermock.CheckRequestJSONBodyFromInternal("add_record-request.json"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromInternal("success.json"),
+ servermock.CheckRequestJSONBodyFromInternal("delete_record-request.json"),
+ ).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/dnsexit/internal/client.go b/providers/dns/dnsexit/internal/client.go
new file mode 100644
index 000000000..9b0164846
--- /dev/null
+++ b/providers/dns/dnsexit/internal/client.go
@@ -0,0 +1,156 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+const defaultBaseURL = "https://api.dnsexit.com/dns/"
+
+// Client the DNSExit API client.
+type Client struct {
+ apiKey string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(apiKey string) (*Client, error) {
+ if apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ apiKey: apiKey,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+// AddRecord adds a record.
+// https://dnsexit.com/dns/dns-api/#example-add-spf
+// https://dnsexit.com/dns/dns-api/#example-lse
+func (c *Client) AddRecord(ctx context.Context, domain string, record Record) error {
+ payload := APIRequest{
+ Domain: domain,
+ Add: []Record{record},
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodPost, c.BaseURL, payload)
+ if err != nil {
+ return err
+ }
+
+ err = c.do(req)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// DeleteRecord deletes a record.
+// https://dnsexit.com/dns/dns-api/#delete-a-record
+func (c *Client) DeleteRecord(ctx context.Context, domain string, record Record) error {
+ payload := APIRequest{
+ Domain: domain,
+ Delete: []Record{record},
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodPost, c.BaseURL, payload)
+ if err != nil {
+ return err
+ }
+
+ err = c.do(req)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (c *Client) do(req *http.Request) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Set("apikey", c.apiKey)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode > http.StatusBadRequest {
+ return parseError(req, resp)
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ result := &APIResponse{}
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ if result.Code != 0 {
+ return result
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIResponse
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/dnsexit/internal/client_test.go b/providers/dns/dnsexit/internal/client_test.go
new file mode 100644
index 000000000..26ea01203
--- /dev/null
+++ b/providers/dns/dnsexit/internal/client_test.go
@@ -0,0 +1,111 @@
+package internal
+
+import (
+ "context"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+ client.BaseURL, _ = url.Parse(server.URL)
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With("apikey", "secret"),
+ )
+}
+
+func TestClient_AddRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("success.json"),
+ servermock.CheckRequestJSONBodyFromFixture("add_record-request.json"),
+ ).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Name: "_acme-challenge",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 2,
+ }
+
+ err := client.AddRecord(context.Background(), "example.com", record)
+ require.NoError(t, err)
+}
+
+func TestClient_AddRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusBadRequest),
+ ).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Name: "_acme-challenge",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 480,
+ Overwrite: true,
+ }
+
+ err := client.AddRecord(context.Background(), "example.com", record)
+ require.Error(t, err)
+
+ require.EqualError(t, err, "JSON Defined Record Type not Supported (code=6)")
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("success.json"),
+ servermock.CheckRequestJSONBodyFromFixture("delete_record-request.json"),
+ ).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Name: "_acme-challenge",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ }
+
+ err := client.DeleteRecord(context.Background(), "example.com", record)
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusBadRequest),
+ ).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Name: "foo",
+ Content: "txtTXTtxt",
+ }
+
+ err := client.DeleteRecord(context.Background(), "example.com", record)
+
+ require.Error(t, err)
+
+ require.EqualError(t, err, "JSON Defined Record Type not Supported (code=6)")
+}
diff --git a/providers/dns/dnsexit/internal/fixtures/add_record-request.json b/providers/dns/dnsexit/internal/fixtures/add_record-request.json
new file mode 100644
index 000000000..6e5e2b520
--- /dev/null
+++ b/providers/dns/dnsexit/internal/fixtures/add_record-request.json
@@ -0,0 +1,11 @@
+{
+ "domain": "example.com",
+ "add": [
+ {
+ "type": "TXT",
+ "name": "_acme-challenge",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 2
+ }
+ ]
+}
diff --git a/providers/dns/dnsexit/internal/fixtures/delete_record-request.json b/providers/dns/dnsexit/internal/fixtures/delete_record-request.json
new file mode 100644
index 000000000..dcfef9cdf
--- /dev/null
+++ b/providers/dns/dnsexit/internal/fixtures/delete_record-request.json
@@ -0,0 +1,10 @@
+{
+ "domain": "example.com",
+ "delete": [
+ {
+ "type": "TXT",
+ "name": "_acme-challenge",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ }
+ ]
+}
diff --git a/providers/dns/dnsexit/internal/fixtures/error.json b/providers/dns/dnsexit/internal/fixtures/error.json
new file mode 100644
index 000000000..9ba835895
--- /dev/null
+++ b/providers/dns/dnsexit/internal/fixtures/error.json
@@ -0,0 +1,4 @@
+{
+ "code": 6,
+ "message": "JSON Defined Record Type not Supported"
+}
diff --git a/providers/dns/dnsexit/internal/fixtures/success.json b/providers/dns/dnsexit/internal/fixtures/success.json
new file mode 100644
index 000000000..3af47a936
--- /dev/null
+++ b/providers/dns/dnsexit/internal/fixtures/success.json
@@ -0,0 +1,7 @@
+{
+ "code": 0,
+ "details": [
+ "UPDATE Record A example.com. TTL(hh:mm) 08:00 IP 1.1.1.10"
+ ],
+ "message": "Success"
+}
diff --git a/providers/dns/dnsexit/internal/types.go b/providers/dns/dnsexit/internal/types.go
new file mode 100644
index 000000000..db254549f
--- /dev/null
+++ b/providers/dns/dnsexit/internal/types.go
@@ -0,0 +1,41 @@
+package internal
+
+import (
+ "fmt"
+ "strings"
+)
+
+type Record struct {
+ Type string `json:"type,omitempty"`
+ Name string `json:"name,omitempty"`
+ Content string `json:"content,omitempty"`
+ TTL int `json:"ttl,omitempty"` // NOTE: ttl value is in minutes.
+ Overwrite bool `json:"overwrite,omitempty"`
+}
+
+type APIRequest struct {
+ Domain string `json:"domain,omitempty"`
+ Add []Record `json:"add,omitempty"`
+ Delete []Record `json:"delete,omitempty"`
+ Update []Record `json:"update,omitempty"`
+}
+
+// https://dnsexit.com/dns/dns-api/#server-reply
+
+type APIResponse struct {
+ Code int `json:"code,omitempty"`
+ Details []string `json:"details,omitempty"`
+ Message string `json:"message,omitempty"`
+}
+
+func (a APIResponse) Error() string {
+ msg := new(strings.Builder)
+
+ _, _ = fmt.Fprintf(msg, "%s (code=%d)", a.Message, a.Code)
+
+ for _, detail := range a.Details {
+ _, _ = fmt.Fprintf(msg, ", %s", detail)
+ }
+
+ return msg.String()
+}
diff --git a/providers/dns/dnshomede/dnshomede.go b/providers/dns/dnshomede/dnshomede.go
index 91b0b11e3..c76ed6de2 100644
--- a/providers/dns/dnshomede/dnshomede.go
+++ b/providers/dns/dnshomede/dnshomede.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/dnshomede/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -56,6 +57,7 @@ type DNSProvider struct {
// Credentials must be passed in the environment variable: DNSHOMEDE_CREDENTIALS.
func NewDNSProvider() (*DNSProvider, error) {
config := NewDefaultConfig()
+
values, err := env.Get(EnvCredentials)
if err != nil {
return nil, fmt.Errorf("dnshomede: %w", err)
@@ -92,6 +94,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client := internal.NewClient(config.Credentials)
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/dnshomede/dnshomede.toml b/providers/dns/dnshomede/dnshomede.toml
index bc52bb6dd..9c3b65277 100644
--- a/providers/dns/dnshomede/dnshomede.toml
+++ b/providers/dns/dnshomede/dnshomede.toml
@@ -6,10 +6,10 @@ Since = "v4.10.0"
Example = '''
DNSHOMEDE_CREDENTIALS=example.org:password \
-lego --email you@example.com --dns dnshomede -d '*.example.com' -d example.com run
+lego --dns dnshomede -d '*.example.com' -d example.com run
DNSHOMEDE_CREDENTIALS=my.example.org:password1,demo.example.org:password2 \
-lego --email you@example.com --dns dnshomede -d my.example.org -d demo.example.org
+lego --dns dnshomede -d my.example.org -d demo.example.org
'''
[Configuration]
diff --git a/providers/dns/dnshomede/dnshomede_test.go b/providers/dns/dnshomede/dnshomede_test.go
index bdb42f172..5035a7837 100644
--- a/providers/dns/dnshomede/dnshomede_test.go
+++ b/providers/dns/dnshomede/dnshomede_test.go
@@ -69,6 +69,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -144,6 +145,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -157,6 +159,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dnsimple/dnsimple.go b/providers/dns/dnsimple/dnsimple.go
index 737f214e9..adf7d48e2 100644
--- a/providers/dns/dnsimple/dnsimple.go
+++ b/providers/dns/dnsimple/dnsimple.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
"golang.org/x/oauth2"
)
@@ -79,8 +80,14 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("dnsimple: OAuth token is missing")
}
- ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: config.AccessToken})
- client := dnsimple.NewClient(oauth2.NewClient(context.Background(), ts))
+ client := dnsimple.NewClient(
+ clientdebug.Wrap(
+ oauth2.NewClient(
+ context.Background(),
+ oauth2.StaticTokenSource(&oauth2.Token{AccessToken: config.AccessToken}),
+ ),
+ ),
+ )
client.SetUserAgent(useragent.Get())
if config.BaseURL != "" {
@@ -94,14 +101,16 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- zoneName, err := d.getHostedZone(info.EffectiveFQDN)
+ zoneName, err := d.getHostedZone(ctx, info.EffectiveFQDN)
if err != nil {
return fmt.Errorf("dnsimple: %w", err)
}
- accountID, err := d.getAccountID()
+ accountID, err := d.getAccountID(ctx)
if err != nil {
return fmt.Errorf("dnsimple: %w", err)
}
@@ -111,7 +120,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("dnsimple: %w", err)
}
- _, err = d.client.Zones.CreateRecord(context.Background(), accountID, zoneName, recordAttributes)
+ _, err = d.client.Zones.CreateRecord(ctx, accountID, zoneName, recordAttributes)
if err != nil {
return fmt.Errorf("dnsimple: API call failed: %w", err)
}
@@ -121,21 +130,24 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- records, err := d.findTxtRecords(info.EffectiveFQDN)
+ records, err := d.findTxtRecords(ctx, info.EffectiveFQDN)
if err != nil {
return fmt.Errorf("dnsimple: %w", err)
}
- accountID, err := d.getAccountID()
+ accountID, err := d.getAccountID(ctx)
if err != nil {
return fmt.Errorf("dnsimple: %w", err)
}
var lastErr error
+
for _, rec := range records {
- _, err := d.client.Zones.DeleteRecord(context.Background(), accountID, rec.ZoneID, rec.ID)
+ _, err := d.client.Zones.DeleteRecord(ctx, accountID, rec.ZoneID, rec.ID)
if err != nil {
lastErr = fmt.Errorf("dnsimple: %w", err)
}
@@ -150,18 +162,18 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval
}
-func (d *DNSProvider) getHostedZone(domain string) (string, error) {
+func (d *DNSProvider) getHostedZone(ctx context.Context, domain string) (string, error) {
authZone, err := dns01.FindZoneByFqdn(domain)
if err != nil {
return "", fmt.Errorf("could not find zone for FQDN %q: %w", domain, err)
}
- accountID, err := d.getAccountID()
+ accountID, err := d.getAccountID(ctx)
if err != nil {
return "", err
}
- hostedZone, err := d.client.Zones.GetZone(context.Background(), accountID, dns01.UnFqdn(authZone))
+ hostedZone, err := d.client.Zones.GetZone(ctx, accountID, dns01.UnFqdn(authZone))
if err != nil {
return "", fmt.Errorf("get zone: %w", err)
}
@@ -173,13 +185,13 @@ func (d *DNSProvider) getHostedZone(domain string) (string, error) {
return hostedZone.Data.Name, nil
}
-func (d *DNSProvider) findTxtRecords(fqdn string) ([]dnsimple.ZoneRecord, error) {
- zoneName, err := d.getHostedZone(fqdn)
+func (d *DNSProvider) findTxtRecords(ctx context.Context, fqdn string) ([]dnsimple.ZoneRecord, error) {
+ zoneName, err := d.getHostedZone(ctx, fqdn)
if err != nil {
return nil, err
}
- accountID, err := d.getAccountID()
+ accountID, err := d.getAccountID(ctx)
if err != nil {
return nil, err
}
@@ -189,7 +201,7 @@ func (d *DNSProvider) findTxtRecords(fqdn string) ([]dnsimple.ZoneRecord, error)
return nil, err
}
- result, err := d.client.Zones.ListRecords(context.Background(), accountID, zoneName, &dnsimple.ZoneRecordListOptions{Name: &subDomain, Type: dnsimple.String("TXT"), ListOptions: dnsimple.ListOptions{}})
+ result, err := d.client.Zones.ListRecords(ctx, accountID, zoneName, &dnsimple.ZoneRecordListOptions{Name: &subDomain, Type: dnsimple.String("TXT"), ListOptions: dnsimple.ListOptions{}})
if err != nil {
return nil, fmt.Errorf("API call has failed: %w", err)
}
@@ -211,8 +223,8 @@ func newTxtRecord(zoneName, fqdn, value string, ttl int) (dnsimple.ZoneRecordAtt
}, nil
}
-func (d *DNSProvider) getAccountID() (string, error) {
- whoamiResponse, err := d.client.Identity.Whoami(context.Background())
+func (d *DNSProvider) getAccountID(ctx context.Context) (string, error) {
+ whoamiResponse, err := d.client.Identity.Whoami(ctx)
if err != nil {
return "", err
}
diff --git a/providers/dns/dnsimple/dnsimple.toml b/providers/dns/dnsimple/dnsimple.toml
index dcf999136..158fb7011 100644
--- a/providers/dns/dnsimple/dnsimple.toml
+++ b/providers/dns/dnsimple/dnsimple.toml
@@ -6,7 +6,7 @@ Since = "v0.3.0"
Example = '''
DNSIMPLE_OAUTH_TOKEN=1234567890abcdefghijklmnopqrstuvwxyz \
-lego --email you@example.com --dns dnsimple -d '*.example.com' -d example.com run
+lego --dns dnsimple -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/dnsimple/dnsimple_test.go b/providers/dns/dnsimple/dnsimple_test.go
index c07f965b4..2a52dd2de 100644
--- a/providers/dns/dnsimple/dnsimple_test.go
+++ b/providers/dns/dnsimple/dnsimple_test.go
@@ -51,6 +51,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
diff --git a/providers/dns/dnsmadeeasy/dnsmadeeasy.go b/providers/dns/dnsmadeeasy/dnsmadeeasy.go
index fcfe6714c..69f2096fb 100644
--- a/providers/dns/dnsmadeeasy/dnsmadeeasy.go
+++ b/providers/dns/dnsmadeeasy/dnsmadeeasy.go
@@ -15,6 +15,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/dnsmadeeasy/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -112,7 +113,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, fmt.Errorf("dnsmadeeasy: %w", err)
}
- client.HTTPClient = config.HTTPClient
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
client.BaseURL, err = url.Parse(baseURL)
if err != nil {
return nil, err
@@ -149,6 +155,7 @@ func (d *DNSProvider) Present(domainName, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("dnsmadeeasy: unable to create record for %s: %w", name, err)
}
+
return nil
}
@@ -171,6 +178,7 @@ func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {
// find matching records
name := strings.Replace(info.EffectiveFQDN, "."+authZone, "", 1)
+
records, err := d.client.GetRecords(ctx, domain, name, "TXT")
if err != nil {
return fmt.Errorf("dnsmadeeasy: unable to get records for domain %s: %w", domain.Name, err)
@@ -178,6 +186,7 @@ func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {
// delete records
var lastError error
+
for _, record := range *records {
err = d.client.DeleteRecord(ctx, record)
if err != nil {
diff --git a/providers/dns/dnsmadeeasy/dnsmadeeasy.toml b/providers/dns/dnsmadeeasy/dnsmadeeasy.toml
index 11a5f85ac..d71ab5303 100644
--- a/providers/dns/dnsmadeeasy/dnsmadeeasy.toml
+++ b/providers/dns/dnsmadeeasy/dnsmadeeasy.toml
@@ -7,7 +7,7 @@ Since = "v0.4.0"
Example = '''
DNSMADEEASY_API_KEY=xxxxxx \
DNSMADEEASY_API_SECRET=yyyyy \
-lego --email you@example.com --dns dnsmadeeasy -d '*.example.com' -d example.com run
+lego --dns dnsmadeeasy -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/dnsmadeeasy/dnsmadeeasy_test.go b/providers/dns/dnsmadeeasy/dnsmadeeasy_test.go
index 5c508e60d..f6fc2e273 100644
--- a/providers/dns/dnsmadeeasy/dnsmadeeasy_test.go
+++ b/providers/dns/dnsmadeeasy/dnsmadeeasy_test.go
@@ -59,6 +59,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -135,6 +136,7 @@ func TestLivePresentAndCleanup(t *testing.T) {
os.Setenv(EnvSandbox, "true")
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dnsmadeeasy/internal/client.go b/providers/dns/dnsmadeeasy/internal/client.go
index cb6f9d2cb..7963ad614 100644
--- a/providers/dns/dnsmadeeasy/internal/client.go
+++ b/providers/dns/dnsmadeeasy/internal/client.go
@@ -68,6 +68,7 @@ func (c *Client) GetDomain(ctx context.Context, authZone string) (*Domain, error
}
domain := &Domain{}
+
err = c.do(req, domain)
if err != nil {
return nil, err
@@ -91,6 +92,7 @@ func (c *Client) GetRecords(ctx context.Context, domain *Domain, recordName, rec
}
records := &recordsResponse{}
+
err = c.do(req, records)
if err != nil {
return nil, err
@@ -172,10 +174,12 @@ func (c *Client) sign(req *http.Request, timestamp string) error {
func computeHMAC(message, secret string) (string, error) {
key := []byte(secret)
h := hmac.New(sha1.New, key)
+
_, err := h.Write([]byte(message))
if err != nil {
return "", err
}
+
return hex.EncodeToString(h.Sum(nil)), nil
}
diff --git a/providers/dns/dnspod/dnspod.go b/providers/dns/dnspod/dnspod.go
index ab8f20c8d..52a873c7b 100644
--- a/providers/dns/dnspod/dnspod.go
+++ b/providers/dns/dnspod/dnspod.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/nrdcg/dnspod-go"
)
@@ -82,7 +83,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
params := dnspod.CommonParams{LoginToken: config.LoginToken, Format: "json"}
client := dnspod.NewClient(params)
- client.HTTPClient = config.HTTPClient
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
return &DNSProvider{client: client, config: config}, nil
}
@@ -129,6 +135,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return err
}
}
+
return nil
}
@@ -150,6 +157,7 @@ func (d *DNSProvider) getHostedZone(domain string) (string, string, error) {
}
var hostedZone dnspod.Domain
+
for _, zone := range zones {
if zone.Name == dns01.UnFqdn(authZone) {
hostedZone = zone
@@ -157,7 +165,7 @@ func (d *DNSProvider) getHostedZone(domain string) (string, string, error) {
}
if hostedZone.ID == "" || hostedZone.ID == "0" {
- return "", "", fmt.Errorf("zone %s not found in dnspod for domain %s", authZone, domain)
+ return "", "", fmt.Errorf("zone %s not found for domain %s", authZone, domain)
}
return hostedZone.ID.String(), hostedZone.Name, nil
@@ -185,6 +193,7 @@ func (d *DNSProvider) findTxtRecords(fqdn, zoneID, zoneName string) ([]dnspod.Re
}
var records []dnspod.Record
+
result, _, err := d.client.Records.List(zoneID, subDomain)
if err != nil {
return records, fmt.Errorf("API call has failed: %w", err)
diff --git a/providers/dns/dnspod/dnspod.toml b/providers/dns/dnspod/dnspod.toml
index a0bf50e31..162685d76 100644
--- a/providers/dns/dnspod/dnspod.toml
+++ b/providers/dns/dnspod/dnspod.toml
@@ -8,7 +8,7 @@ Since = "v0.4.0"
Example = '''
DNSPOD_API_KEY=xxxxxx \
-lego --email you@example.com --dns dnspod -d '*.example.com' -d example.com run
+lego --dns dnspod -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/dnspod/dnspod_test.go b/providers/dns/dnspod/dnspod_test.go
index 640ec34c6..5d339353a 100644
--- a/providers/dns/dnspod/dnspod_test.go
+++ b/providers/dns/dnspod/dnspod_test.go
@@ -37,6 +37,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -96,6 +97,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -109,6 +111,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dode/dode.go b/providers/dns/dode/dode.go
index 9f307f046..59ad785e8 100644
--- a/providers/dns/dode/dode.go
+++ b/providers/dns/dode/dode.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/dode/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -85,6 +86,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/dode/dode.toml b/providers/dns/dode/dode.toml
index a96e9ee43..eb629bb3e 100644
--- a/providers/dns/dode/dode.toml
+++ b/providers/dns/dode/dode.toml
@@ -6,7 +6,7 @@ Since = "v2.4.0"
Example = '''
DODE_TOKEN=xxxxxx \
-lego --email you@example.com --dns dode -d '*.example.com' -d example.com run
+lego --dns dode -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/dode/dode_test.go b/providers/dns/dode/dode_test.go
index 3d8e9395a..fefcc79b1 100644
--- a/providers/dns/dode/dode_test.go
+++ b/providers/dns/dode/dode_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -93,6 +94,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -106,6 +108,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dode/internal/client.go b/providers/dns/dode/internal/client.go
index bbd98b399..6824e7c48 100644
--- a/providers/dns/dode/internal/client.go
+++ b/providers/dns/dode/internal/client.go
@@ -70,6 +70,7 @@ func (c *Client) UpdateTxtRecord(ctx context.Context, fqdn, txt string, clearRec
}
var response apiResponse
+
err = json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/domeneshop/domeneshop.go b/providers/dns/domeneshop/domeneshop.go
index c194f5608..fb16b442e 100644
--- a/providers/dns/domeneshop/domeneshop.go
+++ b/providers/dns/domeneshop/domeneshop.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/domeneshop/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -86,6 +87,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/domeneshop/domeneshop.toml b/providers/dns/domeneshop/domeneshop.toml
index a8d2a1064..b74af598e 100644
--- a/providers/dns/domeneshop/domeneshop.toml
+++ b/providers/dns/domeneshop/domeneshop.toml
@@ -8,7 +8,7 @@ Since = "v4.3.0"
Example = '''
DOMENESHOP_API_TOKEN= \
DOMENESHOP_API_SECRET= \
-lego --email example@example.com --dns domeneshop -d '*.example.com' -d example.com run
+lego --dns domeneshop -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/domeneshop/domeneshop_test.go b/providers/dns/domeneshop/domeneshop_test.go
index 389975bca..086efd44a 100644
--- a/providers/dns/domeneshop/domeneshop_test.go
+++ b/providers/dns/domeneshop/domeneshop_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -130,6 +131,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -143,6 +145,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dreamhost/dreamhost.go b/providers/dns/dreamhost/dreamhost.go
index 5b4960ee0..8663e18ce 100644
--- a/providers/dns/dreamhost/dreamhost.go
+++ b/providers/dns/dreamhost/dreamhost.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/dreamhost/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -86,6 +87,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
if config.BaseURL != "" {
client.BaseURL = config.BaseURL
}
@@ -96,6 +99,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
+
err := d.client.AddRecord(context.Background(), dns01.UnFqdn(info.EffectiveFQDN), info.Value)
if err != nil {
return fmt.Errorf("dreamhost: %w", err)
diff --git a/providers/dns/dreamhost/dreamhost.toml b/providers/dns/dreamhost/dreamhost.toml
index 4345e9ece..c3a9db360 100644
--- a/providers/dns/dreamhost/dreamhost.toml
+++ b/providers/dns/dreamhost/dreamhost.toml
@@ -6,7 +6,7 @@ Since = "v1.1.0"
Example = '''
DREAMHOST_API_KEY="YOURAPIKEY" \
-lego --email you@example.com --dns dreamhost -d '*.example.com' -d example.com run
+lego --dns dreamhost -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/dreamhost/dreamhost_test.go b/providers/dns/dreamhost/dreamhost_test.go
index f85e00da4..5af0b892d 100644
--- a/providers/dns/dreamhost/dreamhost_test.go
+++ b/providers/dns/dreamhost/dreamhost_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -151,7 +152,7 @@ func TestDNSProvider_Cleanup(t *testing.T) {
Build(t)
err := provider.CleanUp("example.com", "", fakeChallengeToken)
- require.NoError(t, err, "failed to remove TXT record")
+ require.NoError(t, err)
}
func TestLivePresentAndCleanUp(t *testing.T) {
@@ -160,6 +161,7 @@ func TestLivePresentAndCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dreamhost/internal/client.go b/providers/dns/dreamhost/internal/client.go
index dee808ac8..02b33ad57 100644
--- a/providers/dns/dreamhost/internal/client.go
+++ b/providers/dns/dreamhost/internal/client.go
@@ -101,6 +101,7 @@ func (c *Client) updateTxtRecord(ctx context.Context, endpoint *url.URL) error {
}
var response apiResponse
+
err = json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/duckdns/duckdns.go b/providers/dns/duckdns/duckdns.go
index 687f5bbac..1aae0a06c 100644
--- a/providers/dns/duckdns/duckdns.go
+++ b/providers/dns/duckdns/duckdns.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/duckdns/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -86,6 +87,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/duckdns/duckdns.toml b/providers/dns/duckdns/duckdns.toml
index 9c0b3a6be..6866da57c 100644
--- a/providers/dns/duckdns/duckdns.toml
+++ b/providers/dns/duckdns/duckdns.toml
@@ -6,7 +6,7 @@ Since = "v0.5.0"
Example = '''
DUCKDNS_TOKEN=xxxxxx \
-lego --email you@example.com --dns duckdns -d '*.example.com' -d example.com run
+lego --dns duckdns -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/duckdns/duckdns_test.go b/providers/dns/duckdns/duckdns_test.go
index b89966a36..769513fbf 100644
--- a/providers/dns/duckdns/duckdns_test.go
+++ b/providers/dns/duckdns/duckdns_test.go
@@ -37,6 +37,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -94,6 +95,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -107,6 +109,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/duckdns/internal/client.go b/providers/dns/duckdns/internal/client.go
index ced5bf187..c5d7ef97c 100644
--- a/providers/dns/duckdns/internal/client.go
+++ b/providers/dns/duckdns/internal/client.go
@@ -81,6 +81,7 @@ func (c *Client) UpdateTxtRecord(ctx context.Context, domain, txt string, clearR
if body != "OK" {
return fmt.Errorf("request to change TXT record for DuckDNS returned the following result (%s) this does not match expectation (OK) used url [%s]", body, endpoint)
}
+
return nil
}
@@ -98,6 +99,7 @@ func getMainDomain(domain string) string {
}
firstSubDomainIndex := split[len(split)-3]
+
return domain[firstSubDomainIndex:]
}
diff --git a/providers/dns/dyn/dyn.go b/providers/dns/dyn/dyn.go
index 627626df6..0cd445c39 100644
--- a/providers/dns/dyn/dyn.go
+++ b/providers/dns/dyn/dyn.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/dyn/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -92,6 +93,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/dyn/dyn.toml b/providers/dns/dyn/dyn.toml
index 4b0d3e652..c4b3563e0 100644
--- a/providers/dns/dyn/dyn.toml
+++ b/providers/dns/dyn/dyn.toml
@@ -8,7 +8,7 @@ Example = '''
DYN_CUSTOMER_NAME=xxxxxx \
DYN_USER_NAME=yyyyy \
DYN_PASSWORD=zzzz \
-lego --email you@example.com --dns dyn -d '*.example.com' -d example.com run
+lego --dns dyn -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/dyn/dyn_test.go b/providers/dns/dyn/dyn_test.go
index 25f1f5614..5b4d1c6b6 100644
--- a/providers/dns/dyn/dyn_test.go
+++ b/providers/dns/dyn/dyn_test.go
@@ -71,6 +71,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -155,6 +156,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -168,6 +170,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dyn/internal/client.go b/providers/dns/dyn/internal/client.go
index 83a1bfc0f..a54113eec 100644
--- a/providers/dns/dyn/internal/client.go
+++ b/providers/dns/dyn/internal/client.go
@@ -127,6 +127,7 @@ func (c *Client) do(req *http.Request) (*APIResponse, error) {
}
var response APIResponse
+
err = json.Unmarshal(raw, &response)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/dyn/internal/session.go b/providers/dns/dyn/internal/session.go
index 647080fa8..088510152 100644
--- a/providers/dns/dyn/internal/session.go
+++ b/providers/dns/dyn/internal/session.go
@@ -33,6 +33,7 @@ func (c *Client) login(ctx context.Context) (session, error) {
}
var s session
+
err = json.Unmarshal(dynRes.Data, &s)
if err != nil {
return session{}, errutils.NewUnmarshalError(req, http.StatusOK, dynRes.Data, err)
diff --git a/providers/dns/dyndnsfree/dyndnsfree.go b/providers/dns/dyndnsfree/dyndnsfree.go
index 8c1d87aaa..09be2bfbd 100644
--- a/providers/dns/dyndnsfree/dyndnsfree.go
+++ b/providers/dns/dyndnsfree/dyndnsfree.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/dyndnsfree/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -81,6 +82,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -107,7 +110,6 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// Records are deleted automatically.
-
return nil
}
diff --git a/providers/dns/dyndnsfree/dyndnsfree.toml b/providers/dns/dyndnsfree/dyndnsfree.toml
index dd354fb33..e64bb0080 100644
--- a/providers/dns/dyndnsfree/dyndnsfree.toml
+++ b/providers/dns/dyndnsfree/dyndnsfree.toml
@@ -7,7 +7,7 @@ Since = "v4.23.0"
Example = '''
DYNDNSFREE_USERNAME="xxx" \
DYNDNSFREE_PASSWORD="yyy" \
-lego --email you@example.com --dns dyndnsfree -d '*.example.com' -d example.com run
+lego --dns dyndnsfree -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/dyndnsfree/dyndnsfree_test.go b/providers/dns/dyndnsfree/dyndnsfree_test.go
index cb063a029..0b03bd27f 100644
--- a/providers/dns/dyndnsfree/dyndnsfree_test.go
+++ b/providers/dns/dyndnsfree/dyndnsfree_test.go
@@ -50,6 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -122,6 +123,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -135,6 +137,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dynu/dynu.go b/providers/dns/dynu/dynu.go
index af602ddfc..11df45281 100644
--- a/providers/dns/dynu/dynu.go
+++ b/providers/dns/dynu/dynu.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/dynu/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -86,7 +87,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
}
client := internal.NewClient()
- client.HTTPClient = tr.Wrap(config.HTTPClient)
+
+ client.HTTPClient = clientdebug.Wrap(tr.Wrap(config.HTTPClient))
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/dynu/dynu.toml b/providers/dns/dynu/dynu.toml
index ba59034dd..ae2367087 100644
--- a/providers/dns/dynu/dynu.toml
+++ b/providers/dns/dynu/dynu.toml
@@ -6,7 +6,7 @@ Since = "v3.5.0"
Example = '''
DYNU_API_KEY=1234567890abcdefghijklmnopqrstuvwxyz \
-lego --email you@example.com --dns dynu -d '*.example.com' -d example.com run
+lego --dns dynu -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/dynu/dynu_test.go b/providers/dns/dynu/dynu_test.go
index fe2c22dfb..ffc7c3a00 100644
--- a/providers/dns/dynu/dynu_test.go
+++ b/providers/dns/dynu/dynu_test.go
@@ -38,6 +38,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -96,6 +97,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -109,6 +111,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/dynu/internal/auth.go b/providers/dns/dynu/internal/auth.go
index 7a21a10e8..0a91445d2 100644
--- a/providers/dns/dynu/internal/auth.go
+++ b/providers/dns/dynu/internal/auth.go
@@ -46,6 +46,7 @@ func (t *TokenTransport) transport() http.RoundTripper {
if t.Transport != nil {
return t.Transport
}
+
return http.DefaultTransport
}
diff --git a/providers/dns/dynu/internal/client.go b/providers/dns/dynu/internal/client.go
index a51556a0b..59e90d592 100644
--- a/providers/dns/dynu/internal/client.go
+++ b/providers/dns/dynu/internal/client.go
@@ -12,8 +12,9 @@ import (
"strconv"
"time"
- "github.com/cenkalti/backoff/v4"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/log"
+ "github.com/go-acme/lego/v4/platform/wait"
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
)
@@ -42,6 +43,7 @@ func (c *Client) GetRecords(ctx context.Context, hostname, recordType string) ([
endpoint.RawQuery = query.Encode()
apiResp := RecordsResponse{}
+
err := c.doRetry(ctx, http.MethodGet, endpoint.String(), nil, &apiResp)
if err != nil {
return nil, err
@@ -64,6 +66,7 @@ func (c *Client) AddNewRecord(ctx context.Context, domainID int64, record DNSRec
}
apiResp := RecordResponse{}
+
err = c.doRetry(ctx, http.MethodPost, endpoint.String(), reqBody, &apiResp)
if err != nil {
return err
@@ -81,6 +84,7 @@ func (c *Client) DeleteRecord(ctx context.Context, domainID, recordID int64) err
endpoint := c.baseURL.JoinPath("dns", strconv.FormatInt(domainID, 10), "record", strconv.FormatInt(recordID, 10))
apiResp := APIException{}
+
err := c.doRetry(ctx, http.MethodDelete, endpoint.String(), nil, &apiResp)
if err != nil {
return err
@@ -98,6 +102,7 @@ func (c *Client) GetRootDomain(ctx context.Context, hostname string) (*DNSHostna
endpoint := c.baseURL.JoinPath("dns", "getroot", hostname)
apiResp := DNSHostname{}
+
err := c.doRetry(ctx, http.MethodGet, endpoint.String(), nil, &apiResp)
if err != nil {
return nil, err
@@ -123,12 +128,7 @@ func (c *Client) doRetry(ctx context.Context, method, uri string, body []byte, r
bo := backoff.NewExponentialBackOff()
bo.InitialInterval = 1 * time.Second
- err := backoff.RetryNotify(operation, bo, notify)
- if err != nil {
- return err
- }
-
- return nil
+ return wait.Retry(ctx, operation, backoff.WithBackOff(bo), backoff.WithNotify(notify))
}
func (c *Client) do(ctx context.Context, method, uri string, body []byte, result any) error {
diff --git a/providers/dns/easydns/easydns.go b/providers/dns/easydns/easydns.go
index 7e5e219cb..205063e7b 100644
--- a/providers/dns/easydns/easydns.go
+++ b/providers/dns/easydns/easydns.go
@@ -16,6 +16,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/easydns/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -77,6 +78,7 @@ func NewDNSProvider() (*DNSProvider, error) {
if err != nil {
return nil, fmt.Errorf("easydns: %w", err)
}
+
config.Endpoint = endpoint
values, err := env.Get(EnvToken, EnvKey)
@@ -110,6 +112,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
if config.Endpoint != nil {
client.BaseURL = config.Endpoint
}
@@ -186,15 +190,14 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
err = d.client.DeleteRecord(ctx, dns01.UnFqdn(authZone), recordID)
-
- d.recordIDsMu.Lock()
- defer delete(d.recordIDs, key)
- d.recordIDsMu.Unlock()
-
if err != nil {
return fmt.Errorf("easydns: %w", err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, key)
+ d.recordIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/easydns/easydns.toml b/providers/dns/easydns/easydns.toml
index 71521bbd6..307c86a09 100644
--- a/providers/dns/easydns/easydns.toml
+++ b/providers/dns/easydns/easydns.toml
@@ -7,7 +7,7 @@ Since = "v2.6.0"
Example = '''
EASYDNS_TOKEN=xxx \
EASYDNS_KEY=yyy \
-lego --email you@example.com --dns easydns -d '*.example.com' -d example.com run
+lego --dns easydns -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/easydns/easydns_test.go b/providers/dns/easydns/easydns_test.go
index 9a11ef6cc..5517928d7 100644
--- a/providers/dns/easydns/easydns_test.go
+++ b/providers/dns/easydns/easydns_test.go
@@ -76,6 +76,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -314,6 +315,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -327,6 +329,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/easydns/internal/client.go b/providers/dns/easydns/internal/client.go
index c044d7e7f..33d7c724e 100644
--- a/providers/dns/easydns/internal/client.go
+++ b/providers/dns/easydns/internal/client.go
@@ -46,6 +46,7 @@ func (c *Client) ListZones(ctx context.Context, domain string) ([]ZoneRecord, er
}
response := &apiResponse[[]ZoneRecord]{}
+
err = c.do(req, response)
if err != nil {
return nil, err
@@ -67,6 +68,7 @@ func (c *Client) AddRecord(ctx context.Context, domain string, record ZoneRecord
}
response := &apiResponse[*ZoneRecord]{}
+
err = c.do(req, response)
if err != nil {
return "", err
diff --git a/providers/dns/edgecenter/edgecenter.go b/providers/dns/edgecenter/edgecenter.go
new file mode 100644
index 000000000..cfc75b521
--- /dev/null
+++ b/providers/dns/edgecenter/edgecenter.go
@@ -0,0 +1,103 @@
+// Package edgecenter implements a DNS provider for solving the DNS-01 challenge using EdgeCenter.
+package edgecenter
+
+import (
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/gcore"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "EDGECENTER_"
+
+ EnvPermanentAPIToken = envNamespace + "PERMANENT_API_TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+const defaultBaseURL = "https://api.edgecenter.ru/dns"
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config for DNSProvider.
+type Config = gcore.Config
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, gcore.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, gcore.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 10*time.Second),
+ },
+ }
+}
+
+// DNSProvider an implementation of challenge.Provider contract.
+type DNSProvider struct {
+ prv challenge.ProviderTimeout
+}
+
+// NewDNSProvider returns an instance of DNSProvider configured for G-Core DNS API.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvPermanentAPIToken)
+ if err != nil {
+ return nil, fmt.Errorf("edgecenter: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIToken = values[EnvPermanentAPIToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for G-Core DNS API.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("edgecenter: the configuration of the DNS provider is nil")
+ }
+
+ provider, err := gcore.NewDNSProviderConfig(config, defaultBaseURL)
+ if err != nil {
+ return nil, fmt.Errorf("edgecenter: %w", err)
+ }
+
+ return &DNSProvider{prv: provider}, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ err := d.prv.Present(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("edgecenter: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ err := d.prv.CleanUp(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("edgecenter: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
+}
diff --git a/providers/dns/edgecenter/edgecenter.toml b/providers/dns/edgecenter/edgecenter.toml
new file mode 100644
index 000000000..1c9e9b2a9
--- /dev/null
+++ b/providers/dns/edgecenter/edgecenter.toml
@@ -0,0 +1,22 @@
+Name = "EdgeCenter"
+Description = ''''''
+URL = "https://edgecenter.ru/dns"
+Code = "edgecenter"
+Since = "v4.29.0"
+
+Example = '''
+EDGECENTER_PERMANENT_API_TOKEN=xxxxx \
+lego --dns edgecenter -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ EDGECENTER_PERMANENT_API_TOKEN = "Permanent API token (https://edgecenter.ru/blog/permanent-api-token-explained/)"
+ [Configuration.Additional]
+ EDGECENTER_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 20)"
+ EDGECENTER_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 360)"
+ EDGECENTER_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ EDGECENTER_HTTP_TIMEOUT = "API request timeout in seconds (Default: 10)"
+
+[Links]
+ API = "https://apidocs.edgecenter.ru/dns"
diff --git a/providers/dns/edgecenter/edgecenter_test.go b/providers/dns/edgecenter/edgecenter_test.go
new file mode 100644
index 000000000..e3ec43981
--- /dev/null
+++ b/providers/dns/edgecenter/edgecenter_test.go
@@ -0,0 +1,114 @@
+package edgecenter
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+var envTest = tester.NewEnvTest(EnvPermanentAPIToken).WithDomain(envNamespace + "DOMAIN")
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvPermanentAPIToken: "A",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{
+ EnvPermanentAPIToken: "",
+ },
+ expected: "edgecenter: some credentials information are missing: EDGECENTER_PERMANENT_API_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.prv)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiToken string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiToken: "A",
+ },
+ {
+ desc: "missing credentials",
+ expected: "edgecenter: incomplete credentials provided",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIToken = test.apiToken
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.prv)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/edgedns/edgedns.go b/providers/dns/edgedns/edgedns.go
index 10898006a..b5f4b99c9 100644
--- a/providers/dns/edgedns/edgedns.go
+++ b/providers/dns/edgedns/edgedns.go
@@ -2,14 +2,17 @@
package edgedns
import (
+ "context"
"errors"
"fmt"
+ "net/http"
"slices"
"strings"
"time"
- configdns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v2"
- "github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid"
+ edgegriddns "github.com/akamai/AkamaiOPEN-edgegrid-golang/v11/pkg/dns"
+ "github.com/akamai/AkamaiOPEN-edgegrid-golang/v11/pkg/edgegrid"
+ "github.com/akamai/AkamaiOPEN-edgegrid-golang/v11/pkg/session"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
@@ -20,14 +23,8 @@ import (
const (
envNamespace = "AKAMAI_"
- EnvEdgeRc = envNamespace + "EDGERC"
- EnvEdgeRcSection = envNamespace + "EDGERC_SECTION"
-
- EnvHost = envNamespace + "HOST"
- EnvClientToken = envNamespace + "CLIENT_TOKEN"
- EnvClientSecret = envNamespace + "CLIENT_SECRET"
- EnvAccessToken = envNamespace + "ACCESS_TOKEN"
-
+ EnvEdgeRc = envNamespace + "EDGERC"
+ EnvEdgeRcSection = envNamespace + "EDGERC_SECTION"
EnvAccountSwitchKey = envNamespace + "ACCOUNT_SWITCH_KEY"
EnvTTL = envNamespace + "TTL"
@@ -35,6 +32,15 @@ const (
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
)
+// Test Environment variables names (unused).
+// TODO(ldez): must be moved into test files.
+const (
+ EnvHost = envNamespace + "HOST"
+ EnvClientToken = envNamespace + "CLIENT_TOKEN"
+ EnvClientSecret = envNamespace + "CLIENT_SECRET"
+ EnvAccessToken = envNamespace + "ACCESS_TOKEN"
+)
+
const (
defaultPropagationTimeout = 3 * time.Minute
defaultPollInterval = 15 * time.Second
@@ -46,7 +52,8 @@ var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- edgegrid.Config
+ *edgegrid.Config
+
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
@@ -58,7 +65,7 @@ func NewDefaultConfig() *Config {
TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, defaultPropagationTimeout),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, defaultPollInterval),
- Config: edgegrid.Config{MaxBody: maxBody},
+ Config: &edgegrid.Config{MaxBody: maxBody},
}
}
@@ -73,27 +80,27 @@ type DNSProvider struct {
// 1. Section-specific environment variables `AKAMAI_{SECTION}_HOST`, `AKAMAI_{SECTION}_ACCESS_TOKEN`, `AKAMAI_{SECTION}_CLIENT_TOKEN`, `AKAMAI_{SECTION}_CLIENT_SECRET` where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`
// 2. If `AKAMAI_EDGERC_SECTION` is not defined or is set to `default`: Environment variables `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`
// 3. .edgerc file located at `AKAMAI_EDGERC` (defaults to `~/.edgerc`, sections can be specified using `AKAMAI_EDGERC_SECTION`)
-// 4. Default environment variables: `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`
//
// See also: https://developer.akamai.com/api/getting-started
func NewDNSProvider() (*DNSProvider, error) {
- config := NewDefaultConfig()
-
- rcPath := env.GetOrDefaultString(EnvEdgeRc, "")
- rcSection := env.GetOrDefaultString(EnvEdgeRcSection, "")
- accountSwitchKey := env.GetOrDefaultString(EnvAccountSwitchKey, "")
-
- conf, err := edgegrid.Init(rcPath, rcSection)
+ conf, err := edgegrid.New(
+ edgegrid.WithEnv(true),
+ edgegrid.WithFile(env.GetOrDefaultString(EnvEdgeRc, "~/.edgerc")),
+ edgegrid.WithSection(env.GetOrDefaultString(EnvEdgeRcSection, "default")),
+ )
if err != nil {
return nil, fmt.Errorf("edgedns: %w", err)
}
conf.MaxBody = maxBody
+ accountSwitchKey := env.GetOrDefaultString(EnvAccountSwitchKey, "")
+
if accountSwitchKey != "" {
conf.AccountKey = accountSwitchKey
}
+ config := NewDefaultConfig()
config.Config = conf
return NewDNSProviderConfig(config)
@@ -105,7 +112,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("edgedns: the configuration of the DNS provider is nil")
}
- configdns.Init(config.Config)
+ err := config.Validate()
+ if err != nil {
+ return nil, fmt.Errorf("edgedns: %w", err)
+ }
return &DNSProvider{config: config}, nil
}
@@ -118,14 +128,27 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
+ sess, err := session.New(session.WithSigner(d.config))
+ if err != nil {
+ return fmt.Errorf("edgedns: %w", err)
+ }
+
+ client := edgegriddns.Client(sess)
+
zone, err := getZone(info.EffectiveFQDN)
if err != nil {
return fmt.Errorf("edgedns: %w", err)
}
- record, err := configdns.GetRecord(zone, info.EffectiveFQDN, "TXT")
+ record, err := client.GetRecord(ctx, edgegriddns.GetRecordRequest{
+ Zone: zone,
+ Name: info.EffectiveFQDN,
+ RecordType: "TXT",
+ })
if err != nil && !isNotFound(err) {
return fmt.Errorf("edgedns: %w", err)
}
@@ -145,7 +168,16 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
record.Target = append(record.Target, `"`+info.Value+`"`)
record.TTL = d.config.TTL
- err = record.Update(zone)
+ err = client.UpdateRecord(ctx, edgegriddns.UpdateRecordRequest{
+ Record: &edgegriddns.RecordBody{
+ Name: record.Name,
+ RecordType: record.RecordType,
+ TTL: record.TTL,
+ Active: record.Active,
+ Target: record.Target,
+ },
+ Zone: zone,
+ })
if err != nil {
return fmt.Errorf("edgedns: %w", err)
}
@@ -153,14 +185,16 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return nil
}
- record = &configdns.RecordBody{
- Name: info.EffectiveFQDN,
- RecordType: "TXT",
- TTL: d.config.TTL,
- Target: []string{`"` + info.Value + `"`},
- }
-
- err = record.Save(zone)
+ err = client.CreateRecord(ctx, edgegriddns.CreateRecordRequest{
+ Record: &edgegriddns.RecordBody{
+ Name: info.EffectiveFQDN,
+ RecordType: "TXT",
+ TTL: d.config.TTL,
+ Target: []string{`"` + info.Value + `"`},
+ },
+ Zone: zone,
+ RecLock: nil,
+ })
if err != nil {
return fmt.Errorf("edgedns: %w", err)
}
@@ -170,18 +204,32 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
+ sess, err := session.New(session.WithSigner(d.config))
+ if err != nil {
+ return fmt.Errorf("edgedns: %w", err)
+ }
+
+ client := edgegriddns.Client(sess)
+
zone, err := getZone(info.EffectiveFQDN)
if err != nil {
return fmt.Errorf("edgedns: %w", err)
}
- existingRec, err := configdns.GetRecord(zone, info.EffectiveFQDN, "TXT")
+ existingRec, err := client.GetRecord(ctx, edgegriddns.GetRecordRequest{
+ Zone: zone,
+ Name: info.EffectiveFQDN,
+ RecordType: "TXT",
+ })
if err != nil {
if isNotFound(err) {
return nil
}
+
return fmt.Errorf("edgedns: %w", err)
}
@@ -197,19 +245,21 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return nil
}
- var newRData []string
- for _, val := range existingRec.Target {
- val = strings.Trim(val, `"`)
- if val == info.Value {
- continue
- }
- newRData = append(newRData, val)
- }
+ newRData := filterRData(existingRec, info)
if len(newRData) > 0 {
existingRec.Target = newRData
- err = existingRec.Update(zone)
+ err = client.UpdateRecord(ctx, edgegriddns.UpdateRecordRequest{
+ Record: &edgegriddns.RecordBody{
+ Name: existingRec.Name,
+ RecordType: existingRec.RecordType,
+ TTL: existingRec.TTL,
+ Active: existingRec.Active,
+ Target: existingRec.Target,
+ },
+ Zone: zone,
+ })
if err != nil {
return fmt.Errorf("edgedns: %w", err)
}
@@ -217,7 +267,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return nil
}
- err = existingRec.Delete(zone)
+ err = client.DeleteRecord(ctx, edgegriddns.DeleteRecordRequest{
+ Zone: zone,
+ Name: existingRec.Name,
+ RecordType: "TXT",
+ RecLock: nil,
+ })
if err != nil {
return fmt.Errorf("edgedns: %w", err)
}
@@ -245,6 +300,22 @@ func isNotFound(err error) bool {
return false
}
- var e configdns.ConfigDNSError
- return errors.As(err, &e) && e.NotFound()
+ var e *edgegriddns.Error
+
+ return errors.As(err, &e) && e.StatusCode == http.StatusNotFound
+}
+
+func filterRData(existingRec *edgegriddns.GetRecordResponse, info dns01.ChallengeInfo) []string {
+ var newRData []string
+
+ for _, val := range existingRec.Target {
+ val = strings.Trim(val, `"`)
+ if val == info.Value {
+ continue
+ }
+
+ newRData = append(newRData, val)
+ }
+
+ return newRData
}
diff --git a/providers/dns/edgedns/edgedns.toml b/providers/dns/edgedns/edgedns.toml
index d40d5cc03..7c7c5b3aa 100644
--- a/providers/dns/edgedns/edgedns.toml
+++ b/providers/dns/edgedns/edgedns.toml
@@ -12,7 +12,7 @@ AKAMAI_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz1234567890ABCDEFG= \
AKAMAI_CLIENT_TOKEN=akab-mnbvcxzlkjhgfdsapoiuytrewq1234567 \
AKAMAI_HOST=akab-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.luna.akamaiapis.net \
AKAMAI_ACCESS_TOKEN=akab-1234567890qwerty-asdfghjklzxcvtnu \
-lego --email you@example.com --dns edgedns -d '*.example.com' -d example.com run
+lego --dns edgedns -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/edgedns/edgedns_integration_test.go b/providers/dns/edgedns/edgedns_integration_test.go
index e1b3bb7cf..d20b8e5aa 100644
--- a/providers/dns/edgedns/edgedns_integration_test.go
+++ b/providers/dns/edgedns/edgedns_integration_test.go
@@ -1,11 +1,13 @@
package edgedns
import (
+ "context"
"fmt"
"testing"
"time"
- configdns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v2"
+ edgegriddns "github.com/akamai/AkamaiOPEN-edgegrid-golang/v11/pkg/dns"
+ "github.com/akamai/AkamaiOPEN-edgegrid-golang/v11/pkg/session"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -17,6 +19,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -34,6 +37,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -69,10 +73,21 @@ func TestLiveTTL(t *testing.T) {
zone, err := getZone(fqdn)
require.NoError(t, err)
- resourceRecordSets, err := configdns.GetRecordList(zone, fqdn, "TXT")
+ ctx := context.Background()
+
+ sess, err := session.New(session.WithSigner(provider.config))
require.NoError(t, err)
- for i, rrset := range resourceRecordSets.Recordsets {
+ client := edgegriddns.Client(sess)
+
+ resourceRecordSets, err := client.GetRecordList(ctx, edgegriddns.GetRecordListRequest{
+ Zone: zone,
+ RecordType: "TXT",
+ })
+
+ require.NoError(t, err)
+
+ for i, rrset := range resourceRecordSets.RecordSets {
if rrset.Name != fqdn {
continue
}
diff --git a/providers/dns/edgedns/edgedns_test.go b/providers/dns/edgedns/edgedns_test.go
index 3ac55a4a4..a64efd6e2 100644
--- a/providers/dns/edgedns/edgedns_test.go
+++ b/providers/dns/edgedns/edgedns_test.go
@@ -1,12 +1,10 @@
package edgedns
import (
- "os"
"testing"
"time"
- configdns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v2"
- "github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid"
+ "github.com/akamai/AkamaiOPEN-edgegrid-golang/v11/pkg/edgegrid"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/tester"
"github.com/stretchr/testify/require"
@@ -21,6 +19,9 @@ const (
)
var envTest = tester.NewEnvTest(
+ EnvTTL,
+ EnvPollingInterval,
+ EnvPropagationTimeout,
EnvHost,
EnvClientToken,
EnvClientSecret,
@@ -35,7 +36,7 @@ var envTest = tester.NewEnvTest(
WithDomain(envDomain).
WithLiveTestRequirements(EnvHost, EnvClientToken, EnvClientSecret, EnvAccessToken, envDomain)
-func TestNewDNSProvider_FromEnv(t *testing.T) {
+func TestNewDNSProvider(t *testing.T) {
testCases := []struct {
desc string
envVars map[string]string
@@ -50,13 +51,13 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
EnvClientSecret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
EnvAccessToken: "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
},
- expectedConfig: &edgegrid.Config{
- Host: "akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net",
- ClientToken: "akab-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
- ClientSecret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
- AccessToken: "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
- MaxBody: maxBody,
- },
+ expectedConfig: newEdgeConfig(func(config *edgegrid.Config) {
+ config.Host = "akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net"
+ config.ClientToken = "akab-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx"
+ config.ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ config.AccessToken = "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx"
+ config.MaxBody = maxBody
+ }, edgegrid.WithEnv(true), edgegrid.WithFile("/dev/null")),
},
{
desc: "with account switch key",
@@ -67,14 +68,14 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
EnvAccessToken: "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
EnvAccountSwitchKey: "F-AC-1234",
},
- expectedConfig: &edgegrid.Config{
- Host: "akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net",
- ClientToken: "akab-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
- ClientSecret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
- AccessToken: "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
- MaxBody: maxBody,
- AccountKey: "F-AC-1234",
- },
+ expectedConfig: newEdgeConfig(func(config *edgegrid.Config) {
+ config.Host = "akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net"
+ config.ClientToken = "akab-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx"
+ config.ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ config.AccessToken = "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx"
+ config.MaxBody = maxBody
+ config.AccountKey = "F-AC-1234"
+ }, edgegrid.WithEnv(true), edgegrid.WithFile("/dev/null")),
},
{
desc: "with section",
@@ -85,17 +86,17 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
envTestClientSecret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
envTestAccessToken: "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
},
- expectedConfig: &edgegrid.Config{
- Host: "akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net",
- ClientToken: "akab-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
- ClientSecret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
- AccessToken: "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx",
- MaxBody: maxBody,
- },
+ expectedConfig: newEdgeConfig(func(config *edgegrid.Config) {
+ config.Host = "akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net"
+ config.ClientToken = "akab-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx"
+ config.ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ config.AccessToken = "akac-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx"
+ config.MaxBody = maxBody
+ }, edgegrid.WithEnv(true), edgegrid.WithFile("/dev/null"), edgegrid.WithSection("test")),
},
{
desc: "missing credentials",
- expectedErr: "edgedns: Unable to create instance using environment or .edgerc file",
+ expectedErr: `edgedns: unable to load config from environment or .edgerc file`,
},
{
desc: "missing host",
@@ -105,7 +106,7 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
EnvClientSecret: "C",
EnvAccessToken: "D",
},
- expectedErr: "edgedns: Unable to create instance using environment or .edgerc file",
+ expectedErr: `edgedns: unable to load config from environment or .edgerc file`,
},
{
desc: "missing client token",
@@ -115,7 +116,7 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
EnvClientSecret: "C",
EnvAccessToken: "D",
},
- expectedErr: "edgedns: Fatal missing required environment variables: [AKAMAI_CLIENT_TOKEN]",
+ expectedErr: `edgedns: unable to load config from environment or .edgerc file`,
},
{
desc: "missing client secret",
@@ -125,7 +126,7 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
EnvClientSecret: "",
EnvAccessToken: "D",
},
- expectedErr: "edgedns: Fatal missing required environment variables: [AKAMAI_CLIENT_SECRET]",
+ expectedErr: `edgedns: unable to load config from environment or .edgerc file`,
},
{
desc: "missing access token",
@@ -135,18 +136,20 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
EnvClientSecret: "C",
EnvAccessToken: "",
},
- expectedErr: "edgedns: Fatal missing required environment variables: [AKAMAI_ACCESS_TOKEN]",
+ expectedErr: `edgedns: unable to load config from environment or .edgerc file`,
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
if test.envVars == nil {
test.envVars = map[string]string{}
}
+
test.envVars[EnvEdgeRc] = "/dev/null"
envTest.Apply(test.envVars)
@@ -154,7 +157,7 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
p, err := NewDNSProvider()
if test.expectedErr != "" {
- require.EqualError(t, err, test.expectedErr)
+ require.ErrorContains(t, err, test.expectedErr)
return
}
@@ -163,13 +166,63 @@ func TestNewDNSProvider_FromEnv(t *testing.T) {
require.NotNil(t, p.config)
if test.expectedConfig != nil {
- require.Equal(t, *test.expectedConfig, configdns.Config)
+ require.Equal(t, test.expectedConfig, p.config.Config)
}
})
}
}
-func TestDNSProvider_findZone(t *testing.T) {
+func TestNewDefaultConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected *Config
+ }{
+ {
+ desc: "default configuration",
+ expected: &Config{
+ TTL: dns01.DefaultTTL,
+ PropagationTimeout: 3 * time.Minute,
+ PollingInterval: 15 * time.Second,
+ Config: &edgegrid.Config{
+ MaxBody: maxBody,
+ },
+ },
+ },
+ {
+ desc: "custom values",
+ envVars: map[string]string{
+ EnvTTL: "99",
+ EnvPropagationTimeout: "60",
+ EnvPollingInterval: "60",
+ },
+ expected: &Config{
+ TTL: 99,
+ PropagationTimeout: 60 * time.Second,
+ PollingInterval: 60 * time.Second,
+ Config: &edgegrid.Config{
+ MaxBody: maxBody,
+ },
+ },
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ config := NewDefaultConfig()
+
+ require.Equal(t, test.expected, config)
+ })
+ }
+}
+
+func Test_findZone(t *testing.T) {
testCases := []struct {
desc string
domain string
@@ -198,53 +251,7 @@ func TestDNSProvider_findZone(t *testing.T) {
}
}
-func TestNewDefaultConfig(t *testing.T) {
- defer envTest.RestoreEnv()
-
- testCases := []struct {
- desc string
- envVars map[string]string
- expected *Config
- }{
- {
- desc: "default configuration",
- expected: &Config{
- TTL: dns01.DefaultTTL,
- PropagationTimeout: 3 * time.Minute,
- PollingInterval: 15 * time.Second,
- Config: edgegrid.Config{
- MaxBody: maxBody,
- },
- },
- },
- {
- desc: "custom values",
- envVars: map[string]string{
- EnvTTL: "99",
- EnvPropagationTimeout: "60",
- EnvPollingInterval: "60",
- },
- expected: &Config{
- TTL: 99,
- PropagationTimeout: 60 * time.Second,
- PollingInterval: 60 * time.Second,
- Config: edgegrid.Config{
- MaxBody: maxBody,
- },
- },
- },
- }
-
- for _, test := range testCases {
- t.Run(test.desc, func(t *testing.T) {
- envTest.ClearEnv()
- for key, value := range test.envVars {
- os.Setenv(key, value)
- }
-
- config := NewDefaultConfig()
-
- require.Equal(t, test.expected, config)
- })
- }
+func newEdgeConfig(opts ...edgegrid.Option) *edgegrid.Config {
+ config, _ := edgegrid.New(opts...)
+ return config
}
diff --git a/providers/dns/edgeone/edgeone.go b/providers/dns/edgeone/edgeone.go
new file mode 100644
index 000000000..6931c6715
--- /dev/null
+++ b/providers/dns/edgeone/edgeone.go
@@ -0,0 +1,203 @@
+// Package edgeone implements a DNS provider for solving the DNS-01 challenge using Tencent EdgeOne.
+package edgeone
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "math"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/ptr"
+ teo "github.com/go-acme/tencentedgdeone/v20220901"
+ "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+ "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+ "golang.org/x/net/idna"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "EDGEONE_"
+
+ EnvSecretID = envNamespace + "SECRET_ID"
+ EnvSecretKey = envNamespace + "SECRET_KEY"
+ EnvRegion = envNamespace + "REGION"
+ EnvSessionToken = envNamespace + "SESSION_TOKEN"
+ EnvZonesMapping = envNamespace + "ZONES_MAPPING"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ SecretID string
+ SecretKey string
+ Region string
+ SessionToken string
+
+ ZonesMapping map[string]string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPTimeout time.Duration
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, 60),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 20*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 30*time.Second),
+ HTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *teo.Client
+
+ recordIDs map[string]*string
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Tencent EdgeOne.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvSecretID, EnvSecretKey)
+ if err != nil {
+ return nil, fmt.Errorf("edgeone: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.SecretID = values[EnvSecretID]
+ config.SecretKey = values[EnvSecretKey]
+ config.Region = env.GetOrDefaultString(EnvRegion, "")
+ config.SessionToken = env.GetOrDefaultString(EnvSessionToken, "")
+
+ mapping := env.GetOrDefaultString(EnvZonesMapping, "")
+ if mapping != "" {
+ config.ZonesMapping, err = env.ParsePairs(mapping)
+ if err != nil {
+ return nil, fmt.Errorf("edgeone: zones mapping: %w", err)
+ }
+ }
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Tencent EdgeOne.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("edgeone: the configuration of the DNS provider is nil")
+ }
+
+ var credential *common.Credential
+
+ switch {
+ case config.SecretID != "" && config.SecretKey != "" && config.SessionToken != "":
+ credential = common.NewTokenCredential(config.SecretID, config.SecretKey, config.SessionToken)
+ case config.SecretID != "" && config.SecretKey != "":
+ credential = common.NewCredential(config.SecretID, config.SecretKey)
+ default:
+ return nil, errors.New("edgeone: credentials missing")
+ }
+
+ cpf := profile.NewClientProfile()
+ cpf.HttpProfile.Endpoint = "teo.intl.tencentcloudapi.com"
+ cpf.HttpProfile.ReqTimeout = int(math.Round(config.HTTPTimeout.Seconds()))
+
+ client, err := teo.NewClient(credential, config.Region, cpf)
+ if err != nil {
+ return nil, fmt.Errorf("edgeone: %w", err)
+ }
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: map[string]*string{},
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx := context.Background()
+
+ zoneID, err := d.getHostedZoneID(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("edgeone: failed to get hosted zone: %w", err)
+ }
+
+ punnyCoded, err := idna.ToASCII(dns01.UnFqdn(info.EffectiveFQDN))
+ if err != nil {
+ return fmt.Errorf("edgeone: fail to convert punycode: %w", err)
+ }
+
+ request := teo.NewCreateDnsRecordRequest()
+ request.Name = ptr.Pointer(punnyCoded)
+ request.ZoneId = zoneID
+ request.Type = ptr.Pointer("TXT")
+ request.Content = ptr.Pointer(info.Value)
+ request.TTL = ptr.Pointer(int64(d.config.TTL))
+
+ nr, err := teo.CreateDnsRecordWithContext(ctx, d.client, request)
+ if err != nil {
+ return fmt.Errorf("edgeone: API call failed: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.recordIDs[token] = nr.Response.RecordId
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx := context.Background()
+
+ zoneID, err := d.getHostedZoneID(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("edgeone: failed to get hosted zone: %w", err)
+ }
+
+ // get the record's unique ID from when we created it
+ d.recordIDsMu.Lock()
+ recordID, ok := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("edgeone: unknown record ID for '%s'", info.EffectiveFQDN)
+ }
+
+ request := teo.NewDeleteDnsRecordsRequest()
+ request.ZoneId = zoneID
+ request.RecordIds = []*string{recordID}
+
+ _, err = teo.DeleteDnsRecordsWithContext(ctx, d.client, request)
+ if err != nil {
+ return fmt.Errorf("edgeone: delete record failed: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/edgeone/edgeone.toml b/providers/dns/edgeone/edgeone.toml
new file mode 100644
index 000000000..05b8bc516
--- /dev/null
+++ b/providers/dns/edgeone/edgeone.toml
@@ -0,0 +1,28 @@
+Name = "Tencent EdgeOne"
+Description = ''''''
+URL = "https://edgeone.ai"
+Code = "edgeone"
+Since = "v4.26.0"
+
+Example = '''
+EDGEONE_SECRET_ID=abcdefghijklmnopqrstuvwx \
+EDGEONE_SECRET_KEY=your-secret-key \
+lego --dns edgeone -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ EDGEONE_SECRET_ID = "Access key ID"
+ EDGEONE_SECRET_KEY = "Access Key secret"
+ [Configuration.Additional]
+ EDGEONE_SESSION_TOKEN = "Access Key token"
+ EDGEONE_REGION = "Region"
+ EDGEONE_ZONES_MAPPING = "Mapping between DNS zones and site IDs. (ex: 'example.org:id1,example.com:id2')"
+ EDGEONE_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 30)"
+ EDGEONE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 1200)"
+ EDGEONE_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)"
+ EDGEONE_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://edgeone.ai/document/50454#dns-record-apis"
+ GoClient = "https://github.com/tencentcloud/tencentcloud-sdk-go"
diff --git a/providers/dns/edgeone/edgeone_test.go b/providers/dns/edgeone/edgeone_test.go
new file mode 100644
index 000000000..7bd4f6f6d
--- /dev/null
+++ b/providers/dns/edgeone/edgeone_test.go
@@ -0,0 +1,170 @@
+package edgeone
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvSecretID,
+ EnvSecretKey,
+ EnvZonesMapping,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvSecretID: "123",
+ EnvSecretKey: "456",
+ },
+ },
+ {
+ desc: "success with zones mapping",
+ envVars: map[string]string{
+ EnvSecretID: "123",
+ EnvSecretKey: "456",
+ EnvZonesMapping: "example.org:id1,example.com:id2",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{
+ EnvSecretID: "",
+ EnvSecretKey: "",
+ },
+ expected: "edgeone: some credentials information are missing: EDGEONE_SECRET_ID,EDGEONE_SECRET_KEY",
+ },
+ {
+ desc: "missing access id",
+ envVars: map[string]string{
+ EnvSecretID: "",
+ EnvSecretKey: "456",
+ },
+ expected: "edgeone: some credentials information are missing: EDGEONE_SECRET_ID",
+ },
+ {
+ desc: "missing secret key",
+ envVars: map[string]string{
+ EnvSecretID: "123",
+ EnvSecretKey: "",
+ },
+ expected: "edgeone: some credentials information are missing: EDGEONE_SECRET_KEY",
+ },
+ {
+ desc: "invalid mapping",
+ envVars: map[string]string{
+ EnvSecretID: "123",
+ EnvSecretKey: "456",
+ EnvZonesMapping: "example.org:id1,example.com",
+ },
+ expected: "edgeone: zones mapping: incorrect pair: example.com",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ secretID string
+ secretKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ secretID: "123",
+ secretKey: "456",
+ },
+ {
+ desc: "missing credentials",
+ expected: "edgeone: credentials missing",
+ },
+ {
+ desc: "missing secret id",
+ secretKey: "456",
+ expected: "edgeone: credentials missing",
+ },
+ {
+ desc: "missing secret key",
+ secretID: "123",
+ expected: "edgeone: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.SecretID = test.secretID
+ config.SecretKey = test.secretKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/edgeone/wrapper.go b/providers/dns/edgeone/wrapper.go
new file mode 100644
index 000000000..53fae9427
--- /dev/null
+++ b/providers/dns/edgeone/wrapper.go
@@ -0,0 +1,58 @@
+package edgeone
+
+import (
+ "context"
+ "fmt"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/ptr"
+ teo "github.com/go-acme/tencentedgdeone/v20220901"
+)
+
+func (d *DNSProvider) getHostedZoneID(ctx context.Context, domain string) (*string, error) {
+ authZone, err := dns01.FindZoneByFqdn(domain)
+ if err != nil {
+ return nil, fmt.Errorf("could not find zone: %w", err)
+ }
+
+ if d.config.ZonesMapping != nil {
+ zoneID, ok := d.config.ZonesMapping[authZone]
+ if ok {
+ return ptr.Pointer(zoneID), nil
+ }
+ }
+
+ request := teo.NewDescribeZonesRequest()
+
+ var zones []*teo.Zone
+
+ for {
+ response, err := teo.DescribeZonesWithContext(ctx, d.client, request)
+ if err != nil {
+ return nil, fmt.Errorf("API call failed: %w", err)
+ }
+
+ zones = append(zones, response.Response.Zones...)
+
+ if int64(len(zones)) >= ptr.Deref(response.Response.TotalCount) {
+ break
+ }
+
+ request.Offset = ptr.Pointer(int64(len(zones)))
+ }
+
+ var hostedZone *teo.Zone
+
+ for _, zone := range zones {
+ unfqdn := dns01.UnFqdn(authZone)
+ if ptr.Deref(zone.ZoneName) == unfqdn {
+ hostedZone = zone
+ }
+ }
+
+ if hostedZone == nil {
+ return nil, fmt.Errorf("zone %s not found for domain %s", authZone, domain)
+ }
+
+ return hostedZone.ZoneId, nil
+}
diff --git a/providers/dns/efficientip/efficientip.go b/providers/dns/efficientip/efficientip.go
index 15fa579ed..81b4530b7 100644
--- a/providers/dns/efficientip/efficientip.go
+++ b/providers/dns/efficientip/efficientip.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/efficientip/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -91,12 +92,15 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config.Username == "" {
return nil, errors.New("efficientip: missing username")
}
+
if config.Password == "" {
return nil, errors.New("efficientip: missing password")
}
+
if config.Hostname == "" {
return nil, errors.New("efficientip: missing hostname")
}
+
if config.DNSName == "" {
return nil, errors.New("efficientip: missing dnsname")
}
@@ -113,6 +117,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
}
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/efficientip/efficientip.toml b/providers/dns/efficientip/efficientip.toml
index 565c9575b..6e1874319 100644
--- a/providers/dns/efficientip/efficientip.toml
+++ b/providers/dns/efficientip/efficientip.toml
@@ -9,7 +9,7 @@ EFFICIENTIP_USERNAME="user" \
EFFICIENTIP_PASSWORD="secret" \
EFFICIENTIP_HOSTNAME="ipam.example.org" \
EFFICIENTIP_DNS_NAME="dns.smart" \
-lego --email you@example.com --dns efficientip -d '*.example.com' -d example.com run
+lego --dns efficientip -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/efficientip/efficientip_test.go b/providers/dns/efficientip/efficientip_test.go
index 3ee2da777..c2751a79b 100644
--- a/providers/dns/efficientip/efficientip_test.go
+++ b/providers/dns/efficientip/efficientip_test.go
@@ -83,6 +83,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -178,6 +179,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -191,6 +193,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/efficientip/internal/client.go b/providers/dns/efficientip/internal/client.go
index cc26c5412..5ccdf3973 100644
--- a/providers/dns/efficientip/internal/client.go
+++ b/providers/dns/efficientip/internal/client.go
@@ -108,6 +108,7 @@ func (c *Client) DeleteRecord(ctx context.Context, params DeleteInputParameters)
if err != nil {
return nil, fmt.Errorf("query parameters: %w", err)
}
+
endpoint.RawQuery = v.Encode()
req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
@@ -200,6 +201,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var response APIError
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/epik/epik.go b/providers/dns/epik/epik.go
index 58390faa9..ef5de3c4b 100644
--- a/providers/dns/epik/epik.go
+++ b/providers/dns/epik/epik.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/epik/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -86,6 +87,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/epik/epik.toml b/providers/dns/epik/epik.toml
index 7b4688609..faf453581 100644
--- a/providers/dns/epik/epik.toml
+++ b/providers/dns/epik/epik.toml
@@ -6,7 +6,7 @@ Since = "v4.5.0"
Example = '''
EPIK_SIGNATURE=xxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns epik -d '*.example.com' -d example.com run
+lego --dns epik -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/epik/epik_test.go b/providers/dns/epik/epik_test.go
index c0cd3d43b..b8b3c5c43 100644
--- a/providers/dns/epik/epik_test.go
+++ b/providers/dns/epik/epik_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -92,6 +93,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -105,6 +107,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/epik/internal/client.go b/providers/dns/epik/internal/client.go
index 70fb42fa9..2c3373953 100644
--- a/providers/dns/epik/internal/client.go
+++ b/providers/dns/epik/internal/client.go
@@ -46,6 +46,7 @@ func (c *Client) GetDNSRecords(ctx context.Context, domain string) ([]Record, er
}
var data GetDNSRecordResponse
+
err = c.do(req, &data)
if err != nil {
return nil, err
@@ -67,6 +68,7 @@ func (c *Client) CreateHostRecord(ctx context.Context, domain string, record Rec
}
var data Data
+
err = c.do(req, &data)
if err != nil {
return nil, err
@@ -89,6 +91,7 @@ func (c *Client) RemoveHostRecord(ctx context.Context, domain, recordID string)
}
var data Data
+
err = c.do(req, &data)
if err != nil {
return nil, err
@@ -165,6 +168,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var apiErr APIError
+
err := json.Unmarshal(raw, &apiErr)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/eurodns/eurodns.go b/providers/dns/eurodns/eurodns.go
new file mode 100644
index 000000000..21ff3c3a9
--- /dev/null
+++ b/providers/dns/eurodns/eurodns.go
@@ -0,0 +1,197 @@
+// Package eurodns implements a DNS provider for solving the DNS-01 challenge using EuroDNS.
+package eurodns
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/eurodns/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "EURODNS_"
+
+ EnvApplicationID = envNamespace + "APP_ID"
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ ApplicationID string
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, internal.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for EuroDNS.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvApplicationID, EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("eurodns: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.ApplicationID = values[EnvApplicationID]
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for EuroDNS.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("eurodns: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.ApplicationID, config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("eurodns: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("eurodns: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("eurodns: %w", err)
+ }
+
+ authZone = dns01.UnFqdn(authZone)
+
+ zone, err := d.client.GetZone(ctx, authZone)
+ if err != nil {
+ return fmt.Errorf("eurodns: get zone: %w", err)
+ }
+
+ zone.Records = append(zone.Records, internal.Record{
+ Type: "TXT",
+ Host: subDomain,
+ TTL: internal.TTLRounder(d.config.TTL),
+ RData: info.Value,
+ })
+
+ validation, err := d.client.ValidateZone(ctx, authZone, zone)
+ if err != nil {
+ return fmt.Errorf("eurodns: validate zone: %w", err)
+ }
+
+ if validation.Report != nil && !validation.Report.IsValid {
+ return fmt.Errorf("eurodns: validation report: %w", validation.Report)
+ }
+
+ err = d.client.SaveZone(ctx, authZone, zone)
+ if err != nil {
+ return fmt.Errorf("eurodns: save zone: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("eurodns: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("eurodns: %w", err)
+ }
+
+ authZone = dns01.UnFqdn(authZone)
+
+ zone, err := d.client.GetZone(ctx, authZone)
+ if err != nil {
+ return fmt.Errorf("eurodns: get zone: %w", err)
+ }
+
+ var recordsToKeep []internal.Record
+
+ for _, record := range zone.Records {
+ if record.Type == "TXT" && record.Host == subDomain && record.RData == info.Value {
+ continue
+ }
+
+ recordsToKeep = append(recordsToKeep, record)
+ }
+
+ zone.Records = recordsToKeep
+
+ validation, err := d.client.ValidateZone(ctx, authZone, zone)
+ if err != nil {
+ return fmt.Errorf("eurodns: validate zone: %w", err)
+ }
+
+ if validation.Report != nil && !validation.Report.IsValid {
+ return fmt.Errorf("eurodns: validation report: %w", validation.Report)
+ }
+
+ err = d.client.SaveZone(ctx, authZone, zone)
+ if err != nil {
+ return fmt.Errorf("eurodns: save zone: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/eurodns/eurodns.toml b/providers/dns/eurodns/eurodns.toml
new file mode 100644
index 000000000..302b15d00
--- /dev/null
+++ b/providers/dns/eurodns/eurodns.toml
@@ -0,0 +1,24 @@
+Name = "EuroDNS"
+Description = ''''''
+URL = "https://www.eurodns.com/"
+Code = "eurodns"
+Since = "v4.33.0"
+
+Example = '''
+EURODNS_APP_ID="xxx" \
+EURODNS_API_KEY="yyy" \
+lego --dns eurodns -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ EURODNS_APP_ID = "Application ID"
+ EURODNS_API_KEY = "API key"
+ [Configuration.Additional]
+ EURODNS_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ EURODNS_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ EURODNS_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 600)"
+ EURODNS_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://docapi.eurodns.com/"
diff --git a/providers/dns/eurodns/eurodns_test.go b/providers/dns/eurodns/eurodns_test.go
new file mode 100644
index 000000000..abbb4717e
--- /dev/null
+++ b/providers/dns/eurodns/eurodns_test.go
@@ -0,0 +1,215 @@
+package eurodns
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/go-acme/lego/v4/providers/dns/eurodns/internal"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvApplicationID, EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvApplicationID: "abc",
+ EnvAPIKey: "secret",
+ },
+ },
+ {
+ desc: "missing application ID",
+ envVars: map[string]string{
+ EnvApplicationID: "",
+ EnvAPIKey: "secret",
+ },
+ expected: "eurodns: some credentials information are missing: EURODNS_APP_ID",
+ },
+ {
+ desc: "missing API secret",
+ envVars: map[string]string{
+ EnvApplicationID: "",
+ EnvAPIKey: "secret",
+ },
+ expected: "eurodns: some credentials information are missing: EURODNS_APP_ID",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "eurodns: some credentials information are missing: EURODNS_APP_ID,EURODNS_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ appID string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ appID: "abc",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing application ID",
+ expected: "eurodns: credentials missing",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing API secret",
+ expected: "eurodns: credentials missing",
+ appID: "abc",
+ },
+ {
+ desc: "missing credentials",
+ expected: "eurodns: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.ApplicationID = test.appID
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIKey = "secret"
+ config.ApplicationID = "abc"
+ config.HTTPClient = server.Client()
+
+ provider, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ provider.client.BaseURL, _ = url.Parse(server.URL)
+
+ return provider, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With(internal.HeaderAppID, "abc").
+ With(internal.HeaderAPIKey, "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /example.com",
+ servermock.ResponseFromInternal("zone_get.json"),
+ ).
+ Route("POST /example.com/check",
+ servermock.ResponseFromInternal("zone_add_validate_ok.json"),
+ servermock.CheckRequestJSONBodyFromInternal("zone_add.json"),
+ ).
+ Route("PUT /example.com",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ servermock.CheckRequestJSONBodyFromInternal("zone_add.json"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /example.com",
+ servermock.ResponseFromInternal("zone_add.json"),
+ ).
+ Route("POST /example.com/check",
+ servermock.ResponseFromInternal("zone_remove.json"),
+ servermock.CheckRequestJSONBodyFromInternal("zone_remove.json"),
+ ).
+ Route("PUT /example.com",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ servermock.CheckRequestJSONBodyFromInternal("zone_remove.json"),
+ ).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/eurodns/internal/client.go b/providers/dns/eurodns/internal/client.go
new file mode 100644
index 000000000..1ebf8d143
--- /dev/null
+++ b/providers/dns/eurodns/internal/client.go
@@ -0,0 +1,199 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+)
+
+const defaultBaseURL = "https://rest-api.eurodns.com/dns-zones/"
+
+const (
+ HeaderAppID = "X-APP-ID"
+ HeaderAPIKey = "X-API-KEY"
+)
+
+// Client the EuroDNS API client.
+type Client struct {
+ appID string
+ apiKey string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(appID, apiKey string) (*Client, error) {
+ if appID == "" || apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ appID: appID,
+ apiKey: apiKey,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+// GetZone gets a DNS Zone.
+// https://docapi.eurodns.com/#/dnsprovider/getdnszone
+func (c *Client) GetZone(ctx context.Context, domain string) (*Zone, error) {
+ endpoint := c.BaseURL.JoinPath(domain)
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &Zone{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// SaveZone saves a DNS Zone.
+// https://docapi.eurodns.com/#/dnsprovider/savednszone
+func (c *Client) SaveZone(ctx context.Context, domain string, zone *Zone) error {
+ endpoint := c.BaseURL.JoinPath(domain)
+
+ if len(zone.URLForwards) == 0 {
+ zone.URLForwards = make([]URLForward, 0)
+ }
+
+ if len(zone.MailForwards) == 0 {
+ zone.MailForwards = make([]MailForward, 0)
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodPut, endpoint, zone)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+// ValidateZone validates DNS Zone.
+// https://docapi.eurodns.com/#/dnsprovider/checkdnszone
+func (c *Client) ValidateZone(ctx context.Context, domain string, zone *Zone) (*Zone, error) {
+ endpoint := c.BaseURL.JoinPath(domain, "check")
+
+ if len(zone.URLForwards) == 0 {
+ zone.URLForwards = make([]URLForward, 0)
+ }
+
+ if len(zone.MailForwards) == 0 {
+ zone.MailForwards = make([]MailForward, 0)
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, zone)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &Zone{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ req.Header.Set(HeaderAppID, c.appID)
+ req.Header.Set(HeaderAPIKey, c.apiKey)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return fmt.Errorf("%d: %w", resp.StatusCode, &errAPI)
+}
+
+const DefaultTTL = 600
+
+// TTLRounder rounds the given TTL in seconds to the next accepted value.
+// Accepted TTL values are: 600, 900, 1800,3600, 7200, 14400, 21600, 43200, 86400, 172800, 432000, 604800.
+func TTLRounder(ttl int) int {
+ for _, validTTL := range []int{DefaultTTL, 900, 1800, 3600, 7200, 14400, 21600, 43200, 86400, 172800, 432000, 604800} {
+ if ttl <= validTTL {
+ return validTTL
+ }
+ }
+
+ return DefaultTTL
+}
diff --git a/providers/dns/eurodns/internal/client_test.go b/providers/dns/eurodns/internal/client_test.go
new file mode 100644
index 000000000..68d1fda84
--- /dev/null
+++ b/providers/dns/eurodns/internal/client_test.go
@@ -0,0 +1,310 @@
+package internal
+
+import (
+ "context"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "slices"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/go-acme/lego/v4/providers/dns/internal/ptr"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("abc", "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+ client.BaseURL, _ = url.Parse(server.URL)
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With(HeaderAppID, "abc").
+ With(HeaderAPIKey, "secret"),
+ )
+}
+
+func TestClient_GetZone(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /example.com",
+ servermock.ResponseFromFixture("zone_get.json"),
+ ).
+ Build(t)
+
+ zone, err := client.GetZone(context.Background(), "example.com")
+ require.NoError(t, err)
+
+ expected := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: slices.Concat([]Record{fakeARecord()}),
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ }
+
+ assert.Equal(t, expected, zone)
+}
+
+func TestClient_GetZone_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /example.com",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ _, err := client.GetZone(context.Background(), "example.com")
+ require.Error(t, err)
+
+ require.EqualError(t, err, "401: INVALID_API_KEY: Invalid API Key")
+}
+
+func TestClient_SaveZone(t *testing.T) {
+ client := mockBuilder().
+ Route("PUT /example.com",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ servermock.CheckRequestJSONBodyFromFixture("zone_add.json"),
+ ).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Host: "_acme-challenge",
+ RData: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 600,
+ }
+
+ zone := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: []Record{fakeARecord(), record},
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ }
+
+ err := client.SaveZone(context.Background(), "example.com", zone)
+ require.NoError(t, err)
+}
+
+func TestClient_SaveZone_emptyForwards(t *testing.T) {
+ client := mockBuilder().
+ Route("PUT /example.com",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ servermock.CheckRequestJSONBodyFromFixture("zone_add_empty_forwards.json"),
+ ).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Host: "_acme-challenge",
+ RData: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 600,
+ }
+
+ zone := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: slices.Concat([]Record{fakeARecord(), record}),
+ }
+
+ err := client.SaveZone(context.Background(), "example.com", zone)
+ require.NoError(t, err)
+}
+
+func TestClient_SaveZone_error(t *testing.T) {
+ client := mockBuilder().
+ Route("PUT /example.com",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ zone := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: []Record{fakeARecord()},
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ }
+
+ err := client.SaveZone(context.Background(), "example.com", zone)
+ require.Error(t, err)
+
+ require.EqualError(t, err, "401: INVALID_API_KEY: Invalid API Key")
+}
+
+func TestClient_ValidateZone(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /example.com/check",
+ servermock.ResponseFromFixture("zone_add_validate_ok.json"),
+ servermock.CheckRequestJSONBodyFromFixture("zone_add.json"),
+ ).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Host: "_acme-challenge",
+ RData: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 600,
+ }
+
+ zone := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: []Record{fakeARecord(), record},
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ }
+
+ zone, err := client.ValidateZone(context.Background(), "example.com", zone)
+ require.NoError(t, err)
+
+ expected := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: []Record{fakeARecord(), record},
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ Report: &Report{IsValid: true},
+ }
+
+ assert.Equal(t, expected, zone)
+}
+
+func TestClient_ValidateZone_report(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /example.com/check",
+ servermock.ResponseFromFixture("zone_add_validate_ko.json"),
+ servermock.CheckRequestJSONBodyFromFixture("zone_add.json"),
+ ).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Host: "_acme-challenge",
+ RData: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 600,
+ }
+
+ zone := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: []Record{fakeARecord(), record},
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ }
+
+ zone, err := client.ValidateZone(context.Background(), "example.com", zone)
+ require.NoError(t, err)
+
+ expected := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: []Record{fakeARecord(), record},
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ Report: fakeReport(),
+ }
+
+ assert.EqualError(t, zone.Report, `record error (ERROR): "120" is not a valid TTL, URL forward error (ERROR): string, mail forward error (ERROR): string, zone error (ERROR): string`)
+
+ assert.Equal(t, expected, zone)
+}
+
+func TestClient_ValidateZone_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /example.com/check",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ zone := &Zone{
+ Name: "example.com",
+ DomainConnect: true,
+ Records: []Record{fakeARecord()},
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ }
+
+ _, err := client.ValidateZone(context.Background(), "example.com", zone)
+ require.Error(t, err)
+
+ require.EqualError(t, err, "401: INVALID_API_KEY: Invalid API Key")
+}
+
+func fakeARecord() Record {
+ return Record{
+ ID: 1000,
+ Type: "A",
+ Host: "@",
+ TTL: 600,
+ RData: "string",
+ Updated: ptr.Pointer(true),
+ Locked: ptr.Pointer(true),
+ IsDynDNS: ptr.Pointer(true),
+ Proxy: "ON",
+ }
+}
+
+func fakeURLForward() URLForward {
+ return URLForward{
+ ID: 2000,
+ ForwardType: "FRAME",
+ Host: "string",
+ URL: "string",
+ Title: "string",
+ Keywords: "string",
+ Description: "string",
+ Updated: ptr.Pointer(true),
+ }
+}
+
+func fakeMailForward() MailForward {
+ return MailForward{
+ ID: 3000,
+ Source: "string",
+ Destination: "string",
+ Updated: ptr.Pointer(true),
+ }
+}
+
+func fakeReport() *Report {
+ return &Report{
+ IsValid: false,
+ RecordErrors: []RecordError{{
+ Messages: []string{`"120" is not a valid TTL`},
+ Severity: "ERROR",
+ Record: fakeARecord(),
+ }},
+ URLForwardErrors: []URLForwardError{{
+ Messages: []string{"string"},
+ Severity: "ERROR",
+ URLForward: fakeURLForward(),
+ }},
+ MailForwardErrors: []MailForwardError{{
+ Messages: []string{"string"},
+ MailForward: fakeMailForward(),
+ Severity: "ERROR",
+ }},
+ ZoneErrors: []ZoneError{{
+ Message: "string",
+ Severity: "ERROR",
+ Records: []Record{fakeARecord()},
+ URLForwards: []URLForward{fakeURLForward()},
+ MailForwards: []MailForward{fakeMailForward()},
+ }},
+ }
+}
diff --git a/providers/dns/eurodns/internal/fixtures/error.json b/providers/dns/eurodns/internal/fixtures/error.json
new file mode 100644
index 000000000..82a334598
--- /dev/null
+++ b/providers/dns/eurodns/internal/fixtures/error.json
@@ -0,0 +1,8 @@
+{
+ "errors": [
+ {
+ "code": "INVALID_API_KEY",
+ "title": "Invalid API Key"
+ }
+ ]
+}
diff --git a/providers/dns/eurodns/internal/fixtures/zone_add.json b/providers/dns/eurodns/internal/fixtures/zone_add.json
new file mode 100644
index 000000000..db8142357
--- /dev/null
+++ b/providers/dns/eurodns/internal/fixtures/zone_add.json
@@ -0,0 +1,46 @@
+{
+ "name": "example.com",
+ "domainConnect": true,
+ "records": [
+ {
+ "id": 1000,
+ "type": "A",
+ "host": "@",
+ "ttl": 600,
+ "rdata": "string",
+ "updated": true,
+ "locked": true,
+ "isDynDns": true,
+ "proxy": "ON"
+ },
+ {
+ "type": "TXT",
+ "host": "_acme-challenge",
+ "ttl": 600,
+ "rdata": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "updated": null,
+ "locked": null,
+ "isDynDns": null
+ }
+ ],
+ "urlForwards": [
+ {
+ "id": 2000,
+ "forwardType": "FRAME",
+ "host": "string",
+ "url": "string",
+ "title": "string",
+ "keywords": "string",
+ "description": "string",
+ "updated": true
+ }
+ ],
+ "mailForwards": [
+ {
+ "id": 3000,
+ "source": "string",
+ "destination": "string",
+ "updated": true
+ }
+ ]
+}
diff --git a/providers/dns/eurodns/internal/fixtures/zone_add_empty_forwards.json b/providers/dns/eurodns/internal/fixtures/zone_add_empty_forwards.json
new file mode 100644
index 000000000..64f8530c9
--- /dev/null
+++ b/providers/dns/eurodns/internal/fixtures/zone_add_empty_forwards.json
@@ -0,0 +1,28 @@
+{
+ "name": "example.com",
+ "domainConnect": true,
+ "records": [
+ {
+ "id": 1000,
+ "type": "A",
+ "host": "@",
+ "ttl": 600,
+ "rdata": "string",
+ "updated": true,
+ "locked": true,
+ "isDynDns": true,
+ "proxy": "ON"
+ },
+ {
+ "type": "TXT",
+ "host": "_acme-challenge",
+ "ttl": 600,
+ "rdata": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "updated": null,
+ "locked": null,
+ "isDynDns": null
+ }
+ ],
+ "urlForwards": [],
+ "mailForwards": []
+}
diff --git a/providers/dns/eurodns/internal/fixtures/zone_add_validate_ko.json b/providers/dns/eurodns/internal/fixtures/zone_add_validate_ko.json
new file mode 100644
index 000000000..e07d42299
--- /dev/null
+++ b/providers/dns/eurodns/internal/fixtures/zone_add_validate_ko.json
@@ -0,0 +1,139 @@
+{
+ "name": "example.com",
+ "domainConnect": true,
+ "records": [
+ {
+ "id": 1000,
+ "type": "A",
+ "host": "@",
+ "ttl": 600,
+ "rdata": "string",
+ "updated": true,
+ "locked": true,
+ "isDynDns": true,
+ "proxy": "ON"
+ },
+ {
+ "type": "TXT",
+ "host": "_acme-challenge",
+ "ttl": 600,
+ "rdata": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "updated": null,
+ "locked": null,
+ "isDynDns": null
+ }
+ ],
+ "urlForwards": [
+ {
+ "id": 2000,
+ "forwardType": "FRAME",
+ "host": "string",
+ "url": "string",
+ "title": "string",
+ "keywords": "string",
+ "description": "string",
+ "updated": true
+ }
+ ],
+ "mailForwards": [
+ {
+ "id": 3000,
+ "source": "string",
+ "destination": "string",
+ "updated": true
+ }
+ ],
+ "report": {
+ "isValid": false,
+ "recordErrors": [
+ {
+ "messages": [
+ "\"120\" is not a valid TTL"
+ ],
+ "record": {
+ "id": 1000,
+ "type": "A",
+ "host": "@",
+ "ttl": 600,
+ "rdata": "string",
+ "updated": true,
+ "locked": true,
+ "isDynDns": true,
+ "proxy": "ON"
+ },
+ "severity": "ERROR"
+ }
+ ],
+ "urlForwardErrors": [
+ {
+ "messages": [
+ "string"
+ ],
+ "urlForward": {
+ "id": 2000,
+ "forwardType": "FRAME",
+ "host": "string",
+ "url": "string",
+ "title": "string",
+ "keywords": "string",
+ "description": "string",
+ "updated": true
+ },
+ "severity": "ERROR"
+ }
+ ],
+ "mailForwardErrors": [
+ {
+ "messages": [
+ "string"
+ ],
+ "mailForward": {
+ "id": 3000,
+ "source": "string",
+ "destination": "string",
+ "updated": true
+ },
+ "severity": "ERROR"
+ }
+ ],
+ "zoneErrors": [
+ {
+ "message": "string",
+ "records": [
+ {
+ "id": 1000,
+ "type": "A",
+ "host": "@",
+ "ttl": 600,
+ "rdata": "string",
+ "updated": true,
+ "locked": true,
+ "isDynDns": true,
+ "proxy": "ON"
+ }
+ ],
+ "urlForwards": [
+ {
+ "id": 2000,
+ "forwardType": "FRAME",
+ "host": "string",
+ "url": "string",
+ "title": "string",
+ "keywords": "string",
+ "description": "string",
+ "updated": true
+ }
+ ],
+ "mailForwards": [
+ {
+ "id": 3000,
+ "source": "string",
+ "destination": "string",
+ "updated": true
+ }
+ ],
+ "severity": "ERROR"
+ }
+ ]
+ }
+}
diff --git a/providers/dns/eurodns/internal/fixtures/zone_add_validate_ok.json b/providers/dns/eurodns/internal/fixtures/zone_add_validate_ok.json
new file mode 100644
index 000000000..ba0ddfefb
--- /dev/null
+++ b/providers/dns/eurodns/internal/fixtures/zone_add_validate_ok.json
@@ -0,0 +1,49 @@
+{
+ "name": "example.com",
+ "domainConnect": true,
+ "records": [
+ {
+ "id": 1000,
+ "type": "A",
+ "host": "@",
+ "ttl": 600,
+ "rdata": "string",
+ "updated": true,
+ "locked": true,
+ "isDynDns": true,
+ "proxy": "ON"
+ },
+ {
+ "type": "TXT",
+ "host": "_acme-challenge",
+ "ttl": 600,
+ "rdata": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "updated": null,
+ "locked": null,
+ "isDynDns": null
+ }
+ ],
+ "urlForwards": [
+ {
+ "id": 2000,
+ "forwardType": "FRAME",
+ "host": "string",
+ "url": "string",
+ "title": "string",
+ "keywords": "string",
+ "description": "string",
+ "updated": true
+ }
+ ],
+ "mailForwards": [
+ {
+ "id": 3000,
+ "source": "string",
+ "destination": "string",
+ "updated": true
+ }
+ ],
+ "report": {
+ "isValid": true
+ }
+}
diff --git a/providers/dns/eurodns/internal/fixtures/zone_get.json b/providers/dns/eurodns/internal/fixtures/zone_get.json
new file mode 100644
index 000000000..ebbc8593e
--- /dev/null
+++ b/providers/dns/eurodns/internal/fixtures/zone_get.json
@@ -0,0 +1,37 @@
+{
+ "name": "example.com",
+ "domainConnect": true,
+ "records": [
+ {
+ "id": 1000,
+ "type": "A",
+ "host": "@",
+ "ttl": 600,
+ "rdata": "string",
+ "updated": true,
+ "locked": true,
+ "isDynDns": true,
+ "proxy": "ON"
+ }
+ ],
+ "urlForwards": [
+ {
+ "id": 2000,
+ "forwardType": "FRAME",
+ "host": "string",
+ "url": "string",
+ "title": "string",
+ "keywords": "string",
+ "description": "string",
+ "updated": true
+ }
+ ],
+ "mailForwards": [
+ {
+ "id": 3000,
+ "source": "string",
+ "destination": "string",
+ "updated": true
+ }
+ ]
+}
diff --git a/providers/dns/eurodns/internal/fixtures/zone_remove.json b/providers/dns/eurodns/internal/fixtures/zone_remove.json
new file mode 100644
index 000000000..ebbc8593e
--- /dev/null
+++ b/providers/dns/eurodns/internal/fixtures/zone_remove.json
@@ -0,0 +1,37 @@
+{
+ "name": "example.com",
+ "domainConnect": true,
+ "records": [
+ {
+ "id": 1000,
+ "type": "A",
+ "host": "@",
+ "ttl": 600,
+ "rdata": "string",
+ "updated": true,
+ "locked": true,
+ "isDynDns": true,
+ "proxy": "ON"
+ }
+ ],
+ "urlForwards": [
+ {
+ "id": 2000,
+ "forwardType": "FRAME",
+ "host": "string",
+ "url": "string",
+ "title": "string",
+ "keywords": "string",
+ "description": "string",
+ "updated": true
+ }
+ ],
+ "mailForwards": [
+ {
+ "id": 3000,
+ "source": "string",
+ "destination": "string",
+ "updated": true
+ }
+ ]
+}
diff --git a/providers/dns/eurodns/internal/types.go b/providers/dns/eurodns/internal/types.go
new file mode 100644
index 000000000..891b02e14
--- /dev/null
+++ b/providers/dns/eurodns/internal/types.go
@@ -0,0 +1,136 @@
+package internal
+
+import (
+ "fmt"
+ "strings"
+)
+
+type APIError struct {
+ Errors []Error `json:"errors"`
+}
+
+func (a *APIError) Error() string {
+ var msg []string
+
+ for _, e := range a.Errors {
+ msg = append(msg, fmt.Sprintf("%s: %s", e.Code, e.Title))
+ }
+
+ return strings.Join(msg, ", ")
+}
+
+type Error struct {
+ Code string `json:"code"`
+ Title string `json:"title"`
+}
+
+type Zone struct {
+ Name string `json:"name,omitempty"`
+ DomainConnect bool `json:"domainConnect,omitempty"`
+ Records []Record `json:"records"`
+ URLForwards []URLForward `json:"urlForwards"`
+ MailForwards []MailForward `json:"mailForwards"`
+ Report *Report `json:"report,omitempty"`
+}
+
+type Record struct {
+ ID int `json:"id,omitempty"`
+ Type string `json:"type,omitempty"`
+ Host string `json:"host,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ RData string `json:"rdata,omitempty"`
+ Updated *bool `json:"updated"`
+ Locked *bool `json:"locked"`
+ IsDynDNS *bool `json:"isDynDns"`
+ Proxy string `json:"proxy,omitempty"`
+}
+
+type URLForward struct {
+ ID int `json:"id,omitempty"`
+ ForwardType string `json:"forwardType,omitempty"`
+ Host string `json:"host,omitempty"`
+ URL string `json:"url,omitempty"`
+ Title string `json:"title,omitempty"`
+ Keywords string `json:"keywords,omitempty"`
+ Description string `json:"description,omitempty"`
+ Updated *bool `json:"updated,omitempty"`
+}
+
+type MailForward struct {
+ ID int `json:"id,omitempty"`
+ Source string `json:"source,omitempty"`
+ Destination string `json:"destination,omitempty"`
+ Updated *bool `json:"updated,omitempty"`
+}
+
+type Report struct {
+ IsValid bool `json:"isValid,omitempty"`
+ RecordErrors []RecordError `json:"recordErrors,omitempty"`
+ URLForwardErrors []URLForwardError `json:"urlForwardErrors,omitempty"`
+ MailForwardErrors []MailForwardError `json:"mailForwardErrors,omitempty"`
+ ZoneErrors []ZoneError `json:"zoneErrors,omitempty"`
+}
+
+func (r *Report) Error() string {
+ var msg []string
+
+ for _, e := range r.RecordErrors {
+ msg = append(msg, e.Error())
+ }
+
+ for _, e := range r.URLForwardErrors {
+ msg = append(msg, e.Error())
+ }
+
+ for _, e := range r.MailForwardErrors {
+ msg = append(msg, e.Error())
+ }
+
+ for _, e := range r.ZoneErrors {
+ msg = append(msg, e.Error())
+ }
+
+ return strings.Join(msg, ", ")
+}
+
+type RecordError struct {
+ Messages []string `json:"messages,omitempty"`
+ Record Record `json:"record"`
+ Severity string `json:"severity,omitempty"`
+}
+
+func (e *RecordError) Error() string {
+ return fmt.Sprintf("record error (%s): %s", e.Severity, strings.Join(e.Messages, ", "))
+}
+
+type URLForwardError struct {
+ Messages []string `json:"messages,omitempty"`
+ URLForward URLForward `json:"urlForward"`
+ Severity string `json:"severity,omitempty"`
+}
+
+func (e *URLForwardError) Error() string {
+ return fmt.Sprintf("URL forward error (%s): %s", e.Severity, strings.Join(e.Messages, ", "))
+}
+
+type MailForwardError struct {
+ Messages []string `json:"messages,omitempty"`
+ MailForward MailForward `json:"mailForward"`
+ Severity string `json:"severity,omitempty"`
+}
+
+func (e *MailForwardError) Error() string {
+ return fmt.Sprintf("mail forward error (%s): %s", e.Severity, strings.Join(e.Messages, ", "))
+}
+
+type ZoneError struct {
+ Message string `json:"message,omitempty"`
+ Records []Record `json:"records,omitempty"`
+ URLForwards []URLForward `json:"urlForwards,omitempty"`
+ MailForwards []MailForward `json:"mailForwards,omitempty"`
+ Severity string `json:"severity,omitempty"`
+}
+
+func (e *ZoneError) Error() string {
+ return fmt.Sprintf("zone error (%s): %s", e.Severity, e.Message)
+}
diff --git a/providers/dns/excedo/excedo.go b/providers/dns/excedo/excedo.go
new file mode 100644
index 000000000..ae9128b94
--- /dev/null
+++ b/providers/dns/excedo/excedo.go
@@ -0,0 +1,176 @@
+// Package excedo implements a DNS provider for solving the DNS-01 challenge using Excedo.
+package excedo
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/excedo/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "EXCEDO_"
+
+ EnvAPIURL = envNamespace + "API_URL"
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIURL string
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, 60),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 5*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordsMu sync.Mutex
+ records map[string]int64
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Excedo.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIURL, EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("excedo: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIURL = values[EnvAPIURL]
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Excedo.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("excedo: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.APIURL, config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("excedo: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ records: make(map[string]int64),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("excedo: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("excedo: %w", err)
+ }
+
+ record := internal.Record{
+ DomainName: dns01.UnFqdn(authZone),
+ Name: subDomain,
+ Type: "TXT",
+ Content: info.Value,
+ TTL: strconv.Itoa(d.config.TTL),
+ }
+
+ recordID, err := d.client.AddRecord(ctx, record)
+ if err != nil {
+ return fmt.Errorf("excedo: add record: %w", err)
+ }
+
+ d.recordsMu.Lock()
+ d.records[token] = recordID
+ d.recordsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("excedo: could not find zone for domain %q: %w", domain, err)
+ }
+
+ d.recordsMu.Lock()
+ recordID, ok := d.records[token]
+ d.recordsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("excedo: unknown record ID for '%s'", info.EffectiveFQDN)
+ }
+
+ err = d.client.DeleteRecord(ctx, dns01.UnFqdn(authZone), strconv.FormatInt(recordID, 10))
+ if err != nil {
+ return fmt.Errorf("excedo: delete record: %w", err)
+ }
+
+ d.recordsMu.Lock()
+ delete(d.records, token)
+ d.recordsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/excedo/excedo.toml b/providers/dns/excedo/excedo.toml
new file mode 100644
index 000000000..9f9874c62
--- /dev/null
+++ b/providers/dns/excedo/excedo.toml
@@ -0,0 +1,24 @@
+Name = "Excedo"
+Description = ''''''
+URL = "https://excedo.se/"
+Code = "excedo"
+Since = "v4.33.0"
+
+Example = '''
+EXCEDO_API_KEY=your-api-key \
+EXCEDO_API_URL=your-base-url \
+lego --dns excedo -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ EXCEDO_API_KEY = "API key"
+ EXCEDO_API_URL = "API base URL"
+ [Configuration.Additional]
+ EXCEDO_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
+ EXCEDO_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 300)"
+ EXCEDO_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)"
+ EXCEDO_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "none"
diff --git a/providers/dns/excedo/excedo_test.go b/providers/dns/excedo/excedo_test.go
new file mode 100644
index 000000000..f2350c035
--- /dev/null
+++ b/providers/dns/excedo/excedo_test.go
@@ -0,0 +1,210 @@
+package excedo
+
+import (
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIURL, EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIURL: "https://example.com",
+ EnvAPIKey: "secret",
+ },
+ },
+ {
+ desc: "missing the API key",
+ envVars: map[string]string{
+ EnvAPIURL: "https://example.com",
+ EnvAPIKey: "",
+ },
+ expected: "excedo: some credentials information are missing: EXCEDO_API_KEY",
+ },
+ {
+ desc: "missing the API URL",
+ envVars: map[string]string{
+ EnvAPIURL: "",
+ EnvAPIKey: "secret",
+ },
+ expected: "excedo: some credentials information are missing: EXCEDO_API_URL",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "excedo: some credentials information are missing: EXCEDO_API_URL,EXCEDO_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiURL string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiURL: "https://example.com",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing the API key",
+ apiURL: "https://example.com",
+ expected: "excedo: credentials missing",
+ },
+ {
+ desc: "missing the API URL",
+ apiKey: "secret",
+ expected: "excedo: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "excedo: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIURL = test.apiURL
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIURL = server.URL
+ config.APIKey = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ return p, nil
+ },
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /authenticate/login/",
+ servermock.ResponseFromInternal("login.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret"),
+ ).
+ Route("POST /dns/addrecord/",
+ servermock.ResponseFromInternal("addrecord.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ servermock.CheckForm().Strict().
+ With("content", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ With("domainName", "example.com").
+ With("name", "_acme-challenge").
+ With("ttl", "60").
+ With("type", "TXT"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /authenticate/login/",
+ servermock.ResponseFromInternal("login.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret"),
+ ).
+ Route("POST /dns/deleterecord/",
+ servermock.ResponseFromInternal("deleterecord.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ ).
+ Build(t)
+
+ provider.records["abc"] = 19695822
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/excedo/internal/client.go b/providers/dns/excedo/internal/client.go
new file mode 100644
index 000000000..a5d8be88b
--- /dev/null
+++ b/providers/dns/excedo/internal/client.go
@@ -0,0 +1,205 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "mime/multipart"
+ "net/http"
+ "net/url"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ querystring "github.com/google/go-querystring/query"
+)
+
+type responseChecker interface {
+ Check() error
+}
+
+// Client the Excedo API client.
+type Client struct {
+ apiKey string
+
+ baseURL *url.URL
+ HTTPClient *http.Client
+
+ token *ExpirableToken
+ muToken sync.Mutex
+}
+
+// NewClient creates a new Client.
+func NewClient(apiURL, apiKey string) (*Client, error) {
+ if apiURL == "" || apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, err := url.Parse(apiURL)
+ if err != nil {
+ return nil, err
+ }
+
+ return &Client{
+ apiKey: apiKey,
+ baseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) AddRecord(ctx context.Context, record Record) (int64, error) {
+ payload, err := querystring.Values(record)
+ if err != nil {
+ return 0, err
+ }
+
+ endpoint := c.baseURL.JoinPath("/dns/addrecord/")
+
+ req, err := newFormRequest(ctx, http.MethodPost, endpoint, payload)
+ if err != nil {
+ return 0, err
+ }
+
+ result := new(AddRecordResponse)
+
+ err = c.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return 0, err
+ }
+
+ return result.RecordID, nil
+}
+
+func (c *Client) DeleteRecord(ctx context.Context, zone, recordID string) error {
+ endpoint := c.baseURL.JoinPath("/dns/deleterecord/")
+
+ data := map[string]string{
+ "domainname": dns01.UnFqdn(zone),
+ "recordid": recordID,
+ }
+
+ req, err := newMultipartRequest(ctx, http.MethodPost, endpoint, data)
+ if err != nil {
+ return err
+ }
+
+ result := new(BaseResponse)
+
+ err = c.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (c *Client) GetRecords(ctx context.Context, zone string) (map[string]Zone, error) {
+ endpoint := c.baseURL.JoinPath("/dns/getrecords/")
+
+ query := endpoint.Query()
+ query.Set("domainname", zone)
+
+ endpoint.RawQuery = query.Encode()
+
+ req, err := newFormRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ result := new(GetRecordsResponse)
+
+ err = c.doAuthenticated(ctx, req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.DNS, nil
+}
+
+func (c *Client) do(req *http.Request, result responseChecker) error {
+ useragent.SetHeader(req.Header)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return result.Check()
+}
+
+func newMultipartRequest(ctx context.Context, method string, endpoint *url.URL, data map[string]string) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ writer := multipart.NewWriter(buf)
+
+ for k, v := range data {
+ err := writer.WriteField(k, v)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ err := writer.Close()
+ if err != nil {
+ return nil, err
+ }
+
+ body := bytes.NewReader(buf.Bytes())
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), body)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Content-Type", writer.FormDataContentType())
+
+ return req, nil
+}
+
+func newFormRequest(ctx context.Context, method string, endpoint *url.URL, form url.Values) (*http.Request, error) {
+ var body io.Reader
+
+ if len(form) > 0 {
+ body = bytes.NewReader([]byte(form.Encode()))
+ } else {
+ body = http.NoBody
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), body)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ if method == http.MethodPost {
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+ }
+
+ return req, nil
+}
diff --git a/providers/dns/excedo/internal/client_test.go b/providers/dns/excedo/internal/client_test.go
new file mode 100644
index 000000000..f4fd52c00
--- /dev/null
+++ b/providers/dns/excedo/internal/client_test.go
@@ -0,0 +1,137 @@
+package internal
+
+import (
+ "net/http/httptest"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL, "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ )
+}
+
+func TestClient_AddRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/addrecord/",
+ servermock.ResponseFromFixture("addrecord.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ servermock.CheckForm().Strict().
+ With("content", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ With("domainName", "example.com").
+ With("name", "_acme-challenge").
+ With("ttl", "60").
+ With("type", "TXT"),
+ ).
+ Build(t)
+
+ client.token = &ExpirableToken{
+ Token: "session-token",
+ Expires: time.Now().Add(6 * time.Hour),
+ }
+
+ record := Record{
+ DomainName: "example.com",
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: "60",
+ }
+
+ recordID, err := client.AddRecord(t.Context(), record)
+ require.NoError(t, err)
+
+ assert.EqualValues(t, 19695822, recordID)
+}
+
+func TestClient_AddRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/addrecord/",
+ servermock.ResponseFromFixture("error.json"),
+ ).
+ Build(t)
+
+ client.token = &ExpirableToken{
+ Token: "session-token",
+ Expires: time.Now().Add(6 * time.Hour),
+ }
+
+ record := Record{
+ DomainName: "example.com",
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: "60",
+ }
+
+ _, err := client.AddRecord(t.Context(), record)
+ require.EqualError(t, err, "2003: Required parameter missing")
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/deleterecord/",
+ servermock.ResponseFromFixture("deleterecord.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ ).
+ Build(t)
+
+ client.token = &ExpirableToken{
+ Token: "session-token",
+ Expires: time.Now().Add(6 * time.Hour),
+ }
+
+ err := client.DeleteRecord(t.Context(), "example.com", "19695822")
+ require.NoError(t, err)
+}
+
+func TestClient_GetRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/getrecords/",
+ servermock.ResponseFromFixture("getrecords.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer session-token"),
+ servermock.CheckQueryParameter().Strict().
+ With("domainname", "example.com"),
+ ).
+ Build(t)
+
+ client.token = &ExpirableToken{
+ Token: "session-token",
+ Expires: time.Now().Add(6 * time.Hour),
+ }
+
+ zones, err := client.GetRecords(t.Context(), "example.com")
+ require.NoError(t, err)
+
+ expected := map[string]Zone{
+ "example.com": {
+ DNSType: "type",
+ Records: []Record{{
+ RecordID: "1234",
+ Name: "_acme-challenge.example.com",
+ Type: "TXT",
+ Content: "txt-value",
+ TTL: "60",
+ }},
+ },
+ }
+
+ assert.Equal(t, expected, zones)
+}
diff --git a/providers/dns/excedo/internal/fixtures/addrecord.json b/providers/dns/excedo/internal/fixtures/addrecord.json
new file mode 100644
index 000000000..f1f7bf958
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/addrecord.json
@@ -0,0 +1,15 @@
+{
+ "code": 1000,
+ "desc": "Command completed successfully",
+ "recordid": 19695822,
+ "session": {
+ "accID": "1234",
+ "usrID": "1234",
+ "status": "active",
+ "expire": {
+ "date": "2026-03-10 19:03:18",
+ "seconds": 5678
+ }
+ },
+ "runtime": 0.2852
+}
diff --git a/providers/dns/excedo/internal/fixtures/deleterecord.json b/providers/dns/excedo/internal/fixtures/deleterecord.json
new file mode 100644
index 000000000..5c2431b1c
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/deleterecord.json
@@ -0,0 +1,14 @@
+{
+ "code": 1000,
+ "desc": "Command completed successfully",
+ "session": {
+ "accID": "1234",
+ "usrID": "1234",
+ "status": "active",
+ "expire": {
+ "date": "2026-03-10 19:03:18",
+ "seconds": 5678
+ }
+ },
+ "runtime": 0.2852
+}
diff --git a/providers/dns/excedo/internal/fixtures/error.json b/providers/dns/excedo/internal/fixtures/error.json
new file mode 100644
index 000000000..5a24ec247
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/error.json
@@ -0,0 +1,18 @@
+{
+ "code": 2003,
+ "desc": "Required parameter missing",
+ "missing": [
+ "domainname",
+ "recordid"
+ ],
+ "session": {
+ "accID": "1234",
+ "usrID": "1234",
+ "status": "active",
+ "expire": {
+ "date": "2026-03-10 19:03:18",
+ "seconds": 5485
+ }
+ },
+ "runtime": 0.0534
+}
diff --git a/providers/dns/excedo/internal/fixtures/getrecords.json b/providers/dns/excedo/internal/fixtures/getrecords.json
new file mode 100644
index 000000000..215a8abb2
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/getrecords.json
@@ -0,0 +1,23 @@
+{
+ "code": 1000,
+ "desc": "Command completed successfully",
+ "dns": {
+ "example.com": {
+ "dnstype": "type",
+ "recordusage": {
+ "used": 74
+ },
+ "records": [
+ {
+ "recordid": "1234",
+ "name": "_acme-challenge.example.com",
+ "type": "TXT",
+ "content": "txt-value",
+ "ttl": "60",
+ "prio": null,
+ "change_date": null
+ }
+ ]
+ }
+ }
+}
diff --git a/providers/dns/excedo/internal/fixtures/login.json b/providers/dns/excedo/internal/fixtures/login.json
new file mode 100644
index 000000000..2defb9843
--- /dev/null
+++ b/providers/dns/excedo/internal/fixtures/login.json
@@ -0,0 +1,7 @@
+{
+ "code": 1000,
+ "desc": "Command completed successfully",
+ "parameters": {
+ "token": "session-token"
+ }
+}
diff --git a/providers/dns/excedo/internal/identity.go b/providers/dns/excedo/internal/identity.go
new file mode 100644
index 000000000..5c9ca119d
--- /dev/null
+++ b/providers/dns/excedo/internal/identity.go
@@ -0,0 +1,75 @@
+package internal
+
+import (
+ "context"
+ "fmt"
+ "net/http"
+ "time"
+)
+
+type ExpirableToken struct {
+ Token string
+ Expires time.Time
+}
+
+func (t *ExpirableToken) IsExpired() bool {
+ return time.Now().After(t.Expires)
+}
+
+func (c *Client) Login(ctx context.Context) (string, error) {
+ endpoint := c.baseURL.JoinPath("/authenticate/login/")
+
+ req, err := newFormRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return "", err
+ }
+
+ req.Header.Set("Authorization", "Bearer "+c.apiKey)
+
+ result := new(LoginResponse)
+
+ err = c.do(req, result)
+ if err != nil {
+ return "", err
+ }
+
+ if result.Code != 1000 && result.Code != 1300 {
+ return "", fmt.Errorf("%d: %s", result.Code, result.Description)
+ }
+
+ return result.Parameters.Token, nil
+}
+
+func (c *Client) authenticate(ctx context.Context) (string, error) {
+ c.muToken.Lock()
+ defer c.muToken.Unlock()
+
+ if c.token == nil || c.token.IsExpired() {
+ token, err := c.Login(ctx)
+ if err != nil {
+ return "", err
+ }
+
+ c.token = &ExpirableToken{
+ Token: token,
+ Expires: time.Now().Add(2*time.Hour - time.Minute),
+ }
+
+ return token, nil
+ }
+
+ return c.token.Token, nil
+}
+
+func (c *Client) doAuthenticated(ctx context.Context, req *http.Request, result responseChecker) error {
+ token, err := c.authenticate(ctx)
+ if err != nil {
+ return err
+ }
+
+ if token != "" {
+ req.Header.Set("Authorization", "Bearer "+token)
+ }
+
+ return c.do(req, result)
+}
diff --git a/providers/dns/excedo/internal/identity_test.go b/providers/dns/excedo/internal/identity_test.go
new file mode 100644
index 000000000..86b7eb9d8
--- /dev/null
+++ b/providers/dns/excedo/internal/identity_test.go
@@ -0,0 +1,35 @@
+package internal
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestClient_Login(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /authenticate/login/",
+ servermock.ResponseFromFixture("login.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret"),
+ ).
+ Build(t)
+
+ token, err := client.Login(t.Context())
+ require.NoError(t, err)
+
+ assert.Equal(t, "session-token", token)
+}
+
+func TestClient_Login_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /authenticate/login/",
+ servermock.ResponseFromFixture("error.json"),
+ ).
+ Build(t)
+
+ _, err := client.Login(t.Context())
+ require.EqualError(t, err, "2003: Required parameter missing")
+}
diff --git a/providers/dns/excedo/internal/types.go b/providers/dns/excedo/internal/types.go
new file mode 100644
index 000000000..eb6ce8462
--- /dev/null
+++ b/providers/dns/excedo/internal/types.go
@@ -0,0 +1,65 @@
+package internal
+
+import "fmt"
+
+type BaseResponse struct {
+ Code int `json:"code"`
+ Description string `json:"desc"`
+}
+
+func (r BaseResponse) Check() error {
+ // Response codes:
+ // - 1000: Command completed successfully
+ // - 1300: Command completed successfully; no messages
+ // - 2001: Command syntax error
+ // - 2002: Command use error
+ // - 2003: Required parameter missing
+ // - 2004: Parameter value range error
+ // - 2104: Billing failure
+ // - 2200: Authentication error
+ // - 2201: Authorization error
+ // - 2303: Object does not exist
+ // - 2304: Object status prohibits operation
+ // - 2309: Object duplicate found
+ // - 2400: Command failed
+ // - 2500: Command failed; server closing connection
+ if r.Code != 1000 && r.Code != 1300 {
+ return fmt.Errorf("%d: %s", r.Code, r.Description)
+ }
+
+ return nil
+}
+
+type GetRecordsResponse struct {
+ BaseResponse
+
+ DNS map[string]Zone `json:"dns"`
+}
+
+type Zone struct {
+ DNSType string `json:"dnstype"`
+ Records []Record `json:"records"`
+}
+
+type Record struct {
+ DomainName string `json:"domainName,omitempty" url:"domainName,omitempty"`
+ RecordID string `json:"recordid,omitempty" url:"recordid,omitempty"`
+ Name string `json:"name,omitempty" url:"name,omitempty"`
+ Type string `json:"type,omitempty" url:"type,omitempty"`
+ Content string `json:"content,omitempty" url:"content,omitempty"`
+ TTL string `json:"ttl,omitempty" url:"ttl,omitempty"`
+}
+
+type AddRecordResponse struct {
+ BaseResponse
+
+ RecordID int64 `json:"recordid"`
+}
+
+type LoginResponse struct {
+ BaseResponse
+
+ Parameters struct {
+ Token string `json:"token"`
+ } `json:"parameters"`
+}
diff --git a/providers/dns/exec/exec.toml b/providers/dns/exec/exec.toml
index 4c8d70b1c..2f9c77c67 100644
--- a/providers/dns/exec/exec.toml
+++ b/providers/dns/exec/exec.toml
@@ -6,7 +6,7 @@ Since = "v0.5.0"
Example = '''
EXEC_PATH=/the/path/to/myscript.sh \
-lego --email you@example.com --dns exec -d '*.example.com' -d example.com run
+lego --dns exec -d '*.example.com' -d example.com run
'''
Additional = '''
@@ -39,7 +39,7 @@ For example, requesting a certificate for the domain 'my.example.org' can be ach
```bash
EXEC_PATH=./update-dns.sh \
-lego --email you@example.com --dns exec --d my.example.org run
+lego --dns exec --d my.example.org run
```
It will then call the program './update-dns.sh' with like this:
@@ -59,7 +59,7 @@ If you want to use the raw domain, token, and keyAuth values with your program,
```bash
EXEC_MODE=RAW \
EXEC_PATH=./update-dns.sh \
-lego --email you@example.com --dns exec -d my.example.org run
+lego --dns exec -d my.example.org run
```
It will then call the program `./update-dns.sh` like this:
diff --git a/providers/dns/exec/exec_test.go b/providers/dns/exec/exec_test.go
index 3a2edbbf4..c1b6da55e 100644
--- a/providers/dns/exec/exec_test.go
+++ b/providers/dns/exec/exec_test.go
@@ -14,6 +14,7 @@ import (
func TestDNSProvider_Present(t *testing.T) {
backupLogger := log.Logger
+
defer func() {
log.Logger = backupLogger
}()
@@ -62,6 +63,7 @@ func TestDNSProvider_Present(t *testing.T) {
}
var message string
+
logRecorder.On("Println", mock.Anything).Run(func(args mock.Arguments) {
message = args.String(0)
fmt.Fprintln(os.Stdout, "XXX", message)
@@ -87,6 +89,7 @@ func TestDNSProvider_Present(t *testing.T) {
func TestDNSProvider_CleanUp(t *testing.T) {
backupLogger := log.Logger
+
defer func() {
log.Logger = backupLogger
}()
@@ -135,6 +138,7 @@ func TestDNSProvider_CleanUp(t *testing.T) {
}
var message string
+
logRecorder.On("Println", mock.Anything).Run(func(args mock.Arguments) {
message = args.String(0)
fmt.Fprintln(os.Stdout, "XXX", message)
diff --git a/providers/dns/exoscale/exoscale.go b/providers/dns/exoscale/exoscale.go
index 1a5f358f5..05fcb6a6f 100644
--- a/providers/dns/exoscale/exoscale.go
+++ b/providers/dns/exoscale/exoscale.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
)
@@ -89,7 +90,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client, err := egoscale.NewClient(
credentials.NewStaticCredentials(config.APIKey, config.APISecret),
egoscale.ClientOptWithEndpoint(egoscale.Endpoint(config.Endpoint)),
- egoscale.ClientOptWithHTTPClient(&http.Client{Timeout: config.HTTPTimeout}),
+ egoscale.ClientOptWithHTTPClient(clientdebug.Wrap(&http.Client{Timeout: config.HTTPTimeout})),
egoscale.ClientOptWithUserAgent(useragent.Get()),
)
if err != nil {
@@ -105,6 +106,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
zoneName, recordName, err := d.findZoneAndRecordName(info.EffectiveFQDN)
@@ -112,10 +114,11 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("exoscale: %w", err)
}
- zone, err := d.findExistingZone(zoneName)
+ zone, err := d.findExistingZone(ctx, zoneName)
if err != nil {
return fmt.Errorf("exoscale: %w", err)
}
+
if zone == nil {
return fmt.Errorf("exoscale: zone %q not found", zoneName)
}
@@ -143,6 +146,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
zoneName, recordName, err := d.findZoneAndRecordName(info.EffectiveFQDN)
@@ -150,15 +154,16 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("exoscale: %w", err)
}
- zone, err := d.findExistingZone(zoneName)
+ zone, err := d.findExistingZone(ctx, zoneName)
if err != nil {
return fmt.Errorf("exoscale: %w", err)
}
+
if zone == nil {
return fmt.Errorf("exoscale: zone %q not found", zoneName)
}
- recordID, err := d.findExistingRecordID(zone.ID, recordName, info.Value)
+ recordID, err := d.findExistingRecordID(ctx, zone.ID, recordName, info.Value)
if err != nil {
return err
}
@@ -188,9 +193,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
// findExistingZone Query Exoscale to find an existing zone for this name.
// Returns nil result if no zone could be found.
-func (d *DNSProvider) findExistingZone(zoneName string) (*egoscale.DNSDomain, error) {
- ctx := context.Background()
-
+func (d *DNSProvider) findExistingZone(ctx context.Context, zoneName string) (*egoscale.DNSDomain, error) {
zones, err := d.client.ListDNSDomains(ctx)
if err != nil {
return nil, fmt.Errorf("error while retrieving DNS zones: %w", err)
@@ -207,9 +210,7 @@ func (d *DNSProvider) findExistingZone(zoneName string) (*egoscale.DNSDomain, er
// findExistingRecordID Query Exoscale to find an existing record for this name.
// Returns empty result if no record could be found.
-func (d *DNSProvider) findExistingRecordID(zoneID egoscale.UUID, recordName, value string) (egoscale.UUID, error) {
- ctx := context.Background()
-
+func (d *DNSProvider) findExistingRecordID(ctx context.Context, zoneID egoscale.UUID, recordName, value string) (egoscale.UUID, error) {
records, err := d.client.ListDNSDomainRecords(ctx, zoneID)
if err != nil {
return "", fmt.Errorf("error while retrieving DNS records: %w", err)
diff --git a/providers/dns/exoscale/exoscale.toml b/providers/dns/exoscale/exoscale.toml
index 82c005d26..bcc912b07 100644
--- a/providers/dns/exoscale/exoscale.toml
+++ b/providers/dns/exoscale/exoscale.toml
@@ -7,7 +7,7 @@ Since = "v0.4.0"
Example = '''
EXOSCALE_API_KEY=abcdefghijklmnopqrstuvwx \
EXOSCALE_API_SECRET=xxxxxxx \
-lego --email you@example.com --dns exoscale -d '*.example.com' -d example.com run
+lego --dns exoscale -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/exoscale/exoscale_test.go b/providers/dns/exoscale/exoscale_test.go
index fa58216a5..e9f6be602 100644
--- a/providers/dns/exoscale/exoscale_test.go
+++ b/providers/dns/exoscale/exoscale_test.go
@@ -58,6 +58,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -178,6 +179,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -195,6 +197,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/f5xc/f5xc.go b/providers/dns/f5xc/f5xc.go
index 2ed1f0c4f..76a6e0262 100644
--- a/providers/dns/f5xc/f5xc.go
+++ b/providers/dns/f5xc/f5xc.go
@@ -8,10 +8,12 @@ import (
"net/http"
"time"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/platform/wait"
"github.com/go-acme/lego/v4/providers/dns/f5xc/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -20,6 +22,7 @@ const (
EnvToken = envNamespace + "API_TOKEN"
EnvTenantName = envNamespace + "TENANT_NAME"
+ EnvServer = envNamespace + "SERVER"
EnvGroupName = envNamespace + "GROUP_NAME"
EnvTTL = envNamespace + "TTL"
@@ -32,6 +35,7 @@ const (
type Config struct {
APIToken string
TenantName string
+ Server string
GroupName string
PropagationTimeout time.Duration
@@ -69,6 +73,7 @@ func NewDNSProvider() (*DNSProvider, error) {
config.APIToken = values[EnvToken]
config.TenantName = values[EnvTenantName]
config.GroupName = values[EnvGroupName]
+ config.Server = env.GetOrFile(EnvServer)
return NewDNSProviderConfig(config)
}
@@ -83,7 +88,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("f5xc: missing group name")
}
- client, err := internal.NewClient(config.APIToken, config.TenantName)
+ client, err := internal.NewClient(config.APIToken, config.TenantName, config.Server)
if err != nil {
return nil, fmt.Errorf("f5xc: %w", err)
}
@@ -92,6 +97,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -100,6 +107,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
@@ -112,7 +121,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("f5xc: %w", err)
}
- existingRRSet, err := d.client.GetRRSet(context.Background(), dns01.UnFqdn(authZone), d.config.GroupName, subDomain, "TXT")
+ existingRRSet, err := d.client.GetRRSet(ctx, dns01.UnFqdn(authZone), d.config.GroupName, subDomain, "TXT")
if err != nil {
return fmt.Errorf("f5xc: get RR Set: %w", err)
}
@@ -128,29 +137,41 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
},
}
- return wait.For("f5xc create", 60*time.Second, 2*time.Second, func() (bool, error) {
- _, err = d.client.CreateRRSet(context.Background(), dns01.UnFqdn(authZone), d.config.GroupName, rrSet)
+ return d.waitFor(ctx, func() error {
+ _, err = d.client.CreateRRSet(ctx, dns01.UnFqdn(authZone), d.config.GroupName, rrSet)
if err != nil {
- return false, fmt.Errorf("f5xc: create RR set: %w", err)
+ return fmt.Errorf("create RR set: %w", err)
}
- return true, nil
+ return nil
})
}
// Update RRSet.
existingRRSet.RRSet.TXTRecord.Values = append(existingRRSet.RRSet.TXTRecord.Values, info.Value)
- return wait.For("f5xc replace", 60*time.Second, 2*time.Second, func() (bool, error) {
- _, err = d.client.ReplaceRRSet(context.Background(), dns01.UnFqdn(authZone), d.config.GroupName, subDomain, "TXT", existingRRSet.RRSet)
+ return d.waitFor(ctx, func() error {
+ _, err = d.client.ReplaceRRSet(ctx, dns01.UnFqdn(authZone), d.config.GroupName, subDomain, "TXT", existingRRSet.RRSet)
if err != nil {
- return false, fmt.Errorf("f5xc: replace RR set: %w", err)
+ return fmt.Errorf("replace RR set: %w", err)
}
- return true, nil
+ return nil
})
}
+func (d *DNSProvider) waitFor(ctx context.Context, operation func() error) error {
+ err := wait.Retry(ctx, operation,
+ backoff.WithBackOff(backoff.NewConstantBackOff(2*time.Second)),
+ backoff.WithMaxElapsedTime(60*time.Second),
+ )
+ if err != nil {
+ return fmt.Errorf("f5xc: %w", err)
+ }
+
+ return nil
+}
+
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
diff --git a/providers/dns/f5xc/f5xc.toml b/providers/dns/f5xc/f5xc.toml
index 7a4cab419..6be604ddd 100644
--- a/providers/dns/f5xc/f5xc.toml
+++ b/providers/dns/f5xc/f5xc.toml
@@ -8,7 +8,7 @@ Example = '''
F5XC_API_TOKEN="xxx" \
F5XC_TENANT_NAME="yyy" \
F5XC_GROUP_NAME="zzz" \
-lego --email you@example.com --dns f5xc -d '*.example.com' -d example.com run
+lego --dns f5xc -d '*.example.com' -d example.com run
'''
[Configuration]
@@ -17,6 +17,7 @@ lego --email you@example.com --dns f5xc -d '*.example.com' -d example.com run
F5XC_TENANT_NAME = "XC Tenant shortname"
F5XC_GROUP_NAME = "Group name"
[Configuration.Additional]
+ F5XC_SERVER = "Server domain (Default: console.ves.volterra.io)"
F5XC_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
F5XC_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
F5XC_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
diff --git a/providers/dns/f5xc/f5xc_test.go b/providers/dns/f5xc/f5xc_test.go
index a298b9e51..890a4cf09 100644
--- a/providers/dns/f5xc/f5xc_test.go
+++ b/providers/dns/f5xc/f5xc_test.go
@@ -9,7 +9,12 @@ import (
const envDomain = envNamespace + "DOMAIN"
-var envTest = tester.NewEnvTest(EnvToken, EnvTenantName, EnvGroupName).WithDomain(envDomain)
+var envTest = tester.NewEnvTest(
+ EnvToken,
+ EnvTenantName,
+ EnvServer,
+ EnvGroupName,
+).WithDomain(envDomain)
func TestNewDNSProvider(t *testing.T) {
testCases := []struct {
@@ -62,6 +67,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -145,6 +151,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -158,6 +165,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/f5xc/internal/client.go b/providers/dns/f5xc/internal/client.go
index 26eb03db5..7beab0d03 100644
--- a/providers/dns/f5xc/internal/client.go
+++ b/providers/dns/f5xc/internal/client.go
@@ -14,7 +14,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
)
-const defaultHost = "console.ves.volterra.io"
+const defaultServer = "console.ves.volterra.io"
const authorizationHeader = "Authorization"
@@ -27,18 +27,14 @@ type Client struct {
}
// NewClient creates a new Client.
-func NewClient(apiToken, tenantName string) (*Client, error) {
+func NewClient(apiToken, tenantName, server string) (*Client, error) {
if apiToken == "" {
return nil, errors.New("credentials missing")
}
- if tenantName == "" {
- return nil, errors.New("missing tenant name")
- }
-
- baseURL, err := url.Parse(fmt.Sprintf("https://%s.%s", tenantName, defaultHost))
+ baseURL, err := createBaseURL(tenantName, server)
if err != nil {
- return nil, fmt.Errorf("parse base URL: %w", err)
+ return nil, err
}
return &Client{
@@ -201,6 +197,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
apiErr := APIError{StatusCode: resp.StatusCode}
+
err := json.Unmarshal(raw, &apiErr)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
@@ -208,3 +205,20 @@ func parseError(req *http.Request, resp *http.Response) error {
return &apiErr
}
+
+func createBaseURL(tenant, server string) (*url.URL, error) {
+ if tenant == "" {
+ return nil, errors.New("missing tenant name")
+ }
+
+ if server == "" {
+ server = defaultServer
+ }
+
+ baseURL, err := url.Parse(fmt.Sprintf("https://%s.%s", tenant, server))
+ if err != nil {
+ return nil, fmt.Errorf("parse base URL: %w", err)
+ }
+
+ return baseURL, nil
+}
diff --git a/providers/dns/f5xc/internal/client_test.go b/providers/dns/f5xc/internal/client_test.go
index 0357abb16..bb188ef3f 100644
--- a/providers/dns/f5xc/internal/client_test.go
+++ b/providers/dns/f5xc/internal/client_test.go
@@ -14,7 +14,7 @@ import (
func mockBuilder() *servermock.Builder[*Client] {
return servermock.NewBuilder[*Client](
func(server *httptest.Server) (*Client, error) {
- client, err := NewClient("secret", "shortname")
+ client, err := NewClient("secret", "shortname", "")
if err != nil {
return nil, err
}
@@ -28,7 +28,7 @@ func mockBuilder() *servermock.Builder[*Client] {
WithAuthorization("APIToken secret"))
}
-func TestClient_Create(t *testing.T) {
+func TestClient_CreateRRSet(t *testing.T) {
client := mockBuilder().
Route("POST /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA",
servermock.ResponseFromFixture("create.json"),
@@ -62,7 +62,7 @@ func TestClient_Create(t *testing.T) {
assert.Equal(t, expected, result)
}
-func TestClient_Create_error(t *testing.T) {
+func TestClient_CreateRRSet_error(t *testing.T) {
client := mockBuilder().
Route("POST /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA",
servermock.Noop().WithStatusCode(http.StatusBadRequest)).
@@ -81,7 +81,7 @@ func TestClient_Create_error(t *testing.T) {
require.Error(t, err)
}
-func TestClient_Get(t *testing.T) {
+func TestClient_GetRRSet(t *testing.T) {
client := mockBuilder().
Route("GET /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA/www/TXT",
servermock.ResponseFromFixture("get.json")).
@@ -108,7 +108,7 @@ func TestClient_Get(t *testing.T) {
assert.Equal(t, expected, result)
}
-func TestClient_Get_not_found(t *testing.T) {
+func TestClient_GetRRSet_not_found(t *testing.T) {
client := mockBuilder().
Route("GET /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA/www/TXT",
servermock.ResponseFromFixture("error_404.json").WithStatusCode(http.StatusNotFound)).
@@ -120,7 +120,7 @@ func TestClient_Get_not_found(t *testing.T) {
assert.Nil(t, result)
}
-func TestClient_Get_error(t *testing.T) {
+func TestClient_GetRRSet_error(t *testing.T) {
client := mockBuilder().
Route("GET /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA/www/TXT",
servermock.Noop().WithStatusCode(http.StatusBadRequest)).
@@ -130,7 +130,7 @@ func TestClient_Get_error(t *testing.T) {
require.Error(t, err)
}
-func TestClient_Delete(t *testing.T) {
+func TestClient_DeleteRRSet(t *testing.T) {
client := mockBuilder().
Route("DELETE /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA/www/TXT",
servermock.ResponseFromFixture("get.json")).
@@ -157,7 +157,7 @@ func TestClient_Delete(t *testing.T) {
assert.Equal(t, expected, result)
}
-func TestClient_Delete_error(t *testing.T) {
+func TestClient_DeleteRRSet_error(t *testing.T) {
client := mockBuilder().
Route("DELETE /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA/www/TXT",
servermock.Noop().WithStatusCode(http.StatusBadRequest)).
@@ -167,7 +167,7 @@ func TestClient_Delete_error(t *testing.T) {
require.Error(t, err)
}
-func TestClient_Replace(t *testing.T) {
+func TestClient_ReplaceRRSet(t *testing.T) {
client := mockBuilder().
Route("PUT /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA/www/TXT",
servermock.ResponseFromFixture("get.json"),
@@ -204,7 +204,7 @@ func TestClient_Replace(t *testing.T) {
assert.Equal(t, expected, result)
}
-func TestClient_Replace_error(t *testing.T) {
+func TestClient_ReplaceRRSet_error(t *testing.T) {
client := mockBuilder().
Route("PUT /api/config/dns/namespaces/system/dns_zones/example.com/rrsets/groupA/www/TXT",
servermock.Noop().WithStatusCode(http.StatusBadRequest)).
@@ -222,3 +222,70 @@ func TestClient_Replace_error(t *testing.T) {
_, err := client.ReplaceRRSet(t.Context(), "example.com", "groupA", "www", "TXT", rrSet)
require.Error(t, err)
}
+
+func Test_createBaseURL(t *testing.T) {
+ testCases := []struct {
+ desc string
+ tenant string
+ server string
+ expected string
+ }{
+ {
+ desc: "only tenant",
+ tenant: "foo",
+ expected: "https://foo.console.ves.volterra.io",
+ },
+ {
+ desc: "custom server",
+ tenant: "foo",
+ server: "example.com",
+ expected: "https://foo.example.com",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ baseURL, err := createBaseURL(test.tenant, test.server)
+ require.NoError(t, err)
+
+ assert.Equal(t, test.expected, baseURL.String())
+ })
+ }
+}
+
+func Test_createBaseURL_error(t *testing.T) {
+ testCases := []struct {
+ desc string
+ tenant string
+ server string
+ expected string
+ }{
+ {
+ desc: "no tenant",
+ tenant: "",
+ expected: "missing tenant name",
+ },
+ {
+ desc: "invalid tenant",
+ tenant: "%31",
+ expected: `parse base URL: parse "https://%31.console.ves.volterra.io": invalid URL escape "%31"`,
+ },
+ {
+ desc: "invalid host",
+ tenant: "foo",
+ server: "192.168.0.%31",
+ expected: `parse base URL: parse "https://foo.192.168.0.%31": invalid URL escape "%31"`,
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ _, err := createBaseURL(test.tenant, test.server)
+ require.EqualError(t, err, test.expected)
+ })
+ }
+}
diff --git a/providers/dns/f5xc/internal/types.go b/providers/dns/f5xc/internal/types.go
index 3122ca4ef..346283fb7 100644
--- a/providers/dns/f5xc/internal/types.go
+++ b/providers/dns/f5xc/internal/types.go
@@ -27,13 +27,13 @@ type APIRRSet struct {
Namespace string `json:"namespace,omitempty"`
RecordName string `json:"record_name,omitempty"`
Type string `json:"type,omitempty"`
- RRSet RRSet `json:"rrset,omitempty"`
+ RRSet RRSet `json:"rrset"`
}
type RRSetRequest struct {
DNSZoneName string `json:"dns_zone_name,omitempty"`
GroupName string `json:"group_name,omitempty"`
- RRSet RRSet `json:"rrset,omitempty"`
+ RRSet RRSet `json:"rrset"`
}
type RRSet struct {
diff --git a/providers/dns/freemyip/freemyip.go b/providers/dns/freemyip/freemyip.go
index 7613f2b8d..fb6202e25 100644
--- a/providers/dns/freemyip/freemyip.go
+++ b/providers/dns/freemyip/freemyip.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/nrdcg/freemyip"
)
@@ -88,6 +89,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/freemyip/freemyip.toml b/providers/dns/freemyip/freemyip.toml
index 4821e2a9c..adbf9e213 100644
--- a/providers/dns/freemyip/freemyip.toml
+++ b/providers/dns/freemyip/freemyip.toml
@@ -6,7 +6,7 @@ Since = "v4.5.0"
Example = '''
FREEMYIP_TOKEN=xxxxxx \
-lego --email you@example.com --dns freemyip -d '*.example.com' -d example.com run
+lego --dns freemyip -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/freemyip/freemyip_test.go b/providers/dns/freemyip/freemyip_test.go
index dcf74dd6c..24d1b98f7 100644
--- a/providers/dns/freemyip/freemyip_test.go
+++ b/providers/dns/freemyip/freemyip_test.go
@@ -37,6 +37,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -94,6 +95,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -107,6 +109,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/gandi/gandi.go b/providers/dns/gandi/gandi.go
index dd6622172..bb96a7d0f 100644
--- a/providers/dns/gandi/gandi.go
+++ b/providers/dns/gandi/gandi.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/gandi/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -109,6 +110,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/gandi/gandi.toml b/providers/dns/gandi/gandi.toml
index 96d5233be..23d7de5db 100644
--- a/providers/dns/gandi/gandi.toml
+++ b/providers/dns/gandi/gandi.toml
@@ -6,7 +6,7 @@ Since = "v0.3.0"
Example = '''
GANDI_API_KEY=abcdefghijklmnopqrstuvwx \
-lego --email you@example.com --dns gandi -d '*.example.com' -d example.com run
+lego --dns gandi -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/gandi/gandi_test.go b/providers/dns/gandi/gandi_test.go
index 4c37fb00e..58c25d0db 100644
--- a/providers/dns/gandi/gandi_test.go
+++ b/providers/dns/gandi/gandi_test.go
@@ -39,6 +39,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -126,6 +127,7 @@ func TestDNSProvider(t *testing.T) {
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
config.BaseURL = server.URL + "/"
+ config.HTTPClient = server.Client()
config.APIKey = "123412341234123412341234"
return NewDNSProviderConfig(config)
@@ -145,7 +147,6 @@ func TestDNSProvider(t *testing.T) {
_, errS = io.Copy(rw, strings.NewReader(resp))
require.NoError(t, errS)
})).
- Route("/", servermock.DumpRequest()).
Build(t)
fakeKeyAuth := "XXXX"
@@ -157,9 +158,11 @@ func TestDNSProvider(t *testing.T) {
// override findZoneByFqdn function
savedFindZoneByFqdn := provider.findZoneByFqdn
+
t.Cleanup(func() {
provider.findZoneByFqdn = savedFindZoneByFqdn
})
+
provider.findZoneByFqdn = fakeFindZoneByFqdn
// run Present
diff --git a/providers/dns/gandi/internal/client.go b/providers/dns/gandi/internal/client.go
index 6dc09648c..6ca46d072 100644
--- a/providers/dns/gandi/internal/client.go
+++ b/providers/dns/gandi/internal/client.go
@@ -50,6 +50,7 @@ func (c *Client) GetZoneID(ctx context.Context, domain string) (int, error) {
}
var zoneID int
+
for _, member := range resp.StructMembers {
if member.Name == "zone_id" {
zoneID = member.ValueInt
@@ -59,6 +60,7 @@ func (c *Client) GetZoneID(ctx context.Context, domain string) (int, error) {
if zoneID == 0 {
return 0, fmt.Errorf("could not find zone_id for %s", domain)
}
+
return zoneID, nil
}
@@ -88,6 +90,7 @@ func (c *Client) CloneZone(ctx context.Context, zoneID int, name string) (int, e
}
var newZoneID int
+
for _, member := range resp.StructMembers {
if member.Name == "id" {
newZoneID = member.ValueInt
@@ -97,6 +100,7 @@ func (c *Client) CloneZone(ctx context.Context, zoneID int, name string) (int, e
if newZoneID == 0 {
return 0, errors.New("could not determine cloned zone_id")
}
+
return newZoneID, nil
}
@@ -119,6 +123,7 @@ func (c *Client) NewZoneVersion(ctx context.Context, zoneID int) (int, error) {
if resp.Value == 0 {
return 0, errors.New("could not create new zone version")
}
+
return resp.Value, nil
}
@@ -174,6 +179,7 @@ func (c *Client) SetZoneVersion(ctx context.Context, zoneID, version int) error
if !resp.Value {
return errors.New("could not set zone version")
}
+
return nil
}
@@ -195,6 +201,7 @@ func (c *Client) SetZone(ctx context.Context, domain string, zoneID int) error {
}
var respZoneID int
+
for _, member := range resp.StructMembers {
if member.Name == "zone_id" {
respZoneID = member.ValueInt
@@ -204,6 +211,7 @@ func (c *Client) SetZone(ctx context.Context, domain string, zoneID int) error {
if respZoneID != zoneID {
return fmt.Errorf("could not set new zone_id for %s", domain)
}
+
return nil
}
diff --git a/providers/dns/gandi/internal/types.go b/providers/dns/gandi/internal/types.go
index cdcd0a658..2cde62b53 100644
--- a/providers/dns/gandi/internal/types.go
+++ b/providers/dns/gandi/internal/types.go
@@ -69,6 +69,7 @@ func (r responseFault) faultString() string { return r.FaultString }
type responseStruct struct {
responseFault
+
StructMembers []struct {
Name string `xml:"name"`
ValueInt int `xml:"value>int"`
@@ -77,11 +78,13 @@ type responseStruct struct {
type responseInt struct {
responseFault
+
Value int `xml:"params>param>value>int"`
}
type responseBool struct {
responseFault
+
Value bool `xml:"params>param>value>boolean"`
}
diff --git a/providers/dns/gandiv5/gandiv5.go b/providers/dns/gandiv5/gandiv5.go
index 3c35245de..15014e207 100644
--- a/providers/dns/gandiv5/gandiv5.go
+++ b/providers/dns/gandiv5/gandiv5.go
@@ -15,6 +15,7 @@ import (
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/gandiv5/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -113,6 +114,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if err != nil {
return nil, fmt.Errorf("gandiv5: %w", err)
}
+
client.BaseURL = baseURL
}
@@ -120,6 +122,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -160,6 +164,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
authZone: authZone,
fieldName: subDomain,
}
+
return nil
}
@@ -170,6 +175,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// acquire lock and retrieve authZone
d.inProgressMu.Lock()
defer d.inProgressMu.Unlock()
+
if _, ok := d.inProgressFQDNs[info.EffectiveFQDN]; !ok {
// if there is no cleanup information then just return
return nil
@@ -184,6 +190,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("gandiv5: %w", err)
}
+
return nil
}
diff --git a/providers/dns/gandiv5/gandiv5.toml b/providers/dns/gandiv5/gandiv5.toml
index 246b03524..31568e89b 100644
--- a/providers/dns/gandiv5/gandiv5.toml
+++ b/providers/dns/gandiv5/gandiv5.toml
@@ -6,7 +6,7 @@ Since = "v0.5.0"
Example = '''
GANDIV5_PERSONAL_ACCESS_TOKEN=abcdefghijklmnopqrstuvwx \
-lego --email you@example.com --dns gandiv5 -d '*.example.com' -d example.com run
+lego --dns gandiv5 -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/gandiv5/gandiv5_test.go b/providers/dns/gandiv5/gandiv5_test.go
index 451b1b683..d6f077243 100644
--- a/providers/dns/gandiv5/gandiv5_test.go
+++ b/providers/dns/gandiv5/gandiv5_test.go
@@ -35,6 +35,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -96,6 +97,7 @@ func TestDNSProvider(t *testing.T) {
config := NewDefaultConfig()
config.PersonalAccessToken = "123412341234123412341234"
config.BaseURL = server.URL
+ config.HTTPClient = server.Client()
return NewDNSProviderConfig(config)
},
@@ -119,9 +121,11 @@ func TestDNSProvider(t *testing.T) {
// override findZoneByFqdn function
savedFindZoneByFqdn := provider.findZoneByFqdn
+
defer func() {
provider.findZoneByFqdn = savedFindZoneByFqdn
}()
+
provider.findZoneByFqdn = fakeFindZoneByFqdn
// run Present
diff --git a/providers/dns/gandiv5/internal/client.go b/providers/dns/gandiv5/internal/client.go
index 57de9d615..bfb71c9f6 100644
--- a/providers/dns/gandiv5/internal/client.go
+++ b/providers/dns/gandiv5/internal/client.go
@@ -15,10 +15,7 @@ import (
)
// defaultBaseURL endpoint is the Gandi API endpoint used by Present and CleanUp.
-const defaultBaseURL = "https://dns.api.gandi.net/api/v5"
-
-// APIKeyHeader API key header.
-const APIKeyHeader = "X-Api-Key"
+const defaultBaseURL = "https://api.gandi.net/v5/livedns"
// Related to Personal Access Token.
const authorizationHeader = "Authorization"
@@ -78,6 +75,7 @@ func (c *Client) getTXTRecord(ctx context.Context, domain, name string) (*Record
}
txtRecord := &Record{}
+
err = c.do(req, txtRecord)
if err != nil {
return nil, fmt.Errorf("unable to get TXT records for domain %s and name %s: %w", domain, name, err)
@@ -95,6 +93,7 @@ func (c *Client) addTXTRecord(ctx context.Context, domain, name string, newRecor
}
message := apiResponse{}
+
err = c.do(req, &message)
if err != nil {
return fmt.Errorf("unable to create TXT record for domain %s and name %s: %w", domain, name, err)
@@ -116,6 +115,7 @@ func (c *Client) DeleteTXTRecord(ctx context.Context, domain, name string) error
}
message := apiResponse{}
+
err = c.do(req, &message)
if err != nil {
return fmt.Errorf("unable to delete TXT record for domain %s and name %s: %w", domain, name, err)
@@ -130,7 +130,7 @@ func (c *Client) DeleteTXTRecord(ctx context.Context, domain, name string) error
func (c *Client) do(req *http.Request, result any) error {
if c.apiKey != "" {
- req.Header.Set(APIKeyHeader, c.apiKey)
+ req.Header.Set(authorizationHeader, "Apikey "+c.apiKey)
}
if c.pat != "" {
@@ -208,6 +208,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
response := apiResponse{}
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/gandiv5/internal/client_test.go b/providers/dns/gandiv5/internal/client_test.go
index 2465566f9..6a4158dcb 100644
--- a/providers/dns/gandiv5/internal/client_test.go
+++ b/providers/dns/gandiv5/internal/client_test.go
@@ -9,23 +9,29 @@ import (
"github.com/stretchr/testify/require"
)
-func mockBuilder() *servermock.Builder[*Client] {
+func mockBuilder(apiKey, pat string) *servermock.Builder[*Client] {
+ checkHeaders := servermock.CheckHeader().WithJSONHeaders()
+
+ if apiKey != "" {
+ checkHeaders = checkHeaders.WithAuthorization("Apikey secret-apikey")
+ } else {
+ checkHeaders = checkHeaders.WithAuthorization("Bearer secret-pat")
+ }
+
return servermock.NewBuilder[*Client](
func(server *httptest.Server) (*Client, error) {
- client := NewClient("secret", "xxx")
+ client := NewClient(apiKey, pat)
client.BaseURL, _ = url.Parse(server.URL)
client.HTTPClient = server.Client()
return client, nil
},
- servermock.CheckHeader().WithJSONHeaders().
- With("X-Api-Key", "secret").
- WithAuthorization("Bearer xxx"),
+ checkHeaders,
)
}
func TestClient_AddTXTRecord(t *testing.T) {
- client := mockBuilder().
+ client := mockBuilder("secret-apikey", "").
Route("GET /domains/example.com/records/foo/TXT",
servermock.ResponseFromFixture("add_txt_record_get.json")).
Route("PUT /domains/example.com/records/foo/TXT",
@@ -38,7 +44,7 @@ func TestClient_AddTXTRecord(t *testing.T) {
}
func TestClient_DeleteTXTRecord(t *testing.T) {
- client := mockBuilder().
+ client := mockBuilder("", "secret-pat").
Route("DELETE /domains/example.com/records/foo/TXT",
servermock.ResponseFromFixture("api_response.json")).
Build(t)
diff --git a/providers/dns/gcloud/gcloud.toml b/providers/dns/gcloud/gcloud.toml
index 471e2e9d1..63d22bed3 100644
--- a/providers/dns/gcloud/gcloud.toml
+++ b/providers/dns/gcloud/gcloud.toml
@@ -8,18 +8,18 @@ Example = '''
# Using a service account file
GCE_PROJECT="gc-project-id" \
GCE_SERVICE_ACCOUNT_FILE="/path/to/svc/account/file.json" \
-lego --email you@example.com --dns gcloud -d '*.example.com' -d example.com run
+lego --dns gcloud -d '*.example.com' -d example.com run
# Using default credentials with impersonation
GCE_PROJECT="gc-project-id" \
GCE_IMPERSONATE_SERVICE_ACCOUNT="target-sa@gc-project-id.iam.gserviceaccount.com" \
-lego --email you@example.com --dns gcloud -d '*.example.com' -d example.com run
+lego --dns gcloud -d '*.example.com' -d example.com run
# Using service account key with impersonation
GCE_PROJECT="gc-project-id" \
GCE_SERVICE_ACCOUNT_FILE="/path/to/svc/account/file.json" \
GCE_IMPERSONATE_SERVICE_ACCOUNT="target-sa@gc-project-id.iam.gserviceaccount.com" \
-lego --email you@example.com --dns gcloud -d '*.example.com' -d example.com run
+lego --dns gcloud -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/gcloud/googlecloud.go b/providers/dns/gcloud/googlecloud.go
index 30a028d61..61e8ee66f 100644
--- a/providers/dns/gcloud/googlecloud.go
+++ b/providers/dns/gcloud/googlecloud.go
@@ -2,6 +2,7 @@
package gcloud
import (
+ "context"
"encoding/json"
"errors"
"fmt"
@@ -11,15 +12,17 @@ import (
"time"
"cloud.google.com/go/compute/metadata"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/platform/wait"
- "golang.org/x/net/context"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/miekg/dns"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
- "google.golang.org/api/dns/v1"
+ gdns "google.golang.org/api/dns/v1"
"google.golang.org/api/googleapi"
"google.golang.org/api/impersonate"
"google.golang.org/api/option"
@@ -74,7 +77,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
config *Config
- client *dns.Service
+ client *gdns.Service
}
// NewDNSProvider returns a DNSProvider instance configured for Google Cloud DNS.
@@ -90,6 +93,7 @@ func NewDNSProvider() (*DNSProvider, error) {
// Use default credentials.
project := env.GetOrDefaultString(EnvProject, autodetectProjectID(context.Background()))
+
return NewDNSProviderCredentials(project)
}
@@ -104,6 +108,7 @@ func NewDNSProviderCredentials(project string) (*DNSProvider, error) {
config.Project = project
var err error
+
config.HTTPClient, err = newClientFromCredentials(context.Background(), config)
if err != nil {
return nil, fmt.Errorf("googlecloud: %w", err)
@@ -127,10 +132,12 @@ func NewDNSProviderServiceAccountKey(saKey []byte) (*DNSProvider, error) {
var datJSON struct {
ProjectID string `json:"project_id"`
}
+
err := json.Unmarshal(saKey, &datJSON)
if err != nil || datJSON.ProjectID == "" {
return nil, errors.New("googlecloud: project ID not found in Google Cloud Service Account file")
}
+
project = datJSON.ProjectID
}
@@ -138,6 +145,7 @@ func NewDNSProviderServiceAccountKey(saKey []byte) (*DNSProvider, error) {
config.Project = project
var err error
+
config.HTTPClient, err = newClientFromServiceAccountKey(context.Background(), config, saKey)
if err != nil {
return nil, fmt.Errorf("googlecloud: %w", err)
@@ -166,11 +174,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("googlecloud: the configuration of the DNS provider is nil")
}
+
if config.HTTPClient == nil {
return nil, errors.New("googlecloud: unable to create Google Cloud DNS service: client is nil")
}
- svc, err := dns.NewService(context.Background(), option.WithHTTPClient(config.HTTPClient))
+ svc, err := gdns.NewService(context.Background(), option.WithHTTPClient(clientdebug.Wrap(config.HTTPClient)))
if err != nil {
return nil, fmt.Errorf("googlecloud: unable to create Google Cloud DNS service: %w", err)
}
@@ -180,6 +189,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
zone, err := d.getHostedZone(info.EffectiveFQDN)
@@ -195,6 +206,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
for _, rrSet := range existingRrSet {
var rrd []string
+
for _, rr := range rrSet.Rrdatas {
data := mustUnquote(rr)
rrd = append(rrd, data)
@@ -204,17 +216,18 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return nil
}
}
+
rrSet.Rrdatas = rrd
}
// Attempt to delete the existing records before adding the new one.
if len(existingRrSet) > 0 {
- if err = d.applyChanges(zone, &dns.Change{Deletions: existingRrSet}); err != nil {
+ if err = d.applyChanges(ctx, zone, &gdns.Change{Deletions: existingRrSet}); err != nil {
return fmt.Errorf("googlecloud: %w", err)
}
}
- rec := &dns.ResourceRecordSet{
+ rec := &gdns.ResourceRecordSet{
Name: info.EffectiveFQDN,
Rrdatas: []string{info.Value},
Ttl: int64(d.config.TTL),
@@ -230,18 +243,18 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
}
}
- change := &dns.Change{
- Additions: []*dns.ResourceRecordSet{rec},
+ change := &gdns.Change{
+ Additions: []*gdns.ResourceRecordSet{rec},
}
- if err = d.applyChanges(zone, change); err != nil {
+ if err = d.applyChanges(ctx, zone, change); err != nil {
return fmt.Errorf("googlecloud: %w", err)
}
return nil
}
-func (d *DNSProvider) applyChanges(zone string, change *dns.Change) error {
+func (d *DNSProvider) applyChanges(ctx context.Context, zone string, change *gdns.Change) error {
if d.config.Debug {
data, _ := json.Marshal(change)
log.Printf("change (Create): %s", string(data))
@@ -255,6 +268,7 @@ func (d *DNSProvider) applyChanges(zone string, change *dns.Change) error {
}
data, _ := json.Marshal(change)
+
return fmt.Errorf("failed to perform changes [zone %s, change %s]: %w", zone, string(data), err)
}
@@ -265,24 +279,28 @@ func (d *DNSProvider) applyChanges(zone string, change *dns.Change) error {
chgID := chg.Id
// wait for change to be acknowledged
- return wait.For("apply change", 30*time.Second, 3*time.Second, func() (bool, error) {
- if d.config.Debug {
- data, _ := json.Marshal(change)
- log.Printf("change (Get): %s", string(data))
- }
+ return wait.Retry(ctx,
+ func() error {
+ if d.config.Debug {
+ data, _ := json.Marshal(change)
+ log.Printf("change (Get): %s", string(data))
+ }
- chg, err = d.client.Changes.Get(d.config.Project, zone, chgID).Do()
- if err != nil {
- data, _ := json.Marshal(change)
- return false, fmt.Errorf("failed to get changes [zone %s, change %s]: %w", zone, string(data), err)
- }
+ chg, err = d.client.Changes.Get(d.config.Project, zone, chgID).Do()
+ if err != nil {
+ data, _ := json.Marshal(change)
+ return fmt.Errorf("failed to get changes [zone %s, change %s]: %w", zone, string(data), err)
+ }
- if chg.Status == changeStatusDone {
- return true, nil
- }
+ if chg.Status != changeStatusDone {
+ return fmt.Errorf("status: %s", chg.Status)
+ }
- return false, fmt.Errorf("status: %s", chg.Status)
- })
+ return nil
+ },
+ backoff.WithBackOff(backoff.NewConstantBackOff(3*time.Second)),
+ backoff.WithMaxElapsedTime(30*time.Second),
+ )
}
// CleanUp removes the TXT record matching the specified parameters.
@@ -303,10 +321,11 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return nil
}
- _, err = d.client.Changes.Create(d.config.Project, zone, &dns.Change{Deletions: records}).Do()
+ _, err = d.client.Changes.Create(d.config.Project, zone, &gdns.Change{Deletions: records}).Do()
if err != nil {
return fmt.Errorf("googlecloud: %w", err)
}
+
return nil
}
@@ -352,7 +371,7 @@ func (d *DNSProvider) getHostedZone(domain string) (string, error) {
// (gcloud projects get-iam-policy $project_id) (a role with permission dns.managedZones.list)
//
// If we force a zone list to succeed, we demand more permissions than needed.
-func (d *DNSProvider) lookupHostedZoneID(domain string) (string, []*dns.ManagedZone, error) {
+func (d *DNSProvider) lookupHostedZoneID(domain string) (string, []*gdns.ManagedZone, error) {
// GCE_ZONE_ID override for service accounts to avoid needing zones-list permission
if d.config.ZoneID != "" {
zone, err := d.client.ManagedZones.Get(d.config.Project, d.config.ZoneID).Do()
@@ -360,10 +379,10 @@ func (d *DNSProvider) lookupHostedZoneID(domain string) (string, []*dns.ManagedZ
return "", nil, fmt.Errorf("API call ManagedZones.Get for explicit zone ID %q in project %q failed: %w", d.config.ZoneID, d.config.Project, err)
}
- return zone.DnsName, []*dns.ManagedZone{zone}, nil
+ return zone.DnsName, []*gdns.ManagedZone{zone}, nil
}
- authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
+ authZone, err := dns01.FindZoneByFqdn(dns.Fqdn(domain))
if err != nil {
return "", nil, fmt.Errorf("could not find zone: %w", err)
}
@@ -379,7 +398,7 @@ func (d *DNSProvider) lookupHostedZoneID(domain string) (string, []*dns.ManagedZ
return authZone, zones.ManagedZones, nil
}
-func (d *DNSProvider) findTxtRecords(zone, fqdn string) ([]*dns.ResourceRecordSet, error) {
+func (d *DNSProvider) findTxtRecords(zone, fqdn string) ([]*gdns.ResourceRecordSet, error) {
recs, err := d.client.ResourceRecordSets.List(d.config.Project, zone).Name(fqdn).Type("TXT").Do()
if err != nil {
return nil, err
@@ -398,7 +417,7 @@ func newClientFromCredentials(ctx context.Context, config *Config) (*http.Client
return newImpersonateClient(ctx, config.ImpersonateServiceAccount, ts)
}
- client, err := google.DefaultClient(ctx, dns.NdevClouddnsReadwriteScope)
+ client, err := google.DefaultClient(ctx, gdns.NdevClouddnsReadwriteScope)
if err != nil {
return nil, fmt.Errorf("unable to get Google Cloud client: %w", err)
}
@@ -416,7 +435,7 @@ func newClientFromServiceAccountKey(ctx context.Context, config *Config, saKey [
return newImpersonateClient(ctx, config.ImpersonateServiceAccount, conf.TokenSource(ctx))
}
- conf, err := google.JWTConfigFromJSON(saKey, dns.NdevClouddnsReadwriteScope)
+ conf, err := google.JWTConfigFromJSON(saKey, gdns.NdevClouddnsReadwriteScope)
if err != nil {
return nil, fmt.Errorf("unable to acquire config: %w", err)
}
@@ -427,7 +446,7 @@ func newClientFromServiceAccountKey(ctx context.Context, config *Config, saKey [
func newImpersonateClient(ctx context.Context, impersonateServiceAccount string, ts oauth2.TokenSource) (*http.Client, error) {
impersonatedTS, err := impersonate.CredentialsTokenSource(ctx, impersonate.CredentialsConfig{
TargetPrincipal: impersonateServiceAccount,
- Scopes: []string{dns.NdevClouddnsReadwriteScope},
+ Scopes: []string{gdns.NdevClouddnsReadwriteScope},
}, option.WithTokenSource(ts))
if err != nil {
return nil, fmt.Errorf("unable to create impersonated credentials: %w", err)
@@ -441,6 +460,7 @@ func mustUnquote(raw string) string {
if err != nil {
return raw
}
+
return clean
}
diff --git a/providers/dns/gcloud/googlecloud_test.go b/providers/dns/gcloud/googlecloud_test.go
index 7fda2f8f6..28b08a2f9 100644
--- a/providers/dns/gcloud/googlecloud_test.go
+++ b/providers/dns/gcloud/googlecloud_test.go
@@ -52,7 +52,7 @@ func TestNewDNSProvider(t *testing.T) {
envServiceAccountFile: "",
// as Travis run on GCE, we have to alter env
envGoogleApplicationCredentials: "not-a-secret-file",
- envMetadataHost: "http://lego.wtf", // defined here to avoid the client cache.
+ envMetadataHost: "http://example.com", // defined here to avoid the client cache.
},
// the error message varies according to the OS used.
expected: "googlecloud: unable to get Google Cloud client: google: error getting credentials using GOOGLE_APPLICATION_CREDENTIALS environment variable: ",
@@ -63,7 +63,7 @@ func TestNewDNSProvider(t *testing.T) {
EnvProject: "",
envServiceAccountFile: "",
// as Travis run on GCE, we have to alter env
- envMetadataHost: "http://lego.wtf",
+ envMetadataHost: "http://example.com",
},
expected: "googlecloud: project name missing",
},
@@ -86,6 +86,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -125,6 +126,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
config := NewDefaultConfig()
@@ -154,7 +156,7 @@ func TestPresentNoExistingRR(t *testing.T) {
},
}),
servermock.CheckQueryParameter().Strict().
- With("dnsName", "lego.wtf.").
+ With("dnsName", "example.com.").
With("prettyPrint", "false").
With("alt", "json")).
// findTxtRecords
@@ -163,7 +165,7 @@ func TestPresentNoExistingRR(t *testing.T) {
Rrsets: []*dns.ResourceRecordSet{},
}),
servermock.CheckQueryParameter().Strict().
- With("name", "_acme-challenge.lego.wtf.").
+ With("name", "_acme-challenge.example.com.").
With("type", "TXT").
With("prettyPrint", "false").
With("alt", "json")).
@@ -189,7 +191,7 @@ func TestPresentNoExistingRR(t *testing.T) {
With("alt", "json")).
Build(t)
- domain := "lego.wtf"
+ domain := "example.com"
err := provider.Present(domain, "", "")
require.NoError(t, err)
@@ -205,21 +207,21 @@ func TestPresentWithExistingRR(t *testing.T) {
},
}),
servermock.CheckQueryParameter().Strict().
- With("dnsName", "lego.wtf.").
+ With("dnsName", "example.com.").
With("prettyPrint", "false").
With("alt", "json")).
// findTxtRecords
Route("GET /dns/v1/projects/manhattan/managedZones/test/rrsets",
servermock.JSONEncode(&dns.ResourceRecordSetsListResponse{
Rrsets: []*dns.ResourceRecordSet{{
- Name: "_acme-challenge.lego.wtf.",
+ Name: "_acme-challenge.example.com.",
Rrdatas: []string{`"X7DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU"`, `"huji"`},
Ttl: 120,
Type: "TXT",
}},
}),
servermock.CheckQueryParameter().Strict().
- With("name", "_acme-challenge.lego.wtf.").
+ With("name", "_acme-challenge.example.com.").
With("type", "TXT").
With("prettyPrint", "false").
With("alt", "json")).
@@ -237,12 +239,14 @@ func TestPresentWithExistingRR(t *testing.T) {
}
var prevVal string
+
for _, addition := range chgReq.Additions {
for _, value := range addition.Rrdatas {
if prevVal == value {
http.Error(rw, fmt.Sprintf("The resource %s already exists", value), http.StatusConflict)
return
}
+
prevVal = value
}
}
@@ -260,7 +264,7 @@ func TestPresentWithExistingRR(t *testing.T) {
With("alt", "json")).
Build(t)
- domain := "lego.wtf"
+ domain := "example.com"
err := provider.Present(domain, "", "")
require.NoError(t, err)
@@ -276,27 +280,27 @@ func TestPresentSkipExistingRR(t *testing.T) {
},
}),
servermock.CheckQueryParameter().Strict().
- With("dnsName", "lego.wtf.").
+ With("dnsName", "example.com.").
With("prettyPrint", "false").
With("alt", "json")).
// findTxtRecords
Route("GET /dns/v1/projects/manhattan/managedZones/test/rrsets",
servermock.JSONEncode(&dns.ResourceRecordSetsListResponse{
Rrsets: []*dns.ResourceRecordSet{{
- Name: "_acme-challenge.lego.wtf.",
+ Name: "_acme-challenge.example.com.",
Rrdatas: []string{`"47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU"`, `"X7DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU"`, `"huji"`},
Ttl: 120,
Type: "TXT",
}},
}),
servermock.CheckQueryParameter().Strict().
- With("name", "_acme-challenge.lego.wtf.").
+ With("name", "_acme-challenge.example.com.").
With("type", "TXT").
With("prettyPrint", "false").
With("alt", "json")).
Build(t)
- domain := "lego.wtf"
+ domain := "example.com"
err := provider.Present(domain, "", "")
require.NoError(t, err)
@@ -352,7 +356,7 @@ func TestLiveCleanUp(t *testing.T) {
func mockBuilder() *servermock.Builder[*DNSProvider] {
return servermock.NewBuilder(func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
- config.HTTPClient = &http.Client{Timeout: 10 * time.Second}
+ config.HTTPClient = server.Client()
config.Project = "manhattan"
p, err := NewDNSProviderConfig(config)
diff --git a/providers/dns/gcore/gcore.go b/providers/dns/gcore/gcore.go
index 646c5ab1c..9b98f28d4 100644
--- a/providers/dns/gcore/gcore.go
+++ b/providers/dns/gcore/gcore.go
@@ -1,17 +1,16 @@
+// Package gcore implements a DNS provider for solving the DNS-01 challenge using G-Core.
package gcore
import (
- "context"
"errors"
"fmt"
"net/http"
- "strings"
"time"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
- "github.com/go-acme/lego/v4/providers/dns/gcore/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/gcore"
)
// Environment variables names.
@@ -26,28 +25,17 @@ const (
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
-const (
- defaultPropagationTimeout = 360 * time.Second
- defaultPollingInterval = 20 * time.Second
-)
-
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config for DNSProvider.
-type Config struct {
- APIToken string
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = gcore.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
- PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, defaultPropagationTimeout),
- PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, defaultPollingInterval),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, gcore.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, gcore.DefaultPollingInterval),
HTTPClient: &http.Client{
Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 10*time.Second),
},
@@ -56,8 +44,7 @@ func NewDefaultConfig() *Config {
// DNSProvider an implementation of challenge.Provider contract.
type DNSProvider struct {
- config *Config
- client *internal.Client
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns an instance of DNSProvider configured for G-Core DNS API.
@@ -79,91 +66,36 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("gcore: the configuration of the DNS provider is nil")
}
- if config.APIToken == "" {
- return nil, errors.New("gcore: incomplete credentials provided")
+ provider, err := gcore.NewDNSProviderConfig(config, "")
+ if err != nil {
+ return nil, fmt.Errorf("gcore: %w", err)
}
- client := internal.NewClient(config.APIToken)
-
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- return &DNSProvider{
- config: config,
- client: client,
- }, nil
+ return &DNSProvider{prv: provider}, nil
}
-// Present creates a TXT record to fulfill the dns-01 challenge.
-func (d *DNSProvider) Present(domain, _, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- ctx := context.Background()
-
- zone, err := d.guessZone(ctx, info.EffectiveFQDN)
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("gcore: %w", err)
}
- err = d.client.AddRRSet(ctx, zone, dns01.UnFqdn(info.EffectiveFQDN), info.Value, d.config.TTL)
- if err != nil {
- return fmt.Errorf("gcore: add txt record: %w", err)
- }
-
return nil
}
-// CleanUp removes the record matching the specified parameters.
-func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- ctx := context.Background()
-
- zone, err := d.guessZone(ctx, info.EffectiveFQDN)
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("gcore: %w", err)
}
- err = d.client.DeleteRRSet(ctx, zone, dns01.UnFqdn(info.EffectiveFQDN))
- if err != nil {
- return fmt.Errorf("gcore: remove txt record: %w", err)
- }
-
return nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
-}
-
-func (d *DNSProvider) guessZone(ctx context.Context, fqdn string) (string, error) {
- var lastErr error
-
- for _, zone := range extractAllZones(fqdn) {
- dnsZone, err := d.client.GetZone(ctx, zone)
- if err == nil {
- return dnsZone.Name, nil
- }
-
- lastErr = err
- }
-
- return "", fmt.Errorf("zone %q not found: %w", fqdn, lastErr)
-}
-
-func extractAllZones(fqdn string) []string {
- parts := strings.Split(dns01.UnFqdn(fqdn), ".")
- if len(parts) < 3 {
- return nil
- }
-
- var zones []string
- for i := 1; i < len(parts)-1; i++ {
- zones = append(zones, strings.Join(parts[i:], "."))
- }
-
- return zones
+ return d.prv.Timeout()
}
diff --git a/providers/dns/gcore/gcore.toml b/providers/dns/gcore/gcore.toml
index 986455e80..983c35f8a 100644
--- a/providers/dns/gcore/gcore.toml
+++ b/providers/dns/gcore/gcore.toml
@@ -6,7 +6,7 @@ Since = "v4.5.0"
Example = '''
GCORE_PERMANENT_API_TOKEN=xxxxx \
-lego --email you@example.com --dns gcore -d '*.example.com' -d example.com run
+lego --dns gcore -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/gcore/gcore_test.go b/providers/dns/gcore/gcore_test.go
index a5eddee7c..6f8e38c12 100644
--- a/providers/dns/gcore/gcore_test.go
+++ b/providers/dns/gcore/gcore_test.go
@@ -4,7 +4,6 @@ import (
"testing"
"github.com/go-acme/lego/v4/platform/tester"
- "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
@@ -34,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -43,8 +43,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -78,8 +77,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -93,6 +91,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -106,36 +105,10 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
require.NoError(t, err)
}
-
-func Test_extractAllZones(t *testing.T) {
- testCases := []struct {
- desc string
- fqdn string
- expected []string
- }{
- {
- desc: "success",
- fqdn: "_acme-challenge.my.test.domain.com.",
- expected: []string{"my.test.domain.com", "test.domain.com", "domain.com"},
- },
- {
- desc: "empty",
- fqdn: "_acme-challenge.com.",
- },
- }
-
- for _, test := range testCases {
- t.Run(test.desc, func(t *testing.T) {
- t.Parallel()
-
- got := extractAllZones(test.fqdn)
- assert.Equal(t, test.expected, got)
- })
- }
-}
diff --git a/providers/dns/gigahostno/gigahostno.go b/providers/dns/gigahostno/gigahostno.go
new file mode 100644
index 000000000..b9ed23f3f
--- /dev/null
+++ b/providers/dns/gigahostno/gigahostno.go
@@ -0,0 +1,233 @@
+// Package gigahostno implements a DNS provider for solving the DNS-01 challenge using Gigahost.no.
+package gigahostno
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/gigahostno/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "GIGAHOSTNO_"
+
+ EnvUsername = envNamespace + "USERNAME"
+ EnvPassword = envNamespace + "PASSWORD"
+ EnvSecret = envNamespace + "SECRET"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Username string
+ Password string
+ Secret string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+
+ identifier *internal.Identifier
+ client *internal.Client
+
+ tokenMu sync.Mutex
+ token *internal.Token
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Gigahost.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvUsername, EnvPassword)
+ if err != nil {
+ return nil, fmt.Errorf("gigahostno: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.Username = values[EnvUsername]
+ config.Password = values[EnvPassword]
+ config.Secret = env.GetOrFile(EnvSecret)
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Gigahost.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("gigahostno: the configuration of the DNS provider is nil")
+ }
+
+ identifier, err := internal.NewIdentifier(config.Username, config.Password, config.Secret)
+ if err != nil {
+ return nil, fmt.Errorf("gigahostno: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ identifier.HTTPClient = config.HTTPClient
+ }
+
+ identifier.HTTPClient = clientdebug.Wrap(identifier.HTTPClient)
+
+ client := internal.NewClient()
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ identifier: identifier,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ err := d.authenticate(ctx)
+ if err != nil {
+ return fmt.Errorf("gigahostno: %w", err)
+ }
+
+ ctx = internal.WithContext(ctx, d.token.Token)
+
+ zone, err := d.findZone(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("gigahostno: %w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone.Name)
+ if err != nil {
+ return fmt.Errorf("gigahostno: %w", err)
+ }
+
+ record := internal.Record{
+ Name: subDomain,
+ Type: "TXT",
+ Value: info.Value,
+ TTL: d.config.TTL,
+ }
+
+ err = d.client.CreateNewRecord(ctx, zone.ID, record)
+ if err != nil {
+ return fmt.Errorf("gigahostno: create new record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ err := d.authenticate(ctx)
+ if err != nil {
+ return fmt.Errorf("gigahostno: %w", err)
+ }
+
+ ctx = internal.WithContext(ctx, d.token.Token)
+
+ zone, err := d.findZone(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("gigahostno: %w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone.Name)
+ if err != nil {
+ return fmt.Errorf("gigahostno: %w", err)
+ }
+
+ records, err := d.client.GetZoneRecords(ctx, zone.ID)
+ if err != nil {
+ return fmt.Errorf("gigahostno: get zone records: %w", err)
+ }
+
+ for _, record := range records {
+ if record.Type == "TXT" && record.Name == subDomain && record.Value == info.Value {
+ err := d.client.DeleteRecord(ctx, zone.ID, record.ID, record.Name, record.Type)
+ if err != nil {
+ return fmt.Errorf("gigahostno: delete record: %w", err)
+ }
+
+ break
+ }
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) authenticate(ctx context.Context) error {
+ d.tokenMu.Lock()
+ defer d.tokenMu.Unlock()
+
+ if !d.token.IsExpired() {
+ return nil
+ }
+
+ tok, err := d.identifier.Authenticate(ctx)
+ if err != nil {
+ return fmt.Errorf("authenticate: %w", err)
+ }
+
+ d.token = tok
+
+ return nil
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, fqdn string) (*internal.Zone, error) {
+ zones, err := d.client.GetZones(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("get zones: %w", err)
+ }
+
+ for d := range dns01.UnFqdnDomainsSeq(fqdn) {
+ for _, zone := range zones {
+ if zone.Name == d && zone.Active == "1" {
+ return &zone, nil
+ }
+ }
+ }
+
+ return nil, fmt.Errorf("zone not found for %q", fqdn)
+}
diff --git a/providers/dns/gigahostno/gigahostno.toml b/providers/dns/gigahostno/gigahostno.toml
new file mode 100644
index 000000000..b8d3fad2b
--- /dev/null
+++ b/providers/dns/gigahostno/gigahostno.toml
@@ -0,0 +1,25 @@
+Name = "Gigahost.no"
+Description = ''''''
+URL = "https://gigahost.no/"
+Code = "gigahostno"
+Since = "v4.29.0"
+
+Example = '''
+GIGAHOSTNO_USERNAME="xxxxxxxxxxxxxxxxxxxxx" \
+GIGAHOSTNO_PASSWORD="yyyyyyyyyyyyyyyyyyyyy" \
+lego --dns gigahostno -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ GIGAHOSTNO_USERNAME = "Username"
+ GIGAHOSTNO_PASSWORD = "Password"
+ [Configuration.Additional]
+ GIGAHOSTNO_SECRET = "TOTP secret"
+ GIGAHOSTNO_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ GIGAHOSTNO_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ GIGAHOSTNO_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ GIGAHOSTNO_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://gigahost.no/api-dokumentasjon"
diff --git a/providers/dns/gigahostno/gigahostno_test.go b/providers/dns/gigahostno/gigahostno_test.go
new file mode 100644
index 000000000..7aaac0159
--- /dev/null
+++ b/providers/dns/gigahostno/gigahostno_test.go
@@ -0,0 +1,277 @@
+package gigahostno
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/go-acme/lego/v4/providers/dns/gigahostno/internal"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvUsername,
+ EnvPassword,
+ EnvSecret,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvUsername: "user",
+ EnvPassword: "secret",
+ EnvSecret: "super-secret",
+ },
+ },
+ {
+ desc: "missing GIGAHOSTNO_USERNAME",
+ envVars: map[string]string{
+ EnvPassword: "secret",
+ },
+ expected: "gigahostno: some credentials information are missing: GIGAHOSTNO_USERNAME",
+ },
+ {
+ desc: "missing GIGAHOSTNO_PASSWORD",
+ envVars: map[string]string{
+ EnvUsername: "user",
+ },
+ expected: "gigahostno: some credentials information are missing: GIGAHOSTNO_PASSWORD",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "gigahostno: some credentials information are missing: GIGAHOSTNO_USERNAME,GIGAHOSTNO_PASSWORD",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ username string
+ password string
+ secret string
+ expected string
+ }{
+ {
+ desc: "success",
+ username: "user",
+ password: "secret",
+ secret: "super-secret",
+ },
+ {
+ desc: "missing username",
+ password: "secret",
+ expected: "gigahostno: credentials missing",
+ },
+ {
+ desc: "missing password",
+ username: "user",
+ expected: "gigahostno: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "gigahostno: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.Username = test.username
+ config.Password = test.password
+ config.Secret = test.secret
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.Username = "user"
+ config.Password = "secret"
+ config.Secret = "JBSWY3DPEHPK3PXP"
+
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+ p.identifier.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /authenticate",
+ servermock.ResponseFromInternal("authenticate.json")).
+ Route("GET /dns/zones",
+ servermock.ResponseFromInternal("zones.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secrettoken")).
+ Route("POST /dns/zones/123/records",
+ servermock.ResponseFromInternal("create_record.json"),
+ servermock.CheckRequestJSONBodyFromInternal("create_record-request.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secrettoken")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_Present_token_not_expired(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.ResponseFromInternal("zones.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret-token")).
+ Route("POST /dns/zones/123/records",
+ servermock.ResponseFromInternal("create_record.json"),
+ servermock.CheckRequestJSONBodyFromInternal("create_record-request.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret-token")).
+ Build(t)
+
+ provider.token = &internal.Token{
+ Token: "secret-token",
+ TokenExpire: 65322892800, // 2040-01-01
+ CustomerID: "123",
+ }
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /authenticate",
+ servermock.ResponseFromInternal("authenticate.json")).
+ Route("GET /dns/zones",
+ servermock.ResponseFromInternal("zones.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secrettoken")).
+ Route("GET /dns/zones/123/records",
+ servermock.ResponseFromInternal("zone_records.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secrettoken")).
+ Route("DELETE /dns/zones/123/records/jkl012",
+ servermock.ResponseFromInternal("delete_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("name", "_acme-challenge").
+ With("type", "TXT"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secrettoken")).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp_token_not_expired(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.ResponseFromInternal("zones.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret-token")).
+ Route("GET /dns/zones/123/records",
+ servermock.ResponseFromInternal("zone_records.json"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret-token")).
+ Route("DELETE /dns/zones/123/records/jkl012",
+ servermock.ResponseFromInternal("delete_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("name", "_acme-challenge").
+ With("type", "TXT"),
+ servermock.CheckHeader().
+ WithAuthorization("Bearer secret-token")).
+ Build(t)
+
+ provider.token = &internal.Token{
+ Token: "secret-token",
+ TokenExpire: 65322892800, // 2040-01-01
+ CustomerID: "123",
+ }
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/gigahostno/internal/client.go b/providers/dns/gigahostno/internal/client.go
new file mode 100644
index 000000000..cfff3a7b8
--- /dev/null
+++ b/providers/dns/gigahostno/internal/client.go
@@ -0,0 +1,172 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+const defaultBaseURL = "https://api.gigahost.no/api/v0"
+
+const authorizationHeader = "Authorization"
+
+// Client the Gigahost.no API client.
+type Client struct {
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient() *Client {
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }
+}
+
+// GetZones returns all zones.
+func (c *Client) GetZones(ctx context.Context) ([]Zone, error) {
+ endpoint := c.BaseURL.JoinPath("dns", "zones")
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var result APIResponse[[]Zone]
+
+ err = c.do(ctx, req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Data, nil
+}
+
+// GetZoneRecords returns all records for a zone.
+func (c *Client) GetZoneRecords(ctx context.Context, zoneID string) ([]Record, error) {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", zoneID, "records")
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var result APIResponse[[]Record]
+
+ err = c.do(ctx, req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Data, nil
+}
+
+// CreateNewRecord creates a new record.
+func (c *Client) CreateNewRecord(ctx context.Context, zoneID string, record Record) error {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", zoneID, "records")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, record)
+ if err != nil {
+ return err
+ }
+
+ return c.do(ctx, req, nil)
+}
+
+// DeleteRecord deletes a record.
+func (c *Client) DeleteRecord(ctx context.Context, zoneID, recordID, name, recordType string) error {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", zoneID, "records", recordID)
+
+ query := endpoint.Query()
+ query.Set("name", name)
+ query.Set("type", recordType)
+ endpoint.RawQuery = query.Encode()
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ return c.do(ctx, req, nil)
+}
+
+func (c *Client) do(ctx context.Context, req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Set(authorizationHeader, "Bearer "+getToken(ctx))
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/gigahostno/internal/client_test.go b/providers/dns/gigahostno/internal/client_test.go
new file mode 100644
index 000000000..8d1298947
--- /dev/null
+++ b/providers/dns/gigahostno/internal/client_test.go
@@ -0,0 +1,149 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client := NewClient()
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ WithAuthorization("Bearer secret"),
+ )
+}
+
+func TestClient_GetZones(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.ResponseFromFixture("zones.json")).
+ Build(t)
+
+ zones, err := client.GetZones(mockContext(t))
+ require.NoError(t, err)
+
+ expected := []Zone{
+ {
+ ID: "123",
+ Name: "example.com",
+ NameDisplay: "example.com",
+ Type: "NATIVE",
+ Active: "1",
+ },
+ {
+ ID: "226",
+ Name: "example.org",
+ NameDisplay: "example.org",
+ Type: "NATIVE",
+ Active: "1",
+ },
+ {
+ ID: "229",
+ Name: "example.xn--zckzah",
+ NameDisplay: "example.テスト",
+ Type: "NATIVE",
+ Active: "1",
+ },
+ }
+
+ assert.Equal(t, expected, zones)
+}
+
+func TestClient_GetZones_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ _, err := client.GetZones(mockContext(t))
+ require.EqualError(t, err, "401: 401 Unauthorized: 401 Unauthorized")
+}
+
+func TestClient_GetZoneRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones/123/records",
+ servermock.ResponseFromFixture("zone_records.json")).
+ Build(t)
+
+ zones, err := client.GetZoneRecords(mockContext(t), "123")
+ require.NoError(t, err)
+
+ expected := []Record{
+ {
+ ID: "abc123",
+ Name: "@",
+ Type: "A",
+ Value: "185.125.168.166",
+ TTL: 3600,
+ },
+ {
+ ID: "def456",
+ Name: "www",
+ Type: "A",
+ Value: "185.125.168.166",
+ TTL: 3600,
+ },
+ {
+ ID: "ghi789",
+ Name: "@",
+ Type: "MX",
+ Value: "mail.example.no",
+ TTL: 3600,
+ },
+ {
+ ID: "jkl012",
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Value: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ },
+ }
+
+ assert.Equal(t, expected, zones)
+}
+
+func TestClient_CreateNewRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/zones/example.com/records",
+ servermock.ResponseFromFixture("create_record.json"),
+ servermock.CheckRequestJSONBodyFromFixture("create_record-request.json")).
+ Build(t)
+
+ record := Record{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Value: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ }
+
+ err := client.CreateNewRecord(mockContext(t), "example.com", record)
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("/dns/zones/123/records/abc123",
+ servermock.ResponseFromFixture("delete_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("name", "_acme-challenge").
+ With("type", "TXT")).
+ Build(t)
+
+ err := client.DeleteRecord(mockContext(t), "123", "abc123", "_acme-challenge", "TXT")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/gigahostno/internal/fixtures/authenticate-request.json b/providers/dns/gigahostno/internal/fixtures/authenticate-request.json
new file mode 100644
index 000000000..c641cd3e5
--- /dev/null
+++ b/providers/dns/gigahostno/internal/fixtures/authenticate-request.json
@@ -0,0 +1,4 @@
+{
+ "username": "user",
+ "password": "secret"
+}
diff --git a/providers/dns/gigahostno/internal/fixtures/authenticate.json b/providers/dns/gigahostno/internal/fixtures/authenticate.json
new file mode 100644
index 000000000..2c43ccbfe
--- /dev/null
+++ b/providers/dns/gigahostno/internal/fixtures/authenticate.json
@@ -0,0 +1,23 @@
+{
+ "meta": {
+ "status": 200,
+ "status_message": "200 OK",
+ "maintenance": false
+ },
+ "data": {
+ "token": "secrettoken",
+ "token_expire": 1577836800,
+ "customer_id": "16030",
+ "contact_id": "15182",
+ "customer_name": "Cloudline AS",
+ "contact_username": "test@example.com",
+ "contact_access_level": "admin",
+ "customer_address": "Grønland 14",
+ "customer_zipcode": "5918",
+ "customer_city": "Frekhaug",
+ "customer_province": "Vestland",
+ "ga_secret": "ga_secret",
+ "ga_enabled": "1",
+ "vat": 1
+ }
+}
diff --git a/providers/dns/gigahostno/internal/fixtures/create_record-request.json b/providers/dns/gigahostno/internal/fixtures/create_record-request.json
new file mode 100644
index 000000000..f8f0b5b11
--- /dev/null
+++ b/providers/dns/gigahostno/internal/fixtures/create_record-request.json
@@ -0,0 +1,6 @@
+{
+ "record_name": "_acme-challenge",
+ "record_type": "TXT",
+ "record_value": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "record_ttl": 120
+}
diff --git a/providers/dns/gigahostno/internal/fixtures/create_record.json b/providers/dns/gigahostno/internal/fixtures/create_record.json
new file mode 100644
index 000000000..9232677d7
--- /dev/null
+++ b/providers/dns/gigahostno/internal/fixtures/create_record.json
@@ -0,0 +1,7 @@
+{
+ "meta": {
+ "status": 201,
+ "status_message": "201 Created",
+ "message": "Record created successfully."
+ }
+}
diff --git a/providers/dns/gigahostno/internal/fixtures/delete_record.json b/providers/dns/gigahostno/internal/fixtures/delete_record.json
new file mode 100644
index 000000000..9d87f2f42
--- /dev/null
+++ b/providers/dns/gigahostno/internal/fixtures/delete_record.json
@@ -0,0 +1,7 @@
+{
+ "meta": {
+ "status": 200,
+ "status_message": "200 OK",
+ "message": "Record deleted successfully."
+ }
+}
diff --git a/providers/dns/gigahostno/internal/fixtures/error.json b/providers/dns/gigahostno/internal/fixtures/error.json
new file mode 100644
index 000000000..f2fcfd437
--- /dev/null
+++ b/providers/dns/gigahostno/internal/fixtures/error.json
@@ -0,0 +1,9 @@
+{
+ "meta": {
+ "status": 401,
+ "status_message": "401 Unauthorized",
+ "maintenance": false,
+ "message": "401 Unauthorized"
+ },
+ "data": []
+}
diff --git a/providers/dns/gigahostno/internal/fixtures/zone_records.json b/providers/dns/gigahostno/internal/fixtures/zone_records.json
new file mode 100644
index 000000000..e67ff83f4
--- /dev/null
+++ b/providers/dns/gigahostno/internal/fixtures/zone_records.json
@@ -0,0 +1,39 @@
+{
+ "meta": {
+ "status": 200,
+ "status_message": "200 OK"
+ },
+ "data": [
+ {
+ "record_id": "abc123",
+ "record_name": "@",
+ "record_type": "A",
+ "record_value": "185.125.168.166",
+ "record_ttl": 3600,
+ "record_priority": null
+ },
+ {
+ "record_id": "def456",
+ "record_name": "www",
+ "record_type": "A",
+ "record_value": "185.125.168.166",
+ "record_ttl": 3600,
+ "record_priority": null
+ },
+ {
+ "record_id": "ghi789",
+ "record_name": "@",
+ "record_type": "MX",
+ "record_value": "mail.example.no",
+ "record_ttl": 3600,
+ "record_priority": 10
+ },
+ {
+ "record_id": "jkl012",
+ "record_name": "_acme-challenge",
+ "record_type": "TXT",
+ "record_value": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "record_ttl": 120
+ }
+ ]
+}
diff --git a/providers/dns/gigahostno/internal/fixtures/zones.json b/providers/dns/gigahostno/internal/fixtures/zones.json
new file mode 100644
index 000000000..d45b0ac49
--- /dev/null
+++ b/providers/dns/gigahostno/internal/fixtures/zones.json
@@ -0,0 +1,97 @@
+{
+ "meta": {
+ "status": 200,
+ "status_message": "200 OK",
+ "maintenance": false,
+ "message": "200 OK"
+ },
+ "data": [
+ {
+ "zone_id": "123",
+ "cust_id": "16030",
+ "order_id": "26117",
+ "zone_name": "example.com",
+ "zone_type": "NATIVE",
+ "zone_active": "1",
+ "zone_protected": "1",
+ "zone_is_registered": "1",
+ "domain_registrar": "norid",
+ "domain_status": "active",
+ "domain_registered_date": "2025-11-23 15:17:38",
+ "domain_expiry_date": "2026-11-23 15:17:38",
+ "domain_updated_date": "2025-11-23 16:17:38",
+ "domain_auto_renew": "1",
+ "domain_epp_id": "LEG2175D-NORID",
+ "domain_registrant_id": "CA19777O",
+ "domain_tech_id": "GH295R",
+ "domain_auth_info": "XXXXXXXXXXXXXXX",
+ "domain_locked": "0",
+ "domain_dnssec": "0",
+ "domain_dnssec_data": null,
+ "domain_protected_email": null,
+ "zone_created": "2025-11-23 16:17:29",
+ "zone_updated": 1700000000,
+ "external_dns": "0",
+ "record_count": 4,
+ "zone_name_display": "example.com"
+ },
+ {
+ "zone_id": "226",
+ "cust_id": "16030",
+ "order_id": "26114",
+ "zone_name": "example.org",
+ "zone_type": "NATIVE",
+ "zone_active": "1",
+ "zone_protected": "1",
+ "zone_is_registered": "1",
+ "domain_registrar": "norid",
+ "domain_status": "active",
+ "domain_registered_date": "2025-11-23 14:15:01",
+ "domain_expiry_date": "2026-11-23 14:15:01",
+ "domain_updated_date": "2025-11-23 15:15:02",
+ "domain_auto_renew": "1",
+ "domain_epp_id": "TEO218D-NORID",
+ "domain_registrant_id": "CA19774O",
+ "domain_tech_id": "GH295R",
+ "domain_auth_info": "XXXXXXXXXXXXXX",
+ "domain_locked": "0",
+ "domain_dnssec": "0",
+ "domain_dnssec_data": null,
+ "domain_protected_email": null,
+ "zone_created": "2025-11-23 15:13:27",
+ "zone_updated": 1700000000,
+ "external_dns": "0",
+ "record_count": 5,
+ "zone_name_display": "example.org"
+ },
+ {
+ "zone_id": "229",
+ "cust_id": "16030",
+ "order_id": "26119",
+ "zone_name": "example.xn--zckzah",
+ "zone_type": "NATIVE",
+ "zone_active": "1",
+ "zone_protected": "1",
+ "zone_is_registered": "1",
+ "domain_registrar": "norid",
+ "domain_status": "active",
+ "domain_registered_date": "2014-12-01 12:40:48",
+ "domain_expiry_date": "2026-12-01 12:40:48",
+ "domain_updated_date": "2025-11-23 15:37:36",
+ "domain_auto_renew": "1",
+ "domain_epp_id": "DIT1003D-NORID",
+ "domain_registrant_id": "DCA822O",
+ "domain_tech_id": "GH295R",
+ "domain_auth_info": "XXXXXXXXXXXXXX",
+ "domain_locked": "0",
+ "domain_dnssec": "0",
+ "domain_dnssec_data": null,
+ "domain_protected_email": null,
+ "zone_created": "2025-11-23 16:37:15",
+ "zone_updated": 1700000000,
+ "external_dns": "0",
+ "record_count": 4,
+ "zone_name_display": "example.\u30C6\u30B9\u30C8"
+ }
+ ]
+}
diff --git a/providers/dns/gigahostno/internal/identity.go b/providers/dns/gigahostno/internal/identity.go
new file mode 100644
index 000000000..262dfabdd
--- /dev/null
+++ b/providers/dns/gigahostno/internal/identity.go
@@ -0,0 +1,122 @@
+package internal
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ "github.com/pquerna/otp/totp"
+)
+
+type token string
+
+const tokenKey token = "token"
+
+type Identifier struct {
+ username string
+ password string
+ Secret string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+func NewIdentifier(username, password, secret string) (*Identifier, error) {
+ if username == "" || password == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Identifier{
+ username: username,
+ password: password,
+ Secret: secret,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Identifier) Authenticate(ctx context.Context) (*Token, error) {
+ endpoint := c.BaseURL.JoinPath("authenticate")
+
+ auth := Auth{Username: c.username, Password: c.password}
+
+ if c.Secret != "" {
+ tan, err := totp.GenerateCode(c.Secret, time.Now())
+ if err != nil {
+ return nil, fmt.Errorf("generate TOTP: %w", err)
+ }
+
+ auth.Code, err = strconv.Atoi(tan)
+ if err != nil {
+ return nil, fmt.Errorf("parse TOTP: %w", err)
+ }
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, auth)
+ if err != nil {
+ return nil, err
+ }
+
+ var result APIResponse[*Token]
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Data, nil
+}
+
+func (c *Identifier) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func WithContext(ctx context.Context, credential string) context.Context {
+ return context.WithValue(ctx, tokenKey, credential)
+}
+
+func getToken(ctx context.Context) string {
+ credential, ok := ctx.Value(tokenKey).(string)
+ if !ok {
+ return ""
+ }
+
+ return credential
+}
diff --git a/providers/dns/gigahostno/internal/identity_test.go b/providers/dns/gigahostno/internal/identity_test.go
new file mode 100644
index 000000000..09d72746a
--- /dev/null
+++ b/providers/dns/gigahostno/internal/identity_test.go
@@ -0,0 +1,108 @@
+package internal
+
+import (
+ "context"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func setupIdentifierClient(server *httptest.Server) (*Identifier, error) {
+ client, err := NewIdentifier("user", "secret", "")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+}
+
+func mockContext(t *testing.T) context.Context {
+ t.Helper()
+
+ return context.WithValue(t.Context(), tokenKey, "secret")
+}
+
+func TestIdentifier_Authenticate(t *testing.T) {
+ identifier := servermock.NewBuilder[*Identifier](setupIdentifierClient).
+ Route("POST /authenticate",
+ servermock.ResponseFromFixture("authenticate.json"),
+ servermock.CheckRequestJSONBodyFromFixture("authenticate-request.json")).
+ Build(t)
+
+ token, err := identifier.Authenticate(context.Background())
+ require.NoError(t, err)
+
+ expected := &Token{
+ Token: "secrettoken",
+ TokenExpire: 1577836800,
+ CustomerID: "16030",
+ ContactID: "15182",
+ CustomerName: "Cloudline AS",
+ ContactUsername: "test@example.com",
+ ContactAccessLevel: "admin",
+ CustomerAddress: "Grønland 14",
+ CustomerZipcode: "5918",
+ CustomerCity: "Frekhaug",
+ CustomerProvince: "Vestland",
+ GASecret: "ga_secret",
+ GAEnabled: "1",
+ VAT: 1,
+ }
+
+ assert.Equal(t, expected, token)
+}
+
+func TestToken_IsExpired(t *testing.T) {
+ testCases := []struct {
+ desc string
+ token *Token
+ assert assert.BoolAssertionFunc
+ }{
+ {
+ desc: "nil",
+ assert: assert.True,
+ },
+ {
+ desc: "empty",
+ token: &Token{},
+ assert: assert.True,
+ },
+ {
+ desc: "not expired",
+ token: &Token{
+ TokenExpire: 65322892800, // 2040-01-01
+ },
+ assert: assert.False,
+ },
+ {
+ desc: "now",
+ token: &Token{
+ TokenExpire: time.Now().Unix(),
+ },
+ assert: assert.True,
+ },
+ {
+ desc: "now + 2 minutes",
+ token: &Token{
+ TokenExpire: time.Now().Add(2 * time.Minute).Unix(),
+ },
+ assert: assert.False,
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ test.assert(t, test.token.IsExpired())
+ })
+ }
+}
diff --git a/providers/dns/gigahostno/internal/types.go b/providers/dns/gigahostno/internal/types.go
new file mode 100644
index 000000000..e998dc084
--- /dev/null
+++ b/providers/dns/gigahostno/internal/types.go
@@ -0,0 +1,73 @@
+package internal
+
+import (
+ "fmt"
+ "time"
+)
+
+type APIError struct {
+ Meta MetaData `json:"meta"`
+}
+
+func (a *APIError) Error() string {
+ return fmt.Sprintf("%d: %s: %s", a.Meta.Status, a.Meta.StatusMessage, a.Meta.Message)
+}
+
+type MetaData struct {
+ Status int `json:"status,omitempty"`
+ StatusMessage string `json:"status_message,omitempty"`
+ Maintenance bool `json:"maintenance"`
+ Message string `json:"message,omitempty"`
+}
+
+type APIResponse[T any] struct {
+ Meta MetaData `json:"meta"`
+ Data T `json:"data,omitempty"`
+}
+
+type Zone struct {
+ ID string `json:"zone_id,omitempty"`
+ Name string `json:"zone_name,omitempty"`
+ NameDisplay string `json:"zone_name_display,omitempty"`
+ Type string `json:"zone_type,omitempty"`
+ Active string `json:"zone_active,omitempty"`
+}
+
+type Record struct {
+ ID string `json:"record_id,omitempty"`
+ Name string `json:"record_name,omitempty"`
+ Type string `json:"record_type,omitempty"`
+ Value string `json:"record_value,omitempty"`
+ TTL int `json:"record_ttl,omitempty"`
+}
+
+type Auth struct {
+ Username string `json:"username"`
+ Password string `json:"password"`
+ Code int `json:"code,omitempty"`
+}
+
+type Token struct {
+ Token string `json:"token,omitempty"`
+ TokenExpire int64 `json:"token_expire,omitempty"`
+ CustomerID string `json:"customer_id,omitempty"`
+ ContactID string `json:"contact_id,omitempty"`
+ CustomerName string `json:"customer_name,omitempty"`
+ ContactUsername string `json:"contact_username,omitempty"`
+ ContactAccessLevel string `json:"contact_access_level,omitempty"`
+ CustomerAddress string `json:"customer_address,omitempty"`
+ CustomerZipcode string `json:"customer_zipcode,omitempty"`
+ CustomerCity string `json:"customer_city,omitempty"`
+ CustomerProvince string `json:"customer_province,omitempty"`
+ GASecret string `json:"ga_secret,omitempty"`
+ GAEnabled string `json:"ga_enabled,omitempty"`
+ VAT int `json:"vat,omitempty"`
+}
+
+func (t *Token) IsExpired() bool {
+ if t == nil {
+ return true
+ }
+
+ return time.Now().UTC().Add(1 * time.Minute).After(time.Unix(t.TokenExpire, 0).UTC())
+}
diff --git a/providers/dns/glesys/glesys.go b/providers/dns/glesys/glesys.go
index 4b0d545ed..729756235 100644
--- a/providers/dns/glesys/glesys.go
+++ b/providers/dns/glesys/glesys.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/glesys/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -99,6 +100,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -133,6 +136,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// save data necessary for CleanUp
d.activeRecords[info.EffectiveFQDN] = recordID
+
return nil
}
@@ -143,6 +147,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// acquire lock and retrieve authZone
d.inProgressMu.Lock()
defer d.inProgressMu.Unlock()
+
if _, ok := d.activeRecords[info.EffectiveFQDN]; !ok {
// if there is no cleanup information then just return
return nil
diff --git a/providers/dns/glesys/glesys.toml b/providers/dns/glesys/glesys.toml
index 1bdd43c2b..c0e2613b8 100644
--- a/providers/dns/glesys/glesys.toml
+++ b/providers/dns/glesys/glesys.toml
@@ -7,7 +7,7 @@ Since = "v0.5.0"
Example = '''
GLESYS_API_USER=xxxxx \
GLESYS_API_KEY=yyyyy \
-lego --email you@example.com --dns glesys -d '*.example.com' -d example.com run
+lego --dns glesys -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/glesys/glesys_test.go b/providers/dns/glesys/glesys_test.go
index d5fdf36da..f2d65e514 100644
--- a/providers/dns/glesys/glesys_test.go
+++ b/providers/dns/glesys/glesys_test.go
@@ -56,6 +56,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -130,6 +131,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -143,6 +145,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/glesys/internal/client.go b/providers/dns/glesys/internal/client.go
index 20bc363ba..ee6ebc058 100644
--- a/providers/dns/glesys/internal/client.go
+++ b/providers/dns/glesys/internal/client.go
@@ -102,6 +102,7 @@ func (c *Client) do(req *http.Request) (*apiResponse, error) {
}
var response apiResponse
+
err = json.Unmarshal(raw, &response)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/godaddy/godaddy.go b/providers/dns/godaddy/godaddy.go
index 38e470509..1603bb57e 100644
--- a/providers/dns/godaddy/godaddy.go
+++ b/providers/dns/godaddy/godaddy.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/godaddy/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -95,6 +96,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
@@ -128,6 +131,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
}
var newRecords []internal.DNSRecord
+
for _, record := range existingRecords {
if record.Data != "" {
newRecords = append(newRecords, record)
@@ -174,6 +178,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var recordsToKeep []internal.DNSRecord
+
for _, record := range existingRecords {
if record.Data != info.Value && record.Data != "" {
recordsToKeep = append(recordsToKeep, record)
diff --git a/providers/dns/godaddy/godaddy.toml b/providers/dns/godaddy/godaddy.toml
index acf0bf404..b906605b3 100644
--- a/providers/dns/godaddy/godaddy.toml
+++ b/providers/dns/godaddy/godaddy.toml
@@ -7,7 +7,7 @@ Since = "v0.5.0"
Example = '''
GODADDY_API_KEY=xxxxxxxx \
GODADDY_API_SECRET=yyyyyyyy \
-lego --email you@example.com --dns godaddy -d '*.example.com' -d example.com run
+lego --dns godaddy -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/godaddy/godaddy_test.go b/providers/dns/godaddy/godaddy_test.go
index 4cb5f2721..38b39672e 100644
--- a/providers/dns/godaddy/godaddy_test.go
+++ b/providers/dns/godaddy/godaddy_test.go
@@ -56,6 +56,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -126,6 +127,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -139,6 +141,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/godaddy/internal/client.go b/providers/dns/godaddy/internal/client.go
index bf30d437f..9dd337ddc 100644
--- a/providers/dns/godaddy/internal/client.go
+++ b/providers/dns/godaddy/internal/client.go
@@ -48,6 +48,7 @@ func (c *Client) GetRecords(ctx context.Context, domainZone, rType, recordName s
}
var records []DNSRecord
+
err = c.do(req, &records)
if err != nil {
return nil, err
@@ -141,6 +142,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/godaddy/internal/types.go b/providers/dns/godaddy/internal/types.go
index a97a97896..3bd5c9560 100644
--- a/providers/dns/godaddy/internal/types.go
+++ b/providers/dns/godaddy/internal/types.go
@@ -1,6 +1,9 @@
package internal
-import "fmt"
+import (
+ "fmt"
+ "strings"
+)
// DNSRecord a DNS record.
type DNSRecord struct {
@@ -23,13 +26,16 @@ type APIError struct {
}
func (a APIError) Error() string {
- msg := fmt.Sprintf("%s: %s", a.Code, a.Message)
+ msg := new(strings.Builder)
+
+ _, _ = fmt.Fprintf(msg, "%s: %s", a.Code, a.Message)
for _, field := range a.Fields {
- msg += " " + field.String()
+ msg.WriteString(" ")
+ msg.WriteString(field.String())
}
- return msg
+ return msg.String()
}
type Field struct {
diff --git a/providers/dns/googledomains/googledomains.toml b/providers/dns/googledomains/googledomains.toml
index 1ac7e5e54..52330795d 100644
--- a/providers/dns/googledomains/googledomains.toml
+++ b/providers/dns/googledomains/googledomains.toml
@@ -8,7 +8,7 @@ Since = "v4.11.0"
Example = '''
GOOGLE_DOMAINS_ACCESS_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns googledomains -d '*.example.com' -d example.com run
+lego --dns googledomains -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/gravity/gravity.go b/providers/dns/gravity/gravity.go
new file mode 100644
index 000000000..b0bbb2fcb
--- /dev/null
+++ b/providers/dns/gravity/gravity.go
@@ -0,0 +1,209 @@
+// Package gravity implements a DNS provider for solving the DNS-01 challenge using Gravity.
+package gravity
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/gravity/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/google/uuid"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "GRAVITY_"
+
+ EnvUsername = envNamespace + "USERNAME"
+ EnvPassword = envNamespace + "PASSWORD"
+ EnvServerURL = envNamespace + "SERVER_URL"
+
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+ EnvSequenceInterval = envNamespace + "SEQUENCE_INTERVAL"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Username string
+ Password string
+ ServerURL string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ SequenceInterval time.Duration
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ SequenceInterval: env.GetOrDefaultSecond(EnvSequenceInterval, 1*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ records map[string]internal.Record
+ recordsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Gravity.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvUsername, EnvPassword, EnvServerURL)
+ if err != nil {
+ return nil, fmt.Errorf("gravity: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.Username = values[EnvUsername]
+ config.Password = values[EnvPassword]
+ config.ServerURL = values[EnvServerURL]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Gravity.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("gravity: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.ServerURL, config.Username, config.Password)
+ if err != nil {
+ return nil, fmt.Errorf("gravity: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ records: make(map[string]internal.Record),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ _, err := d.client.Login(ctx)
+ if err != nil {
+ return fmt.Errorf("gravity: login: %w", err)
+ }
+
+ zone, err := d.findZone(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("gravity: %w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
+ if err != nil {
+ return fmt.Errorf("gravity: %w", err)
+ }
+
+ id := uuid.New()
+
+ record := internal.Record{
+ Data: info.Value,
+ Hostname: subDomain,
+ Type: "TXT",
+ UID: id.String(),
+ }
+
+ err = d.client.CreateDNSRecord(ctx, zone, record)
+ if err != nil {
+ return fmt.Errorf("gravity: create DNS record: %w", err)
+ }
+
+ d.recordsMu.Lock()
+
+ record.Fqdn = zone
+ d.records[token] = record
+ d.recordsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.recordsMu.Lock()
+ record, ok := d.records[token]
+ d.recordsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("gravity: unknown record for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ err := d.client.DeleteDNSRecord(context.Background(), record.Fqdn, record)
+ if err != nil {
+ return fmt.Errorf("gravity: delete record: %w", err)
+ }
+
+ d.recordsMu.Lock()
+ delete(d.records, token)
+ d.recordsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Sequential implements the [dns01.sequential] interface.
+// It changes the behavior of the provider to resolve DNS challenges sequentially.
+// Returns the interval between each iteration.
+//
+// Gravity supports adding multiple records for the same domain, but the DNS server doesn't work as expected:
+// if you call the DNS server, it will answer only the latest record instead of all of them.
+func (d *DNSProvider) Sequential() time.Duration {
+ return d.config.SequenceInterval
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, effectiveFQDN string) (string, error) {
+ var zone string
+
+ for fqdn := range dns01.DomainsSeq(effectiveFQDN) {
+ zones, err := d.client.GetDNSZones(ctx, fqdn)
+ if err != nil {
+ return "", fmt.Errorf("get DNS zones: %w", err)
+ }
+
+ if len(zones) != 0 {
+ zone = zones[0].Name
+ break
+ }
+ }
+
+ if zone == "" {
+ return "", fmt.Errorf("could not find zone for %q", effectiveFQDN)
+ }
+
+ return zone, nil
+}
diff --git a/providers/dns/gravity/gravity.toml b/providers/dns/gravity/gravity.toml
new file mode 100644
index 000000000..87a303839
--- /dev/null
+++ b/providers/dns/gravity/gravity.toml
@@ -0,0 +1,26 @@
+Name = "Gravity"
+Description = ''''''
+URL = "https://gravity.beryju.io/"
+Code = "gravity"
+Since = "v4.30.0"
+
+Example = '''
+GRAVITY_SERVER_URL="https://example.org:1234" \
+GRAVITY_USERNAME="xxxxxxxxxxxxxxxxxxxxx" \
+GRAVITY_PASSWORD="yyyyyyyyyyyyyyyyyyyyy" \
+lego --dns gravity -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ GRAVITY_SERVER_URL = "URL of the server"
+ GRAVITY_USERNAME = "Username"
+ GRAVITY_PASSWORD = "Password"
+ [Configuration.Additional]
+ GRAVITY_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ GRAVITY_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ GRAVITY_SEQUENCE_INTERVAL = "Time between sequential requests in seconds (Default: 1)"
+ GRAVITY_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://gravity.beryju.io/docs/api/reference/"
diff --git a/providers/dns/gravity/gravity_test.go b/providers/dns/gravity/gravity_test.go
new file mode 100644
index 000000000..b59b856fe
--- /dev/null
+++ b/providers/dns/gravity/gravity_test.go
@@ -0,0 +1,254 @@
+package gravity
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/go-acme/lego/v4/providers/dns/gravity/internal"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvUsername,
+ EnvPassword,
+ EnvServerURL,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvUsername: "user",
+ EnvPassword: "secret",
+ EnvServerURL: "https://example.org:1234",
+ },
+ },
+ {
+ desc: "missing EnvUsername",
+ envVars: map[string]string{
+ EnvUsername: "",
+ EnvPassword: "secret",
+ EnvServerURL: "https://example.org:1234",
+ },
+ expected: "gravity: some credentials information are missing: GRAVITY_USERNAME",
+ },
+ {
+ desc: "missing EnvPassword",
+ envVars: map[string]string{
+ EnvUsername: "user",
+ EnvPassword: "",
+ EnvServerURL: "https://example.org:1234",
+ },
+ expected: "gravity: some credentials information are missing: GRAVITY_PASSWORD",
+ },
+ {
+ desc: "missing EnvServerURL",
+ envVars: map[string]string{
+ EnvUsername: "user",
+ EnvPassword: "secret",
+ EnvServerURL: "",
+ },
+ expected: "gravity: some credentials information are missing: GRAVITY_SERVER_URL",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "gravity: some credentials information are missing: GRAVITY_USERNAME,GRAVITY_PASSWORD,GRAVITY_SERVER_URL",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ username string
+ password string
+ serverURL string
+ expected string
+ }{
+ {
+ desc: "success",
+ username: "user",
+ password: "secret",
+ serverURL: "https://example.org:1234",
+ },
+ {
+ desc: "missing username",
+ username: "",
+ password: "secret",
+ serverURL: "https://example.org:1234",
+ expected: "gravity: credentials missing",
+ },
+ {
+ desc: "missing password",
+ username: "user",
+ password: "",
+ serverURL: "https://example.org:1234",
+ expected: "gravity: credentials missing",
+ },
+ {
+ desc: "missing server URL",
+ username: "user",
+ password: "secret",
+ serverURL: "",
+ expected: "gravity: server URL missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "gravity: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.Username = test.username
+ config.Password = test.password
+ config.ServerURL = test.serverURL
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+
+ config.Username = "user"
+ config.Password = "secret"
+ config.ServerURL = server.URL
+
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /api/v1/auth/login",
+ servermock.ResponseFromInternal("login.json"),
+ servermock.CheckRequestJSONBodyFromInternal("login-request.json")).
+ Route("GET /api/v1/dns/",
+ http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+ if req.URL.Query().Get("name") != "example.com." {
+ servermock.ResponseFromInternal("zones.json").ServeHTTP(rw, req)
+ return
+ }
+
+ servermock.ResponseFromInternal("zones_empty.json").ServeHTTP(rw, req)
+ }),
+ ).
+ Route("POST /api/v1/dns/zones/records",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ servermock.CheckQueryParameter().Strict().
+ With("zone", "example.com.").
+ WithRegexp("uid", `\w{8}-\w{4}-\w{4}-\w{4}-\w{12}`).
+ With("hostname", "_acme-challenge")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /api/v1/dns/zones/records",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ servermock.CheckQueryParameter().Strict().
+ With("zone", "example.com.").
+ With("uid", "123").
+ With("type", "TXT").
+ With("hostname", "_acme-challenge")).
+ Build(t)
+
+ provider.records["abc"] = internal.Record{
+ Fqdn: "example.com.",
+ Hostname: "_acme-challenge",
+ Type: "TXT",
+ UID: "123",
+ }
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/gravity/internal/client.go b/providers/dns/gravity/internal/client.go
new file mode 100644
index 000000000..41c6294c3
--- /dev/null
+++ b/providers/dns/gravity/internal/client.go
@@ -0,0 +1,234 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/http/cookiejar"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ "golang.org/x/net/publicsuffix"
+)
+
+// Client the Gravity API client.
+type Client struct {
+ username string
+ password string
+
+ baseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(serverURL, username, password string) (*Client, error) {
+ if username == "" || password == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ if serverURL == "" {
+ return nil, errors.New("server URL missing")
+ }
+
+ baseURL, err := url.Parse(serverURL)
+ if err != nil {
+ return nil, err
+ }
+
+ return &Client{
+ username: username,
+ password: password,
+ baseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) Login(ctx context.Context) (*Auth, error) {
+ jar, err := cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List})
+ if err != nil {
+ return nil, err
+ }
+
+ c.HTTPClient.Jar = jar
+
+ login := Login{
+ Username: c.username,
+ Password: c.password,
+ }
+
+ endpoint := c.baseURL.JoinPath("api", "v1", "auth", "login")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, login)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &Auth{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+func (c *Client) Me(ctx context.Context) (*UserInfo, error) {
+ endpoint := c.baseURL.JoinPath("api", "v1", "auth", "me")
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &UserInfo{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, err
+}
+
+func (c *Client) GetDNSZones(ctx context.Context, name string) ([]Zone, error) {
+ endpoint := c.baseURL.JoinPath("api", "v1", "dns", "zones")
+
+ if name != "" {
+ query := endpoint.Query()
+ query.Set("name", name)
+ endpoint.RawQuery = query.Encode()
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ result := Zones{}
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Zones, nil
+}
+
+func (c *Client) CreateDNSRecord(ctx context.Context, zone string, record Record) error {
+ endpoint := c.baseURL.JoinPath("api", "v1", "dns", "zones", "records")
+
+ query := endpoint.Query()
+
+ query.Set("zone", zone)
+ query.Set("hostname", record.Hostname)
+
+ // When the UID is the same as an existing one, the record is updated, else a new record is created.
+ // An explicit UID is not required to create a record.
+ if record.UID != "" {
+ query.Set("uid", record.UID)
+ }
+
+ endpoint.RawQuery = query.Encode()
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, record)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) DeleteDNSRecord(ctx context.Context, zone string, record Record) error {
+ endpoint := c.baseURL.JoinPath("api", "v1", "dns", "zones", "records")
+
+ query := endpoint.Query()
+
+ query.Set("zone", zone)
+ query.Set("hostname", record.Hostname)
+ query.Set("uid", record.UID)
+ query.Set("type", record.Type)
+
+ endpoint.RawQuery = query.Encode()
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/gravity/internal/client_test.go b/providers/dns/gravity/internal/client_test.go
new file mode 100644
index 000000000..98b17c59e
--- /dev/null
+++ b/providers/dns/gravity/internal/client_test.go
@@ -0,0 +1,160 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL, "user", "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestClient_Login(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /api/v1/auth/login",
+ http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+ http.SetCookie(rw, &http.Cookie{
+ Name: "gravity_session",
+ Value: "session_id",
+ Path: "/",
+ })
+
+ servermock.ResponseFromFixture("login.json").ServeHTTP(rw, req)
+ }),
+ servermock.CheckRequestJSONBodyFromFixture("login-request.json")).
+ Build(t)
+
+ auth, err := client.Login(t.Context())
+ require.NoError(t, err)
+
+ cookies := client.HTTPClient.Jar.Cookies(client.baseURL)
+
+ require.Len(t, cookies, 1)
+
+ assert.Equal(t, "gravity_session", cookies[0].Name)
+ assert.Equal(t, "session_id", cookies[0].Value)
+
+ expected := &Auth{Successful: true}
+
+ assert.Equal(t, expected, auth)
+}
+
+func TestClient_Login_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /api/v1/auth/login",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ _, err := client.Login(t.Context())
+ require.EqualError(t, err, "status: UNAUTHENTICATED, error: unauthenticated, additionalProp1: string")
+}
+
+func TestClient_Me(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/v1/auth/me",
+ servermock.ResponseFromFixture("me.json")).
+ Build(t)
+
+ info, err := client.Me(t.Context())
+ require.NoError(t, err)
+
+ expected := &UserInfo{
+ Username: "admin",
+ Authenticated: true,
+ Permissions: []Permission{{
+ Methods: []string{"GET", "POST", "PUT", "HEAD", "DELETE"},
+ Path: "/*",
+ }},
+ }
+
+ assert.Equal(t, expected, info)
+}
+
+func TestClient_GetDNSZones(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/v1/dns/",
+ servermock.ResponseFromFixture("zones.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("name", "example.com.")).
+ Build(t)
+
+ zones, err := client.GetDNSZones(t.Context(), "example.com.")
+ require.NoError(t, err)
+
+ expected := []Zone{{
+ Name: "example.com.",
+ HandlerConfigs: []HandlerConfig{
+ {Type: "memory"},
+ {Type: "etcd"},
+ },
+ DefaultTTL: 86400,
+ RecordCount: 1,
+ }}
+
+ assert.Equal(t, expected, zones)
+}
+
+func TestClient_CreateDNSRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /api/v1/dns/zones/records",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ servermock.CheckRequestJSONBodyFromFixture("create_record-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("zone", "example.com.").
+ With("uid", "123").
+ With("hostname", "_acme-challenge")).
+ Build(t)
+
+ record := Record{
+ Data: "txtTXTtxt",
+ Hostname: "_acme-challenge",
+ Type: "TXT",
+ UID: "123",
+ }
+
+ err := client.CreateDNSRecord(t.Context(), "example.com.", record)
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteDNSRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /api/v1/dns/zones/records",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ servermock.CheckQueryParameter().Strict().
+ With("zone", "example.com.").
+ With("uid", "123").
+ With("type", "TXT").
+ With("hostname", "_acme-challenge")).
+ Build(t)
+
+ record := Record{
+ Data: "txtTXTtxt",
+ Hostname: "_acme-challenge",
+ Type: "TXT",
+ UID: "123",
+ }
+
+ err := client.DeleteDNSRecord(t.Context(), "example.com.", record)
+ require.NoError(t, err)
+}
diff --git a/providers/dns/gravity/internal/fixtures/create_record-request.json b/providers/dns/gravity/internal/fixtures/create_record-request.json
new file mode 100644
index 000000000..d671d1342
--- /dev/null
+++ b/providers/dns/gravity/internal/fixtures/create_record-request.json
@@ -0,0 +1,6 @@
+{
+ "data": "txtTXTtxt",
+ "hostname": "_acme-challenge",
+ "type": "TXT",
+ "uid": "123"
+}
diff --git a/providers/dns/gravity/internal/fixtures/error.json b/providers/dns/gravity/internal/fixtures/error.json
new file mode 100644
index 000000000..38b78fcca
--- /dev/null
+++ b/providers/dns/gravity/internal/fixtures/error.json
@@ -0,0 +1,8 @@
+{
+ "code": 0,
+ "context": {
+ "additionalProp1": "string"
+ },
+ "error": "unauthenticated",
+ "status": "UNAUTHENTICATED"
+}
diff --git a/providers/dns/gravity/internal/fixtures/login-request.json b/providers/dns/gravity/internal/fixtures/login-request.json
new file mode 100644
index 000000000..c641cd3e5
--- /dev/null
+++ b/providers/dns/gravity/internal/fixtures/login-request.json
@@ -0,0 +1,4 @@
+{
+ "username": "user",
+ "password": "secret"
+}
diff --git a/providers/dns/gravity/internal/fixtures/login.json b/providers/dns/gravity/internal/fixtures/login.json
new file mode 100644
index 000000000..b9ae7145f
--- /dev/null
+++ b/providers/dns/gravity/internal/fixtures/login.json
@@ -0,0 +1,3 @@
+{
+ "successful": true
+}
diff --git a/providers/dns/gravity/internal/fixtures/me.json b/providers/dns/gravity/internal/fixtures/me.json
new file mode 100644
index 000000000..881a2ca5f
--- /dev/null
+++ b/providers/dns/gravity/internal/fixtures/me.json
@@ -0,0 +1,16 @@
+{
+ "username": "admin",
+ "authenticated": true,
+ "permissions": [
+ {
+ "path": "/*",
+ "methods": [
+ "GET",
+ "POST",
+ "PUT",
+ "HEAD",
+ "DELETE"
+ ]
+ }
+ ]
+}
diff --git a/providers/dns/gravity/internal/fixtures/me_unauthenticated.json b/providers/dns/gravity/internal/fixtures/me_unauthenticated.json
new file mode 100644
index 000000000..67698b8e2
--- /dev/null
+++ b/providers/dns/gravity/internal/fixtures/me_unauthenticated.json
@@ -0,0 +1,5 @@
+{
+ "username": "",
+ "authenticated": false,
+ "permissions": null
+}
diff --git a/providers/dns/gravity/internal/fixtures/zones.json b/providers/dns/gravity/internal/fixtures/zones.json
new file mode 100644
index 000000000..53a8df6c1
--- /dev/null
+++ b/providers/dns/gravity/internal/fixtures/zones.json
@@ -0,0 +1,19 @@
+{
+ "zones": [
+ {
+ "name": "example.com.",
+ "handlerConfigs": [
+ {
+ "type": "memory"
+ },
+ {
+ "type": "etcd"
+ }
+ ],
+ "defaultTTL": 86400,
+ "authoritative": false,
+ "hook": "",
+ "recordCount": 1
+ }
+ ]
+}
diff --git a/providers/dns/gravity/internal/fixtures/zones_empty.json b/providers/dns/gravity/internal/fixtures/zones_empty.json
new file mode 100644
index 000000000..d8b70b45e
--- /dev/null
+++ b/providers/dns/gravity/internal/fixtures/zones_empty.json
@@ -0,0 +1,3 @@
+{
+ "zones": null
+}
diff --git a/providers/dns/gravity/internal/types.go b/providers/dns/gravity/internal/types.go
new file mode 100644
index 000000000..872bc070f
--- /dev/null
+++ b/providers/dns/gravity/internal/types.go
@@ -0,0 +1,82 @@
+package internal
+
+import (
+ "fmt"
+ "strings"
+)
+
+type APIError struct {
+ Status string `json:"status"`
+ ErrorMsg string `json:"error"`
+ Code int `json:"code"`
+ Context map[string]string `json:"context"`
+}
+
+func (a *APIError) Error() string {
+ msg := new(strings.Builder)
+
+ _, _ = fmt.Fprintf(msg, "status: %s, error: %s", a.Status, a.ErrorMsg)
+
+ if a.Code != 0 {
+ _, _ = fmt.Fprintf(msg, ", code: %d", a.Code)
+ }
+
+ if len(a.Context) != 0 {
+ for k, v := range a.Context {
+ _, _ = fmt.Fprintf(msg, ", %s: %s", k, v)
+ }
+ }
+
+ return msg.String()
+}
+
+type Login struct {
+ Username string `json:"username"`
+ Password string `json:"password"`
+}
+
+type Auth struct {
+ Successful bool `json:"successful"`
+}
+
+type UserInfo struct {
+ Username string `json:"username"`
+ Authenticated bool `json:"authenticated"`
+ Permissions []Permission `json:"permissions"`
+}
+
+type Permission struct {
+ Methods []string `json:"methods"`
+ Path string `json:"path"`
+}
+
+type Zones struct {
+ Zones []Zone `json:"zones"`
+}
+
+type Zone struct {
+ Name string `json:"name"`
+ HandlerConfigs []HandlerConfig `json:"handlerConfigs"`
+ DefaultTTL int `json:"defaultTTL"`
+ Authoritative bool `json:"authoritative"`
+ Hook string `json:"hook"`
+ RecordCount int `json:"recordCount"`
+}
+
+type HandlerConfig struct {
+ Type string `json:"type"`
+ CacheTTL int `json:"cache_ttl,omitempty"`
+ To []string `json:"to,omitempty"`
+}
+
+type Record struct {
+ Data string `json:"data,omitempty"`
+ Fqdn string `json:"fqdn,omitempty"`
+ Hostname string `json:"hostname,omitempty"`
+ MxPreference int `json:"mxPreference,omitempty"`
+ SrvPort int `json:"srvPort,omitempty"`
+ SrvPriority int `json:"srvPriority,omitempty"`
+ SrvWeight int `json:"srvWeight,omitempty"`
+ Type string `json:"type,omitempty"`
+ UID string `json:"uid,omitempty"`
+}
diff --git a/providers/dns/hetzner/hetzner.go b/providers/dns/hetzner/hetzner.go
index 4dcd8e071..bae985b3e 100644
--- a/providers/dns/hetzner/hetzner.go
+++ b/providers/dns/hetzner/hetzner.go
@@ -2,28 +2,28 @@
package hetzner
import (
- "context"
"errors"
- "fmt"
"net/http"
"time"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
- "github.com/go-acme/lego/v4/providers/dns/hetzner/internal"
+ "github.com/go-acme/lego/v4/providers/dns/hetzner/internal/hetznerv1"
+ "github.com/go-acme/lego/v4/providers/dns/hetzner/internal/legacy"
)
// Environment variables names.
const (
- envNamespace = "HETZNER_"
+ // Deprecated: use EnvAPIToken instead.
+ EnvAPIKey = legacy.EnvAPIKey
+ EnvAPIToken = hetznerv1.EnvAPIToken
- EnvAPIKey = envNamespace + "API_KEY"
-
- EnvTTL = envNamespace + "TTL"
- EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
- EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
- EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+ EnvTTL = hetznerv1.EnvTTL
+ EnvPropagationTimeout = hetznerv1.EnvPropagationTimeout
+ EnvPollingInterval = hetznerv1.EnvPollingInterval
+ EnvHTTPTimeout = hetznerv1.EnvHTTPTimeout
)
const minTTL = 60
@@ -32,7 +32,11 @@ var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- APIKey string
+ // Deprecated: use APIToken instead
+ APIKey string
+
+ APIToken string
+
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
@@ -53,22 +57,41 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *internal.Client
+ provider challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for hetzner.
-// Credentials must be passed in the environment variable: HETZNER_API_KEY.
func NewDNSProvider() (*DNSProvider, error) {
- values, err := env.Get(EnvAPIKey)
- if err != nil {
- return nil, fmt.Errorf("hetzner: %w", err)
+ foundAPIToken := env.GetOrFile(EnvAPIToken) != ""
+ foundAPIKey := env.GetOrFile(EnvAPIKey) != ""
+
+ switch {
+ case foundAPIToken:
+ provider, err := hetznerv1.NewDNSProvider()
+ if err != nil {
+ return nil, err
+ }
+
+ return &DNSProvider{provider: provider}, nil
+
+ case foundAPIKey:
+ log.Warnf("APIKey (legacy Hetzner DNS API) is deprecated, please use APIToken (Hetzner Cloud API) instead.")
+
+ provider, err := legacy.NewDNSProvider()
+ if err != nil {
+ return nil, err
+ }
+
+ return &DNSProvider{provider: provider}, nil
+
+ default:
+ provider, err := hetznerv1.NewDNSProvider()
+ if err != nil {
+ return nil, err
+ }
+
+ return &DNSProvider{provider: provider}, nil
}
-
- config := NewDefaultConfig()
- config.APIKey = values[EnvAPIKey]
-
- return NewDNSProviderConfig(config)
}
// NewDNSProviderConfig return a DNSProvider instance configured for hetzner.
@@ -77,98 +100,57 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("hetzner: the configuration of the DNS provider is nil")
}
- if config.APIKey == "" {
- return nil, errors.New("hetzner: credentials missing")
+ switch {
+ case config.APIToken != "":
+ cfg := &hetznerv1.Config{
+ APIToken: config.APIToken,
+ PropagationTimeout: config.PropagationTimeout,
+ PollingInterval: config.PollingInterval,
+ TTL: config.TTL,
+ HTTPClient: config.HTTPClient,
+ }
+
+ provider, err := hetznerv1.NewDNSProviderConfig(cfg)
+ if err != nil {
+ return nil, err
+ }
+
+ return &DNSProvider{provider: provider}, nil
+
+ case config.APIKey != "":
+ log.Warnf("%s (legacy Hetzner DNS API) is deprecated, please use %s (Hetzner Cloud API) instead.", EnvAPIKey, EnvAPIToken)
+
+ cfg := &legacy.Config{
+ APIKey: config.APIKey,
+ PropagationTimeout: config.PropagationTimeout,
+ PollingInterval: config.PollingInterval,
+ TTL: config.TTL,
+ HTTPClient: config.HTTPClient,
+ }
+
+ provider, err := legacy.NewDNSProviderConfig(cfg)
+ if err != nil {
+ return nil, err
+ }
+
+ return &DNSProvider{provider: provider}, nil
}
- if config.TTL < minTTL {
- return nil, fmt.Errorf("hetzner: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
- }
-
- client := internal.NewClient(config.APIKey)
-
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- return &DNSProvider{config: config, client: client}, nil
+ return nil, errors.New("hetzner: credentials missing")
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
+ return d.provider.Timeout()
}
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
- if err != nil {
- return fmt.Errorf("hetzner: could not find zone for domain %q: %w", domain, err)
- }
-
- zone := dns01.UnFqdn(authZone)
-
- ctx := context.Background()
-
- zoneID, err := d.client.GetZoneID(ctx, zone)
- if err != nil {
- return fmt.Errorf("hetzner: %w", err)
- }
-
- subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
- if err != nil {
- return fmt.Errorf("hetzner: %w", err)
- }
-
- record := internal.DNSRecord{
- Type: "TXT",
- Name: subDomain,
- Value: info.Value,
- TTL: d.config.TTL,
- ZoneID: zoneID,
- }
-
- if err := d.client.CreateRecord(ctx, record); err != nil {
- return fmt.Errorf("hetzner: failed to add TXT record: fqdn=%s, zoneID=%s: %w", info.EffectiveFQDN, zoneID, err)
- }
-
- return nil
+ return d.provider.Present(domain, token, keyAuth)
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
- if err != nil {
- return fmt.Errorf("hetzner: could not find zone for domain %q: %w", domain, err)
- }
-
- zone := dns01.UnFqdn(authZone)
-
- ctx := context.Background()
-
- zoneID, err := d.client.GetZoneID(ctx, zone)
- if err != nil {
- return fmt.Errorf("hetzner: %w", err)
- }
-
- subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
- if err != nil {
- return fmt.Errorf("hetzner: %w", err)
- }
-
- record, err := d.client.GetTxtRecord(ctx, subDomain, info.Value, zoneID)
- if err != nil {
- return fmt.Errorf("hetzner: %w", err)
- }
-
- if err := d.client.DeleteRecord(ctx, record.ID); err != nil {
- return fmt.Errorf("hetzner: failed to delete TXT record: id=%s, name=%s: %w", record.ID, record.Name, err)
- }
-
- return nil
+ return d.provider.CleanUp(domain, token, keyAuth)
}
diff --git a/providers/dns/hetzner/hetzner.toml b/providers/dns/hetzner/hetzner.toml
index 033ae2d2f..40d4cea72 100644
--- a/providers/dns/hetzner/hetzner.toml
+++ b/providers/dns/hetzner/hetzner.toml
@@ -5,18 +5,18 @@ Code = "hetzner"
Since = "v3.7.0"
Example = '''
-HETZNER_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
-lego --email you@example.com --dns hetzner -d '*.example.com' -d example.com run
+HETZNER_API_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
+lego --dns hetzner -d '*.example.com' -d example.com run
'''
[Configuration]
[Configuration.Credentials]
- HETZNER_API_KEY = "API key"
+ HETZNER_API_TOKEN = "API token"
[Configuration.Additional]
HETZNER_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
- HETZNER_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
- HETZNER_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)"
+ HETZNER_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ HETZNER_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
HETZNER_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
[Links]
- API = "https://dns.hetzner.com/api-docs"
+ API = "https://docs.hetzner.cloud/reference/cloud#dns"
diff --git a/providers/dns/hetzner/hetzner_test.go b/providers/dns/hetzner/hetzner_test.go
index d028fd06b..430f0270b 100644
--- a/providers/dns/hetzner/hetzner_test.go
+++ b/providers/dns/hetzner/hetzner_test.go
@@ -3,52 +3,72 @@ package hetzner
import (
"testing"
+ "github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/providers/dns/hetzner/internal/hetznerv1"
+ "github.com/go-acme/lego/v4/providers/dns/hetzner/internal/legacy"
+ "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
-const envDomain = envNamespace + "DOMAIN"
-
-var envTest = tester.NewEnvTest(
- EnvAPIKey).
- WithDomain(envDomain)
+var envTest = tester.NewEnvTest(EnvAPIKey, EnvAPIToken)
func TestNewDNSProvider(t *testing.T) {
testCases := []struct {
- desc string
- envVars map[string]string
- expected string
+ desc string
+ envVars map[string]string
+
+ expectedProvider challenge.ProviderTimeout
+ expectedError string
}{
{
- desc: "success",
+ desc: "success (v1)",
+ envVars: map[string]string{
+ EnvAPIToken: "123",
+ },
+ expectedProvider: &hetznerv1.DNSProvider{},
+ },
+ {
+ desc: "success (legacy)",
envVars: map[string]string{
EnvAPIKey: "123",
},
+ expectedProvider: &legacy.DNSProvider{},
+ },
+ {
+ desc: "success (both)",
+ envVars: map[string]string{
+ EnvAPIKey: "123",
+ EnvAPIToken: "123",
+ },
+ expectedProvider: &hetznerv1.DNSProvider{},
},
{
desc: "missing credentials",
envVars: map[string]string{
- EnvAPIKey: "",
+ EnvAPIKey: "",
+ EnvAPIToken: "",
},
- expected: "hetzner: some credentials information are missing: HETZNER_API_KEY",
+ expectedError: "hetzner: some credentials information are missing: HETZNER_API_TOKEN",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
p, err := NewDNSProvider()
- if test.expected == "" {
+ if test.expectedError == "" {
require.NoError(t, err)
+ assert.IsType(t, test.expectedProvider, p.provider)
require.NotNil(t, p)
- require.NotNil(t, p.config)
} else {
- require.EqualError(t, err, test.expected)
+ require.EqualError(t, err, test.expectedError)
}
})
}
@@ -58,68 +78,53 @@ func TestNewDNSProviderConfig(t *testing.T) {
testCases := []struct {
desc string
apiKey string
+ apiToken string
ttl int
- expected string
+
+ expectedProvider challenge.ProviderTimeout
+ expectedError string
}{
{
- desc: "success",
- ttl: minTTL,
- apiKey: "123",
+ desc: "success (v1)",
+ ttl: minTTL,
+ apiToken: "123",
+ expectedProvider: &hetznerv1.DNSProvider{},
},
{
- desc: "missing credentials",
- ttl: minTTL,
- expected: "hetzner: credentials missing",
+ desc: "success (legacy)",
+ ttl: minTTL,
+ apiKey: "456",
+ expectedProvider: &legacy.DNSProvider{},
},
{
- desc: "invalid TTL",
- apiKey: "123",
- ttl: 10,
- expected: "hetzner: invalid TTL, TTL (10) must be greater than 60",
+ desc: "success (both)",
+ ttl: minTTL,
+ apiToken: "123",
+ apiKey: "456",
+ expectedProvider: &hetznerv1.DNSProvider{},
+ },
+ {
+ desc: "missing credentials",
+ ttl: minTTL,
+ expectedError: "hetzner: credentials missing",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
config := NewDefaultConfig()
+ config.APIToken = test.apiToken
config.APIKey = test.apiKey
config.TTL = test.ttl
p, err := NewDNSProviderConfig(config)
- if test.expected == "" {
+ if test.expectedError == "" {
require.NoError(t, err)
- require.NotNil(t, p)
- require.NotNil(t, p.config)
+ assert.IsType(t, test.expectedProvider, p.provider)
} else {
- require.EqualError(t, err, test.expected)
+ require.EqualError(t, err, test.expectedError)
}
})
}
}
-
-func TestLivePresent(t *testing.T) {
- if !envTest.IsLiveTest() {
- t.Skip("skipping live test")
- }
-
- envTest.RestoreEnv()
- provider, err := NewDNSProvider()
- require.NoError(t, err)
-
- err = provider.Present(envTest.GetDomain(), "", "123d==")
- require.NoError(t, err)
-}
-
-func TestLiveCleanUp(t *testing.T) {
- if !envTest.IsLiveTest() {
- t.Skip("skipping live test")
- }
-
- envTest.RestoreEnv()
- provider, err := NewDNSProvider()
- require.NoError(t, err)
-
- err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
- require.NoError(t, err)
-}
diff --git a/providers/dns/hetzner/internal/hetznerv1/fixtures/add_rrset_records-request.json b/providers/dns/hetzner/internal/hetznerv1/fixtures/add_rrset_records-request.json
new file mode 100644
index 000000000..210f84435
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/fixtures/add_rrset_records-request.json
@@ -0,0 +1,8 @@
+{
+ "ttl": 120,
+ "records": [
+ {
+ "value": "\"w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI\""
+ }
+ ]
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/fixtures/add_rrset_records.json b/providers/dns/hetzner/internal/hetznerv1/fixtures/add_rrset_records.json
new file mode 100644
index 000000000..2341c7e6e
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/fixtures/add_rrset_records.json
@@ -0,0 +1,17 @@
+{
+ "action": {
+ "id": 1,
+ "command": "add_rrset_records",
+ "status": "running",
+ "progress": 50,
+ "started": "2016-01-30T23:55:00+00:00",
+ "finished": null,
+ "resources": [
+ {
+ "id": 42,
+ "type": "zone"
+ }
+ ],
+ "error": null
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_error.json b/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_error.json
new file mode 100644
index 000000000..2a4472f67
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_error.json
@@ -0,0 +1,20 @@
+{
+ "action": {
+ "id": 1,
+ "command": "remove_rrset_records",
+ "status": "error",
+ "started": "2016-01-30T23:55:00+00:00",
+ "finished": "2016-01-30T23:55:00+00:00",
+ "progress": 50,
+ "resources": [
+ {
+ "id": 42,
+ "type": "zone"
+ }
+ ],
+ "error": {
+ "code": "action_failed",
+ "message": "Action failed"
+ }
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_running.json b/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_running.json
new file mode 100644
index 000000000..dcec6c2cd
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_running.json
@@ -0,0 +1,16 @@
+{
+ "action": {
+ "id": 1,
+ "command": "remove_rrset_records",
+ "status": "running",
+ "started": "2016-01-30T23:55:00+00:00",
+ "finished": "2016-01-30T23:55:00+00:00",
+ "progress": 50,
+ "resources": [
+ {
+ "id": 42,
+ "type": "zone"
+ }
+ ]
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_success.json b/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_success.json
new file mode 100644
index 000000000..6b7267c07
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/fixtures/get_action_success.json
@@ -0,0 +1,16 @@
+{
+ "action": {
+ "id": 1,
+ "command": "remove_rrset_records",
+ "status": "success",
+ "started": "2016-01-30T23:55:00+00:00",
+ "finished": "2016-01-30T23:55:00+00:00",
+ "progress": 100,
+ "resources": [
+ {
+ "id": 42,
+ "type": "zone"
+ }
+ ]
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/fixtures/remove_rrset_records-request.json b/providers/dns/hetzner/internal/hetznerv1/fixtures/remove_rrset_records-request.json
new file mode 100644
index 000000000..982273b67
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/fixtures/remove_rrset_records-request.json
@@ -0,0 +1,7 @@
+{
+ "records": [
+ {
+ "value": "\"w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI\""
+ }
+ ]
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/fixtures/remove_rrset_records.json b/providers/dns/hetzner/internal/hetznerv1/fixtures/remove_rrset_records.json
new file mode 100644
index 000000000..1b10dfd5e
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/fixtures/remove_rrset_records.json
@@ -0,0 +1,17 @@
+{
+ "action": {
+ "id": 1,
+ "command": "remove_rrset_records",
+ "status": "running",
+ "progress": 50,
+ "started": "2016-01-30T23:55:00+00:00",
+ "finished": null,
+ "resources": [
+ {
+ "id": 42,
+ "type": "zone"
+ }
+ ],
+ "error": null
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/hetznerv1.go b/providers/dns/hetzner/internal/hetznerv1/hetznerv1.go
new file mode 100644
index 000000000..b31c766ce
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/hetznerv1.go
@@ -0,0 +1,209 @@
+// Package hetznerv1 implements a DNS provider for solving the DNS-01 challenge using Hetzner.
+package hetznerv1
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "time"
+
+ "github.com/cenkalti/backoff/v5"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/platform/wait"
+ "github.com/go-acme/lego/v4/providers/dns/hetzner/internal/hetznerv1/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "golang.org/x/net/idna"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "HETZNER_"
+
+ EnvAPIToken = envNamespace + "API_TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIToken string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Hetzner.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIToken)
+ if err != nil {
+ return nil, fmt.Errorf("hetzner: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIToken = values[EnvAPIToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Hetzner.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("hetzner: the configuration of the DNS provider is nil")
+ }
+
+ if config.APIToken == "" {
+ return nil, errors.New("hetzner: credentials missing")
+ }
+
+ client, err := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.APIToken),
+ ),
+ )
+ if err != nil {
+ return nil, fmt.Errorf("hetzner: %w", err)
+ }
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("hetzner: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("hetzner: %w", err)
+ }
+
+ subDomainPunnycoded, err := idna.ToASCII(dns01.UnFqdn(subDomain))
+ if err != nil {
+ return fmt.Errorf("hetzner: %w", err)
+ }
+
+ zone, err := idna.ToASCII(dns01.UnFqdn(authZone))
+ if err != nil {
+ return fmt.Errorf("hetzner: %w", err)
+ }
+
+ records := []internal.Record{{Value: strconv.Quote(info.Value)}}
+
+ action, err := d.client.AddRRSetRecords(ctx, zone, "TXT", subDomainPunnycoded, d.config.TTL, records)
+ if err != nil {
+ return fmt.Errorf("hetzner: add RRSet records: %w", err)
+ }
+
+ err = d.waitAction(ctx, action.ID)
+ if err != nil {
+ return fmt.Errorf("hetzner: wait (add RRSet records): %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("hetzner: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("hetzner: %w", err)
+ }
+
+ subDomainPunnycoded, err := idna.ToASCII(dns01.UnFqdn(subDomain))
+ if err != nil {
+ return fmt.Errorf("hetzner: %w", err)
+ }
+
+ zone, err := idna.ToASCII(dns01.UnFqdn(authZone))
+ if err != nil {
+ return fmt.Errorf("hetzner: %w", err)
+ }
+
+ records := []internal.Record{{Value: strconv.Quote(info.Value)}}
+
+ action, err := d.client.RemoveRRSetRecords(ctx, zone, "TXT", subDomainPunnycoded, records)
+ if err != nil {
+ return fmt.Errorf("hetzner: remove RRSet records: %w", err)
+ }
+
+ err = d.waitAction(ctx, action.ID)
+ if err != nil {
+ return fmt.Errorf("hetzner: wait (remove RRSet records): %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) waitAction(ctx context.Context, actionID int64) error {
+ return wait.Retry(ctx,
+ func() error {
+ result, err := d.client.GetAction(ctx, actionID)
+ if err != nil {
+ return backoff.Permanent(fmt.Errorf("get action %d: %w", actionID, err))
+ }
+
+ switch result.Status {
+ case internal.StatusRunning:
+ return fmt.Errorf("action %d is %s", actionID, internal.StatusRunning)
+
+ case internal.StatusError:
+ return backoff.Permanent(fmt.Errorf("action %d: %s: %w", actionID, internal.StatusError, result.ErrorInfo))
+
+ default:
+ return nil
+ }
+ },
+ backoff.WithBackOff(backoff.NewConstantBackOff(d.config.PollingInterval)),
+ backoff.WithMaxElapsedTime(d.config.PropagationTimeout),
+ )
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/hetznerv1_test.go b/providers/dns/hetzner/internal/hetznerv1/hetznerv1_test.go
new file mode 100644
index 000000000..bf52baa35
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/hetznerv1_test.go
@@ -0,0 +1,232 @@
+package hetznerv1
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIToken).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIToken: "secret",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "hetzner: some credentials information are missing: HETZNER_API_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiToken string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiToken: "secret",
+ },
+ {
+ desc: "missing credentials",
+ expected: "hetzner: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIToken = test.apiToken
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIToken = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ WithAuthorization("Bearer secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /zones/example.com/rrsets/_acme-challenge/TXT/actions/add_records",
+ servermock.ResponseFromFixture("add_rrset_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("add_rrset_records-request.json")).
+ Route("GET /actions/1",
+ servermock.ResponseFromFixture("get_action_success.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "", "foobar")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_Present_error(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /zones/example.com/rrsets/_acme-challenge/TXT/actions/add_records",
+ servermock.ResponseFromFixture("add_rrset_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("add_rrset_records-request.json")).
+ Route("GET /actions/1",
+ servermock.ResponseFromFixture("get_action_error.json")).
+ Build(t)
+
+ provider.config.PollingInterval = 20 * time.Millisecond
+ provider.config.PropagationTimeout = 1 * time.Second
+
+ err := provider.Present("example.com", "", "foobar")
+ require.EqualError(t, err, "hetzner: wait (add RRSet records): action 1: error: action_failed: Action failed")
+}
+
+func TestDNSProvider_Present_running(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /zones/example.com/rrsets/_acme-challenge/TXT/actions/add_records",
+ servermock.ResponseFromFixture("add_rrset_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("add_rrset_records-request.json")).
+ Route("GET /actions/1",
+ servermock.ResponseFromFixture("get_action_running.json")).
+ Build(t)
+
+ provider.config.PollingInterval = 20 * time.Millisecond
+ provider.config.PropagationTimeout = 1 * time.Second
+
+ err := provider.Present("example.com", "", "foobar")
+ require.EqualError(t, err, "hetzner: wait (add RRSet records): action 1 is running")
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /zones/example.com/rrsets/_acme-challenge/TXT/actions/remove_records",
+ servermock.ResponseFromFixture("remove_rrset_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("remove_rrset_records-request.json")).
+ Route("GET /actions/1",
+ servermock.ResponseFromFixture("get_action_success.json")).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "", "foobar")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp_error(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /zones/example.com/rrsets/_acme-challenge/TXT/actions/remove_records",
+ servermock.ResponseFromFixture("remove_rrset_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("remove_rrset_records-request.json")).
+ Route("GET /actions/1",
+ servermock.ResponseFromFixture("get_action_error.json")).
+ Build(t)
+
+ provider.config.PollingInterval = 20 * time.Millisecond
+ provider.config.PropagationTimeout = 1 * time.Second
+
+ err := provider.CleanUp("example.com", "", "foobar")
+ require.EqualError(t, err, "hetzner: wait (remove RRSet records): action 1: error: action_failed: Action failed")
+}
+
+func TestDNSProvider_CleanUp_running(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /zones/example.com/rrsets/_acme-challenge/TXT/actions/remove_records",
+ servermock.ResponseFromFixture("remove_rrset_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("remove_rrset_records-request.json")).
+ Route("GET /actions/1",
+ servermock.ResponseFromFixture("get_action_running.json")).
+ Build(t)
+
+ provider.config.PollingInterval = 20 * time.Millisecond
+ provider.config.PropagationTimeout = 1 * time.Second
+
+ err := provider.CleanUp("example.com", "", "foobar")
+ require.EqualError(t, err, "hetzner: wait (remove RRSet records): action 1 is running")
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/client.go b/providers/dns/hetzner/internal/hetznerv1/internal/client.go
new file mode 100644
index 000000000..2f29f642a
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/client.go
@@ -0,0 +1,183 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "golang.org/x/oauth2"
+)
+
+const defaultBaseURL = "https://api.hetzner.cloud/v1"
+
+const (
+ StatusRunning = "running"
+ StatusSuccess = "success"
+ StatusError = "error"
+)
+
+// Client the Hetzner API client.
+type Client struct {
+ BaseURL *url.URL
+ httpClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(hc *http.Client) (*Client, error) {
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ if hc == nil {
+ hc = &http.Client{Timeout: 10 * time.Second}
+ }
+
+ return &Client{
+ BaseURL: baseURL,
+ httpClient: hc,
+ }, nil
+}
+
+// AddRRSetRecords adds records to an RRSet.
+// https://docs.hetzner.cloud/reference/cloud#zone-rrset-actions-add-records-to-an-rrset
+func (c *Client) AddRRSetRecords(ctx context.Context, zoneIDName, recordType, recordName string, ttl int, records []Record) (*Action, error) {
+ endpoint := c.BaseURL.JoinPath("zones", zoneIDName, "rrsets", recordName, recordType, "actions", "add_records")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, RRSet{TTL: ttl, Records: records})
+ if err != nil {
+ return nil, err
+ }
+
+ var result ActionResponse
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Action, nil
+}
+
+// RemoveRRSetRecords removes records from an RRSet.
+// https://docs.hetzner.cloud/reference/cloud#zone-rrset-actions-remove-records-from-an-rrset
+func (c *Client) RemoveRRSetRecords(ctx context.Context, zoneIDName, recordType, recordName string, records []Record) (*Action, error) {
+ endpoint := c.BaseURL.JoinPath("zones", zoneIDName, "rrsets", recordName, recordType, "actions", "remove_records")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, RRSet{Records: records})
+ if err != nil {
+ return nil, err
+ }
+
+ var result ActionResponse
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Action, nil
+}
+
+// GetAction gets an action.
+// https://docs.hetzner.cloud/reference/cloud#actions-get-an-action
+func (c *Client) GetAction(ctx context.Context, id int64) (*Action, error) {
+ endpoint := c.BaseURL.JoinPath("actions", strconv.FormatInt(id, 10))
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var result ActionResponse
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Action, nil
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ resp, err := c.httpClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
+
+func OAuthStaticAccessToken(client *http.Client, accessToken string) *http.Client {
+ if client == nil {
+ client = &http.Client{Timeout: 5 * time.Second}
+ }
+
+ client.Transport = &oauth2.Transport{
+ Source: oauth2.StaticTokenSource(&oauth2.Token{AccessToken: accessToken}),
+ Base: client.Transport,
+ }
+
+ return client
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/client_test.go b/providers/dns/hetzner/internal/hetznerv1/internal/client_test.go
new file mode 100644
index 000000000..6fd3d77a7
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/client_test.go
@@ -0,0 +1,154 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(OAuthStaticAccessToken(server.Client(), "secret"))
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ WithAuthorization("Bearer secret"),
+ )
+}
+
+func TestClient_AddRRSetRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /zones/example.com/rrsets/www/TXT/actions/add_records",
+ servermock.ResponseFromFixture("add_rrset_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("add_rrset_records-request.json")).
+ Build(t)
+
+ records := []Record{{
+ Value: "198.51.100.1",
+ Comment: "My web server at Hetzner Cloud.",
+ }}
+
+ result, err := client.AddRRSetRecords(t.Context(), "example.com", "TXT", "www", 3600, records)
+ require.NoError(t, err)
+
+ expected := &Action{
+ ID: 1,
+ Command: "add_rrset_records",
+ Status: "running",
+ Progress: 50,
+ Resources: []Resources{{ID: 590000000000000, Type: "zone"}},
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_AddRRSetRecords_error_invalid_input(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /zones/example.com/rrsets/www/TXT/actions/add_records",
+ servermock.ResponseFromFixture("error-invalid_input.json").
+ WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ records := []Record{{
+ Value: "198.51.100.1",
+ Comment: "My web server at Hetzner Cloud.",
+ }}
+
+ _, err := client.AddRRSetRecords(t.Context(), "example.com", "TXT", "www", 0, records)
+ require.EqualError(t, err, "invalid_input: invalid input in field 'broken_field': is too longfield: broken_field: is too long")
+}
+
+func TestClient_AddRRSetRecords_error_resource_limit_exceeded(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /zones/example.com/rrsets/www/TXT/actions/add_records",
+ servermock.ResponseFromFixture("error-resource_limit_exceeded.json").
+ WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ records := []Record{{
+ Value: "198.51.100.1",
+ Comment: "My web server at Hetzner Cloud.",
+ }}
+
+ _, err := client.AddRRSetRecords(t.Context(), "example.com", "TXT", "www", 0, records)
+ require.EqualError(t, err, "resource_limit_exceeded: project limit exceededlimit: project_limit")
+}
+
+func TestClient_AddRRSetRecords_error_deprecated_api_endpoint(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /zones/example.com/rrsets/www/TXT/actions/add_records",
+ servermock.ResponseFromFixture("error-deprecated_api_endpoint.json").
+ WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ records := []Record{{
+ Value: "198.51.100.1",
+ Comment: "My web server at Hetzner Cloud.",
+ }}
+
+ _, err := client.AddRRSetRecords(t.Context(), "example.com", "TXT", "www", 0, records)
+ require.EqualError(t, err, "deprecated_api_endpoint: API functionality was removed: https://docs.hetzner.cloud/changelog#2023-07-20-foo-endpoint-is-deprecated")
+}
+
+func TestClient_RemoveRRSetRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /zones/example.com/rrsets/www/TXT/actions/remove_records",
+ servermock.ResponseFromFixture("remove_rrset_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("remove_rrset_records-request.json")).
+ Build(t)
+
+ records := []Record{{
+ Value: "198.51.100.1",
+ Comment: "My web server at Hetzner Cloud.",
+ }}
+
+ result, err := client.RemoveRRSetRecords(t.Context(), "example.com", "TXT", "www", records)
+ require.NoError(t, err)
+
+ expected := &Action{
+ ID: 1,
+ Command: "remove_rrset_records",
+ Status: "running",
+ Progress: 50,
+ Resources: []Resources{{ID: 42, Type: "zone"}},
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_GetAction(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /actions/123", servermock.ResponseFromFixture("get_action.json")).
+ Route("/", servermock.DumpRequest()).
+ Build(t)
+
+ result, err := client.GetAction(t.Context(), 123)
+ require.NoError(t, err)
+
+ expected := &Action{
+ ID: 590000000000000,
+ Command: "start_resource",
+ Status: "running",
+ Progress: 100,
+ Resources: []Resources{{ID: 590000000000000, Type: "server"}},
+ ErrorInfo: &ErrorInfo{
+ Code: "action_failed",
+ Message: "Action failed",
+ },
+ }
+
+ assert.Equal(t, expected, result)
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/add_rrset_records-request.json b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/add_rrset_records-request.json
new file mode 100644
index 000000000..cba0f34d3
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/add_rrset_records-request.json
@@ -0,0 +1,9 @@
+{
+ "ttl": 3600,
+ "records": [
+ {
+ "value": "198.51.100.1",
+ "comment": "My web server at Hetzner Cloud."
+ }
+ ]
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/add_rrset_records.json b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/add_rrset_records.json
new file mode 100644
index 000000000..7267b02cb
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/add_rrset_records.json
@@ -0,0 +1,17 @@
+{
+ "action": {
+ "id": 1,
+ "command": "add_rrset_records",
+ "status": "running",
+ "progress": 50,
+ "started": "2016-01-30T23:55:00+00:00",
+ "finished": null,
+ "resources": [
+ {
+ "id": 590000000000000,
+ "type": "zone"
+ }
+ ],
+ "error": null
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-deprecated_api_endpoint.json b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-deprecated_api_endpoint.json
new file mode 100644
index 000000000..4d8fb945d
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-deprecated_api_endpoint.json
@@ -0,0 +1,9 @@
+{
+ "error": {
+ "code": "deprecated_api_endpoint",
+ "message": "API functionality was removed",
+ "details": {
+ "announcement": "https://docs.hetzner.cloud/changelog#2023-07-20-foo-endpoint-is-deprecated"
+ }
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-invalid_input.json b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-invalid_input.json
new file mode 100644
index 000000000..e05bf7a3e
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-invalid_input.json
@@ -0,0 +1,16 @@
+{
+ "error": {
+ "code": "invalid_input",
+ "message": "invalid input in field 'broken_field': is too long",
+ "details": {
+ "fields": [
+ {
+ "name": "broken_field",
+ "messages": [
+ "is too long"
+ ]
+ }
+ ]
+ }
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-resource_limit_exceeded.json b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-resource_limit_exceeded.json
new file mode 100644
index 000000000..9072d10e3
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/error-resource_limit_exceeded.json
@@ -0,0 +1,13 @@
+{
+ "error": {
+ "code": "resource_limit_exceeded",
+ "message": "project limit exceeded",
+ "details": {
+ "limits": [
+ {
+ "name": "project_limit"
+ }
+ ]
+ }
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/get_action.json b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/get_action.json
new file mode 100644
index 000000000..19278fc51
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/get_action.json
@@ -0,0 +1,20 @@
+{
+ "action": {
+ "id": 590000000000000,
+ "command": "start_resource",
+ "status": "running",
+ "started": "2016-01-30T23:55:00+00:00",
+ "finished": "2016-01-30T23:55:00+00:00",
+ "progress": 100,
+ "resources": [
+ {
+ "id": 590000000000000,
+ "type": "server"
+ }
+ ],
+ "error": {
+ "code": "action_failed",
+ "message": "Action failed"
+ }
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/remove_rrset_records-request.json b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/remove_rrset_records-request.json
new file mode 100644
index 000000000..778e051b4
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/remove_rrset_records-request.json
@@ -0,0 +1,8 @@
+{
+ "records": [
+ {
+ "value": "198.51.100.1",
+ "comment": "My web server at Hetzner Cloud."
+ }
+ ]
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/remove_rrset_records.json b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/remove_rrset_records.json
new file mode 100644
index 000000000..1b10dfd5e
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/fixtures/remove_rrset_records.json
@@ -0,0 +1,17 @@
+{
+ "action": {
+ "id": 1,
+ "command": "remove_rrset_records",
+ "status": "running",
+ "progress": 50,
+ "started": "2016-01-30T23:55:00+00:00",
+ "finished": null,
+ "resources": [
+ {
+ "id": 42,
+ "type": "zone"
+ }
+ ],
+ "error": null
+ }
+}
diff --git a/providers/dns/hetzner/internal/hetznerv1/internal/types.go b/providers/dns/hetzner/internal/hetznerv1/internal/types.go
new file mode 100644
index 000000000..2b38a8a8c
--- /dev/null
+++ b/providers/dns/hetzner/internal/hetznerv1/internal/types.go
@@ -0,0 +1,98 @@
+package internal
+
+import (
+ "fmt"
+ "strings"
+)
+
+type APIError struct {
+ ErrorInfo ErrorInfo `json:"error"`
+}
+
+type ErrorInfo struct {
+ Code string `json:"code,omitempty"`
+ Message string `json:"message,omitempty"`
+ Details ErrorDetails `json:"details"`
+}
+
+func (i *ErrorInfo) Error() string {
+ msg := new(strings.Builder)
+
+ _, _ = fmt.Fprintf(msg, "%s: %s", i.Code, i.Message)
+
+ if i.Details.Announcement != "" {
+ _, _ = fmt.Fprintf(msg, ": %s", i.Details.Announcement)
+ }
+
+ for _, limit := range i.Details.Limits {
+ _, _ = fmt.Fprintf(msg, "limit: %s", limit.Name)
+ }
+
+ for _, field := range i.Details.Fields {
+ _, _ = fmt.Fprintf(msg, "field: %s: %s", field.Name, strings.Join(field.Messages, ", "))
+ }
+
+ return msg.String()
+}
+
+type ErrorDetails struct {
+ Announcement string `json:"announcement,omitempty"`
+ Limits []LimitError `json:"limits,omitempty"`
+ Fields []FieldError `json:"fields,omitempty"`
+}
+
+type FieldError struct {
+ Name string `json:"name,omitempty"`
+ Messages []string `json:"messages,omitempty"`
+}
+
+type LimitError struct {
+ Name string `json:"name,omitempty"`
+}
+
+func (a *APIError) Error() string {
+ return a.ErrorInfo.Error()
+}
+
+type RRSet struct {
+ ID string `json:"id,omitempty"`
+ Name string `json:"name,omitempty"`
+ Type string `json:"type,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Labels map[string]string `json:"labels,omitempty"`
+ Protection *Protection `json:"protection,omitempty"`
+ Records []Record `json:"records,omitempty"`
+ ZoneID int `json:"zone,omitempty"`
+}
+
+type Protection struct {
+ Change bool `json:"change,omitempty"`
+}
+
+type Record struct {
+ Value string `json:"value,omitempty"`
+ Comment string `json:"comment,omitempty"`
+}
+
+type ActionResponse struct {
+ Action *Action `json:"action,omitempty"`
+}
+
+type Action struct {
+ ID int64 `json:"id,omitempty"`
+ Command string `json:"command,omitempty"`
+
+ // It can be: `running`, `success`, `error`.
+ // https://docs.hetzner.cloud/reference/cloud#zone-actions-get-an-action
+ // https://docs.hetzner.cloud/reference/cloud#zone-actions
+ Status string `json:"status,omitempty"`
+ Progress int `json:"progress,omitempty"`
+
+ Resources []Resources `json:"resources,omitempty"`
+ ErrorInfo *ErrorInfo `json:"error,omitempty"`
+}
+
+type Resources struct {
+ ID int64 `json:"id,omitempty"`
+ Type string `json:"type,omitempty"`
+}
diff --git a/providers/dns/hetzner/internal/legacy/hetzner.go b/providers/dns/hetzner/internal/legacy/hetzner.go
new file mode 100644
index 000000000..393a3d671
--- /dev/null
+++ b/providers/dns/hetzner/internal/legacy/hetzner.go
@@ -0,0 +1,177 @@
+// Package legacy implements a DNS provider for solving the DNS-01 challenge using Hetzner DNS.
+package legacy
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/hetzner/internal/legacy/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "HETZNER_"
+
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+const minTTL = 60
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for hetzner.
+// Credentials must be passed in the environment variable: HETZNER_API_KEY.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("hetzner (legacy): %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for hetzner.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("hetzner (legacy): the configuration of the DNS provider is nil")
+ }
+
+ if config.APIKey == "" {
+ return nil, errors.New("hetzner (legacy): credentials missing")
+ }
+
+ if config.TTL < minTTL {
+ return nil, fmt.Errorf("hetzner (legacy): invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
+ }
+
+ client := internal.NewClient(config.APIKey)
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{config: config, client: client}, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record to fulfill the dns-01 challenge.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("hetzner (legacy): could not find zone for domain %q: %w", domain, err)
+ }
+
+ zone := dns01.UnFqdn(authZone)
+
+ ctx := context.Background()
+
+ zoneID, err := d.client.GetZoneID(ctx, zone)
+ if err != nil {
+ return fmt.Errorf("hetzner (legacy): %w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
+ if err != nil {
+ return fmt.Errorf("hetzner (legacy): %w", err)
+ }
+
+ record := internal.DNSRecord{
+ Type: "TXT",
+ Name: subDomain,
+ Value: info.Value,
+ TTL: d.config.TTL,
+ ZoneID: zoneID,
+ }
+
+ if err := d.client.CreateRecord(ctx, record); err != nil {
+ return fmt.Errorf("hetzner (legacy): failed to add TXT record: fqdn=%s, zoneID=%s: %w", info.EffectiveFQDN, zoneID, err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("hetzner (legacy): could not find zone for domain %q: %w", domain, err)
+ }
+
+ zone := dns01.UnFqdn(authZone)
+
+ ctx := context.Background()
+
+ zoneID, err := d.client.GetZoneID(ctx, zone)
+ if err != nil {
+ return fmt.Errorf("hetzner (legacy): %w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
+ if err != nil {
+ return fmt.Errorf("hetzner (legacy): %w", err)
+ }
+
+ record, err := d.client.GetTxtRecord(ctx, subDomain, info.Value, zoneID)
+ if err != nil {
+ return fmt.Errorf("hetzner (legacy): %w", err)
+ }
+
+ if err := d.client.DeleteRecord(ctx, record.ID); err != nil {
+ return fmt.Errorf("hetzner (legacy): failed to delete TXT record: id=%s, name=%s: %w", record.ID, record.Name, err)
+ }
+
+ return nil
+}
diff --git a/providers/dns/hetzner/internal/legacy/hetzner_test.go b/providers/dns/hetzner/internal/legacy/hetzner_test.go
new file mode 100644
index 000000000..c9258ecf8
--- /dev/null
+++ b/providers/dns/hetzner/internal/legacy/hetzner_test.go
@@ -0,0 +1,128 @@
+package legacy
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvAPIKey).
+ WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIKey: "123",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{
+ EnvAPIKey: "",
+ },
+ expected: "hetzner (legacy): some credentials information are missing: HETZNER_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ ttl int
+ expected string
+ }{
+ {
+ desc: "success",
+ ttl: minTTL,
+ apiKey: "123",
+ },
+ {
+ desc: "missing credentials",
+ ttl: minTTL,
+ expected: "hetzner (legacy): credentials missing",
+ },
+ {
+ desc: "invalid TTL",
+ apiKey: "123",
+ ttl: 10,
+ expected: "hetzner (legacy): invalid TTL, TTL (10) must be greater than 60",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIKey = test.apiKey
+ config.TTL = test.ttl
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/hetzner/internal/client.go b/providers/dns/hetzner/internal/legacy/internal/client.go
similarity index 99%
rename from providers/dns/hetzner/internal/client.go
rename to providers/dns/hetzner/internal/legacy/internal/client.go
index 381922264..cd187f6e5 100644
--- a/providers/dns/hetzner/internal/client.go
+++ b/providers/dns/hetzner/internal/legacy/internal/client.go
@@ -83,6 +83,7 @@ func (c *Client) getRecords(ctx context.Context, zoneID string) (*DNSRecords, er
}
records := &DNSRecords{}
+
err = json.Unmarshal(raw, records)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -190,6 +191,7 @@ func (c *Client) getZones(ctx context.Context, name string) (*Zones, error) {
}
zones := &Zones{}
+
err = json.Unmarshal(raw, zones)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/hetzner/internal/client_test.go b/providers/dns/hetzner/internal/legacy/internal/client_test.go
similarity index 100%
rename from providers/dns/hetzner/internal/client_test.go
rename to providers/dns/hetzner/internal/legacy/internal/client_test.go
diff --git a/providers/dns/hetzner/internal/fixtures/create_txt_record-request.json b/providers/dns/hetzner/internal/legacy/internal/fixtures/create_txt_record-request.json
similarity index 100%
rename from providers/dns/hetzner/internal/fixtures/create_txt_record-request.json
rename to providers/dns/hetzner/internal/legacy/internal/fixtures/create_txt_record-request.json
diff --git a/providers/dns/hetzner/internal/fixtures/create_txt_record.json b/providers/dns/hetzner/internal/legacy/internal/fixtures/create_txt_record.json
similarity index 100%
rename from providers/dns/hetzner/internal/fixtures/create_txt_record.json
rename to providers/dns/hetzner/internal/legacy/internal/fixtures/create_txt_record.json
diff --git a/providers/dns/hetzner/internal/fixtures/get_txt_record.json b/providers/dns/hetzner/internal/legacy/internal/fixtures/get_txt_record.json
similarity index 100%
rename from providers/dns/hetzner/internal/fixtures/get_txt_record.json
rename to providers/dns/hetzner/internal/legacy/internal/fixtures/get_txt_record.json
diff --git a/providers/dns/hetzner/internal/fixtures/get_zone_id.json b/providers/dns/hetzner/internal/legacy/internal/fixtures/get_zone_id.json
similarity index 100%
rename from providers/dns/hetzner/internal/fixtures/get_zone_id.json
rename to providers/dns/hetzner/internal/legacy/internal/fixtures/get_zone_id.json
diff --git a/providers/dns/hetzner/internal/types.go b/providers/dns/hetzner/internal/legacy/internal/types.go
similarity index 91%
rename from providers/dns/hetzner/internal/types.go
rename to providers/dns/hetzner/internal/legacy/internal/types.go
index d0e284511..3b332cc8f 100644
--- a/providers/dns/hetzner/internal/types.go
+++ b/providers/dns/hetzner/internal/legacy/internal/types.go
@@ -25,12 +25,12 @@ type Zone struct {
// Zones a set of DNS zones.
type Zones struct {
Zones []Zone `json:"zones"`
- Meta Meta `json:"meta,omitempty"`
+ Meta Meta `json:"meta"`
}
// Meta response metadata.
type Meta struct {
- Pagination Pagination `json:"pagination,omitempty"`
+ Pagination Pagination `json:"pagination"`
}
// Pagination information about pagination.
diff --git a/providers/dns/hostingde/hostingde.go b/providers/dns/hostingde/hostingde.go
index 87fc73d34..1e022b630 100644
--- a/providers/dns/hostingde/hostingde.go
+++ b/providers/dns/hostingde/hostingde.go
@@ -2,11 +2,9 @@
package hostingde
import (
- "context"
"errors"
"fmt"
"net/http"
- "sync"
"time"
"github.com/go-acme/lego/v4/challenge"
@@ -31,14 +29,7 @@ const (
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- APIKey string
- ZoneName string
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = hostingde.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
@@ -55,11 +46,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *hostingde.Client
-
- recordIDs map[string]string
- recordIDsMu sync.Mutex
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for hosting.de.
@@ -83,140 +70,36 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("hostingde: the configuration of the DNS provider is nil")
}
- if config.APIKey == "" {
- return nil, errors.New("hostingde: API key missing")
+ provider, err := hostingde.NewDNSProviderConfig(config, "")
+ if err != nil {
+ return nil, fmt.Errorf("hostingde: %w", err)
}
- return &DNSProvider{
- config: config,
- client: hostingde.NewClient(config.APIKey),
- recordIDs: make(map[string]string),
- }, nil
+ return &DNSProvider{prv: provider}, nil
}
-// Timeout returns the timeout and interval to use when checking for DNS propagation.
-// Adjusting here to cope with spikes in propagation times.
-func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
-}
-
-// Present creates a TXT record to fulfill the dns-01 challenge.
+// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- zoneName, err := d.getZoneName(info.EffectiveFQDN)
- if err != nil {
- return fmt.Errorf("hostingde: could not find zone for domain %q: %w", domain, err)
- }
-
- ctx := context.Background()
-
- // get the ZoneConfig for that domain
- zonesFind := hostingde.ZoneConfigsFindRequest{
- Filter: hostingde.Filter{Field: "zoneName", Value: zoneName},
- Limit: 1,
- Page: 1,
- }
-
- zoneConfig, err := d.client.GetZone(ctx, zonesFind)
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("hostingde: %w", err)
}
- zoneConfig.Name = zoneName
-
- rec := []hostingde.DNSRecord{{
- Type: "TXT",
- Name: dns01.UnFqdn(info.EffectiveFQDN),
- Content: info.Value,
- TTL: d.config.TTL,
- }}
-
- req := hostingde.ZoneUpdateRequest{
- ZoneConfig: *zoneConfig,
- RecordsToAdd: rec,
- }
-
- response, err := d.client.UpdateZone(ctx, req)
- if err != nil {
- return fmt.Errorf("hostingde: %w", err)
- }
-
- for _, record := range response.Records {
- if record.Name == dns01.UnFqdn(info.EffectiveFQDN) && record.Content == fmt.Sprintf(`%q`, info.Value) {
- d.recordIDsMu.Lock()
- d.recordIDs[info.EffectiveFQDN] = record.ID
- d.recordIDsMu.Unlock()
- }
- }
-
- if d.recordIDs[info.EffectiveFQDN] == "" {
- return fmt.Errorf("hostingde: error getting ID of just created record, for domain %s", domain)
- }
-
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- zoneName, err := d.getZoneName(info.EffectiveFQDN)
- if err != nil {
- return fmt.Errorf("hostingde: could not find zone for domain %q: %w", domain, err)
- }
-
- ctx := context.Background()
-
- // get the ZoneConfig for that domain
- zonesFind := hostingde.ZoneConfigsFindRequest{
- Filter: hostingde.Filter{Field: "zoneName", Value: zoneName},
- Limit: 1,
- Page: 1,
- }
-
- zoneConfig, err := d.client.GetZone(ctx, zonesFind)
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("hostingde: %w", err)
}
- zoneConfig.Name = zoneName
- rec := []hostingde.DNSRecord{{
- Type: "TXT",
- Name: dns01.UnFqdn(info.EffectiveFQDN),
- Content: `"` + info.Value + `"`,
- }}
-
- req := hostingde.ZoneUpdateRequest{
- ZoneConfig: *zoneConfig,
- RecordsToDelete: rec,
- }
-
- // Delete record ID from map
- d.recordIDsMu.Lock()
- delete(d.recordIDs, info.EffectiveFQDN)
- d.recordIDsMu.Unlock()
-
- _, err = d.client.UpdateZone(ctx, req)
- if err != nil {
- return fmt.Errorf("hostingde: %w", err)
- }
return nil
}
-func (d *DNSProvider) getZoneName(fqdn string) (string, error) {
- if d.config.ZoneName != "" {
- return d.config.ZoneName, nil
- }
-
- zoneName, err := dns01.FindZoneByFqdn(fqdn)
- if err != nil {
- return "", fmt.Errorf("could not find zone for %s: %w", fqdn, err)
- }
-
- if zoneName == "" {
- return "", errors.New("empty zone name")
- }
-
- return dns01.UnFqdn(zoneName), nil
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
}
diff --git a/providers/dns/hostingde/hostingde.toml b/providers/dns/hostingde/hostingde.toml
index 569e8a781..502a7fe9e 100644
--- a/providers/dns/hostingde/hostingde.toml
+++ b/providers/dns/hostingde/hostingde.toml
@@ -6,7 +6,7 @@ Since = "v1.1.0"
Example = '''
HOSTINGDE_API_KEY=xxxxxxxx \
-lego --email you@example.com --dns hostingde -d '*.example.com' -d example.com run
+lego --dns hostingde -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/hostingde/hostingde_test.go b/providers/dns/hostingde/hostingde_test.go
index d7681f953..a92006f81 100644
--- a/providers/dns/hostingde/hostingde_test.go
+++ b/providers/dns/hostingde/hostingde_test.go
@@ -49,6 +49,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -58,8 +59,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.recordIDs)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -101,8 +101,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.recordIDs)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -116,6 +115,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -129,6 +129,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/hostinger/hostinger.go b/providers/dns/hostinger/hostinger.go
new file mode 100644
index 000000000..13d9ed0f8
--- /dev/null
+++ b/providers/dns/hostinger/hostinger.go
@@ -0,0 +1,211 @@
+// Package hostinger implements a DNS provider for solving the DNS-01 challenge using Hostinger.
+package hostinger
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/hostinger/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "HOSTINGER_"
+
+ EnvAPIToken = envNamespace + "API_TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIToken string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Hostinger.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIToken)
+ if err != nil {
+ return nil, fmt.Errorf("hostinger: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIToken = values[EnvAPIToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Hostinger.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("hostinger: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.APIToken)
+ if err != nil {
+ return nil, fmt.Errorf("hostinger: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("hostinger: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("hostinger: %w", err)
+ }
+
+ ctx := context.Background()
+
+ request := internal.ZoneRequest{
+ Overwrite: false,
+ Zone: []internal.RecordSet{{
+ Name: subDomain,
+ Type: "TXT",
+ TTL: d.config.TTL,
+ Records: []internal.Record{
+ {Content: info.Value},
+ },
+ }},
+ }
+
+ err = d.client.UpdateDNSRecords(ctx, dns01.UnFqdn(authZone), request)
+ if err != nil {
+ return fmt.Errorf("hostinger: update DNS records (add): %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("hostinger: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("hostinger: %w", err)
+ }
+
+ ctx := context.Background()
+
+ recordSet, err := d.findRecordSet(ctx, authZone, subDomain)
+ if err != nil {
+ return fmt.Errorf("hostinger: %w", err)
+ }
+
+ var newRecords []internal.Record
+
+ for _, record := range recordSet.Records {
+ if record.Content == info.Value || record.Content == strconv.Quote(info.Value) {
+ continue
+ }
+
+ newRecords = append(newRecords, record)
+ }
+
+ recordSet.Records = newRecords
+
+ if len(recordSet.Records) > 0 {
+ request := internal.ZoneRequest{
+ Overwrite: true,
+ Zone: []internal.RecordSet{recordSet},
+ }
+
+ err = d.client.UpdateDNSRecords(ctx, dns01.UnFqdn(authZone), request)
+ if err != nil {
+ return fmt.Errorf("hostinger: update DNS records (delete): %w", err)
+ }
+
+ return nil
+ }
+
+ filters := []internal.Filter{{
+ Name: subDomain,
+ Type: "TXT",
+ }}
+
+ err = d.client.DeleteDNSRecords(ctx, dns01.UnFqdn(authZone), filters)
+ if err != nil {
+ return fmt.Errorf("hostinger: delete DNS records: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findRecordSet(ctx context.Context, authZone, subDomain string) (internal.RecordSet, error) {
+ recordSets, err := d.client.GetDNSRecords(ctx, dns01.UnFqdn(authZone))
+ if err != nil {
+ return internal.RecordSet{}, fmt.Errorf("get DNS records: %w", err)
+ }
+
+ for _, recordSet := range recordSets {
+ if recordSet.Name != subDomain || recordSet.Type != "TXT" {
+ continue
+ }
+
+ return recordSet, nil
+ }
+
+ return internal.RecordSet{}, fmt.Errorf("no record found for domain %q and subdomain %q", authZone, subDomain)
+}
diff --git a/providers/dns/hostinger/hostinger.toml b/providers/dns/hostinger/hostinger.toml
new file mode 100644
index 000000000..a6f152e73
--- /dev/null
+++ b/providers/dns/hostinger/hostinger.toml
@@ -0,0 +1,22 @@
+Name = "Hostinger"
+Description = ''''''
+URL = "https://www.hostinger.com/"
+Code = "hostinger"
+Since = "v4.27.0"
+
+Example = '''
+HOSTINGER_API_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
+lego --dns hostinger -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ HOSTINGER_API_TOKEN = "API Token"
+ [Configuration.Additional]
+ HOSTINGER_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ HOSTINGER_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ HOSTINGER_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ HOSTINGER_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://developers.hostinger.com/#tag/dns-zone"
diff --git a/providers/dns/hostinger/hostinger_test.go b/providers/dns/hostinger/hostinger_test.go
new file mode 100644
index 000000000..90ecba529
--- /dev/null
+++ b/providers/dns/hostinger/hostinger_test.go
@@ -0,0 +1,180 @@
+package hostinger
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIToken).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIToken: "secret",
+ },
+ },
+ {
+ desc: "missing API token",
+ envVars: map[string]string{
+ EnvAPIToken: "",
+ },
+ expected: "hostinger: some credentials information are missing: HOSTINGER_API_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiToken string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiToken: "secret",
+ },
+ {
+ desc: "missing API token",
+ expected: "hostinger: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIToken = test.apiToken
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIToken = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ WithAuthorization("Bearer secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("PUT /api/dns/v1/zones/example.com",
+ servermock.ResponseFromInternal("update_dns_records.json"),
+ servermock.CheckRequestJSONBodyFromInternal("update_dns_records-request.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp_update(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /api/dns/v1/zones/example.com",
+ servermock.ResponseFromInternal("get_dns_records_acme.json")).
+ Route("PUT /api/dns/v1/zones/example.com",
+ servermock.ResponseFromInternal("update_dns_records.json"),
+ servermock.CheckRequestJSONBodyFromInternal("update_dns_records_base-request.json")).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp_delete(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /api/dns/v1/zones/example.com",
+ servermock.ResponseFromInternal("get_dns_records_empty.json")).
+ Route("DELETE /api/dns/v1/zones/example.com",
+ servermock.ResponseFromInternal("delete_dns_records.json"),
+ servermock.CheckRequestJSONBody(`{"filters":[{"name":"_acme-challenge","type":"TXT"}]}`)).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/hostinger/internal/client.go b/providers/dns/hostinger/internal/client.go
new file mode 100644
index 000000000..9da712d61
--- /dev/null
+++ b/providers/dns/hostinger/internal/client.go
@@ -0,0 +1,156 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+)
+
+const defaultBaseURL = "https://developers.hostinger.com"
+
+const authorizationHeader = "Authorization"
+
+// Client the Hostinger API client.
+type Client struct {
+ token string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(token string) (*Client, error) {
+ if token == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ token: token,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+// GetDNSRecords retrieves DNS zone records for a specific domain.
+// https://developers.hostinger.com/#tag/dns-zone/get/api/dns/v1/zones/{domain}
+func (c *Client) GetDNSRecords(ctx context.Context, domain string) ([]RecordSet, error) {
+ endpoint := c.BaseURL.JoinPath("/api/dns/v1/zones/", domain)
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var result []RecordSet
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// UpdateDNSRecords updates DNS records for the selected domain.
+// https://developers.hostinger.com/#tag/dns-zone/put/api/dns/v1/zones/{domain}
+func (c *Client) UpdateDNSRecords(ctx context.Context, domain string, zone ZoneRequest) error {
+ endpoint := c.BaseURL.JoinPath("/api/dns/v1/zones/", domain)
+
+ req, err := newJSONRequest(ctx, http.MethodPut, endpoint, zone)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+// DeleteDNSRecords deletes DNS records for the selected domain.
+// https://developers.hostinger.com/#tag/dns-zone/delete/api/dns/v1/zones/{domain}
+func (c *Client) DeleteDNSRecords(ctx context.Context, domain string, filters []Filter) error {
+ endpoint := c.BaseURL.JoinPath("/api/dns/v1/zones/", domain)
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, Filters{Filters: filters})
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ req.Header.Set(authorizationHeader, "Bearer "+c.token)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/hostinger/internal/client_test.go b/providers/dns/hostinger/internal/client_test.go
new file mode 100644
index 000000000..69cab5587
--- /dev/null
+++ b/providers/dns/hostinger/internal/client_test.go
@@ -0,0 +1,154 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().WithJSONHeaders().
+ With("Authorization", "Bearer secret"),
+ )
+}
+
+func TestClient_GetDNSRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/dns/v1/zones/example.com",
+ servermock.ResponseFromFixture("get_dns_records.json")).
+ Build(t)
+
+ records, err := client.GetDNSRecords(t.Context(), "example.com")
+ require.NoError(t, err)
+
+ expected := []RecordSet{
+ {
+ Name: "_acme-challenge",
+ Records: []Record{{
+ Content: "aaa",
+ }},
+ TTL: 14400,
+ Type: "TXT",
+ },
+ {
+ Name: "_acme-challenge",
+ Records: []Record{{
+ Content: "example.com.",
+ }},
+ TTL: 14400,
+ Type: "A",
+ },
+ }
+
+ assert.Equal(t, expected, records)
+}
+
+func TestClient_GetDNSRecords_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/dns/v1/zones/example.com",
+ servermock.ResponseFromFixture("error_401.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ _, err := client.GetDNSRecords(t.Context(), "example.com")
+
+ require.EqualError(t, err, "26a91bd9-f8c8-4a83-9df9-83e23d696fe3: Unauthenticated")
+}
+
+func TestClient_UpdateDNSRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("PUT /api/dns/v1/zones/example.com",
+ servermock.ResponseFromFixture("update_dns_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("update_dns_records-request.json")).
+ Build(t)
+
+ zone := ZoneRequest{
+ Overwrite: false,
+ Zone: []RecordSet{
+ {
+ Name: "_acme-challenge",
+ Records: []Record{
+ {Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"},
+ },
+ TTL: 120,
+ Type: "TXT",
+ },
+ },
+ }
+
+ err := client.UpdateDNSRecords(t.Context(), "example.com", zone)
+ require.NoError(t, err)
+}
+
+func TestClient_UpdateDNSRecords_error(t *testing.T) {
+ client := mockBuilder().
+ Route("PUT /api/dns/v1/zones/example.com",
+ servermock.ResponseFromFixture("error_422.json").
+ WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ zone := ZoneRequest{
+ Zone: []RecordSet{{
+ Name: "_acme-challenge",
+ Records: []Record{{
+ Content: "aaa",
+ }},
+ TTL: 14400,
+ Type: "TXT",
+ }},
+ }
+
+ err := client.UpdateDNSRecords(t.Context(), "example.com", zone)
+
+ require.EqualError(t, err, "26a91bd9-f8c8-4a83-9df9-83e23d696fe3: The name field is required. (and 1 more error): field_1: The field_1 field is required., The field_1 must be a number.")
+}
+
+func TestClient_DeleteDNSRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /api/dns/v1/zones/example.com",
+ servermock.ResponseFromFixture("delete_dns_records.json"),
+ servermock.CheckRequestJSONBody(`{"filters":[{"name":"_acme-challenge","type":"TXT"}]}`)).
+ Build(t)
+
+ filters := []Filter{{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ }}
+
+ err := client.DeleteDNSRecords(t.Context(), "example.com", filters)
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteDNSRecords_error(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /api/dns/v1/zones/example.com",
+ servermock.ResponseFromFixture("error_401.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ filters := []Filter{{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ }}
+
+ err := client.DeleteDNSRecords(t.Context(), "example.com", filters)
+
+ require.EqualError(t, err, "26a91bd9-f8c8-4a83-9df9-83e23d696fe3: Unauthenticated")
+}
diff --git a/providers/dns/hostinger/internal/fixtures/delete_dns_records.json b/providers/dns/hostinger/internal/fixtures/delete_dns_records.json
new file mode 100644
index 000000000..11d2582b4
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/delete_dns_records.json
@@ -0,0 +1,3 @@
+{
+ "message": "Request accepted"
+}
diff --git a/providers/dns/hostinger/internal/fixtures/error_401.json b/providers/dns/hostinger/internal/fixtures/error_401.json
new file mode 100644
index 000000000..1b7381ff6
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/error_401.json
@@ -0,0 +1,4 @@
+{
+ "message": "Unauthenticated",
+ "correlation_id": "26a91bd9-f8c8-4a83-9df9-83e23d696fe3"
+}
diff --git a/providers/dns/hostinger/internal/fixtures/error_422.json b/providers/dns/hostinger/internal/fixtures/error_422.json
new file mode 100644
index 000000000..6ec286823
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/error_422.json
@@ -0,0 +1,10 @@
+{
+ "message": "The name field is required. (and 1 more error)",
+ "errors": {
+ "field_1": [
+ "The field_1 field is required.",
+ "The field_1 must be a number."
+ ]
+ },
+ "correlation_id": "26a91bd9-f8c8-4a83-9df9-83e23d696fe3"
+}
diff --git a/providers/dns/hostinger/internal/fixtures/get_dns_records.json b/providers/dns/hostinger/internal/fixtures/get_dns_records.json
new file mode 100644
index 000000000..e51edd4dc
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/get_dns_records.json
@@ -0,0 +1,24 @@
+[
+ {
+ "name": "_acme-challenge",
+ "records": [
+ {
+ "content": "aaa",
+ "is_disabled": false
+ }
+ ],
+ "ttl": 14400,
+ "type": "TXT"
+ },
+ {
+ "name": "_acme-challenge",
+ "records": [
+ {
+ "content": "example.com.",
+ "is_disabled": false
+ }
+ ],
+ "ttl": 14400,
+ "type": "A"
+ }
+]
diff --git a/providers/dns/hostinger/internal/fixtures/get_dns_records_acme.json b/providers/dns/hostinger/internal/fixtures/get_dns_records_acme.json
new file mode 100644
index 000000000..99a574514
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/get_dns_records_acme.json
@@ -0,0 +1,27 @@
+[
+ {
+ "name": "_acme-challenge",
+ "records": [
+ {
+ "content": "aaa",
+ "is_disabled": false
+ },
+ {
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ }
+ ],
+ "ttl": 14400,
+ "type": "TXT"
+ },
+ {
+ "name": "_acme-challenge",
+ "records": [
+ {
+ "content": "example.com.",
+ "is_disabled": false
+ }
+ ],
+ "ttl": 14400,
+ "type": "A"
+ }
+]
diff --git a/providers/dns/hostinger/internal/fixtures/get_dns_records_empty.json b/providers/dns/hostinger/internal/fixtures/get_dns_records_empty.json
new file mode 100644
index 000000000..9989a3fc4
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/get_dns_records_empty.json
@@ -0,0 +1,23 @@
+[
+ {
+ "name": "_acme-challenge",
+ "records": [
+ {
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ }
+ ],
+ "ttl": 14400,
+ "type": "TXT"
+ },
+ {
+ "name": "_acme-challenge",
+ "records": [
+ {
+ "content": "example.com.",
+ "is_disabled": false
+ }
+ ],
+ "ttl": 14400,
+ "type": "A"
+ }
+]
diff --git a/providers/dns/hostinger/internal/fixtures/update_dns_records-request.json b/providers/dns/hostinger/internal/fixtures/update_dns_records-request.json
new file mode 100644
index 000000000..6f287b3fc
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/update_dns_records-request.json
@@ -0,0 +1,15 @@
+{
+ "overwrite": false,
+ "zone": [
+ {
+ "name": "_acme-challenge",
+ "records": [
+ {
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ }
+ ],
+ "ttl": 120,
+ "type": "TXT"
+ }
+ ]
+}
diff --git a/providers/dns/hostinger/internal/fixtures/update_dns_records.json b/providers/dns/hostinger/internal/fixtures/update_dns_records.json
new file mode 100644
index 000000000..11d2582b4
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/update_dns_records.json
@@ -0,0 +1,3 @@
+{
+ "message": "Request accepted"
+}
diff --git a/providers/dns/hostinger/internal/fixtures/update_dns_records_base-request.json b/providers/dns/hostinger/internal/fixtures/update_dns_records_base-request.json
new file mode 100644
index 000000000..c42ddc6d7
--- /dev/null
+++ b/providers/dns/hostinger/internal/fixtures/update_dns_records_base-request.json
@@ -0,0 +1,15 @@
+{
+ "overwrite": true,
+ "zone": [
+ {
+ "name": "_acme-challenge",
+ "records": [
+ {
+ "content": "aaa"
+ }
+ ],
+ "ttl": 14400,
+ "type": "TXT"
+ }
+ ]
+}
diff --git a/providers/dns/hostinger/internal/types.go b/providers/dns/hostinger/internal/types.go
new file mode 100644
index 000000000..c1a02ff8c
--- /dev/null
+++ b/providers/dns/hostinger/internal/types.go
@@ -0,0 +1,50 @@
+package internal
+
+import (
+ "fmt"
+ "strings"
+)
+
+type APIError struct {
+ Message string `json:"message,omitempty"`
+ Errors map[string][]string `json:"errors,omitempty"`
+ CorrelationID string `json:"correlation_id,omitempty"`
+}
+
+func (a *APIError) Error() string {
+ msg := new(strings.Builder)
+
+ _, _ = fmt.Fprintf(msg, "%s: %s", a.CorrelationID, a.Message)
+
+ for field, values := range a.Errors {
+ _, _ = fmt.Fprintf(msg, ": %s: %s", field, strings.Join(values, ", "))
+ }
+
+ return msg.String()
+}
+
+type ZoneRequest struct {
+ Overwrite bool `json:"overwrite"`
+ Zone []RecordSet `json:"zone,omitempty"`
+}
+
+type RecordSet struct {
+ Name string `json:"name,omitempty"`
+ Records []Record `json:"records,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Type string `json:"type,omitempty"`
+}
+
+type Record struct {
+ Content string `json:"content,omitempty"`
+ IsDisabled bool `json:"is_disabled,omitempty"`
+}
+
+type Filters struct {
+ Filters []Filter `json:"filters"`
+}
+
+type Filter struct {
+ Name string `json:"name"`
+ Type string `json:"type"`
+}
diff --git a/providers/dns/hostingnl/hostingnl.go b/providers/dns/hostingnl/hostingnl.go
new file mode 100644
index 000000000..a49941817
--- /dev/null
+++ b/providers/dns/hostingnl/hostingnl.go
@@ -0,0 +1,168 @@
+// Package hostingnl implements a DNS provider for solving the DNS-01 challenge using hosting.nl.
+package hostingnl
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/hostingnl/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "HOSTINGNL_"
+
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+ HTTPClient *http.Client
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 10*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordIDs map[string]string
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for hosting.nl.
+// Credentials must be passed in the environment variables:
+// HOSTINGNL_APIKEY.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("hostingnl: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for hosting.nl.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("hostingnl: the configuration of the DNS provider is nil")
+ }
+
+ if config.APIKey == "" {
+ return nil, errors.New("hostingnl: APIKey is missing")
+ }
+
+ client := internal.NewClient(config.APIKey)
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]string),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("hostingnl: could not find zone for domain %q: %w", domain, err)
+ }
+
+ record := internal.Record{
+ Name: dns01.UnFqdn(info.EffectiveFQDN),
+ Type: "TXT",
+ Content: strconv.Quote(info.Value),
+ TTL: d.config.TTL,
+ Priority: 0,
+ }
+
+ newRecord, err := d.client.AddRecord(context.Background(), dns01.UnFqdn(authZone), record)
+ if err != nil {
+ return fmt.Errorf("hostingnl: failed to create TXT record, fqdn=%s: %w", info.EffectiveFQDN, err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.recordIDs[token] = newRecord.ID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT records matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("hostingnl: could not find zone for domain %q: %w", domain, err)
+ }
+
+ // gets the record's unique ID
+ d.recordIDsMu.Lock()
+ recordID, ok := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("hostingnl: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ err = d.client.DeleteRecord(context.Background(), dns01.UnFqdn(authZone), recordID)
+ if err != nil {
+ return fmt.Errorf("hostingnl: failed to delete TXT record, id=%s: %w", recordID, err)
+ }
+
+ // deletes record ID from map
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/hostingnl/hostingnl.toml b/providers/dns/hostingnl/hostingnl.toml
new file mode 100644
index 000000000..943264ed3
--- /dev/null
+++ b/providers/dns/hostingnl/hostingnl.toml
@@ -0,0 +1,22 @@
+Name = "Hosting.nl"
+Description = ''''''
+URL = "https://hosting.nl"
+Code = "hostingnl"
+Since = "v4.30.0"
+
+Example = '''
+HOSTINGNL_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --dns hostingnl -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ HOSTINGNL_API_KEY = "The API key"
+ [Configuration.Additional]
+ HOSTINGNL_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ HOSTINGNL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
+ HOSTINGNL_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ HOSTINGNL_HTTP_TIMEOUT = "API request timeout in seconds (Default: 10)"
+
+[Links]
+ API = "https://api.hosting.nl/api/documentation"
diff --git a/providers/dns/hostingnl/hostingnl_test.go b/providers/dns/hostingnl/hostingnl_test.go
new file mode 100644
index 000000000..cef754c7c
--- /dev/null
+++ b/providers/dns/hostingnl/hostingnl_test.go
@@ -0,0 +1,167 @@
+package hostingnl
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIKey: "key",
+ },
+ },
+ {
+ desc: "missing API key",
+ envVars: map[string]string{},
+ expected: "hostingnl: some credentials information are missing: HOSTINGNL_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "key",
+ },
+ {
+ desc: "missing API key",
+ expected: "hostingnl: APIKey is missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIKey = "secret"
+ config.HTTPClient = server.Client()
+
+ provider, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ provider.client.BaseURL, _ = url.Parse(server.URL)
+
+ return provider, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With("API-TOKEN", "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /domains/example.com/dns",
+ servermock.ResponseFromInternal("add_record.json"),
+ servermock.CheckQueryParameter().Strict(),
+ servermock.CheckRequestJSONBodyFromInternal("add_record-request.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /domains/example.com/dns",
+ servermock.ResponseFromInternal("delete_record.json"),
+ servermock.CheckQueryParameter().Strict(),
+ servermock.CheckRequestJSONBodyFromInternal("delete_record-request.json")).
+ Build(t)
+
+ provider.recordIDs["abc"] = "12345"
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/hostingnl/internal/client.go b/providers/dns/hostingnl/internal/client.go
new file mode 100644
index 000000000..f2d7b5346
--- /dev/null
+++ b/providers/dns/hostingnl/internal/client.go
@@ -0,0 +1,144 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+const defaultBaseURL = "https://api.hosting.nl"
+
+type Client struct {
+ apiKey string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+func NewClient(apiKey string) *Client {
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ apiKey: apiKey,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 5 * time.Second},
+ }
+}
+
+func (c Client) AddRecord(ctx context.Context, domain string, record Record) (*Record, error) {
+ endpoint := c.BaseURL.JoinPath("domains", domain, "dns")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, []Record{record})
+ if err != nil {
+ return nil, err
+ }
+
+ var result APIResponse[Record]
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(result.Data) != 1 {
+ return nil, fmt.Errorf("unexpected response data: %v", result.Data)
+ }
+
+ return &result.Data[0], nil
+}
+
+func (c Client) DeleteRecord(ctx context.Context, domain, recordID string) error {
+ endpoint := c.BaseURL.JoinPath("domains", domain, "dns")
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, []Record{{ID: recordID}})
+ if err != nil {
+ return err
+ }
+
+ var result APIResponse[Record]
+
+ err = c.do(req, &result)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (c Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Set("API-TOKEN", c.apiKey)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode != http.StatusOK {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var apiErr APIError
+
+ err := json.Unmarshal(raw, &apiErr)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return fmt.Errorf("[status code: %d] %w", resp.StatusCode, apiErr)
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
diff --git a/providers/dns/hostingnl/internal/client_test.go b/providers/dns/hostingnl/internal/client_test.go
new file mode 100644
index 000000000..efdb98980
--- /dev/null
+++ b/providers/dns/hostingnl/internal/client_test.go
@@ -0,0 +1,92 @@
+package internal
+
+import (
+ "context"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "strconv"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*Client, error) {
+ client := NewClient("secret")
+ client.HTTPClient = server.Client()
+ client.BaseURL, _ = url.Parse(server.URL)
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With("API-TOKEN", "secret"),
+ )
+}
+
+func TestClient_AddRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/example.com/dns",
+ servermock.ResponseFromFixture("add_record.json"),
+ servermock.CheckQueryParameter().Strict(),
+ servermock.CheckRequestJSONBodyFromFixture("add_record-request.json")).
+ Build(t)
+
+ record := Record{
+ Name: "_acme-challenge.example.com",
+ Type: "TXT",
+ Content: strconv.Quote("ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"),
+ TTL: 120,
+ }
+
+ newRecord, err := client.AddRecord(context.Background(), "example.com", record)
+ require.NoError(t, err)
+
+ expected := &Record{
+ ID: "12345",
+ Name: "_acme-challenge.example.com",
+ Type: "TXT",
+ Content: strconv.Quote("ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"),
+ TTL: 120,
+ }
+
+ assert.Equal(t, expected, newRecord)
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /domains/example.com/dns",
+ servermock.ResponseFromFixture("delete_record.json"),
+ servermock.CheckQueryParameter().Strict(),
+ servermock.CheckRequestJSONBodyFromFixture("delete_record-request.json")).
+ Build(t)
+
+ err := client.DeleteRecord(context.Background(), "example.com", "12345")
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /domains/example.com/dns",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ err := client.DeleteRecord(context.Background(), "example.com", "12345")
+ require.EqualError(t, err, "[status code: 401] Something went wrong")
+}
+
+func TestClient_DeleteRecord_error_other(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /domains/example.com/dns",
+ servermock.ResponseFromFixture("error_other.json").
+ WithStatusCode(http.StatusNotFound)).
+ Build(t)
+
+ err := client.DeleteRecord(context.Background(), "example.com", "12345")
+ require.EqualError(t, err, "[status code: 404] Resource not found")
+}
diff --git a/providers/dns/hostingnl/internal/fixtures/add_record-request.json b/providers/dns/hostingnl/internal/fixtures/add_record-request.json
new file mode 100644
index 000000000..6b68ec3c6
--- /dev/null
+++ b/providers/dns/hostingnl/internal/fixtures/add_record-request.json
@@ -0,0 +1,8 @@
+[
+ {
+ "name": "_acme-challenge.example.com",
+ "type": "TXT",
+ "content": "\"ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY\"",
+ "ttl": 120
+ }
+]
diff --git a/providers/dns/hostingnl/internal/fixtures/add_record.json b/providers/dns/hostingnl/internal/fixtures/add_record.json
new file mode 100644
index 000000000..a822a4f8d
--- /dev/null
+++ b/providers/dns/hostingnl/internal/fixtures/add_record.json
@@ -0,0 +1,13 @@
+{
+ "success": true,
+ "data": [
+ {
+ "id": "12345",
+ "type": "TXT",
+ "content": "\"ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY\"",
+ "name": "_acme-challenge.example.com",
+ "prio": 0,
+ "ttl": 120
+ }
+ ]
+}
diff --git a/providers/dns/hostingnl/internal/fixtures/delete_record-request.json b/providers/dns/hostingnl/internal/fixtures/delete_record-request.json
new file mode 100644
index 000000000..cfc26d2b9
--- /dev/null
+++ b/providers/dns/hostingnl/internal/fixtures/delete_record-request.json
@@ -0,0 +1,5 @@
+[
+ {
+ "id": "12345"
+ }
+]
diff --git a/providers/dns/hostingnl/internal/fixtures/delete_record.json b/providers/dns/hostingnl/internal/fixtures/delete_record.json
new file mode 100644
index 000000000..c041c1f6d
--- /dev/null
+++ b/providers/dns/hostingnl/internal/fixtures/delete_record.json
@@ -0,0 +1,8 @@
+{
+ "success": true,
+ "data": [
+ {
+ "id": "12345"
+ }
+ ]
+}
diff --git a/providers/dns/hostingnl/internal/fixtures/error.json b/providers/dns/hostingnl/internal/fixtures/error.json
new file mode 100644
index 000000000..170587246
--- /dev/null
+++ b/providers/dns/hostingnl/internal/fixtures/error.json
@@ -0,0 +1,5 @@
+{
+ "errors": {
+ "message": "Something went wrong"
+ }
+}
diff --git a/providers/dns/hostingnl/internal/fixtures/error_other.json b/providers/dns/hostingnl/internal/fixtures/error_other.json
new file mode 100644
index 000000000..ca7ecab28
--- /dev/null
+++ b/providers/dns/hostingnl/internal/fixtures/error_other.json
@@ -0,0 +1,3 @@
+{
+ "error": "Resource not found"
+}
diff --git a/providers/dns/hostingnl/internal/types.go b/providers/dns/hostingnl/internal/types.go
new file mode 100644
index 000000000..f324665fe
--- /dev/null
+++ b/providers/dns/hostingnl/internal/types.go
@@ -0,0 +1,36 @@
+package internal
+
+type Record struct {
+ ID string `json:"id,omitempty"`
+ Name string `json:"name,omitempty"`
+ Type string `json:"type,omitempty"`
+ Content string `json:"content,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Priority int `json:"prio,omitempty"`
+}
+
+type APIResponse[T any] struct {
+ Success bool `json:"success"`
+ Data []T `json:"data"`
+}
+
+type APIError struct {
+ ErrorMsg string `json:"error"`
+ Errors Error `json:"errors"`
+}
+
+func (e APIError) Error() string {
+ if e.ErrorMsg != "" {
+ return e.ErrorMsg
+ }
+
+ return e.Errors.Error()
+}
+
+type Error struct {
+ Message string `json:"message"`
+}
+
+func (e Error) Error() string {
+ return e.Message
+}
diff --git a/providers/dns/hosttech/hosttech.go b/providers/dns/hosttech/hosttech.go
index 22d3be7bd..73346f6cb 100644
--- a/providers/dns/hosttech/hosttech.go
+++ b/providers/dns/hosttech/hosttech.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/hosttech/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -84,7 +85,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("hosttech: missing credentials")
}
- client := internal.NewClient(internal.OAuthStaticAccessToken(config.HTTPClient, config.APIKey))
+ client := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.APIKey),
+ ),
+ )
return &DNSProvider{
config: config,
@@ -159,6 +164,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("hosttech: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
@@ -168,5 +174,9 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("hosttech: %w", err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/hosttech/hosttech.toml b/providers/dns/hosttech/hosttech.toml
index 5d7555499..52c01fd31 100644
--- a/providers/dns/hosttech/hosttech.toml
+++ b/providers/dns/hosttech/hosttech.toml
@@ -6,7 +6,7 @@ Since = "v4.5.0"
Example = '''
HOSTTECH_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns hosttech -d '*.example.com' -d example.com run
+lego --dns hosttech -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/hosttech/hosttech_test.go b/providers/dns/hosttech/hosttech_test.go
index 6f0d0bd3e..042b73353 100644
--- a/providers/dns/hosttech/hosttech_test.go
+++ b/providers/dns/hosttech/hosttech_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -92,6 +93,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -105,6 +107,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/hosttech/internal/client.go b/providers/dns/hosttech/internal/client.go
index 399b18d0e..557d54298 100644
--- a/providers/dns/hosttech/internal/client.go
+++ b/providers/dns/hosttech/internal/client.go
@@ -58,6 +58,7 @@ func (c *Client) GetZones(ctx context.Context, query string, limit, offset int)
}
result := apiResponse[[]Zone]{}
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -77,6 +78,7 @@ func (c *Client) GetZone(ctx context.Context, zoneID string) (*Zone, error) {
}
result := apiResponse[*Zone]{}
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -104,6 +106,7 @@ func (c *Client) GetRecords(ctx context.Context, zoneID, recordType string) ([]R
}
result := apiResponse[[]Record]{}
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -123,6 +126,7 @@ func (c *Client) AddRecord(ctx context.Context, zoneID string, record Record) (*
}
result := apiResponse[*Record]{}
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -202,6 +206,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errAPI := &APIError{StatusCode: resp.StatusCode}
+
err := json.Unmarshal(raw, errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/hosttech/internal/types.go b/providers/dns/hosttech/internal/types.go
index bf86964f7..a4b5b564d 100644
--- a/providers/dns/hosttech/internal/types.go
+++ b/providers/dns/hosttech/internal/types.go
@@ -2,6 +2,7 @@ package internal
import (
"fmt"
+ "strings"
)
type apiResponse[T any] struct {
@@ -15,11 +16,15 @@ type APIError struct {
}
func (a APIError) Error() string {
- msg := fmt.Sprintf("%d: %s", a.StatusCode, a.Message)
+ msg := new(strings.Builder)
+
+ _, _ = fmt.Fprintf(msg, "%d: %s", a.StatusCode, a.Message)
+
for k, v := range a.Errors {
- msg += fmt.Sprintf(" %s: %v", k, v)
+ _, _ = fmt.Fprintf(msg, " %s: %v", k, v)
}
- return msg
+
+ return msg.String()
}
type Zone struct {
diff --git a/providers/dns/httpnet/httpnet.go b/providers/dns/httpnet/httpnet.go
index 56bd92712..4a88f1092 100644
--- a/providers/dns/httpnet/httpnet.go
+++ b/providers/dns/httpnet/httpnet.go
@@ -2,12 +2,9 @@
package httpnet
import (
- "context"
"errors"
"fmt"
"net/http"
- "net/url"
- "sync"
"time"
"github.com/go-acme/lego/v4/challenge"
@@ -29,17 +26,12 @@ const (
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
+const defaultBaseURL = "https://partner.http.net/api/dns/v1/json"
+
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- APIKey string
- ZoneName string
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = hostingde.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
@@ -56,11 +48,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *hostingde.Client
-
- recordIDs map[string]string
- recordIDsMu sync.Mutex
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for http.net.
@@ -84,143 +72,36 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("httpnet: the configuration of the DNS provider is nil")
}
- if config.APIKey == "" {
- return nil, errors.New("httpnet: API key missing")
+ provider, err := hostingde.NewDNSProviderConfig(config, defaultBaseURL)
+ if err != nil {
+ return nil, fmt.Errorf("httpnet: %w", err)
}
- client := hostingde.NewClient(config.APIKey)
- client.BaseURL, _ = url.Parse(hostingde.DefaultHTTPNetBaseURL)
-
- return &DNSProvider{
- config: config,
- client: client,
- recordIDs: make(map[string]string),
- }, nil
+ return &DNSProvider{prv: provider}, nil
}
-// Timeout returns the timeout and interval to use when checking for DNS propagation.
-// Adjusting here to cope with spikes in propagation times.
-func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
-}
-
-// Present creates a TXT record to fulfill the dns-01 challenge.
+// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- zoneName, err := d.getZoneName(info.EffectiveFQDN)
- if err != nil {
- return fmt.Errorf("httpnet: could not find zone for domain %q: %w", domain, err)
- }
-
- ctx := context.Background()
-
- // get the ZoneConfig for that domain
- zonesFind := hostingde.ZoneConfigsFindRequest{
- Filter: hostingde.Filter{Field: "zoneName", Value: zoneName},
- Limit: 1,
- Page: 1,
- }
-
- zoneConfig, err := d.client.GetZone(ctx, zonesFind)
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("httpnet: %w", err)
}
- zoneConfig.Name = zoneName
-
- rec := []hostingde.DNSRecord{{
- Type: "TXT",
- Name: dns01.UnFqdn(info.EffectiveFQDN),
- Content: info.Value,
- TTL: d.config.TTL,
- }}
-
- req := hostingde.ZoneUpdateRequest{
- ZoneConfig: *zoneConfig,
- RecordsToAdd: rec,
- }
-
- response, err := d.client.UpdateZone(ctx, req)
- if err != nil {
- return fmt.Errorf("httpnet: %w", err)
- }
-
- for _, record := range response.Records {
- if record.Name == dns01.UnFqdn(info.EffectiveFQDN) && record.Content == fmt.Sprintf(`%q`, info.Value) {
- d.recordIDsMu.Lock()
- d.recordIDs[info.EffectiveFQDN] = record.ID
- d.recordIDsMu.Unlock()
- }
- }
-
- if d.recordIDs[info.EffectiveFQDN] == "" {
- return fmt.Errorf("httpnet: error getting ID of just created record, for domain %s", domain)
- }
-
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- zoneName, err := d.getZoneName(info.EffectiveFQDN)
- if err != nil {
- return fmt.Errorf("httpnet: could not find zone for domain %q: %w", domain, err)
- }
-
- ctx := context.Background()
-
- // get the ZoneConfig for that domain
- zonesFind := hostingde.ZoneConfigsFindRequest{
- Filter: hostingde.Filter{Field: "zoneName", Value: zoneName},
- Limit: 1,
- Page: 1,
- }
-
- zoneConfig, err := d.client.GetZone(ctx, zonesFind)
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("httpnet: %w", err)
}
- zoneConfig.Name = zoneName
- rec := []hostingde.DNSRecord{{
- Type: "TXT",
- Name: dns01.UnFqdn(info.EffectiveFQDN),
- Content: `"` + info.Value + `"`,
- }}
-
- req := hostingde.ZoneUpdateRequest{
- ZoneConfig: *zoneConfig,
- RecordsToDelete: rec,
- }
-
- // Delete record ID from map
- d.recordIDsMu.Lock()
- delete(d.recordIDs, info.EffectiveFQDN)
- d.recordIDsMu.Unlock()
-
- _, err = d.client.UpdateZone(ctx, req)
- if err != nil {
- return fmt.Errorf("httpnet: %w", err)
- }
return nil
}
-func (d *DNSProvider) getZoneName(fqdn string) (string, error) {
- if d.config.ZoneName != "" {
- return d.config.ZoneName, nil
- }
-
- zoneName, err := dns01.FindZoneByFqdn(fqdn)
- if err != nil {
- return "", fmt.Errorf("could not find zone for %s: %w", fqdn, err)
- }
-
- if zoneName == "" {
- return "", errors.New("empty zone name")
- }
-
- return dns01.UnFqdn(zoneName), nil
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
}
diff --git a/providers/dns/httpnet/httpnet.toml b/providers/dns/httpnet/httpnet.toml
index 204f5bc54..3dd581204 100644
--- a/providers/dns/httpnet/httpnet.toml
+++ b/providers/dns/httpnet/httpnet.toml
@@ -6,7 +6,7 @@ Since = "v4.15.0"
Example = '''
HTTPNET_API_KEY=xxxxxxxx \
-lego --email you@example.com --dns httpnet -d '*.example.com' -d example.com run
+lego --dns httpnet -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/httpnet/httpnet_test.go b/providers/dns/httpnet/httpnet_test.go
index a9bc527ad..ef1d2a1b7 100644
--- a/providers/dns/httpnet/httpnet_test.go
+++ b/providers/dns/httpnet/httpnet_test.go
@@ -49,6 +49,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -58,8 +59,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.recordIDs)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -101,8 +101,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.recordIDs)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -116,6 +115,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -129,6 +129,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/httpreq/httpreq.go b/providers/dns/httpreq/httpreq.go
index 8f8311e0a..591e9b5e1 100644
--- a/providers/dns/httpreq/httpreq.go
+++ b/providers/dns/httpreq/httpreq.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
)
@@ -88,6 +89,7 @@ func NewDNSProvider() (*DNSProvider, error) {
config.Username = env.GetOrFile(EnvUsername)
config.Password = env.GetOrFile(EnvPassword)
config.Endpoint = endpoint
+
return NewDNSProviderConfig(config)
}
@@ -101,6 +103,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("httpreq: the endpoint is missing")
}
+ config.HTTPClient = clientdebug.Wrap(config.HTTPClient)
+
return &DNSProvider{config: config}, nil
}
@@ -125,6 +129,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("httpreq: %w", err)
}
+
return nil
}
@@ -138,6 +143,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("httpreq: %w", err)
}
+
return nil
}
@@ -156,6 +162,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("httpreq: %w", err)
}
+
return nil
}
@@ -169,11 +176,13 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("httpreq: %w", err)
}
+
return nil
}
func (d *DNSProvider) doPost(ctx context.Context, uri string, msg any) error {
reqBody := new(bytes.Buffer)
+
err := json.NewEncoder(reqBody).Encode(msg)
if err != nil {
return fmt.Errorf("failed to create request JSON body: %w", err)
diff --git a/providers/dns/httpreq/httpreq.toml b/providers/dns/httpreq/httpreq.toml
index 6c3f8719b..d64d61a6c 100644
--- a/providers/dns/httpreq/httpreq.toml
+++ b/providers/dns/httpreq/httpreq.toml
@@ -6,7 +6,7 @@ Since = "v2.0.0"
Example = '''
HTTPREQ_ENDPOINT=http://my.server.com:9090 \
-lego --email you@example.com --dns httpreq -d '*.example.com' -d example.com run
+lego --dns httpreq -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/httpreq/httpreq_test.go b/providers/dns/httpreq/httpreq_test.go
index 038b21b1a..108d6a565 100644
--- a/providers/dns/httpreq/httpreq_test.go
+++ b/providers/dns/httpreq/httpreq_test.go
@@ -43,6 +43,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -227,6 +228,7 @@ func mockBuilder(mode string) *servermock.Builder[*DNSProvider] {
return servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
config.Endpoint, _ = url.Parse(server.URL)
config.Mode = mode
@@ -238,6 +240,7 @@ func mockBuilderWithPathPrefix(mode, prefix string) *servermock.Builder[*DNSProv
return servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
config.Endpoint, _ = url.Parse(server.URL + prefix)
config.Mode = mode
@@ -249,6 +252,7 @@ func mockBuilderWithBasicAuth(username, password string) *servermock.Builder[*DN
return servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
config.Endpoint, _ = url.Parse(server.URL)
config.Username = username
config.Password = password
@@ -263,5 +267,6 @@ func mustParse(rawURL string) *url.URL {
if err != nil {
panic(err)
}
+
return uri
}
diff --git a/providers/dns/huaweicloud/huaweicloud.go b/providers/dns/huaweicloud/huaweicloud.go
index 32f4d3446..e47f3e2b5 100644
--- a/providers/dns/huaweicloud/huaweicloud.go
+++ b/providers/dns/huaweicloud/huaweicloud.go
@@ -2,6 +2,7 @@
package huaweicloud
import (
+ "context"
"errors"
"fmt"
"strconv"
@@ -9,6 +10,7 @@ import (
"sync"
"time"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
@@ -148,19 +150,27 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
d.recordIDs[token] = recordSetID
d.recordIDsMu.Unlock()
- err = wait.For("record set sync on "+domain, d.config.PropagationTimeout, d.config.PollingInterval, func() (bool, error) {
- rs, errShow := d.client.ShowRecordSet(&hwmodel.ShowRecordSetRequest{
- ZoneId: zoneID,
- RecordsetId: recordSetID,
- })
- if errShow != nil {
- return false, fmt.Errorf("show record set: %w", errShow)
- }
+ err = wait.Retry(context.Background(),
+ func() error {
+ rs, errShow := d.client.ShowRecordSet(&hwmodel.ShowRecordSetRequest{
+ ZoneId: zoneID,
+ RecordsetId: recordSetID,
+ })
+ if errShow != nil {
+ return fmt.Errorf("show record set: %w", errShow)
+ }
- return !strings.HasSuffix(ptr.Deref(rs.Status), "PENDING_"), nil
- })
+ if !strings.HasSuffix(ptr.Deref(rs.Status), "PENDING_") {
+ return nil
+ }
+
+ return fmt.Errorf("status: %s", ptr.Deref(rs.Status))
+ },
+ backoff.WithBackOff(backoff.NewConstantBackOff(d.config.PollingInterval)),
+ backoff.WithMaxElapsedTime(d.config.PropagationTimeout),
+ )
if err != nil {
- return fmt.Errorf("huaweicloud: %w", err)
+ return fmt.Errorf("huaweicloud: record set sync on %s: %w", domain, err)
}
return nil
@@ -174,6 +184,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("huaweicloud: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
@@ -198,6 +209,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("huaweicloud: delete record: %w", err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/huaweicloud/huaweicloud.toml b/providers/dns/huaweicloud/huaweicloud.toml
index f7991dfae..e8d417c11 100644
--- a/providers/dns/huaweicloud/huaweicloud.toml
+++ b/providers/dns/huaweicloud/huaweicloud.toml
@@ -8,7 +8,7 @@ Example = '''
HUAWEICLOUD_ACCESS_KEY_ID=your-access-key-id \
HUAWEICLOUD_SECRET_ACCESS_KEY=your-secret-access-key \
HUAWEICLOUD_REGION=cn-south-1 \
-lego --email you@example.com --dns huaweicloud -d '*.example.com' -d example.com run
+lego --dns huaweicloud -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/huaweicloud/huaweicloud_test.go b/providers/dns/huaweicloud/huaweicloud_test.go
index 6787650ca..25e295da7 100644
--- a/providers/dns/huaweicloud/huaweicloud_test.go
+++ b/providers/dns/huaweicloud/huaweicloud_test.go
@@ -62,6 +62,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -140,6 +141,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -153,6 +155,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/hurricane/hurricane.go b/providers/dns/hurricane/hurricane.go
index 7ce646bc9..b23528bb0 100644
--- a/providers/dns/hurricane/hurricane.go
+++ b/providers/dns/hurricane/hurricane.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/hurricane/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -57,6 +58,7 @@ type DNSProvider struct {
// NewDNSProvider returns a DNSProvider instance configured for Hurricane Electric.
func NewDNSProvider() (*DNSProvider, error) {
config := NewDefaultConfig()
+
values, err := env.Get(EnvTokens)
if err != nil {
return nil, fmt.Errorf("hurricane: %w", err)
@@ -83,6 +85,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client := internal.NewClient(config.Credentials)
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/hurricane/hurricane.toml b/providers/dns/hurricane/hurricane.toml
index 033c73984..10b370e4f 100644
--- a/providers/dns/hurricane/hurricane.toml
+++ b/providers/dns/hurricane/hurricane.toml
@@ -6,10 +6,10 @@ Since = "v4.3.0"
Example = '''
HURRICANE_TOKENS=example.org:token \
-lego --email you@example.com --dns hurricane -d '*.example.com' -d example.com run
+lego --dns hurricane -d '*.example.com' -d example.com run
HURRICANE_TOKENS=my.example.org:token1,demo.example.org:token2 \
-lego --email you@example.com --dns hurricane -d my.example.org -d demo.example.org
+lego --dns hurricane -d my.example.org -d demo.example.org
'''
Additional = """
diff --git a/providers/dns/hurricane/hurricane_test.go b/providers/dns/hurricane/hurricane_test.go
index f8a1f185c..2bbd638fa 100644
--- a/providers/dns/hurricane/hurricane_test.go
+++ b/providers/dns/hurricane/hurricane_test.go
@@ -55,6 +55,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -120,6 +121,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -133,6 +135,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/hyperone/hyperone.go b/providers/dns/hyperone/hyperone.go
index 890f9f627..3cdad8e68 100644
--- a/providers/dns/hyperone/hyperone.go
+++ b/providers/dns/hyperone/hyperone.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/hyperone/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Environment variables names.
@@ -76,6 +77,7 @@ func NewDNSProvider() (*DNSProvider, error) {
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config.PassportLocation == "" {
var err error
+
config.PassportLocation, err = GetDefaultPassportLocation()
if err != nil {
return nil, fmt.Errorf("hyperone: %w", err)
@@ -96,6 +98,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{client: client, config: config}, nil
}
@@ -163,6 +167,7 @@ func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
if err != nil {
return fmt.Errorf("hyperone: %w", err)
}
+
if len(records) == 1 {
if records[0].Content != info.Value {
return fmt.Errorf("hyperone: record with content %s not found: fqdn=%s", info.Value, info.EffectiveFQDN)
diff --git a/providers/dns/hyperone/hyperone.toml b/providers/dns/hyperone/hyperone.toml
index 0f23976c4..88814356f 100644
--- a/providers/dns/hyperone/hyperone.toml
+++ b/providers/dns/hyperone/hyperone.toml
@@ -5,7 +5,7 @@ Code = "hyperone"
Since = "v3.9.0"
Example = '''
-lego --email you@example.com --dns hyperone -d '*.example.com' -d example.com run
+lego --dns hyperone -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/hyperone/hyperone_test.go b/providers/dns/hyperone/hyperone_test.go
index 1222d1c74..675a1fe19 100644
--- a/providers/dns/hyperone/hyperone_test.go
+++ b/providers/dns/hyperone/hyperone_test.go
@@ -49,6 +49,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -124,6 +125,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -137,6 +139,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/hyperone/internal/passport.go b/providers/dns/hyperone/internal/passport.go
index b63236c3b..d1503d893 100644
--- a/providers/dns/hyperone/internal/passport.go
+++ b/providers/dns/hyperone/internal/passport.go
@@ -25,6 +25,7 @@ func LoadPassportFile(location string) (*Passport, error) {
defer func() { _ = file.Close() }()
var passport Passport
+
err = json.NewDecoder(file).Decode(&passport)
if err != nil {
return nil, fmt.Errorf("failed to parse passport file: %w", err)
diff --git a/providers/dns/hyperone/internal/token_test.go b/providers/dns/hyperone/internal/token_test.go
index 315d0896f..34b4cc573 100644
--- a/providers/dns/hyperone/internal/token_test.go
+++ b/providers/dns/hyperone/internal/token_test.go
@@ -38,6 +38,7 @@ func TestPayload_buildToken(t *testing.T) {
require.NoError(t, err)
var headerStruct Header
+
err = json.Unmarshal(headerString, &headerStruct)
require.NoError(t, err)
@@ -45,6 +46,7 @@ func TestPayload_buildToken(t *testing.T) {
require.NoError(t, err)
var payloadStruct Payload
+
err = json.Unmarshal(payloadString, &payloadStruct)
require.NoError(t, err)
diff --git a/providers/dns/ibmcloud/ibmcloud.toml b/providers/dns/ibmcloud/ibmcloud.toml
index 090c010c9..01088f09b 100644
--- a/providers/dns/ibmcloud/ibmcloud.toml
+++ b/providers/dns/ibmcloud/ibmcloud.toml
@@ -7,12 +7,12 @@ Since = "v4.5.0"
Example = '''
SOFTLAYER_USERNAME=xxxxx \
SOFTLAYER_API_KEY=yyyyy \
-lego --email you@example.com --dns ibmcloud -d '*.example.com' -d example.com run
+lego --dns ibmcloud -d '*.example.com' -d example.com run
'''
[Configuration]
[Configuration.Credentials]
- SOFTLAYER_USERNAME = "Username (IBM Cloud is _)"
+ SOFTLAYER_USERNAME = "Username (IBM Cloud is {accountID}_{emailAddress})"
SOFTLAYER_API_KEY = "Classic Infrastructure API key"
[Configuration.Additional]
SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
diff --git a/providers/dns/ibmcloud/ibmcloud_test.go b/providers/dns/ibmcloud/ibmcloud_test.go
index a000e3e59..6ca7cd81b 100644
--- a/providers/dns/ibmcloud/ibmcloud_test.go
+++ b/providers/dns/ibmcloud/ibmcloud_test.go
@@ -55,6 +55,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -127,6 +128,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -140,6 +142,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/iij/iij.go b/providers/dns/iij/iij.go
index 6bc7db21a..1d098bde2 100644
--- a/providers/dns/iij/iij.go
+++ b/providers/dns/iij/iij.go
@@ -98,6 +98,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("iij: %w", err)
}
+
return nil
}
@@ -110,6 +111,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("iij: %w", err)
}
+
return nil
}
diff --git a/providers/dns/iij/iij.toml b/providers/dns/iij/iij.toml
index 8dbf5ba1a..95355200a 100644
--- a/providers/dns/iij/iij.toml
+++ b/providers/dns/iij/iij.toml
@@ -8,7 +8,7 @@ Example = '''
IIJ_API_ACCESS_KEY=xxxxxxxx \
IIJ_API_SECRET_KEY=yyyyyy \
IIJ_DO_SERVICE_CODE=zzzzzz \
-lego --email you@example.com --dns iij -d '*.example.com' -d example.com run
+lego --dns iij -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/iij/iij_test.go b/providers/dns/iij/iij_test.go
index 2c7ec4217..bd8140532 100644
--- a/providers/dns/iij/iij_test.go
+++ b/providers/dns/iij/iij_test.go
@@ -71,6 +71,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -238,6 +239,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -251,6 +253,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/iijdpf/iijdpf.toml b/providers/dns/iijdpf/iijdpf.toml
index 4aaa9ca37..650285f95 100644
--- a/providers/dns/iijdpf/iijdpf.toml
+++ b/providers/dns/iijdpf/iijdpf.toml
@@ -7,7 +7,7 @@ Since = "v4.7.0"
Example = '''
IIJ_DPF_API_TOKEN=xxxxxxxx \
IIJ_DPF_DPM_SERVICE_CODE=yyyyyy \
-lego --email you@example.com --dns iijdpf -d '*.example.com' -d example.com run
+lego --dns iijdpf -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/iijdpf/iijdpf_test.go b/providers/dns/iijdpf/iijdpf_test.go
index a4fa8b8f6..fbcf3e1f5 100644
--- a/providers/dns/iijdpf/iijdpf_test.go
+++ b/providers/dns/iijdpf/iijdpf_test.go
@@ -43,6 +43,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -115,6 +116,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -128,6 +130,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/iijdpf/wrapper.go b/providers/dns/iijdpf/wrapper.go
index 12b09a30c..0ab26cdcd 100644
--- a/providers/dns/iijdpf/wrapper.go
+++ b/providers/dns/iijdpf/wrapper.go
@@ -51,6 +51,7 @@ func (d *DNSProvider) deleteTxtRecord(ctx context.Context, zoneID, fqdn, rdata s
// empty target rrset
return nil
}
+
return err
}
@@ -66,11 +67,13 @@ func (d *DNSProvider) deleteTxtRecord(ctx context.Context, zoneID, fqdn, rdata s
// delete rdata
rdataSlice := dpfzones.RecordRDATASlice{}
+
for _, v := range r.RData {
if v.Value != rdata {
rdataSlice = append(rdataSlice, v)
}
}
+
r.RData = rdataSlice
_, _, err = dpfapiutils.SyncUpdate(ctx, d.client, r, nil)
diff --git a/providers/dns/infoblox/infoblox.go b/providers/dns/infoblox/infoblox.go
index 37e119e85..054f13679 100644
--- a/providers/dns/infoblox/infoblox.go
+++ b/providers/dns/infoblox/infoblox.go
@@ -198,6 +198,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordRefsMu.Lock()
recordRef, ok := d.recordRefs[token]
d.recordRefsMu.Unlock()
+
if !ok {
return fmt.Errorf("infoblox: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
diff --git a/providers/dns/infoblox/infoblox.toml b/providers/dns/infoblox/infoblox.toml
index 3c2632042..0e6972d3a 100644
--- a/providers/dns/infoblox/infoblox.toml
+++ b/providers/dns/infoblox/infoblox.toml
@@ -8,7 +8,7 @@ Example = '''
INFOBLOX_USERNAME=api-user-529 \
INFOBLOX_PASSWORD=b9841238feb177a84330febba8a83208921177bffe733 \
INFOBLOX_HOST=infoblox.example.org
-lego --email you@example.com --dns infoblox -d '*.example.com' -d example.com run
+lego --dns infoblox -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/infoblox/infoblox_test.go b/providers/dns/infoblox/infoblox_test.go
index 45434e0e3..68158cb0d 100644
--- a/providers/dns/infoblox/infoblox_test.go
+++ b/providers/dns/infoblox/infoblox_test.go
@@ -68,6 +68,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -149,6 +150,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -162,6 +164,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/infomaniak/infomaniak.go b/providers/dns/infomaniak/infomaniak.go
index 79c6f577e..9b8b53590 100644
--- a/providers/dns/infomaniak/infomaniak.go
+++ b/providers/dns/infomaniak/infomaniak.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/infomaniak/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
)
// Infomaniak API reference: https://api.infomaniak.com/doc
@@ -96,7 +97,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("infomaniak: missing access token")
}
- client, err := internal.New(internal.OAuthStaticAccessToken(config.HTTPClient, config.AccessToken), config.APIEndpoint)
+ client, err := internal.New(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.AccessToken),
+ ),
+ config.APIEndpoint)
if err != nil {
return nil, fmt.Errorf("infomaniak: %w", err)
}
diff --git a/providers/dns/infomaniak/infomaniak.toml b/providers/dns/infomaniak/infomaniak.toml
index 283838053..d924e3a26 100644
--- a/providers/dns/infomaniak/infomaniak.toml
+++ b/providers/dns/infomaniak/infomaniak.toml
@@ -6,7 +6,7 @@ Since = "v4.1.0"
Example = '''
INFOMANIAK_ACCESS_TOKEN=1234567898765432 \
-lego --email you@example.com --dns infomaniak -d '*.example.com' -d example.com run
+lego --dns infomaniak -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/infomaniak/infomaniak_test.go b/providers/dns/infomaniak/infomaniak_test.go
index bc8fb7b58..980f3b959 100644
--- a/providers/dns/infomaniak/infomaniak_test.go
+++ b/providers/dns/infomaniak/infomaniak_test.go
@@ -39,6 +39,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -101,6 +102,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -114,6 +116,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/infomaniak/internal/client.go b/providers/dns/infomaniak/internal/client.go
index 886a8966f..40b56c707 100644
--- a/providers/dns/infomaniak/internal/client.go
+++ b/providers/dns/infomaniak/internal/client.go
@@ -50,6 +50,7 @@ func (c *Client) CreateDNSRecord(ctx context.Context, domain *DNSDomain, record
}
result := APIResponse[string]{}
+
err = c.do(req, &result)
if err != nil {
return "", err
@@ -112,6 +113,7 @@ func (c *Client) getDomainByName(ctx context.Context, name string) (*DNSDomain,
}
result := APIResponse[[]DNSDomain]{}
+
err = c.do(req, &result)
if err != nil {
return nil, err
diff --git a/providers/dns/internal/active24/client.go b/providers/dns/internal/active24/internal/client.go
similarity index 99%
rename from providers/dns/internal/active24/client.go
rename to providers/dns/internal/active24/internal/client.go
index 32ecc2186..69e94b367 100644
--- a/providers/dns/internal/active24/client.go
+++ b/providers/dns/internal/active24/internal/client.go
@@ -1,4 +1,4 @@
-package active24
+package internal
import (
"bytes"
@@ -55,6 +55,7 @@ func (c *Client) GetServices(ctx context.Context) ([]Service, error) {
}
var result OldAPIResponse
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -82,6 +83,7 @@ func (c *Client) GetRecords(ctx context.Context, service string, filter RecordFi
}
var result APIResponse
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -180,6 +182,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
@@ -198,6 +201,7 @@ func (c *Client) sign(req *http.Request, now time.Time) error {
canonicalRequest := fmt.Sprintf("%s %s %d", req.Method, req.URL.Path, now.Unix())
mac := hmac.New(sha1.New, []byte(c.secret))
+
_, err := mac.Write([]byte(canonicalRequest))
if err != nil {
return err
diff --git a/providers/dns/internal/active24/client_test.go b/providers/dns/internal/active24/internal/client_test.go
similarity index 99%
rename from providers/dns/internal/active24/client_test.go
rename to providers/dns/internal/active24/internal/client_test.go
index ad2a8126b..f62f78785 100644
--- a/providers/dns/internal/active24/client_test.go
+++ b/providers/dns/internal/active24/internal/client_test.go
@@ -1,4 +1,4 @@
-package active24
+package internal
import (
"net/http"
diff --git a/providers/dns/internal/active24/fixtures/error_403.json b/providers/dns/internal/active24/internal/fixtures/error_403.json
similarity index 100%
rename from providers/dns/internal/active24/fixtures/error_403.json
rename to providers/dns/internal/active24/internal/fixtures/error_403.json
diff --git a/providers/dns/internal/active24/fixtures/error_422.json b/providers/dns/internal/active24/internal/fixtures/error_422.json
similarity index 100%
rename from providers/dns/internal/active24/fixtures/error_422.json
rename to providers/dns/internal/active24/internal/fixtures/error_422.json
diff --git a/providers/dns/internal/active24/fixtures/error_v1.json b/providers/dns/internal/active24/internal/fixtures/error_v1.json
similarity index 100%
rename from providers/dns/internal/active24/fixtures/error_v1.json
rename to providers/dns/internal/active24/internal/fixtures/error_v1.json
diff --git a/providers/dns/internal/active24/fixtures/records.json b/providers/dns/internal/active24/internal/fixtures/records.json
similarity index 100%
rename from providers/dns/internal/active24/fixtures/records.json
rename to providers/dns/internal/active24/internal/fixtures/records.json
diff --git a/providers/dns/internal/active24/fixtures/services.json b/providers/dns/internal/active24/internal/fixtures/services.json
similarity index 100%
rename from providers/dns/internal/active24/fixtures/services.json
rename to providers/dns/internal/active24/internal/fixtures/services.json
diff --git a/providers/dns/internal/active24/types.go b/providers/dns/internal/active24/internal/types.go
similarity index 99%
rename from providers/dns/internal/active24/types.go
rename to providers/dns/internal/active24/internal/types.go
index b9a7ea427..ed8dfc9d3 100644
--- a/providers/dns/internal/active24/types.go
+++ b/providers/dns/internal/active24/internal/types.go
@@ -1,4 +1,4 @@
-package active24
+package internal
import "fmt"
diff --git a/providers/dns/internal/active24/provider.go b/providers/dns/internal/active24/provider.go
new file mode 100644
index 000000000..ae79b8b17
--- /dev/null
+++ b/providers/dns/internal/active24/provider.go
@@ -0,0 +1,179 @@
+// Package active24 implements a DNS provider for solving the DNS-01 challenge using Active24.
+package active24
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/active24/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+ Secret string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Active24.
+func NewDNSProviderConfig(config *Config, baseAPIDomain string) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(baseAPIDomain, config.APIKey, config.Secret)
+ if err != nil {
+ return nil, err
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return err
+ }
+
+ serviceID, err := d.findServiceID(ctx, dns01.UnFqdn(authZone))
+ if err != nil {
+ return fmt.Errorf("find service ID: %w", err)
+ }
+
+ record := internal.Record{
+ Type: "TXT",
+ Name: subDomain,
+ Content: info.Value,
+ TTL: d.config.TTL,
+ }
+
+ err = d.client.CreateRecord(ctx, strconv.Itoa(serviceID), record)
+ if err != nil {
+ return fmt.Errorf("create record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("could not find zone for domain %q: %w", domain, err)
+ }
+
+ serviceID, err := d.findServiceID(ctx, dns01.UnFqdn(authZone))
+ if err != nil {
+ return fmt.Errorf("find service ID: %w", err)
+ }
+
+ recordID, err := d.findRecordID(ctx, strconv.Itoa(serviceID), info)
+ if err != nil {
+ return fmt.Errorf("find record ID: %w", err)
+ }
+
+ err = d.client.DeleteRecord(ctx, strconv.Itoa(serviceID), strconv.Itoa(recordID))
+ if err != nil {
+ return fmt.Errorf("delete record %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findServiceID(ctx context.Context, domain string) (int, error) {
+ services, err := d.client.GetServices(ctx)
+ if err != nil {
+ return 0, fmt.Errorf("get services: %w", err)
+ }
+
+ for _, service := range services {
+ if service.ServiceName != "domain" {
+ continue
+ }
+
+ if service.Name != domain {
+ continue
+ }
+
+ return service.ID, nil
+ }
+
+ return 0, fmt.Errorf("service not found for domain: %s", domain)
+}
+
+func (d *DNSProvider) findRecordID(ctx context.Context, serviceID string, info dns01.ChallengeInfo) (int, error) {
+ // NOTE(ldez): Despite the API documentation, the filter doesn't seem to work.
+ filter := internal.RecordFilter{
+ Name: dns01.UnFqdn(info.EffectiveFQDN),
+ Type: []string{"TXT"},
+ Content: info.Value,
+ }
+
+ records, err := d.client.GetRecords(ctx, serviceID, filter)
+ if err != nil {
+ return 0, fmt.Errorf("get records: %w", err)
+ }
+
+ for _, record := range records {
+ if record.Type != "TXT" {
+ continue
+ }
+
+ if record.Name != dns01.UnFqdn(info.EffectiveFQDN) {
+ continue
+ }
+
+ if record.Content != info.Value {
+ continue
+ }
+
+ return record.ID, nil
+ }
+
+ return 0, errors.New("no record found")
+}
diff --git a/providers/dns/internal/active24/provider_test.go b/providers/dns/internal/active24/provider_test.go
new file mode 100644
index 000000000..e2959fd6e
--- /dev/null
+++ b/providers/dns/internal/active24/provider_test.go
@@ -0,0 +1,57 @@
+package active24
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ secret string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "user",
+ secret: "secret",
+ },
+ {
+ desc: "missing API key",
+ apiKey: "",
+ secret: "secret",
+ expected: "credentials missing",
+ },
+ {
+ desc: "missing secret",
+ apiKey: "user",
+ secret: "",
+ expected: "credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := &Config{}
+ config.APIKey = test.apiKey
+ config.Secret = test.secret
+
+ p, err := NewDNSProviderConfig(config, "example.com")
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
diff --git a/providers/dns/internal/clientdebug/.gitattributes b/providers/dns/internal/clientdebug/.gitattributes
new file mode 100644
index 000000000..0ce5804f7
--- /dev/null
+++ b/providers/dns/internal/clientdebug/.gitattributes
@@ -0,0 +1 @@
+/testdata/** text eol=lf
diff --git a/providers/dns/internal/clientdebug/client.go b/providers/dns/internal/clientdebug/client.go
new file mode 100644
index 000000000..342577b93
--- /dev/null
+++ b/providers/dns/internal/clientdebug/client.go
@@ -0,0 +1,134 @@
+package clientdebug
+
+import (
+ "fmt"
+ "io"
+ "net/http"
+ "net/http/httputil"
+ "os"
+ "regexp"
+ "strconv"
+ "strings"
+
+ "github.com/go-acme/lego/v4/platform/config/env"
+)
+
+const replacement = "***"
+
+type Option func(*DumpTransport)
+
+func WithEnvKeys(keys ...string) Option {
+ return func(d *DumpTransport) {
+ for _, key := range keys {
+ v := strings.TrimSpace(env.GetOrFile(key))
+ if v == "" {
+ continue
+ }
+
+ d.replacements = append(d.replacements, v, replacement)
+ }
+ }
+}
+
+func WithValues(values ...string) Option {
+ return func(d *DumpTransport) {
+ for _, value := range values {
+ d.replacements = append(d.replacements, value, replacement)
+ }
+ }
+}
+
+func WithHeaders(keys ...string) Option {
+ return func(d *DumpTransport) {
+ d.regexps = append(d.regexps,
+ regexp.MustCompile(fmt.Sprintf(`(?im)^(%s):.+$`, strings.Join(keys, "|"))))
+ }
+}
+
+type DumpTransport struct {
+ rt http.RoundTripper
+
+ replacements []string
+ replacer *strings.Replacer
+
+ regexps []*regexp.Regexp
+
+ writer io.Writer
+}
+
+func NewDumpTransport(rt http.RoundTripper, opts ...Option) *DumpTransport {
+ if rt == nil {
+ rt = http.DefaultTransport
+ }
+
+ d := &DumpTransport{
+ rt: rt,
+ writer: os.Stdout,
+ }
+
+ for _, opt := range opts {
+ opt(d)
+ }
+
+ d.regexps = append(d.regexps,
+ regexp.MustCompile(`(?im)^(Authorization):.+$`),
+ regexp.MustCompile(`(?im)^(Token|X-Token):.+$`),
+ regexp.MustCompile(`(?im)^(Auth-Token|X-Auth-Token):.+$`),
+ regexp.MustCompile(`(?im)^(Api-Key|X-Api-Key|X-Api-Secret):.+$`),
+ )
+
+ if len(d.replacements) > 0 {
+ d.replacer = strings.NewReplacer(d.replacements...)
+ }
+
+ return d
+}
+
+func (d *DumpTransport) RoundTrip(h *http.Request) (*http.Response, error) {
+ data, _ := httputil.DumpRequestOut(h, true)
+
+ _, _ = fmt.Fprintln(d.writer, "[HTTP Request]")
+ _, _ = fmt.Fprintln(d.writer, d.redact(data))
+
+ resp, err := d.rt.RoundTrip(h)
+ if err != nil {
+ return nil, err
+ }
+
+ data, _ = httputil.DumpResponse(resp, true)
+
+ _, _ = fmt.Fprintln(d.writer, "[HTTP Response]")
+ _, _ = fmt.Fprintln(d.writer, d.redact(data))
+
+ return resp, err
+}
+
+func (d *DumpTransport) redact(content []byte) string {
+ data := string(content)
+
+ for _, r := range d.regexps {
+ data = r.ReplaceAllString(data, "$1: "+replacement)
+ }
+
+ if d.replacer == nil {
+ return data
+ }
+
+ return d.replacer.Replace(data)
+}
+
+// Wrap wraps an HTTP client Transport with the [DumpTransport].
+func Wrap(client *http.Client, opts ...Option) *http.Client {
+ val, found := os.LookupEnv("LEGO_DEBUG_DNS_API_HTTP_CLIENT")
+ if !found {
+ return client
+ }
+
+ if ok, _ := strconv.ParseBool(val); !ok {
+ return client
+ }
+
+ client.Transport = NewDumpTransport(client.Transport, opts...)
+
+ return client
+}
diff --git a/providers/dns/internal/clientdebug/client_test.go b/providers/dns/internal/clientdebug/client_test.go
new file mode 100644
index 000000000..3a0c4021a
--- /dev/null
+++ b/providers/dns/internal/clientdebug/client_test.go
@@ -0,0 +1,174 @@
+package clientdebug
+
+import (
+ "bytes"
+ "io"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "path/filepath"
+ "strings"
+ "testing"
+ "text/template"
+ "time"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestWrap_redact_env_vars(t *testing.T) {
+ t.Setenv("LEGO_DEBUG_DNS_API_HTTP_CLIENT", "true")
+
+ t.Setenv("MY_VAR_01", "env-aaaa-aaaa")
+ t.Setenv("MY_VAR_02", "query-aaaa-aaaa")
+ t.Setenv("MY_VAR_03", "path-aaaa-aaaa")
+ t.Setenv("MY_VAR_04", "request-body-aaaa-aaaa")
+ t.Setenv("MY_VAR_05", "request-header-aaaa-aaaa")
+ t.Setenv("MY_VAR_06", "response-body-aaaa-aaaa")
+
+ buf := bytes.NewBufferString("")
+
+ server, client, req := setupTest(t, buf,
+ WithEnvKeys("MY_VAR_01", "MY_VAR_02", "MY_VAR_03", "MY_VAR_04", "MY_VAR_05", "MY_VAR_06"),
+ )
+
+ now := time.Now()
+
+ resp, err := client.Transport.RoundTrip(req)
+ require.NoError(t, err)
+
+ assert.Equal(t, http.StatusOK, resp.StatusCode)
+
+ assertDump(t, now, server, buf, "env_vars.txt")
+}
+
+func TestWrap_redact_headers(t *testing.T) {
+ t.Setenv("LEGO_DEBUG_DNS_API_HTTP_CLIENT", "true")
+
+ buf := bytes.NewBufferString("")
+
+ server, client, req := setupTest(t, buf,
+ WithHeaders("Secret-Request-Header", "Super-Secret-Request-Header", "Secret-Response-Header"),
+ )
+
+ now := time.Now()
+
+ resp, err := client.Transport.RoundTrip(req)
+ require.NoError(t, err)
+
+ assert.Equal(t, http.StatusOK, resp.StatusCode)
+
+ assertDump(t, now, server, buf, "headers.txt")
+}
+
+func TestWrap_redact_values(t *testing.T) {
+ t.Setenv("LEGO_DEBUG_DNS_API_HTTP_CLIENT", "true")
+
+ buf := bytes.NewBufferString("")
+
+ server, client, req := setupTest(t, buf,
+ WithValues("query-aaaa-aaaa", "path-aaaa-aaaa", "request-body-aaaa-aaaa"),
+ )
+
+ now := time.Now()
+
+ resp, err := client.Transport.RoundTrip(req)
+ require.NoError(t, err)
+
+ assert.Equal(t, http.StatusOK, resp.StatusCode)
+
+ assertDump(t, now, server, buf, "values.txt")
+}
+
+func fakeRequest(t *testing.T, baseURL string) *http.Request {
+ t.Helper()
+
+ endpoint, err := url.Parse(baseURL)
+ require.NoError(t, err)
+
+ query := endpoint.Query()
+ query.Set("foo", "query-aaaa-aaaa")
+ endpoint.RawQuery = query.Encode()
+
+ endpoint = endpoint.JoinPath("path-aaaa-aaaa")
+
+ body := `{
+ "foo": "request-body-aaaa-aaaa"
+}
+`
+
+ req := httptest.NewRequest(http.MethodGet, endpoint.String(), bytes.NewBufferString(body))
+
+ req.Header.Set("X-Authorization", "not-redacted")
+
+ req.Header.Set("Secret-Request-Header", "request-header-aaaa-aaaa")
+ req.Header.Set("Super-Secret-Request-Header", "env-aaaa-aaaa")
+
+ req.Header.Set("Authorization", "header-aaaa-0000")
+ req.Header.Set("Token", "header-aaaa-0001")
+ req.Header.Set("X-Token", "header-aaaa-0002")
+ req.Header.Set("Auth-Token", "header-aaaa-0003")
+ req.Header.Set("X-Auth-Token", "header-aaaa-0004")
+ req.Header.Set("Api-Key", "header-aaaa-0006")
+ req.Header.Set("X-Api-Key", "header-aaaa-0007")
+ req.Header.Set("X-Api-Secret", "header-aaaa-0008")
+
+ req.SetBasicAuth("user", "secret")
+
+ return req
+}
+
+func fakeResponse() http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ w.Header().Set("Secret-Response-Header", "response-header-aaaa-aaaa")
+ _, _ = w.Write([]byte(`{
+ "bar": "response-body-aaaa-aaaa"
+}`,
+ ))
+ }
+}
+
+func withWriter(w io.Writer) Option {
+ return func(d *DumpTransport) {
+ if w != nil {
+ d.writer = w
+ }
+ }
+}
+
+func setupTest(t *testing.T, buf io.Writer, opts ...Option) (*httptest.Server, *http.Client, *http.Request) {
+ t.Helper()
+
+ server := httptest.NewServer(fakeResponse())
+
+ opts = append(opts, withWriter(buf))
+
+ client := Wrap(server.Client(), opts...)
+
+ req := fakeRequest(t, server.URL)
+
+ return server, client, req
+}
+
+func assertDump(t *testing.T, now time.Time, server *httptest.Server, actual *bytes.Buffer, filename string) {
+ t.Helper()
+
+ tmpl, err := template.New(filename).ParseFiles(filepath.Join("testdata", filename))
+ require.NoError(t, err)
+
+ expected := bytes.NewBufferString("")
+
+ location, err := time.LoadLocation("GMT")
+ require.NoError(t, err)
+
+ baseURL, err := url.Parse(server.URL)
+ require.NoError(t, err)
+
+ err = tmpl.Execute(expected, map[string]string{
+ "Host": baseURL.Host,
+ "Date": now.In(location).Format(time.RFC1123),
+ })
+ require.NoError(t, err)
+
+ assert.Equal(t, expected.String(), strings.ReplaceAll(actual.String(), "\r", ""))
+}
diff --git a/providers/dns/internal/clientdebug/testdata/env_vars.txt b/providers/dns/internal/clientdebug/testdata/env_vars.txt
new file mode 100644
index 000000000..a2697850e
--- /dev/null
+++ b/providers/dns/internal/clientdebug/testdata/env_vars.txt
@@ -0,0 +1,32 @@
+[HTTP Request]
+GET /***?foo=*** HTTP/1.1
+Host: {{ .Host }}
+User-Agent: Go-http-client/1.1
+Content-Length: 37
+Api-Key: ***
+Auth-Token: ***
+Authorization: ***
+Secret-Request-Header: ***
+Super-Secret-Request-Header: ***
+Token: ***
+X-Api-Key: ***
+X-Api-Secret: ***
+X-Auth-Token: ***
+X-Authorization: not-redacted
+X-Token: ***
+Accept-Encoding: gzip
+
+{
+ "foo": "***"
+}
+
+[HTTP Response]
+HTTP/1.1 200 OK
+Content-Length: 37
+Content-Type: text/plain; charset=utf-8
+Date: {{ .Date }}
+Secret-Response-Header: response-header-aaaa-aaaa
+
+{
+ "bar": "***"
+}
diff --git a/providers/dns/internal/clientdebug/testdata/headers.txt b/providers/dns/internal/clientdebug/testdata/headers.txt
new file mode 100644
index 000000000..fe803fb22
--- /dev/null
+++ b/providers/dns/internal/clientdebug/testdata/headers.txt
@@ -0,0 +1,32 @@
+[HTTP Request]
+GET /path-aaaa-aaaa?foo=query-aaaa-aaaa HTTP/1.1
+Host: {{ .Host }}
+User-Agent: Go-http-client/1.1
+Content-Length: 37
+Api-Key: ***
+Auth-Token: ***
+Authorization: ***
+Secret-Request-Header: ***
+Super-Secret-Request-Header: ***
+Token: ***
+X-Api-Key: ***
+X-Api-Secret: ***
+X-Auth-Token: ***
+X-Authorization: not-redacted
+X-Token: ***
+Accept-Encoding: gzip
+
+{
+ "foo": "request-body-aaaa-aaaa"
+}
+
+[HTTP Response]
+HTTP/1.1 200 OK
+Content-Length: 37
+Content-Type: text/plain; charset=utf-8
+Date: {{ .Date }}
+Secret-Response-Header: ***
+
+{
+ "bar": "response-body-aaaa-aaaa"
+}
diff --git a/providers/dns/internal/clientdebug/testdata/values.txt b/providers/dns/internal/clientdebug/testdata/values.txt
new file mode 100644
index 000000000..b40f51f14
--- /dev/null
+++ b/providers/dns/internal/clientdebug/testdata/values.txt
@@ -0,0 +1,32 @@
+[HTTP Request]
+GET /***?foo=*** HTTP/1.1
+Host: {{ .Host }}
+User-Agent: Go-http-client/1.1
+Content-Length: 37
+Api-Key: ***
+Auth-Token: ***
+Authorization: ***
+Secret-Request-Header: request-header-aaaa-aaaa
+Super-Secret-Request-Header: env-aaaa-aaaa
+Token: ***
+X-Api-Key: ***
+X-Api-Secret: ***
+X-Auth-Token: ***
+X-Authorization: not-redacted
+X-Token: ***
+Accept-Encoding: gzip
+
+{
+ "foo": "***"
+}
+
+[HTTP Response]
+HTTP/1.1 200 OK
+Content-Length: 37
+Content-Type: text/plain; charset=utf-8
+Date: {{ .Date }}
+Secret-Response-Header: response-header-aaaa-aaaa
+
+{
+ "bar": "response-body-aaaa-aaaa"
+}
diff --git a/providers/dns/gcore/internal/client.go b/providers/dns/internal/gcore/internal/client.go
similarity index 92%
rename from providers/dns/gcore/internal/client.go
rename to providers/dns/internal/gcore/internal/client.go
index b76da4388..f3ad4e461 100644
--- a/providers/dns/gcore/internal/client.go
+++ b/providers/dns/internal/gcore/internal/client.go
@@ -27,7 +27,7 @@ const txtRecordType = "TXT"
type Client struct {
token string
- baseURL *url.URL
+ BaseURL *url.URL
HTTPClient *http.Client
}
@@ -37,7 +37,7 @@ func NewClient(token string) *Client {
return &Client{
token: token,
- baseURL: baseURL,
+ BaseURL: baseURL,
HTTPClient: &http.Client{Timeout: 10 * time.Second},
}
}
@@ -45,9 +45,10 @@ func NewClient(token string) *Client {
// GetZone gets zone information.
// https://api.gcore.com/docs/dns#tag/zones/operation/Zone
func (c *Client) GetZone(ctx context.Context, name string) (Zone, error) {
- endpoint := c.baseURL.JoinPath("v2", "zones", name)
+ endpoint := c.BaseURL.JoinPath("v2", "zones", name)
zone := Zone{}
+
err := c.doRequest(ctx, http.MethodGet, endpoint, nil, &zone)
if err != nil {
return Zone{}, fmt.Errorf("get zone %s: %w", name, err)
@@ -59,9 +60,10 @@ func (c *Client) GetZone(ctx context.Context, name string) (Zone, error) {
// GetRRSet gets RRSet item.
// https://api.gcore.com/docs/dns#tag/rrsets/operation/RRSet
func (c *Client) GetRRSet(ctx context.Context, zone, name string) (RRSet, error) {
- endpoint := c.baseURL.JoinPath("v2", "zones", zone, name, txtRecordType)
+ endpoint := c.BaseURL.JoinPath("v2", "zones", zone, name, txtRecordType)
var result RRSet
+
err := c.doRequest(ctx, http.MethodGet, endpoint, nil, &result)
if err != nil {
return RRSet{}, fmt.Errorf("get txt records %s -> %s: %w", zone, name, err)
@@ -73,7 +75,7 @@ func (c *Client) GetRRSet(ctx context.Context, zone, name string) (RRSet, error)
// DeleteRRSet removes RRSet record.
// https://api.gcore.com/docs/dns#tag/rrsets/operation/DeleteRRSet
func (c *Client) DeleteRRSet(ctx context.Context, zone, name string) error {
- endpoint := c.baseURL.JoinPath("v2", "zones", zone, name, txtRecordType)
+ endpoint := c.BaseURL.JoinPath("v2", "zones", zone, name, txtRecordType)
err := c.doRequest(ctx, http.MethodDelete, endpoint, nil, nil)
if err != nil {
@@ -104,14 +106,14 @@ func (c *Client) AddRRSet(ctx context.Context, zone, recordName, value string, t
// https://api.gcore.com/docs/dns#tag/rrsets/operation/CreateRRSet
func (c *Client) createRRSet(ctx context.Context, zone, name string, record RRSet) error {
- endpoint := c.baseURL.JoinPath("v2", "zones", zone, name, txtRecordType)
+ endpoint := c.BaseURL.JoinPath("v2", "zones", zone, name, txtRecordType)
return c.doRequest(ctx, http.MethodPost, endpoint, record, nil)
}
// https://api.gcore.com/docs/dns#tag/rrsets/operation/UpdateRRSet
func (c *Client) updateRRSet(ctx context.Context, zone, name string, record RRSet) error {
- endpoint := c.baseURL.JoinPath("v2", "zones", zone, name, txtRecordType)
+ endpoint := c.BaseURL.JoinPath("v2", "zones", zone, name, txtRecordType)
return c.doRequest(ctx, http.MethodPut, endpoint, record, nil)
}
@@ -180,6 +182,7 @@ func parseError(resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errAPI := APIError{StatusCode: resp.StatusCode}
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
errAPI.Message = string(raw)
diff --git a/providers/dns/gcore/internal/client_test.go b/providers/dns/internal/gcore/internal/client_test.go
similarity index 99%
rename from providers/dns/gcore/internal/client_test.go
rename to providers/dns/internal/gcore/internal/client_test.go
index 4a0f83311..7d70c9308 100644
--- a/providers/dns/gcore/internal/client_test.go
+++ b/providers/dns/internal/gcore/internal/client_test.go
@@ -21,7 +21,7 @@ func mockBuilder() *servermock.Builder[*Client] {
return servermock.NewBuilder[*Client](
func(server *httptest.Server) (*Client, error) {
client := NewClient(testToken)
- client.baseURL, _ = url.Parse(server.URL)
+ client.BaseURL, _ = url.Parse(server.URL)
client.HTTPClient = server.Client()
return client, nil
diff --git a/providers/dns/gcore/internal/types.go b/providers/dns/internal/gcore/internal/types.go
similarity index 100%
rename from providers/dns/gcore/internal/types.go
rename to providers/dns/internal/gcore/internal/types.go
diff --git a/providers/dns/internal/gcore/provider.go b/providers/dns/internal/gcore/provider.go
new file mode 100644
index 000000000..b2078eba5
--- /dev/null
+++ b/providers/dns/internal/gcore/provider.go
@@ -0,0 +1,126 @@
+// Package gcore implements a DNS provider for solving the DNS-01 challenge using G-Core.
+package gcore
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/internal/gcore/internal"
+)
+
+const (
+ DefaultPropagationTimeout = 360 * time.Second
+ DefaultPollingInterval = 20 * time.Second
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config for DNSProvider.
+type Config struct {
+ APIToken string
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// DNSProvider an implementation of challenge.Provider contract.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for G-Core DNS API.
+func NewDNSProviderConfig(config *Config, baseURL string) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the DNS provider is nil")
+ }
+
+ if config.APIToken == "" {
+ return nil, errors.New("incomplete credentials provided")
+ }
+
+ client := internal.NewClient(config.APIToken)
+
+ if baseURL != "" {
+ client.BaseURL, _ = url.Parse(baseURL)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record to fulfill the dns-01 challenge.
+func (d *DNSProvider) Present(domain, _, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx := context.Background()
+
+ zone, err := d.guessZone(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return err
+ }
+
+ err = d.client.AddRRSet(ctx, zone, dns01.UnFqdn(info.EffectiveFQDN), info.Value, d.config.TTL)
+ if err != nil {
+ return fmt.Errorf("add txt record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx := context.Background()
+
+ zone, err := d.guessZone(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return err
+ }
+
+ err = d.client.DeleteRRSet(ctx, zone, dns01.UnFqdn(info.EffectiveFQDN))
+ if err != nil {
+ return fmt.Errorf("remove txt record: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) guessZone(ctx context.Context, fqdn string) (string, error) {
+ var lastErr error
+
+ for zone := range dns01.UnFqdnDomainsSeq(fqdn) {
+ dnsZone, err := d.client.GetZone(ctx, zone)
+ if err != nil {
+ lastErr = err
+ continue
+ }
+
+ return dnsZone.Name, nil
+ }
+
+ return "", fmt.Errorf("zone %q not found: %w", fqdn, lastErr)
+}
diff --git a/providers/dns/internal/gcore/provider_test.go b/providers/dns/internal/gcore/provider_test.go
new file mode 100644
index 000000000..f29dadff9
--- /dev/null
+++ b/providers/dns/internal/gcore/provider_test.go
@@ -0,0 +1,42 @@
+package gcore
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiToken string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiToken: "A",
+ },
+ {
+ desc: "missing credentials",
+ expected: "incomplete credentials provided",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := &Config{}
+ config.APIToken = test.apiToken
+
+ p, err := NewDNSProviderConfig(config, "")
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
diff --git a/providers/dns/internal/hostingde/client.go b/providers/dns/internal/hostingde/internal/client.go
similarity index 83%
rename from providers/dns/internal/hostingde/client.go
rename to providers/dns/internal/hostingde/internal/client.go
index 869d93d3e..133c3479c 100644
--- a/providers/dns/internal/hostingde/client.go
+++ b/providers/dns/internal/hostingde/internal/client.go
@@ -1,4 +1,4 @@
-package hostingde
+package internal
import (
"bytes"
@@ -10,14 +10,11 @@ import (
"net/url"
"time"
- "github.com/cenkalti/backoff/v4"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
)
-const (
- DefaultHostingdeBaseURL = "https://secure.hosting.de/api/dns/v1/json"
- DefaultHTTPNetBaseURL = "https://partner.http.net/api/dns/v1/json"
-)
+const defaultBaseURL = "https://secure.hosting.de/api/dns/v1/json"
// Client the API client for Hosting.de.
type Client struct {
@@ -29,7 +26,7 @@ type Client struct {
// NewClient creates new Client.
func NewClient(apiKey string) *Client {
- baseURL, _ := url.Parse(DefaultHostingdeBaseURL)
+ baseURL, _ := url.Parse(defaultBaseURL)
return &Client{
apiKey: apiKey,
@@ -40,35 +37,25 @@ func NewClient(apiKey string) *Client {
// GetZone gets a zone.
func (c *Client) GetZone(ctx context.Context, req ZoneConfigsFindRequest) (*ZoneConfig, error) {
- var zoneConfig *ZoneConfig
-
- operation := func() error {
+ operation := func() (*ZoneConfig, error) {
response, err := c.ListZoneConfigs(ctx, req)
if err != nil {
- return backoff.Permanent(err)
+ return nil, backoff.Permanent(err)
}
if response.Data[0].Status != "active" {
- return fmt.Errorf("unexpected status: %q", response.Data[0].Status)
+ return nil, fmt.Errorf("unexpected status: %q", response.Data[0].Status)
}
- zoneConfig = &response.Data[0]
-
- return nil
+ return &response.Data[0], nil
}
bo := backoff.NewExponentialBackOff()
bo.InitialInterval = 3 * time.Second
bo.MaxInterval = 10 * bo.InitialInterval
- bo.MaxElapsedTime = 100 * bo.InitialInterval
// retry in case the zone was edited recently and is not yet active
- err := backoff.Retry(operation, bo)
- if err != nil {
- return nil, err
- }
-
- return zoneConfig, nil
+ return backoff.Retry(ctx, operation, backoff.WithBackOff(bo), backoff.WithMaxElapsedTime(100*bo.InitialInterval))
}
// ListZoneConfigs lists zone configuration.
diff --git a/providers/dns/internal/hostingde/client_test.go b/providers/dns/internal/hostingde/internal/client_test.go
similarity index 99%
rename from providers/dns/internal/hostingde/client_test.go
rename to providers/dns/internal/hostingde/internal/client_test.go
index 93e0c76e1..d55bbf690 100644
--- a/providers/dns/internal/hostingde/client_test.go
+++ b/providers/dns/internal/hostingde/internal/client_test.go
@@ -1,4 +1,4 @@
-package hostingde
+package internal
import (
"encoding/json"
diff --git a/providers/dns/internal/hostingde/fixtures/zoneConfigsFind-request.json b/providers/dns/internal/hostingde/internal/fixtures/zoneConfigsFind-request.json
similarity index 100%
rename from providers/dns/internal/hostingde/fixtures/zoneConfigsFind-request.json
rename to providers/dns/internal/hostingde/internal/fixtures/zoneConfigsFind-request.json
diff --git a/providers/dns/internal/hostingde/fixtures/zoneConfigsFind.json b/providers/dns/internal/hostingde/internal/fixtures/zoneConfigsFind.json
similarity index 100%
rename from providers/dns/internal/hostingde/fixtures/zoneConfigsFind.json
rename to providers/dns/internal/hostingde/internal/fixtures/zoneConfigsFind.json
diff --git a/providers/dns/internal/hostingde/fixtures/zoneConfigsFind_error.json b/providers/dns/internal/hostingde/internal/fixtures/zoneConfigsFind_error.json
similarity index 100%
rename from providers/dns/internal/hostingde/fixtures/zoneConfigsFind_error.json
rename to providers/dns/internal/hostingde/internal/fixtures/zoneConfigsFind_error.json
diff --git a/providers/dns/internal/hostingde/fixtures/zoneUpdate-request.json b/providers/dns/internal/hostingde/internal/fixtures/zoneUpdate-request.json
similarity index 100%
rename from providers/dns/internal/hostingde/fixtures/zoneUpdate-request.json
rename to providers/dns/internal/hostingde/internal/fixtures/zoneUpdate-request.json
diff --git a/providers/dns/internal/hostingde/fixtures/zoneUpdate.json b/providers/dns/internal/hostingde/internal/fixtures/zoneUpdate.json
similarity index 100%
rename from providers/dns/internal/hostingde/fixtures/zoneUpdate.json
rename to providers/dns/internal/hostingde/internal/fixtures/zoneUpdate.json
diff --git a/providers/dns/internal/hostingde/fixtures/zoneUpdate_error.json b/providers/dns/internal/hostingde/internal/fixtures/zoneUpdate_error.json
similarity index 100%
rename from providers/dns/internal/hostingde/fixtures/zoneUpdate_error.json
rename to providers/dns/internal/hostingde/internal/fixtures/zoneUpdate_error.json
diff --git a/providers/dns/internal/hostingde/types.go b/providers/dns/internal/hostingde/internal/types.go
similarity index 98%
rename from providers/dns/internal/hostingde/types.go
rename to providers/dns/internal/hostingde/internal/types.go
index 4f3347190..330eab27d 100644
--- a/providers/dns/internal/hostingde/types.go
+++ b/providers/dns/internal/hostingde/internal/types.go
@@ -1,4 +1,4 @@
-package hostingde
+package internal
import "encoding/json"
@@ -88,7 +88,8 @@ type Zone struct {
// https://www.hosting.de/api/?json#updating-zones
type ZoneUpdateRequest struct {
BaseRequest
- ZoneConfig `json:"zoneConfig"`
+ ZoneConfig `json:"zoneConfig"`
+
RecordsToAdd []DNSRecord `json:"recordsToAdd"`
RecordsToDelete []DNSRecord `json:"recordsToDelete"`
}
@@ -97,6 +98,7 @@ type ZoneUpdateRequest struct {
// https://www.hosting.de/api/?json#list-zoneconfigs
type ZoneConfigsFindRequest struct {
BaseRequest
+
Filter Filter `json:"filter"`
Limit int `json:"limit"`
Page int `json:"page"`
diff --git a/providers/dns/internal/hostingde/provider.go b/providers/dns/internal/hostingde/provider.go
new file mode 100644
index 000000000..b5277f042
--- /dev/null
+++ b/providers/dns/internal/hostingde/provider.go
@@ -0,0 +1,196 @@
+// Package hostingde implements a DNS provider for solving the DNS-01 challenge using hosting.de.
+package hostingde
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "net/url"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/internal/hostingde/internal"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+ ZoneName string
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordIDs map[string]string
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for hosting.de.
+func NewDNSProviderConfig(config *Config, baseURL string) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the DNS provider is nil")
+ }
+
+ if config.APIKey == "" {
+ return nil, errors.New("API key missing")
+ }
+
+ client := internal.NewClient(config.APIKey)
+
+ if baseURL != "" {
+ client.BaseURL, _ = url.Parse(baseURL)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]string),
+ }, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record to fulfill the dns-01 challenge.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ zoneName, err := d.getZoneName(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("could not find zone for domain %q: %w", domain, err)
+ }
+
+ ctx := context.Background()
+
+ // get the ZoneConfig for that domain
+ zonesFind := internal.ZoneConfigsFindRequest{
+ Filter: internal.Filter{Field: "zoneName", Value: zoneName},
+ Limit: 1,
+ Page: 1,
+ }
+
+ zoneConfig, err := d.client.GetZone(ctx, zonesFind)
+ if err != nil {
+ return err
+ }
+
+ zoneConfig.Name = zoneName
+
+ rec := []internal.DNSRecord{{
+ Type: "TXT",
+ Name: dns01.UnFqdn(info.EffectiveFQDN),
+ Content: info.Value,
+ TTL: d.config.TTL,
+ }}
+
+ req := internal.ZoneUpdateRequest{
+ ZoneConfig: *zoneConfig,
+ RecordsToAdd: rec,
+ }
+
+ response, err := d.client.UpdateZone(ctx, req)
+ if err != nil {
+ return err
+ }
+
+ for _, record := range response.Records {
+ if record.Name == dns01.UnFqdn(info.EffectiveFQDN) && record.Content == fmt.Sprintf(`%q`, info.Value) {
+ d.recordIDsMu.Lock()
+ d.recordIDs[info.EffectiveFQDN] = record.ID
+ d.recordIDsMu.Unlock()
+ }
+ }
+
+ if d.recordIDs[info.EffectiveFQDN] == "" {
+ return fmt.Errorf("error getting ID of just created record, for domain %s", domain)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ zoneName, err := d.getZoneName(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("could not find zone for domain %q: %w", domain, err)
+ }
+
+ ctx := context.Background()
+
+ // get the ZoneConfig for that domain
+ zonesFind := internal.ZoneConfigsFindRequest{
+ Filter: internal.Filter{Field: "zoneName", Value: zoneName},
+ Limit: 1,
+ Page: 1,
+ }
+
+ zoneConfig, err := d.client.GetZone(ctx, zonesFind)
+ if err != nil {
+ return err
+ }
+
+ zoneConfig.Name = zoneName
+
+ rec := []internal.DNSRecord{{
+ Type: "TXT",
+ Name: dns01.UnFqdn(info.EffectiveFQDN),
+ Content: `"` + info.Value + `"`,
+ }}
+
+ req := internal.ZoneUpdateRequest{
+ ZoneConfig: *zoneConfig,
+ RecordsToDelete: rec,
+ }
+
+ _, err = d.client.UpdateZone(ctx, req)
+ if err != nil {
+ return err
+ }
+
+ // Delete record ID from map
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, info.EffectiveFQDN)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+func (d *DNSProvider) getZoneName(fqdn string) (string, error) {
+ if d.config.ZoneName != "" {
+ return d.config.ZoneName, nil
+ }
+
+ zoneName, err := dns01.FindZoneByFqdn(fqdn)
+ if err != nil {
+ return "", fmt.Errorf("could not find zone for %s: %w", fqdn, err)
+ }
+
+ if zoneName == "" {
+ return "", errors.New("empty zone name")
+ }
+
+ return dns01.UnFqdn(zoneName), nil
+}
diff --git a/providers/dns/internal/hostingde/provider_test.go b/providers/dns/internal/hostingde/provider_test.go
new file mode 100644
index 000000000..3cdabf702
--- /dev/null
+++ b/providers/dns/internal/hostingde/provider_test.go
@@ -0,0 +1,50 @@
+package hostingde
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ zoneName string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "123",
+ zoneName: "example.org",
+ },
+ {
+ desc: "missing credentials",
+ expected: "API key missing",
+ },
+ {
+ desc: "missing api key",
+ zoneName: "456",
+ expected: "API key missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := &Config{}
+ config.APIKey = test.apiKey
+ config.ZoneName = test.zoneName
+
+ p, err := NewDNSProviderConfig(config, "")
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.recordIDs)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
diff --git a/providers/dns/ionos/internal/client.go b/providers/dns/internal/ionos/internal/client.go
similarity index 98%
rename from providers/dns/ionos/internal/client.go
rename to providers/dns/internal/ionos/internal/client.go
index b51e003f7..2a556a49b 100644
--- a/providers/dns/ionos/internal/client.go
+++ b/providers/dns/internal/ionos/internal/client.go
@@ -14,7 +14,6 @@ import (
querystring "github.com/google/go-querystring/query"
)
-// defaultBaseURL represents the API endpoint to call.
const defaultBaseURL = "https://api.hosting.ionos.com/dns"
// APIKeyHeader API key header.
@@ -52,6 +51,7 @@ func (c *Client) ListZones(ctx context.Context) ([]Zone, error) {
}
var zones []Zone
+
err = c.do(req, &zones)
if err != nil {
return nil, fmt.Errorf("failed to call API: %w", err)
@@ -96,6 +96,7 @@ func (c *Client) GetRecords(ctx context.Context, zoneID string, filter *RecordsF
}
var zone CustomerZone
+
err = c.do(req, &zone)
if err != nil {
return nil, fmt.Errorf("failed to call API: %w", err)
@@ -180,6 +181,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errClient := &ClientError{StatusCode: resp.StatusCode}
+
err := json.Unmarshal(raw, &errClient.errors)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/ionos/internal/client_test.go b/providers/dns/internal/ionos/internal/client_test.go
similarity index 100%
rename from providers/dns/ionos/internal/client_test.go
rename to providers/dns/internal/ionos/internal/client_test.go
diff --git a/providers/dns/ionos/internal/fixtures/get_records.json b/providers/dns/internal/ionos/internal/fixtures/get_records.json
similarity index 100%
rename from providers/dns/ionos/internal/fixtures/get_records.json
rename to providers/dns/internal/ionos/internal/fixtures/get_records.json
diff --git a/providers/dns/ionos/internal/fixtures/get_records_error.json b/providers/dns/internal/ionos/internal/fixtures/get_records_error.json
similarity index 100%
rename from providers/dns/ionos/internal/fixtures/get_records_error.json
rename to providers/dns/internal/ionos/internal/fixtures/get_records_error.json
diff --git a/providers/dns/ionos/internal/fixtures/list_zones.json b/providers/dns/internal/ionos/internal/fixtures/list_zones.json
similarity index 100%
rename from providers/dns/ionos/internal/fixtures/list_zones.json
rename to providers/dns/internal/ionos/internal/fixtures/list_zones.json
diff --git a/providers/dns/ionos/internal/fixtures/list_zones_error.json b/providers/dns/internal/ionos/internal/fixtures/list_zones_error.json
similarity index 100%
rename from providers/dns/ionos/internal/fixtures/list_zones_error.json
rename to providers/dns/internal/ionos/internal/fixtures/list_zones_error.json
diff --git a/providers/dns/ionos/internal/fixtures/remove_record_error.json b/providers/dns/internal/ionos/internal/fixtures/remove_record_error.json
similarity index 100%
rename from providers/dns/ionos/internal/fixtures/remove_record_error.json
rename to providers/dns/internal/ionos/internal/fixtures/remove_record_error.json
diff --git a/providers/dns/ionos/internal/fixtures/replace_records_error.json b/providers/dns/internal/ionos/internal/fixtures/replace_records_error.json
similarity index 100%
rename from providers/dns/ionos/internal/fixtures/replace_records_error.json
rename to providers/dns/internal/ionos/internal/fixtures/replace_records_error.json
diff --git a/providers/dns/ionos/internal/types.go b/providers/dns/internal/ionos/internal/types.go
similarity index 91%
rename from providers/dns/ionos/internal/types.go
rename to providers/dns/internal/ionos/internal/types.go
index 3b7acbec2..35bfe0966 100644
--- a/providers/dns/ionos/internal/types.go
+++ b/providers/dns/internal/ionos/internal/types.go
@@ -3,6 +3,7 @@ package internal
import (
"fmt"
"strconv"
+ "strings"
)
// ClientError a detailed error.
@@ -13,21 +14,23 @@ type ClientError struct {
}
func (f ClientError) Error() string {
- msg := strconv.Itoa(f.StatusCode) + ": "
+ var msg strings.Builder
+
+ msg.WriteString(strconv.Itoa(f.StatusCode) + ": ")
if f.message != "" {
- msg += f.message + ": "
+ msg.WriteString(f.message + ": ")
}
for i, e := range f.errors {
if i != 0 {
- msg += ", "
+ msg.WriteString(", ")
}
- msg += e.Error()
+ msg.WriteString(e.Error())
}
- return msg
+ return msg.String()
}
func (f ClientError) Unwrap() error {
diff --git a/providers/dns/internal/ionos/provider.go b/providers/dns/internal/ionos/provider.go
new file mode 100644
index 000000000..a7d145840
--- /dev/null
+++ b/providers/dns/internal/ionos/provider.go
@@ -0,0 +1,173 @@
+package ionos
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "net/url"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ ionos "github.com/go-acme/lego/v4/providers/dns/internal/ionos/internal"
+)
+
+const MinTTL = 300
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *ionos.Client
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Ionos.
+func NewDNSProviderConfig(config *Config, baseURL string) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the DNS provider is nil")
+ }
+
+ if config.APIKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ if config.TTL < MinTTL {
+ return nil, fmt.Errorf("invalid TTL, TTL (%d) must be greater than %d", config.TTL, MinTTL)
+ }
+
+ client, err := ionos.NewClient(config.APIKey)
+ if err != nil {
+ return nil, err
+ }
+
+ if baseURL != "" {
+ client.BaseURL, _ = url.Parse(baseURL)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{config: config, client: client}, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, _, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx := context.Background()
+
+ zones, err := d.client.ListZones(ctx)
+ if err != nil {
+ return fmt.Errorf("failed to get zones: %w", err)
+ }
+
+ name := dns01.UnFqdn(info.EffectiveFQDN)
+
+ zone := findZone(zones, name)
+ if zone == nil {
+ return errors.New("no matching zone found for domain")
+ }
+
+ filter := &ionos.RecordsFilter{
+ Suffix: name,
+ RecordType: "TXT",
+ }
+
+ records, err := d.client.GetRecords(ctx, zone.ID, filter)
+ if err != nil {
+ return fmt.Errorf("failed to get records (zone=%s): %w", zone.ID, err)
+ }
+
+ records = append(records, ionos.Record{
+ Name: name,
+ Content: info.Value,
+ TTL: d.config.TTL,
+ Type: "TXT",
+ })
+
+ err = d.client.ReplaceRecords(ctx, zone.ID, records)
+ if err != nil {
+ return fmt.Errorf("failed to create/update records (zone=%s): %w", zone.ID, err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx := context.Background()
+
+ zones, err := d.client.ListZones(ctx)
+ if err != nil {
+ return fmt.Errorf("failed to get zones: %w", err)
+ }
+
+ name := dns01.UnFqdn(info.EffectiveFQDN)
+
+ zone := findZone(zones, name)
+ if zone == nil {
+ return errors.New("no matching zone found for domain")
+ }
+
+ filter := &ionos.RecordsFilter{
+ Suffix: name,
+ RecordType: "TXT",
+ }
+
+ records, err := d.client.GetRecords(ctx, zone.ID, filter)
+ if err != nil {
+ return fmt.Errorf("failed to get records (zone=%s): %w", zone.ID, err)
+ }
+
+ for _, record := range records {
+ if record.Name == name && record.Content == strconv.Quote(info.Value) {
+ err = d.client.RemoveRecord(ctx, zone.ID, record.ID)
+ if err != nil {
+ return fmt.Errorf("failed to remove record (zone=%s, record=%s): %w", zone.ID, record.ID, err)
+ }
+
+ return nil
+ }
+ }
+
+ return fmt.Errorf("failed to remove record, record not found (zone=%s, domain=%s, fqdn=%s, value=%s)", zone.ID, domain, info.EffectiveFQDN, info.Value)
+}
+
+func findZone(zones []ionos.Zone, domain string) *ionos.Zone {
+ var result *ionos.Zone
+
+ for _, zone := range zones {
+ if zone.Name != "" && strings.HasSuffix(domain, zone.Name) {
+ if result == nil || len(zone.Name) > len(result.Name) {
+ result = &zone
+ }
+ }
+ }
+
+ return result
+}
diff --git a/providers/dns/internal/ionos/provider_test.go b/providers/dns/internal/ionos/provider_test.go
new file mode 100644
index 000000000..6b4df5cc7
--- /dev/null
+++ b/providers/dns/internal/ionos/provider_test.go
@@ -0,0 +1,52 @@
+package ionos
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ tll int
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "123",
+ tll: MinTTL,
+ },
+ {
+ desc: "missing credentials",
+ tll: MinTTL,
+ expected: "credentials missing",
+ },
+ {
+ desc: "invalid TTL",
+ apiKey: "123",
+ tll: 30,
+ expected: "invalid TTL, TTL (30) must be greater than 300",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := &Config{}
+ config.APIKey = test.apiKey
+ config.TTL = test.tll
+
+ p, err := NewDNSProviderConfig(config, "")
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
diff --git a/providers/dns/internal/rimuhosting/client.go b/providers/dns/internal/rimuhosting/internal/client.go
similarity index 94%
rename from providers/dns/internal/rimuhosting/client.go
rename to providers/dns/internal/rimuhosting/internal/client.go
index 06292453a..5bf7393e7 100644
--- a/providers/dns/internal/rimuhosting/client.go
+++ b/providers/dns/internal/rimuhosting/internal/client.go
@@ -1,4 +1,4 @@
-package rimuhosting
+package internal
import (
"context"
@@ -15,11 +15,7 @@ import (
querystring "github.com/google/go-querystring/query"
)
-// Base URL for the RimuHosting DNS services.
-const (
- DefaultZonomiBaseURL = "https://zonomi.com/app/dns/dyndns.jsp"
- DefaultRimuHostingBaseURL = "https://rimuhosting.com/dns/dyndns.jsp"
-)
+const defaultBaseURL = "https://rimuhosting.com/dns/dyndns.jsp"
// Action names.
const (
@@ -40,7 +36,7 @@ type Client struct {
func NewClient(apiKey string) *Client {
return &Client{
apiKey: apiKey,
- BaseURL: DefaultZonomiBaseURL,
+ BaseURL: defaultBaseURL,
HTTPClient: &http.Client{Timeout: 5 * time.Second},
}
}
@@ -82,14 +78,17 @@ func (c *Client) DoActions(ctx context.Context, actions ...ActionParameter) (*DN
if err != nil {
return nil, err
}
+
return resp, nil
}
multi := c.toMultiParameters(actions)
+
err := c.do(ctx, multi, resp)
if err != nil {
return nil, err
}
+
return resp, nil
}
@@ -160,6 +159,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errAPI := APIError{}
+
err := xml.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/internal/rimuhosting/client_test.go b/providers/dns/internal/rimuhosting/internal/client_test.go
similarity index 99%
rename from providers/dns/internal/rimuhosting/client_test.go
rename to providers/dns/internal/rimuhosting/internal/client_test.go
index 6ee9ea3f7..00126dfbe 100644
--- a/providers/dns/internal/rimuhosting/client_test.go
+++ b/providers/dns/internal/rimuhosting/internal/client_test.go
@@ -1,4 +1,4 @@
-package rimuhosting
+package internal
import (
"encoding/xml"
diff --git a/providers/dns/internal/rimuhosting/fixtures/add_record.xml b/providers/dns/internal/rimuhosting/internal/fixtures/add_record.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/add_record.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/add_record.xml
diff --git a/providers/dns/internal/rimuhosting/fixtures/add_record_error.xml b/providers/dns/internal/rimuhosting/internal/fixtures/add_record_error.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/add_record_error.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/add_record_error.xml
diff --git a/providers/dns/internal/rimuhosting/fixtures/add_record_same_domain.xml b/providers/dns/internal/rimuhosting/internal/fixtures/add_record_same_domain.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/add_record_same_domain.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/add_record_same_domain.xml
diff --git a/providers/dns/internal/rimuhosting/fixtures/delete_record.xml b/providers/dns/internal/rimuhosting/internal/fixtures/delete_record.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/delete_record.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/delete_record.xml
diff --git a/providers/dns/internal/rimuhosting/fixtures/delete_record_error.xml b/providers/dns/internal/rimuhosting/internal/fixtures/delete_record_error.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/delete_record_error.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/delete_record_error.xml
diff --git a/providers/dns/internal/rimuhosting/fixtures/delete_record_nothing.xml b/providers/dns/internal/rimuhosting/internal/fixtures/delete_record_nothing.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/delete_record_nothing.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/delete_record_nothing.xml
diff --git a/providers/dns/internal/rimuhosting/fixtures/find_records.xml b/providers/dns/internal/rimuhosting/internal/fixtures/find_records.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/find_records.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/find_records.xml
diff --git a/providers/dns/internal/rimuhosting/fixtures/find_records_empty.xml b/providers/dns/internal/rimuhosting/internal/fixtures/find_records_empty.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/find_records_empty.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/find_records_empty.xml
diff --git a/providers/dns/internal/rimuhosting/fixtures/find_records_pattern.xml b/providers/dns/internal/rimuhosting/internal/fixtures/find_records_pattern.xml
similarity index 100%
rename from providers/dns/internal/rimuhosting/fixtures/find_records_pattern.xml
rename to providers/dns/internal/rimuhosting/internal/fixtures/find_records_pattern.xml
diff --git a/providers/dns/internal/rimuhosting/types.go b/providers/dns/internal/rimuhosting/internal/types.go
similarity index 98%
rename from providers/dns/internal/rimuhosting/types.go
rename to providers/dns/internal/rimuhosting/internal/types.go
index bdb333032..c3df886a2 100644
--- a/providers/dns/internal/rimuhosting/types.go
+++ b/providers/dns/internal/rimuhosting/internal/types.go
@@ -1,4 +1,4 @@
-package rimuhosting
+package internal
import "encoding/xml"
diff --git a/providers/dns/internal/rimuhosting/provider.go b/providers/dns/internal/rimuhosting/provider.go
new file mode 100644
index 000000000..3be764cbf
--- /dev/null
+++ b/providers/dns/internal/rimuhosting/provider.go
@@ -0,0 +1,107 @@
+// Package rimuhosting implements a DNS provider for solving the DNS-01 challenge using RimuHosting DNS.
+package rimuhosting
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/internal/rimuhosting/internal"
+)
+
+const DefaultTTL = 3600
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for RimuHosting.
+func NewDNSProviderConfig(config *Config, baseURL string) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the DNS provider is nil")
+ }
+
+ if config.APIKey == "" {
+ return nil, errors.New("incomplete credentials, missing API key")
+ }
+
+ client := internal.NewClient(config.APIKey)
+
+ if baseURL != "" {
+ client.BaseURL = baseURL
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{config: config, client: client}, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx := context.Background()
+
+ records, err := d.client.FindTXTRecords(ctx, dns01.UnFqdn(info.EffectiveFQDN))
+ if err != nil {
+ return fmt.Errorf("failed to find record(s) for %s: %w", domain, err)
+ }
+
+ actions := []internal.ActionParameter{
+ internal.NewAddRecordAction(dns01.UnFqdn(info.EffectiveFQDN), info.Value, d.config.TTL),
+ }
+
+ for _, record := range records {
+ actions = append(actions, internal.NewAddRecordAction(record.Name, record.Content, d.config.TTL))
+ }
+
+ _, err = d.client.DoActions(ctx, actions...)
+ if err != nil {
+ return fmt.Errorf("failed to add record(s) for %s: %w", domain, err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ action := internal.NewDeleteRecordAction(dns01.UnFqdn(info.EffectiveFQDN), info.Value)
+
+ _, err := d.client.DoActions(context.Background(), action)
+ if err != nil {
+ return fmt.Errorf("failed to delete record for %s: %w", domain, err)
+ }
+
+ return nil
+}
diff --git a/providers/dns/internal/rimuhosting/provider_test.go b/providers/dns/internal/rimuhosting/provider_test.go
new file mode 100644
index 000000000..d1569af31
--- /dev/null
+++ b/providers/dns/internal/rimuhosting/provider_test.go
@@ -0,0 +1,46 @@
+package rimuhosting
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ expected string
+ apiKey string
+ secretKey string
+ }{
+ {
+ desc: "success",
+ apiKey: "api_key",
+ secretKey: "api_secret",
+ },
+ {
+ desc: "missing api key",
+ apiKey: "",
+ secretKey: "api_secret",
+ expected: "incomplete credentials, missing API key",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := &Config{}
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config, "")
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
diff --git a/providers/dns/internal/selectel/client.go b/providers/dns/internal/selectel/internal/client.go
similarity index 91%
rename from providers/dns/internal/selectel/client.go
rename to providers/dns/internal/selectel/internal/client.go
index 1e1e4a215..d441c9894 100644
--- a/providers/dns/internal/selectel/client.go
+++ b/providers/dns/internal/selectel/internal/client.go
@@ -1,4 +1,4 @@
-package selectel
+package internal
import (
"bytes"
@@ -15,15 +15,11 @@ import (
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
)
-// Base URL for the Selectel/VScale DNS services.
-const (
- DefaultSelectelBaseURL = "https://api.selectel.ru/domains/v1"
- DefaultVScaleBaseURL = "https://api.vscale.io/v1/domains"
-)
+const defaultBaseURL = "https://api.selectel.ru/domains/v1"
const tokenHeader = "X-Token"
-// Client represents DNS client.
+// Client represents the DNS client.
type Client struct {
token string
@@ -33,7 +29,7 @@ type Client struct {
// NewClient returns a client instance.
func NewClient(token string) *Client {
- baseURL, _ := url.Parse(DefaultVScaleBaseURL)
+ baseURL, _ := url.Parse(defaultBaseURL)
return &Client{
token: token,
@@ -52,12 +48,13 @@ func (c *Client) GetDomainByName(ctx context.Context, domainName string) (*Domai
}
domain := &Domain{}
+
statusCode, err := c.do(req, domain)
if err != nil {
if statusCode == http.StatusNotFound && strings.Count(domainName, ".") > 1 {
// Look up for the next subdomain
- subIndex := strings.Index(domainName, ".")
- return c.GetDomainByName(ctx, domainName[subIndex+1:])
+ _, after, _ := strings.Cut(domainName, ".")
+ return c.GetDomainByName(ctx, after)
}
return nil, err
@@ -74,6 +71,7 @@ func (c *Client) AddRecord(ctx context.Context, domainID int, body Record) (*Rec
}
record := &Record{}
+
_, err = c.do(req, record)
if err != nil {
return nil, err
@@ -90,6 +88,7 @@ func (c *Client) ListRecords(ctx context.Context, domainID int) ([]Record, error
}
var records []Record
+
_, err = c.do(req, &records)
if err != nil {
return nil, err
@@ -108,6 +107,7 @@ func (c *Client) DeleteRecord(ctx context.Context, domainID, recordID int) error
}
_, err = c.do(req, nil)
+
return err
}
@@ -170,6 +170,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errAPI := &APIError{}
+
err := json.Unmarshal(raw, errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/internal/selectel/client_test.go b/providers/dns/internal/selectel/internal/client_test.go
similarity index 99%
rename from providers/dns/internal/selectel/client_test.go
rename to providers/dns/internal/selectel/internal/client_test.go
index 292f70142..edabe0130 100644
--- a/providers/dns/internal/selectel/client_test.go
+++ b/providers/dns/internal/selectel/internal/client_test.go
@@ -1,4 +1,4 @@
-package selectel
+package internal
import (
"net/http"
diff --git a/providers/dns/internal/selectel/fixtures/add_record-request.json b/providers/dns/internal/selectel/internal/fixtures/add_record-request.json
similarity index 100%
rename from providers/dns/internal/selectel/fixtures/add_record-request.json
rename to providers/dns/internal/selectel/internal/fixtures/add_record-request.json
diff --git a/providers/dns/internal/selectel/fixtures/add_record.json b/providers/dns/internal/selectel/internal/fixtures/add_record.json
similarity index 100%
rename from providers/dns/internal/selectel/fixtures/add_record.json
rename to providers/dns/internal/selectel/internal/fixtures/add_record.json
diff --git a/providers/dns/internal/selectel/fixtures/domains.json b/providers/dns/internal/selectel/internal/fixtures/domains.json
similarity index 100%
rename from providers/dns/internal/selectel/fixtures/domains.json
rename to providers/dns/internal/selectel/internal/fixtures/domains.json
diff --git a/providers/dns/internal/selectel/fixtures/error.json b/providers/dns/internal/selectel/internal/fixtures/error.json
similarity index 100%
rename from providers/dns/internal/selectel/fixtures/error.json
rename to providers/dns/internal/selectel/internal/fixtures/error.json
diff --git a/providers/dns/internal/selectel/fixtures/list_records.json b/providers/dns/internal/selectel/internal/fixtures/list_records.json
similarity index 100%
rename from providers/dns/internal/selectel/fixtures/list_records.json
rename to providers/dns/internal/selectel/internal/fixtures/list_records.json
diff --git a/providers/dns/internal/selectel/types.go b/providers/dns/internal/selectel/internal/types.go
similarity index 98%
rename from providers/dns/internal/selectel/types.go
rename to providers/dns/internal/selectel/internal/types.go
index df7bb3fa7..e6ca792c0 100644
--- a/providers/dns/internal/selectel/types.go
+++ b/providers/dns/internal/selectel/internal/types.go
@@ -1,4 +1,4 @@
-package selectel
+package internal
import "fmt"
diff --git a/providers/dns/internal/selectel/provider.go b/providers/dns/internal/selectel/provider.go
new file mode 100644
index 000000000..495735736
--- /dev/null
+++ b/providers/dns/internal/selectel/provider.go
@@ -0,0 +1,137 @@
+// Package selectel implements a DNS provider for solving the DNS-01 challenge using Selectel Domains API.
+package selectel
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/internal/selectel/internal"
+)
+
+const MinTTL = 60
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Token string
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+
+ // TODO(ldez): remove in v5?
+ BaseURL string
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for selectel.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the DNS provider is nil")
+ }
+
+ if config.Token == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ if config.TTL < MinTTL {
+ return nil, fmt.Errorf("invalid TTL, TTL (%d) must be greater than %d", config.TTL, MinTTL)
+ }
+
+ client := internal.NewClient(config.Token)
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ var err error
+
+ client.BaseURL, err = url.Parse(config.BaseURL)
+ if err != nil {
+ return nil, fmt.Errorf("%w", err)
+ }
+
+ return &DNSProvider{config: config, client: client}, nil
+}
+
+// Timeout returns the Timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record to fulfill DNS-01 challenge.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ ctx := context.Background()
+
+ // TODO(ldez) replace domain by FQDN to follow CNAME.
+ domainObj, err := d.client.GetDomainByName(ctx, domain)
+ if err != nil {
+ return fmt.Errorf("get domain by name: %w", err)
+ }
+
+ txtRecord := internal.Record{
+ Type: "TXT",
+ TTL: d.config.TTL,
+ Name: info.EffectiveFQDN,
+ Content: info.Value,
+ }
+
+ _, err = d.client.AddRecord(ctx, domainObj.ID, txtRecord)
+ if err != nil {
+ return fmt.Errorf("add record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes a TXT record used for DNS-01 challenge.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ recordName := dns01.UnFqdn(info.EffectiveFQDN)
+
+ ctx := context.Background()
+
+ // TODO(ldez) replace domain by FQDN to follow CNAME.
+ domainObj, err := d.client.GetDomainByName(ctx, domain)
+ if err != nil {
+ return fmt.Errorf("%w", err)
+ }
+
+ records, err := d.client.ListRecords(ctx, domainObj.ID)
+ if err != nil {
+ return fmt.Errorf("list records: %w", err)
+ }
+
+ // Delete records with specific FQDN
+ var lastErr error
+
+ for _, record := range records {
+ if record.Name == recordName {
+ err = d.client.DeleteRecord(ctx, domainObj.ID, record.ID)
+ if err != nil {
+ lastErr = fmt.Errorf("delete record: %w", err)
+ }
+ }
+ }
+
+ return lastErr
+}
diff --git a/providers/dns/internal/selectel/provider_test.go b/providers/dns/internal/selectel/provider_test.go
new file mode 100644
index 000000000..75a032bf4
--- /dev/null
+++ b/providers/dns/internal/selectel/provider_test.go
@@ -0,0 +1,55 @@
+package selectel
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ token string
+ ttl int
+ expected string
+ }{
+ {
+ desc: "success",
+ token: "123",
+ ttl: 60,
+ },
+ {
+ desc: "missing api key",
+ token: "",
+ ttl: 60,
+ expected: "credentials missing",
+ },
+ {
+ desc: "bad TTL value",
+ token: "123",
+ ttl: 59,
+ expected: fmt.Sprintf("invalid TTL, TTL (59) must be greater than %d", MinTTL),
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := &Config{}
+ config.TTL = test.ttl
+ config.Token = test.token
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ assert.NotNil(t, p.config)
+ assert.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
diff --git a/providers/dns/internal/tecnocratica/internal/client.go b/providers/dns/internal/tecnocratica/internal/client.go
new file mode 100644
index 000000000..5a529fa2f
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/internal/client.go
@@ -0,0 +1,182 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+// defaultBaseURL is the default API endpoint.
+const defaultBaseURL = "https://api.neodigit.net/v1"
+
+// Client is a Tecnocrática API client.
+type Client struct {
+ token string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(token string) (*Client, error) {
+ if token == "" {
+ return nil, errors.New("credentials missing: token")
+ }
+
+ baseURL, err := url.Parse(defaultBaseURL)
+ if err != nil {
+ return nil, err
+ }
+
+ return &Client{
+ token: token,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 30 * time.Second},
+ }, nil
+}
+
+// GetZones lists all DNS zones.
+func (c *Client) GetZones(ctx context.Context) ([]Zone, error) {
+ endpoint := c.BaseURL.JoinPath("dns", "zones")
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var zones []Zone
+
+ err = c.do(req, &zones)
+ if err != nil {
+ return nil, err
+ }
+
+ return zones, nil
+}
+
+// GetRecords lists all records in a zone.
+func (c *Client) GetRecords(ctx context.Context, zoneID int, recordType string) ([]Record, error) {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", strconv.Itoa(zoneID), "records")
+
+ if recordType != "" {
+ query := endpoint.Query()
+ query.Set("type", recordType)
+ endpoint.RawQuery = query.Encode()
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var records []Record
+
+ err = c.do(req, &records)
+ if err != nil {
+ return nil, err
+ }
+
+ return records, nil
+}
+
+// CreateRecord creates a new DNS record.
+func (c *Client) CreateRecord(ctx context.Context, zoneID int, record Record) (*Record, error) {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", strconv.Itoa(zoneID), "records")
+
+ payload := RecordRequest{Record: record}
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, payload)
+ if err != nil {
+ return nil, err
+ }
+
+ var result Record
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return &result, nil
+}
+
+// DeleteRecord deletes a DNS record.
+func (c *Client) DeleteRecord(ctx context.Context, zoneID, recordID int) error {
+ endpoint := c.BaseURL.JoinPath("dns", "zones", strconv.Itoa(zoneID), "records", strconv.Itoa(recordID))
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Set("X-TCpanel-Token", c.token)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
diff --git a/providers/dns/internal/tecnocratica/internal/client_test.go b/providers/dns/internal/tecnocratica/internal/client_test.go
new file mode 100644
index 000000000..4e9cf3e85
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/internal/client_test.go
@@ -0,0 +1,174 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().WithJSONHeaders().
+ With("X-TCpanel-Token", "secret"))
+}
+
+func TestClient_GetZones(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.ResponseFromFixture("get_zones.json")).
+ Build(t)
+
+ zones, err := client.GetZones(t.Context())
+ require.NoError(t, err)
+
+ expected := []Zone{
+ {
+ ID: 6,
+ Name: "example.com",
+ HumanName: "example.com",
+ },
+ {
+ ID: 7,
+ Name: "example.org",
+ HumanName: "example.org",
+ },
+ }
+
+ assert.Equal(t, expected, zones)
+}
+
+func TestClient_GetZones_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.RawStringResponse(`{"error": "unauthorized"}`).
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ zones, err := client.GetZones(t.Context())
+ require.Error(t, err)
+
+ assert.Nil(t, zones)
+}
+
+func TestClient_GetRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /dns/zones/6/records",
+ servermock.ResponseFromFixture("get_records.json")).
+ Build(t)
+
+ records, err := client.GetRecords(t.Context(), 6, "")
+ require.NoError(t, err)
+
+ expected := []Record{
+ {
+ ID: 98,
+ Name: "",
+ Type: "SOA",
+ Content: "ns1.example.org dns.example.org 2015092102 7200 7200 1209600 1800",
+ TTL: 7200,
+ },
+ {
+ ID: 99,
+ Name: "",
+ Type: "NS",
+ Content: "ns1.example.org",
+ TTL: 7200,
+ },
+ {
+ ID: 100,
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ },
+ }
+
+ assert.Equal(t, expected, records)
+}
+
+func TestClient_CreateRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/zones/6/records",
+ servermock.ResponseFromFixture("create_record.json").
+ WithStatusCode(http.StatusCreated),
+ servermock.CheckRequestJSONBodyFromFixture("create_record-request.json")).
+ Build(t)
+
+ record := Record{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ }
+
+ result, err := client.CreateRecord(t.Context(), 6, record)
+ require.NoError(t, err)
+
+ expected := &Record{
+ ID: 101,
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_CreateRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/zones/6/records",
+ servermock.RawStringResponse(`{"error": "bad request"}`).
+ WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ record := Record{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "test-value",
+ TTL: 120,
+ }
+
+ result, err := client.CreateRecord(t.Context(), 6, record)
+ require.Error(t, err)
+
+ assert.Nil(t, result)
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /dns/zones/6/records/101",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent)).
+ Build(t)
+
+ err := client.DeleteRecord(t.Context(), 6, 101)
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /dns/zones/6/records/999",
+ servermock.RawStringResponse(`{"error": "not found"}`).
+ WithStatusCode(http.StatusNotFound)).
+ Build(t)
+
+ err := client.DeleteRecord(t.Context(), 6, 999)
+ require.Error(t, err)
+}
diff --git a/providers/dns/internal/tecnocratica/internal/fixtures/create_record-request.json b/providers/dns/internal/tecnocratica/internal/fixtures/create_record-request.json
new file mode 100644
index 000000000..4cd339c98
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/internal/fixtures/create_record-request.json
@@ -0,0 +1,8 @@
+{
+ "record": {
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120
+ }
+}
diff --git a/providers/dns/internal/tecnocratica/internal/fixtures/create_record.json b/providers/dns/internal/tecnocratica/internal/fixtures/create_record.json
new file mode 100644
index 000000000..6f30010ac
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/internal/fixtures/create_record.json
@@ -0,0 +1,10 @@
+{
+ "id": 101,
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120,
+ "prio": null,
+ "created_at": "2015-09-21T14:40:27.127+02:00",
+ "updated_at": "2015-09-21T14:40:27.127+02:00"
+}
diff --git a/providers/dns/internal/tecnocratica/internal/fixtures/get_records.json b/providers/dns/internal/tecnocratica/internal/fixtures/get_records.json
new file mode 100644
index 000000000..00e09c37f
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/internal/fixtures/get_records.json
@@ -0,0 +1,26 @@
+[
+ {
+ "id": 98,
+ "name": "",
+ "type": "SOA",
+ "content": "ns1.example.org dns.example.org 2015092102 7200 7200 1209600 1800",
+ "ttl": 7200,
+ "prio": null
+ },
+ {
+ "id": 99,
+ "name": "",
+ "type": "NS",
+ "content": "ns1.example.org",
+ "ttl": 7200,
+ "prio": null
+ },
+ {
+ "id": 100,
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120,
+ "prio": null
+ }
+]
diff --git a/providers/dns/internal/tecnocratica/internal/fixtures/get_zones.json b/providers/dns/internal/tecnocratica/internal/fixtures/get_zones.json
new file mode 100644
index 000000000..01a08dced
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/internal/fixtures/get_zones.json
@@ -0,0 +1,16 @@
+[
+ {
+ "id": 6,
+ "name": "example.com",
+ "created_at": "2015-09-21T12:19:04.000+02:00",
+ "updated_at": "2015-09-21T12:19:04.000+02:00",
+ "human_name": "example.com"
+ },
+ {
+ "id": 7,
+ "name": "example.org",
+ "created_at": "2015-09-22T10:00:00.000+02:00",
+ "updated_at": "2015-09-22T10:00:00.000+02:00",
+ "human_name": "example.org"
+ }
+]
diff --git a/providers/dns/internal/tecnocratica/internal/types.go b/providers/dns/internal/tecnocratica/internal/types.go
new file mode 100644
index 000000000..505bfbced
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/internal/types.go
@@ -0,0 +1,23 @@
+package internal
+
+// Zone represents a DNS zone.
+type Zone struct {
+ ID int `json:"id"`
+ Name string `json:"name"`
+ HumanName string `json:"human_name"`
+}
+
+// Record represents a DNS record.
+type Record struct {
+ ID int `json:"id,omitempty"`
+ Name string `json:"name,omitempty"`
+ Type string `json:"type,omitempty"`
+ Content string `json:"content,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Priority int `json:"prio,omitempty"`
+}
+
+// RecordRequest is the request body for creating/updating a record.
+type RecordRequest struct {
+ Record Record `json:"record"`
+}
diff --git a/providers/dns/internal/tecnocratica/provider.go b/providers/dns/internal/tecnocratica/provider.go
new file mode 100644
index 000000000..17cfb8379
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/provider.go
@@ -0,0 +1,165 @@
+// Package tecnocratica implements a DNS provider for solving the DNS-01 challenge using Tecnocrática.
+package tecnocratica
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "net/url"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/internal/tecnocratica/internal"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Token string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ zoneIDs map[string]int
+ recordIDs map[string]int
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Tecnocrática.
+func NewDNSProviderConfig(config *Config, baseURL string) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the DNS provider is nil")
+ }
+
+ if config.Token == "" {
+ return nil, errors.New("missing credentials")
+ }
+
+ client, err := internal.NewClient(config.Token)
+ if err != nil {
+ return nil, fmt.Errorf("create client: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ if baseURL != "" {
+ client.BaseURL, err = url.Parse(baseURL)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ zoneIDs: make(map[string]int),
+ recordIDs: make(map[string]int),
+ }, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("could not find zone for domain %q: %w", domain, err)
+ }
+
+ authZone = dns01.UnFqdn(authZone)
+
+ zone, err := d.findZone(ctx, authZone)
+ if err != nil {
+ return fmt.Errorf("%w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("%w", err)
+ }
+
+ record := internal.Record{
+ Name: subDomain,
+ Type: "TXT",
+ Content: info.Value,
+ TTL: d.config.TTL,
+ }
+
+ newRecord, err := d.client.CreateRecord(ctx, zone.ID, record)
+ if err != nil {
+ return fmt.Errorf("create record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.zoneIDs[token] = zone.ID
+ d.recordIDs[token] = newRecord.ID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.recordIDsMu.Lock()
+ zoneID, zoneOK := d.zoneIDs[token]
+ recordID, recordOK := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !zoneOK || !recordOK {
+ return fmt.Errorf("unknown record ID or zone ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ err := d.client.DeleteRecord(context.Background(), zoneID, recordID)
+ if err != nil {
+ return fmt.Errorf("delete record: fqdn=%s, zoneID=%d, recordID=%d: %w",
+ info.EffectiveFQDN, zoneID, recordID, err)
+ }
+
+ d.recordIDsMu.Lock()
+ delete(d.zoneIDs, token)
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, zoneName string) (*internal.Zone, error) {
+ zones, err := d.client.GetZones(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("get zones: %w", err)
+ }
+
+ for _, zone := range zones {
+ if zone.Name == zoneName || zone.HumanName == zoneName {
+ return &zone, nil
+ }
+ }
+
+ return nil, fmt.Errorf("zone not found: %s", zoneName)
+}
diff --git a/providers/dns/internal/tecnocratica/provider_test.go b/providers/dns/internal/tecnocratica/provider_test.go
new file mode 100644
index 000000000..33e5f7c67
--- /dev/null
+++ b/providers/dns/internal/tecnocratica/provider_test.go
@@ -0,0 +1,99 @@
+package tecnocratica
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ token string
+ expected string
+ }{
+ {
+ desc: "success",
+ token: "secret",
+ },
+ {
+ desc: "missing token",
+ expected: "missing credentials",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := &Config{}
+ config.Token = test.token
+
+ p, err := NewDNSProviderConfig(config, "")
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := &Config{
+ Token: "secret",
+ PropagationTimeout: 10 * time.Second,
+ PollingInterval: 1 * time.Second,
+ TTL: 120,
+ HTTPClient: server.Client(),
+ }
+
+ p, err := NewDNSProviderConfig(config, server.URL)
+ if err != nil {
+ return nil, err
+ }
+
+ return p, nil
+ },
+ servermock.CheckHeader().WithJSONHeaders().
+ With("X-TCpanel-Token", "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /dns/zones",
+ servermock.ResponseFromInternal("get_zones.json")).
+ Route("POST /dns/zones/6/records",
+ servermock.ResponseFromInternal("create_record.json").
+ WithStatusCode(http.StatusCreated),
+ servermock.CheckRequestJSONBodyFromInternal("create_record-request.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /dns/zones/456/records/123",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent)).
+ Build(t)
+
+ token := "abc"
+
+ provider.recordIDs[token] = 123
+ provider.zoneIDs[token] = 456
+
+ err := provider.CleanUp("example.com", token, "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/internal/useragent/useragent.go b/providers/dns/internal/useragent/useragent.go
index f380c05b0..090c9109a 100644
--- a/providers/dns/internal/useragent/useragent.go
+++ b/providers/dns/internal/useragent/useragent.go
@@ -10,12 +10,12 @@ import (
const (
// ourUserAgent is the User-Agent of this underlying library package.
- ourUserAgent = "goacme-lego/4.25.1"
+ ourUserAgent = "goacme-lego/4.32.0"
// ourUserAgentComment is part of the UA comment linked to the version status of this underlying library package.
// values: detach|release
// NOTE: Update this with each tagged release.
- ourUserAgentComment = "release"
+ ourUserAgentComment = "detach"
)
// Get builds and returns the User-Agent string.
diff --git a/providers/dns/westcn/internal/client.go b/providers/dns/internal/westcn/internal/client.go
similarity index 96%
rename from providers/dns/westcn/internal/client.go
rename to providers/dns/internal/westcn/internal/client.go
index 4d967f5e1..621c7865f 100644
--- a/providers/dns/westcn/internal/client.go
+++ b/providers/dns/internal/westcn/internal/client.go
@@ -14,8 +14,8 @@ import (
"strings"
"time"
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
querystring "github.com/google/go-querystring/query"
- "github.com/nrdcg/mailinabox/errutils"
"golang.org/x/text/encoding"
"golang.org/x/text/encoding/simplifiedchinese"
"golang.org/x/text/transform"
@@ -30,7 +30,7 @@ type Client struct {
encoder *encoding.Encoder
- baseURL *url.URL
+ BaseURL *url.URL
HTTPClient *http.Client
}
@@ -46,7 +46,7 @@ func NewClient(username, password string) (*Client, error) {
username: username,
password: password,
encoder: simplifiedchinese.GBK.NewEncoder(),
- baseURL: baseURL,
+ BaseURL: baseURL,
HTTPClient: &http.Client{Timeout: 10 * time.Second},
}, nil
}
@@ -116,7 +116,7 @@ func (c *Client) newRequest(ctx context.Context, p, act string, form url.Values)
return nil, err
}
- endpoint := c.baseURL.JoinPath(p, "/")
+ endpoint := c.BaseURL.JoinPath(p, "/")
query := endpoint.Query()
query.Set("act", act)
diff --git a/providers/dns/westcn/internal/client_test.go b/providers/dns/internal/westcn/internal/client_test.go
similarity index 98%
rename from providers/dns/westcn/internal/client_test.go
rename to providers/dns/internal/westcn/internal/client_test.go
index f7bdac5c0..53fd6ed8f 100644
--- a/providers/dns/westcn/internal/client_test.go
+++ b/providers/dns/internal/westcn/internal/client_test.go
@@ -21,7 +21,7 @@ func mockBuilder() *servermock.Builder[*Client] {
}
client.HTTPClient = server.Client()
- client.baseURL, _ = url.Parse(server.URL)
+ client.BaseURL, _ = url.Parse(server.URL)
return client, nil
},
@@ -69,7 +69,8 @@ func TestClientAddRecord_error(t *testing.T) {
servermock.ResponseFromFixture("error.json").
WithHeader("Content-Type", "application/json", "Charset=gb2312"),
servermock.CheckQueryParameter().Strict().
- With("act", "adddnsrecord")).
+ With("act", "adddnsrecord"),
+ ).
Build(t)
record := Record{
diff --git a/providers/dns/westcn/internal/fixtures/adddnsrecord.json b/providers/dns/internal/westcn/internal/fixtures/adddnsrecord.json
similarity index 100%
rename from providers/dns/westcn/internal/fixtures/adddnsrecord.json
rename to providers/dns/internal/westcn/internal/fixtures/adddnsrecord.json
diff --git a/providers/dns/westcn/internal/fixtures/deldnsrecord.json b/providers/dns/internal/westcn/internal/fixtures/deldnsrecord.json
similarity index 100%
rename from providers/dns/westcn/internal/fixtures/deldnsrecord.json
rename to providers/dns/internal/westcn/internal/fixtures/deldnsrecord.json
diff --git a/providers/dns/westcn/internal/fixtures/error.json b/providers/dns/internal/westcn/internal/fixtures/error.json
similarity index 100%
rename from providers/dns/westcn/internal/fixtures/error.json
rename to providers/dns/internal/westcn/internal/fixtures/error.json
diff --git a/providers/dns/westcn/internal/types.go b/providers/dns/internal/westcn/internal/types.go
similarity index 100%
rename from providers/dns/westcn/internal/types.go
rename to providers/dns/internal/westcn/internal/types.go
diff --git a/providers/dns/internal/westcn/provider.go b/providers/dns/internal/westcn/provider.go
new file mode 100644
index 000000000..a9e6dad58
--- /dev/null
+++ b/providers/dns/internal/westcn/provider.go
@@ -0,0 +1,140 @@
+package westcn
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "net/url"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/internal/westcn/internal"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Username string
+ Password string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordIDs map[string]int
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for West.cn/西部数码.
+func NewDNSProviderConfig(config *Config, baseURL string) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.Username, config.Password)
+ if err != nil {
+ return nil, fmt.Errorf("%w", err)
+ }
+
+ if baseURL != "" {
+ client.BaseURL, err = url.Parse(baseURL)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]int),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("%w", err)
+ }
+
+ record := internal.Record{
+ Domain: dns01.UnFqdn(authZone),
+ Host: subDomain,
+ Type: "TXT",
+ Value: info.Value,
+ TTL: d.config.TTL,
+ }
+
+ recordID, err := d.client.AddRecord(context.Background(), record)
+ if err != nil {
+ return fmt.Errorf("add record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.recordIDs[token] = recordID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("could not find zone for domain %q: %w", domain, err)
+ }
+
+ // gets the record's unique ID
+ d.recordIDsMu.Lock()
+ recordID, ok := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ err = d.client.DeleteRecord(context.Background(), dns01.UnFqdn(authZone), recordID)
+ if err != nil {
+ return fmt.Errorf("delete record: %w", err)
+ }
+
+ // deletes record ID from map
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/internal/westcn/provider_test.go b/providers/dns/internal/westcn/provider_test.go
new file mode 100644
index 000000000..2ae0f09cb
--- /dev/null
+++ b/providers/dns/internal/westcn/provider_test.go
@@ -0,0 +1,127 @@
+package westcn
+
+import (
+ "net/http/httptest"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ username string
+ password string
+ expected string
+ }{
+ {
+ desc: "success",
+ username: "user",
+ password: "secret",
+ },
+ {
+ desc: "missing username",
+ password: "secret",
+ expected: "credentials missing",
+ },
+ {
+ desc: "missing password",
+ username: "user",
+ expected: "credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := &Config{}
+ config.Username = test.username
+ config.Password = test.password
+
+ p, err := NewDNSProviderConfig(config, "")
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := &Config{
+ Username: "user",
+ Password: "secret",
+ PropagationTimeout: 10 * time.Second,
+ PollingInterval: 1 * time.Second,
+ TTL: 120,
+ HTTPClient: server.Client(),
+ }
+
+ p, err := NewDNSProviderConfig(config, server.URL)
+ if err != nil {
+ return nil, err
+ }
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithContentTypeFromURLEncoded())
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /domain/",
+ servermock.ResponseFromInternal("adddnsrecord.json").
+ WithHeader("Content-Type", "application/json", "Charset=gb2312"),
+ servermock.CheckQueryParameter().Strict().
+ With("act", "adddnsrecord"),
+ servermock.CheckForm().UsePostForm().Strict().
+ With("domain", "example.com").
+ With("host", "_acme-challenge").
+ With("ttl", "120").
+ With("type", "TXT").
+ With("value", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ // With("act", "adddnsrecord").
+ With("username", "user").
+ WithRegexp("time", `\d+`).
+ WithRegexp("token", `[a-z0-9]{32}`),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /domain/",
+ servermock.ResponseFromInternal("deldnsrecord.json").
+ WithHeader("Content-Type", "application/json", "Charset=gb2312"),
+ servermock.CheckQueryParameter().Strict().
+ With("act", "deldnsrecord"),
+ servermock.CheckForm().UsePostForm().Strict().
+ With("id", "123").
+ With("domain", "example.com").
+ With("username", "user").
+ WithRegexp("time", `\d+`).
+ WithRegexp("token", `[a-z0-9]{32}`),
+ ).
+ Build(t)
+
+ provider.recordIDs["abc"] = 123
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/internetbs/internal/client.go b/providers/dns/internetbs/internal/client.go
index 4de57dc9a..cf9e90dc5 100644
--- a/providers/dns/internetbs/internal/client.go
+++ b/providers/dns/internetbs/internal/client.go
@@ -48,6 +48,7 @@ func NewClient(apiKey, password string) *Client {
// AddRecord The command is intended to add a new DNS record to a specific zone (domain).
func (c *Client) AddRecord(ctx context.Context, query RecordQuery) error {
var r APIResponse
+
err := c.doRequest(ctx, "Add", query, &r)
if err != nil {
return err
@@ -63,6 +64,7 @@ func (c *Client) AddRecord(ctx context.Context, query RecordQuery) error {
// RemoveRecord The command is intended to remove a DNS record from a specific zone.
func (c *Client) RemoveRecord(ctx context.Context, query RecordQuery) error {
var r APIResponse
+
err := c.doRequest(ctx, "Remove", query, &r)
if err != nil {
return err
@@ -78,6 +80,7 @@ func (c *Client) RemoveRecord(ctx context.Context, query RecordQuery) error {
// ListRecords The command is intended to retrieve the list of DNS records for a specific domain.
func (c *Client) ListRecords(ctx context.Context, query ListRecordQuery) ([]Record, error) {
var l ListResponse
+
err := c.doRequest(ctx, "List", query, &l)
if err != nil {
return nil, err
diff --git a/providers/dns/internetbs/internetbs.go b/providers/dns/internetbs/internetbs.go
index 9d6c17676..e8cb868d2 100644
--- a/providers/dns/internetbs/internetbs.go
+++ b/providers/dns/internetbs/internetbs.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internetbs/internal"
)
@@ -88,6 +89,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/internetbs/internetbs.toml b/providers/dns/internetbs/internetbs.toml
index d25418f22..f22850253 100644
--- a/providers/dns/internetbs/internetbs.toml
+++ b/providers/dns/internetbs/internetbs.toml
@@ -7,7 +7,7 @@ Since = "v4.5.0"
Example = '''
INTERNET_BS_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxx \
INTERNET_BS_PASSWORD=yyyyyyyyyyyyyyyyyyyyyyyyyy \
-lego --email you@example.com --dns internetbs -d '*.example.com' -d example.com run
+lego --dns internetbs -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/internetbs/internetbs_test.go b/providers/dns/internetbs/internetbs_test.go
index ea328d506..be436d6e7 100644
--- a/providers/dns/internetbs/internetbs_test.go
+++ b/providers/dns/internetbs/internetbs_test.go
@@ -49,6 +49,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -121,6 +122,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -134,6 +136,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/inwx/inwx.go b/providers/dns/inwx/inwx.go
index 9945d904c..0e79d71e0 100644
--- a/providers/dns/inwx/inwx.go
+++ b/providers/dns/inwx/inwx.go
@@ -177,17 +177,19 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("inwx: %w", err)
}
- var recordID int
+ var recordID string
+
for _, record := range response.Records {
if record.Content != info.Value {
continue
}
recordID = record.ID
+
break
}
- if recordID == 0 {
+ if recordID == "" {
return errors.New("inwx: TXT record not found")
}
diff --git a/providers/dns/inwx/inwx.toml b/providers/dns/inwx/inwx.toml
index aeab5a242..da4c6d959 100644
--- a/providers/dns/inwx/inwx.toml
+++ b/providers/dns/inwx/inwx.toml
@@ -7,13 +7,13 @@ Since = "v2.0.0"
Example = '''
INWX_USERNAME=xxxxxxxxxx \
INWX_PASSWORD=yyyyyyyyyy \
-lego --email you@example.com --dns inwx -d '*.example.com' -d example.com run
+lego --dns inwx -d '*.example.com' -d example.com run
# 2FA
INWX_USERNAME=xxxxxxxxxx \
INWX_PASSWORD=yyyyyyyyyy \
INWX_SHARED_SECRET=zzzzzzzzzz \
-lego --email you@example.com --dns inwx -d '*.example.com' -d example.com run
+lego --dns inwx -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/inwx/inwx_test.go b/providers/dns/inwx/inwx_test.go
index 39ce7d70e..47b12e228 100644
--- a/providers/dns/inwx/inwx_test.go
+++ b/providers/dns/inwx/inwx_test.go
@@ -62,6 +62,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -124,6 +125,7 @@ func TestLivePresentAndCleanup(t *testing.T) {
}
envTest.RestoreEnv()
+
envTest.Apply(map[string]string{
EnvSandbox: "true",
EnvTTL: "3600", // In sandbox mode, the minimum allowed TTL is 3600
diff --git a/providers/dns/ionos/ionos.go b/providers/dns/ionos/ionos.go
index 394def027..892370f5d 100644
--- a/providers/dns/ionos/ionos.go
+++ b/providers/dns/ionos/ionos.go
@@ -2,18 +2,15 @@
package ionos
import (
- "context"
"errors"
"fmt"
"net/http"
- "strconv"
- "strings"
"time"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
- "github.com/go-acme/lego/v4/providers/dns/ionos/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/ionos"
)
// Environment variables names.
@@ -33,18 +30,12 @@ const minTTL = 300
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- APIKey string
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = ionos.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
- TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
+ TTL: env.GetOrDefaultInt(EnvTTL, ionos.MinTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 15*time.Minute),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
HTTPClient: &http.Client{
@@ -55,8 +46,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *internal.Client
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for Ionos.
@@ -79,126 +69,36 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("ionos: the configuration of the DNS provider is nil")
}
- if config.APIKey == "" {
- return nil, errors.New("ionos: credentials missing")
- }
-
- if config.TTL < minTTL {
- return nil, fmt.Errorf("ionos: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
- }
-
- client, err := internal.NewClient(config.APIKey)
+ provider, err := ionos.NewDNSProviderConfig(config, "")
if err != nil {
return nil, fmt.Errorf("ionos: %w", err)
}
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- return &DNSProvider{config: config, client: client}, nil
+ return &DNSProvider{prv: provider}, nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
+ return d.prv.Timeout()
}
// Present creates a TXT record using the specified parameters.
-func (d *DNSProvider) Present(domain, _, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- ctx := context.Background()
-
- zones, err := d.client.ListZones(ctx)
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
- return fmt.Errorf("ionos: failed to get zones: %w", err)
- }
-
- name := dns01.UnFqdn(info.EffectiveFQDN)
-
- zone := findZone(zones, name)
- if zone == nil {
- return errors.New("ionos: no matching zone found for domain")
- }
-
- filter := &internal.RecordsFilter{
- Suffix: name,
- RecordType: "TXT",
- }
-
- records, err := d.client.GetRecords(ctx, zone.ID, filter)
- if err != nil {
- return fmt.Errorf("ionos: failed to get records (zone=%s): %w", zone.ID, err)
- }
-
- records = append(records, internal.Record{
- Name: name,
- Content: info.Value,
- TTL: d.config.TTL,
- Type: "TXT",
- })
-
- err = d.client.ReplaceRecords(ctx, zone.ID, records)
- if err != nil {
- return fmt.Errorf("ionos: failed to create/update records (zone=%s): %w", zone.ID, err)
+ return fmt.Errorf("ionos: %w", err)
}
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
-func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- ctx := context.Background()
-
- zones, err := d.client.ListZones(ctx)
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
- return fmt.Errorf("ionos: failed to get zones: %w", err)
+ return fmt.Errorf("ionos: %w", err)
}
- name := dns01.UnFqdn(info.EffectiveFQDN)
-
- zone := findZone(zones, name)
- if zone == nil {
- return errors.New("ionos: no matching zone found for domain")
- }
-
- filter := &internal.RecordsFilter{
- Suffix: name,
- RecordType: "TXT",
- }
-
- records, err := d.client.GetRecords(ctx, zone.ID, filter)
- if err != nil {
- return fmt.Errorf("ionos: failed to get records (zone=%s): %w", zone.ID, err)
- }
-
- for _, record := range records {
- if record.Name == name && record.Content == strconv.Quote(info.Value) {
- err = d.client.RemoveRecord(ctx, zone.ID, record.ID)
- if err != nil {
- return fmt.Errorf("ionos: failed to remove record (zone=%s, record=%s): %w", zone.ID, record.ID, err)
- }
- return nil
- }
- }
-
- return fmt.Errorf("ionos: failed to remove record, record not found (zone=%s, domain=%s, fqdn=%s, value=%s)", zone.ID, domain, info.EffectiveFQDN, info.Value)
-}
-
-func findZone(zones []internal.Zone, domain string) *internal.Zone {
- var result *internal.Zone
-
- for _, zone := range zones {
- if zone.Name != "" && strings.HasSuffix(domain, zone.Name) {
- if result == nil || len(zone.Name) > len(result.Name) {
- result = &zone
- }
- }
- }
-
- return result
+ return nil
}
diff --git a/providers/dns/ionos/ionos.toml b/providers/dns/ionos/ionos.toml
index 0c905273f..a2c9518fb 100644
--- a/providers/dns/ionos/ionos.toml
+++ b/providers/dns/ionos/ionos.toml
@@ -6,7 +6,7 @@ Since = "v4.2.0"
Example = '''
IONOS_API_KEY=xxxxxxxx \
-lego --email you@example.com --dns ionos -d '*.example.com' -d example.com run
+lego --dns ionos -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/ionos/ionos_test.go b/providers/dns/ionos/ionos_test.go
index 5aef6ad14..39dc0c511 100644
--- a/providers/dns/ionos/ionos_test.go
+++ b/providers/dns/ionos/ionos_test.go
@@ -9,9 +9,7 @@ import (
const envDomain = envNamespace + "DOMAIN"
-var envTest = tester.NewEnvTest(
- EnvAPIKey).
- WithDomain(envDomain)
+var envTest = tester.NewEnvTest(EnvAPIKey).WithDomain(envDomain)
func TestNewDNSProvider(t *testing.T) {
testCases := []struct {
@@ -37,6 +35,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -46,8 +45,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -91,8 +89,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -106,6 +103,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -119,6 +117,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/ionoscloud/internal/client.go b/providers/dns/ionoscloud/internal/client.go
new file mode 100644
index 000000000..5b7d3a0fc
--- /dev/null
+++ b/providers/dns/ionoscloud/internal/client.go
@@ -0,0 +1,172 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+const defaultBaseURL = "https://dns.de-fra.ionos.com"
+
+const authorizationHeader = "Authorization"
+
+// Client the Ionos Cloud API client.
+type Client struct {
+ apiKey string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(apiKey string) (*Client, error) {
+ if apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ apiKey: apiKey,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+// RetrieveZones returns a list of the DNS zones.
+// https://api.ionos.com/docs/dns/v1/#tag/Zones/operation/zonesGet
+func (c *Client) RetrieveZones(ctx context.Context, zoneName string) ([]Zone, error) {
+ endpoint := c.BaseURL.JoinPath("zones")
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ query := req.URL.Query()
+ query.Add("filter.zoneName", zoneName)
+ req.URL.RawQuery = query.Encode()
+
+ result := ZonesResponse{}
+
+ if err := c.do(req, &result); err != nil {
+ return nil, err
+ }
+
+ return result.Items, nil
+}
+
+// CreateRecord creates a new record for the DNS zone.
+// https://api.ionos.com/docs/dns/v1/#tag/Records/operation/zonesRecordsPost
+func (c *Client) CreateRecord(ctx context.Context, zoneID string, record RecordProperties) (*RecordResponse, error) {
+ endpoint := c.BaseURL.JoinPath("zones", zoneID, "records")
+
+ payload := map[string]RecordProperties{
+ "properties": record,
+ }
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, payload)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &RecordResponse{}
+
+ if err := c.do(req, result); err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// DeleteRecord deletes a specified record from the DNS zone.
+// https://api.ionos.com/docs/dns/v1/#tag/Records/operation/zonesRecordsDelete
+func (c *Client) DeleteRecord(ctx context.Context, zoneID, recordID string) error {
+ endpoint := c.BaseURL.JoinPath("zones", zoneID, "records", recordID)
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Set(authorizationHeader, "Bearer "+c.apiKey)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/ionoscloud/internal/client_test.go b/providers/dns/ionoscloud/internal/client_test.go
new file mode 100644
index 000000000..dc478cc64
--- /dev/null
+++ b/providers/dns/ionoscloud/internal/client_test.go
@@ -0,0 +1,134 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ WithAuthorization("Bearer secret"),
+ )
+}
+
+func TestClient_RetrieveZones(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /zones",
+ servermock.ResponseFromFixture("zones.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("filter.zoneName", "example.com")).
+ Build(t)
+
+ zones, err := client.RetrieveZones(t.Context(), "example.com")
+ require.NoError(t, err)
+
+ expected := []Zone{{
+ ID: "e74d0d15-f567-4b7b-9069-26ee1f93bae3",
+ Type: "zone",
+ Metadata: ZoneMetadata{
+ CreatedDate: time.Date(2022, time.August, 21, 15, 52, 53, 0, time.UTC),
+ CreatedBy: "ionos:iam:cloud:31960002:users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ CreatedByUserID: "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ LastModifiedDate: time.Date(2022, time.August, 21, 15, 52, 53, 0, time.UTC),
+ LastModifiedBy: "ionos:iam:cloud:31960002:users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ LastModifiedByUserID: "63cef532-26fe-4a64-a4e0-de7c8a506c90",
+ ResourceURN: "ionos::::",
+ State: "PROVISIONING",
+ Nameservers: []string{"ns-ic.ui-dns.com", "ns-ic.ui-dns.de", "ns-ic.ui-dns.org", "ns-ic.ui-dns.biz"},
+ },
+ Properties: ZoneProperties{
+ ZoneName: "example.com",
+ Description: "The hosted zone is used for example.com",
+ Enabled: true,
+ },
+ }}
+
+ assert.Equal(t, expected, zones)
+}
+
+func TestClient_RetrieveZones_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /zones",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ _, err := client.RetrieveZones(t.Context(), "example.com")
+ require.EqualError(t, err, "401: paas-auth-1: Unauthorized, wrong or no api key provided to process this request")
+}
+
+func TestClient_CreateRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /zones/abc/records",
+ servermock.ResponseFromFixture("create_record.json"),
+ servermock.CheckRequestJSONBodyFromFixture("create_record-request.json")).
+ Build(t)
+
+ record := RecordProperties{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 120,
+ }
+
+ result, err := client.CreateRecord(t.Context(), "abc", record)
+ require.NoError(t, err)
+
+ expected := &RecordResponse{
+ ID: "90d81ac0-3a30-44d4-95a5-12959effa6ee",
+ Type: "record",
+ Metadata: RecordMetadata{
+ CreatedDate: time.Date(2022, time.August, 21, 15, 52, 53, 0, time.UTC),
+ CreatedBy: "ionos:iam:cloud:31960002:users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ CreatedByUserID: "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ LastModifiedDate: time.Date(2022, time.August, 21, 15, 52, 53, 0, time.UTC),
+ LastModifiedBy: "ionos:iam:cloud:31960002:users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ LastModifiedByUserID: "63cef532-26fe-4a64-a4e0-de7c8a506c90",
+ ResourceURN: "ionos::::",
+ State: "PROVISIONING",
+ Fqdn: "app.example.com",
+ ZoneID: "a363f30c-4c0c-4552-9a07-298d87f219bf",
+ },
+ Properties: RecordProperties{
+ Name: "app",
+ Type: "A",
+ Content: "1.2.3.4",
+ TTL: 3600,
+ Priority: 3600,
+ Enabled: true,
+ },
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /zones/abc/records/def",
+ servermock.Noop().
+ WithStatusCode(http.StatusAccepted)).
+ Build(t)
+
+ err := client.DeleteRecord(t.Context(), "abc", "def")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/ionoscloud/internal/fixtures/create_record-request.json b/providers/dns/ionoscloud/internal/fixtures/create_record-request.json
new file mode 100644
index 000000000..d4f52bba8
--- /dev/null
+++ b/providers/dns/ionoscloud/internal/fixtures/create_record-request.json
@@ -0,0 +1,8 @@
+{
+ "properties": {
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 120
+ }
+}
diff --git a/providers/dns/ionoscloud/internal/fixtures/create_record.json b/providers/dns/ionoscloud/internal/fixtures/create_record.json
new file mode 100644
index 000000000..d3094c3b2
--- /dev/null
+++ b/providers/dns/ionoscloud/internal/fixtures/create_record.json
@@ -0,0 +1,25 @@
+{
+ "id": "90d81ac0-3a30-44d4-95a5-12959effa6ee",
+ "type": "record",
+ "href": "",
+ "metadata": {
+ "createdDate": "2022-08-21T15:52:53Z",
+ "createdBy": "ionos:iam:cloud:31960002:users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ "createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ "lastModifiedDate": "2022-08-21T15:52:53Z",
+ "lastModifiedBy": "ionos:iam:cloud:31960002:users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ "lastModifiedByUserId": "63cef532-26fe-4a64-a4e0-de7c8a506c90",
+ "resourceURN": "ionos::::",
+ "state": "PROVISIONING",
+ "fqdn": "app.example.com",
+ "zoneId": "a363f30c-4c0c-4552-9a07-298d87f219bf"
+ },
+ "properties": {
+ "name": "app",
+ "type": "A",
+ "content": "1.2.3.4",
+ "ttl": 3600,
+ "priority": 3600,
+ "enabled": true
+ }
+}
diff --git a/providers/dns/ionoscloud/internal/fixtures/error.json b/providers/dns/ionoscloud/internal/fixtures/error.json
new file mode 100644
index 000000000..bed0e5efb
--- /dev/null
+++ b/providers/dns/ionoscloud/internal/fixtures/error.json
@@ -0,0 +1,9 @@
+{
+ "httpStatus": 401,
+ "messages": [
+ {
+ "errorCode": "paas-auth-1",
+ "message": "Unauthorized, wrong or no api key provided to process this request"
+ }
+ ]
+}
diff --git a/providers/dns/ionoscloud/internal/fixtures/zones.json b/providers/dns/ionoscloud/internal/fixtures/zones.json
new file mode 100644
index 000000000..c9c2c62f9
--- /dev/null
+++ b/providers/dns/ionoscloud/internal/fixtures/zones.json
@@ -0,0 +1,40 @@
+{
+ "id": "e74d0d15-f567-4b7b-9069-26ee1f93bae3",
+ "type": "collection",
+ "href": "",
+ "offset": 0,
+ "limit": 1000,
+ "_links": {
+ "prev": "http://PREVIOUS-PAGE-URI",
+ "self": "http://THIS-PAGE-URI",
+ "next": "http://NEXT-PAGE-URI"
+ },
+ "items": [
+ {
+ "id": "e74d0d15-f567-4b7b-9069-26ee1f93bae3",
+ "type": "zone",
+ "href": "",
+ "metadata": {
+ "createdDate": "2022-08-21T15:52:53Z",
+ "createdBy": "ionos:iam:cloud:31960002:users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ "createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ "lastModifiedDate": "2022-08-21T15:52:53Z",
+ "lastModifiedBy": "ionos:iam:cloud:31960002:users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
+ "lastModifiedByUserId": "63cef532-26fe-4a64-a4e0-de7c8a506c90",
+ "resourceURN": "ionos::::",
+ "state": "PROVISIONING",
+ "nameservers": [
+ "ns-ic.ui-dns.com",
+ "ns-ic.ui-dns.de",
+ "ns-ic.ui-dns.org",
+ "ns-ic.ui-dns.biz"
+ ]
+ },
+ "properties": {
+ "zoneName": "example.com",
+ "description": "The hosted zone is used for example.com",
+ "enabled": true
+ }
+ }
+ ]
+}
diff --git a/providers/dns/ionoscloud/internal/types.go b/providers/dns/ionoscloud/internal/types.go
new file mode 100644
index 000000000..49348f4d1
--- /dev/null
+++ b/providers/dns/ionoscloud/internal/types.go
@@ -0,0 +1,97 @@
+package internal
+
+import (
+ "fmt"
+ "strconv"
+ "strings"
+ "time"
+)
+
+type APIError struct {
+ HTTPStatus int `json:"httpStatus"`
+ Messages []ErrorMessage `json:"messages"`
+}
+
+func (a *APIError) Error() string {
+ var msg strings.Builder
+
+ msg.WriteString(strconv.Itoa(a.HTTPStatus))
+
+ for _, m := range a.Messages {
+ msg.WriteString(": ")
+ msg.WriteString(m.String())
+ }
+
+ return msg.String()
+}
+
+type ErrorMessage struct {
+ ErrorCode string `json:"errorCode"`
+ Message string `json:"message"`
+}
+
+func (e ErrorMessage) String() string {
+ return fmt.Sprintf("%s: %s", e.ErrorCode, e.Message)
+}
+
+type ZonesResponse struct {
+ ID string `json:"id"`
+ Type string `json:"type"`
+ Offset int `json:"offset"`
+ Limit int `json:"limit"`
+ Items []Zone `json:"items"`
+}
+
+type Zone struct {
+ ID string `json:"id"`
+ Type string `json:"type"`
+ Metadata ZoneMetadata `json:"metadata"`
+ Properties ZoneProperties `json:"properties"`
+}
+
+type ZoneMetadata struct {
+ CreatedDate time.Time `json:"createdDate"`
+ CreatedBy string `json:"createdBy"`
+ CreatedByUserID string `json:"createdByUserId"`
+ LastModifiedDate time.Time `json:"lastModifiedDate"`
+ LastModifiedBy string `json:"lastModifiedBy"`
+ LastModifiedByUserID string `json:"lastModifiedByUserId"`
+ ResourceURN string `json:"resourceURN"`
+ State string `json:"state"`
+ Nameservers []string `json:"nameservers"`
+}
+
+type ZoneProperties struct {
+ ZoneName string `json:"zoneName"`
+ Description string `json:"description"`
+ Enabled bool `json:"enabled"`
+}
+
+type RecordResponse struct {
+ ID string `json:"id"`
+ Type string `json:"type"`
+ Metadata RecordMetadata `json:"metadata"`
+ Properties RecordProperties `json:"properties"`
+}
+
+type RecordMetadata struct {
+ CreatedDate time.Time `json:"createdDate"`
+ CreatedBy string `json:"createdBy"`
+ CreatedByUserID string `json:"createdByUserId"`
+ LastModifiedDate time.Time `json:"lastModifiedDate"`
+ LastModifiedBy string `json:"lastModifiedBy"`
+ LastModifiedByUserID string `json:"lastModifiedByUserId"`
+ ResourceURN string `json:"resourceURN"`
+ State string `json:"state"`
+ Fqdn string `json:"fqdn"`
+ ZoneID string `json:"zoneId"`
+}
+
+type RecordProperties struct {
+ Name string `json:"name"`
+ Type string `json:"type,omitempty"`
+ Content string `json:"content,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Priority int `json:"priority,omitempty"`
+ Enabled bool `json:"enabled,omitempty"`
+}
diff --git a/providers/dns/ionoscloud/ionoscloud.go b/providers/dns/ionoscloud/ionoscloud.go
new file mode 100644
index 000000000..0c33fba9f
--- /dev/null
+++ b/providers/dns/ionoscloud/ionoscloud.go
@@ -0,0 +1,184 @@
+// Package ionoscloud implements a DNS provider for solving the DNS-01 challenge using Ionos Cloud.
+package ionoscloud
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/ionoscloud/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "IONOSCLOUD_"
+
+ EnvAPIToken = envNamespace + "API_TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIToken string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ zoneIDs map[string]string
+ recordIDs map[string]string
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Ionos Cloud.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIToken)
+ if err != nil {
+ return nil, fmt.Errorf("ionoscloud: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIToken = values[EnvAPIToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Ionos Cloud.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("ionoscloud: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.APIToken)
+ if err != nil {
+ return nil, fmt.Errorf("ionoscloud: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ zoneIDs: make(map[string]string),
+ recordIDs: make(map[string]string),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("ionoscloud: could not find zone for domain %q: %w", domain, err)
+ }
+
+ zones, err := d.client.RetrieveZones(ctx, dns01.UnFqdn(authZone))
+ if err != nil {
+ return fmt.Errorf("ionoscloud: retrieve zones: %w", err)
+ }
+
+ if len(zones) != 1 {
+ return fmt.Errorf("ionoscloud: zone ID not found for domain %q", domain)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("ionoscloud: %w", err)
+ }
+
+ zoneID := zones[0].ID
+
+ request := internal.RecordProperties{
+ Name: subDomain,
+ Type: "TXT",
+ Content: info.Value,
+ TTL: d.config.TTL,
+ }
+
+ record, err := d.client.CreateRecord(ctx, zoneID, request)
+ if err != nil {
+ return fmt.Errorf("ionoscloud: create record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.zoneIDs[token] = zoneID
+ d.recordIDs[token] = record.ID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.recordIDsMu.Lock()
+ zoneID, ok := d.zoneIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("ionoscloud: unknown zone ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ d.recordIDsMu.Lock()
+ recordID, ok := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("ionoscloud: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ err := d.client.DeleteRecord(context.Background(), zoneID, recordID)
+ if err != nil {
+ return fmt.Errorf("ionoscloud: delete record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ delete(d.zoneIDs, token)
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/ionoscloud/ionoscloud.toml b/providers/dns/ionoscloud/ionoscloud.toml
new file mode 100644
index 000000000..6e1d080e4
--- /dev/null
+++ b/providers/dns/ionoscloud/ionoscloud.toml
@@ -0,0 +1,22 @@
+Name = "Ionos Cloud"
+Description = ''''''
+URL = "https://cloud.ionos.de/network/cloud-dns"
+Code = "ionoscloud"
+Since = "v4.30.0"
+
+Example = '''
+IONOSCLOUD_API_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
+lego --dns ionoscloud -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ IONOSCLOUD_API_TOKEN = "API token"
+ [Configuration.Additional]
+ IONOSCLOUD_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ IONOSCLOUD_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
+ IONOSCLOUD_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ IONOSCLOUD_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://api.ionos.com/docs/dns/v1/"
diff --git a/providers/dns/ionoscloud/ionoscloud_test.go b/providers/dns/ionoscloud/ionoscloud_test.go
new file mode 100644
index 000000000..8282e08fc
--- /dev/null
+++ b/providers/dns/ionoscloud/ionoscloud_test.go
@@ -0,0 +1,173 @@
+package ionoscloud
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIToken).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIToken: "secret",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "ionoscloud: some credentials information are missing: IONOSCLOUD_API_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiToken string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiToken: "secret",
+ },
+ {
+ desc: "missing credentials",
+ expected: "ionoscloud: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIToken = test.apiToken
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIToken = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ WithAuthorization("Bearer secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /zones",
+ servermock.ResponseFromInternal("zones.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("filter.zoneName", "example.com")).
+ Route("POST /zones/e74d0d15-f567-4b7b-9069-26ee1f93bae3/records",
+ servermock.ResponseFromInternal("create_record.json"),
+ servermock.CheckRequestJSONBodyFromInternal("create_record-request.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /zones/e74d0d15-f567-4b7b-9069-26ee1f93bae3/records/90d81ac0-3a30-44d4-95a5-12959effa6ee",
+ servermock.Noop().
+ WithStatusCode(http.StatusAccepted)).
+ Build(t)
+
+ token := "abc"
+
+ provider.zoneIDs[token] = "e74d0d15-f567-4b7b-9069-26ee1f93bae3"
+ provider.recordIDs[token] = "90d81ac0-3a30-44d4-95a5-12959effa6ee"
+
+ err := provider.CleanUp("example.com", token, "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/ipv64/internal/client.go b/providers/dns/ipv64/internal/client.go
index 1cb9c532f..0dfd94374 100644
--- a/providers/dns/ipv64/internal/client.go
+++ b/providers/dns/ipv64/internal/client.go
@@ -131,6 +131,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errAPI := &APIError{}
+
err := json.Unmarshal(raw, errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/ipv64/internal/types.go b/providers/dns/ipv64/internal/types.go
index e9e357ecc..6ef31a3cc 100644
--- a/providers/dns/ipv64/internal/types.go
+++ b/providers/dns/ipv64/internal/types.go
@@ -11,6 +11,7 @@ type APIResponse struct {
type APIError struct {
APIResponse
+
AddRecordMessage string `json:"add_record"`
DelRecordMessage string `json:"del_record"`
AddDomainMessage string `json:"add_domain"`
@@ -41,6 +42,7 @@ func (a APIError) Error() string {
type Domains struct {
APIResponse
+
APICall string `json:"add_domain"`
Subdomains map[string]Subdomain `json:"subdomains"`
}
diff --git a/providers/dns/ipv64/ipv64.go b/providers/dns/ipv64/ipv64.go
index 6e8d1c5bb..078fe5ca1 100644
--- a/providers/dns/ipv64/ipv64.go
+++ b/providers/dns/ipv64/ipv64.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/ipv64/internal"
"github.com/miekg/dns"
)
@@ -85,6 +86,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/ipv64/ipv64.toml b/providers/dns/ipv64/ipv64.toml
index fba210bdb..aa1720c9e 100644
--- a/providers/dns/ipv64/ipv64.toml
+++ b/providers/dns/ipv64/ipv64.toml
@@ -6,7 +6,7 @@ Since = "v4.13.0"
Example = '''
IPV64_API_KEY=xxxxxx \
-lego --email you@example.com --dns ipv64 -d '*.example.com' -d example.com run
+lego --dns ipv64 -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/ipv64/ipv64_test.go b/providers/dns/ipv64/ipv64_test.go
index b3fe142e9..6dc7d1cfc 100644
--- a/providers/dns/ipv64/ipv64_test.go
+++ b/providers/dns/ipv64/ipv64_test.go
@@ -114,6 +114,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -171,6 +172,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -184,6 +186,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/ispconfig/internal/client.go b/providers/dns/ispconfig/internal/client.go
new file mode 100644
index 000000000..9280fdec1
--- /dev/null
+++ b/providers/dns/ispconfig/internal/client.go
@@ -0,0 +1,318 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+)
+
+type Client struct {
+ serverURL string
+ HTTPClient *http.Client
+}
+
+func NewClient(serverURL string) (*Client, error) {
+ _, err := url.Parse(serverURL)
+ if err != nil {
+ return nil, fmt.Errorf("server URL: %w", err)
+ }
+
+ return &Client{
+ serverURL: serverURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) Login(ctx context.Context, username, password string) (string, error) {
+ payload := LoginRequest{
+ Username: username,
+ Password: password,
+ ClientLogin: false,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return "", err
+ }
+
+ endpoint.RawQuery = "login"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return "", err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return "", err
+ }
+
+ return extractResponse[string](response)
+}
+
+func (c *Client) GetClientID(ctx context.Context, sessionID, sysUserID string) (int, error) {
+ payload := ClientIDRequest{
+ SessionID: sessionID,
+ SysUserID: sysUserID,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return 0, err
+ }
+
+ endpoint.RawQuery = "client_get_id"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return 0, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return 0, err
+ }
+
+ return extractResponse[int](response)
+}
+
+// GetZoneID returns the zone ID for the given name.
+func (c *Client) GetZoneID(ctx context.Context, sessionID, name string) (int, error) {
+ payload := map[string]any{
+ "session_id": sessionID,
+ "origin": name,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return 0, err
+ }
+
+ endpoint.RawQuery = "dns_zone_get_id"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return 0, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return 0, err
+ }
+
+ return extractResponse[int](response)
+}
+
+// GetZone returns the zone information for the zone ID.
+func (c *Client) GetZone(ctx context.Context, sessionID, zoneID string) (*Zone, error) {
+ payload := map[string]any{
+ "session_id": sessionID,
+ "primary_id": zoneID,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint.RawQuery = "dns_zone_get"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return nil, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return nil, err
+ }
+
+ return extractResponse[*Zone](response)
+}
+
+// GetTXT returns the TXT record for the given name.
+// `name` must be a fully qualified domain name, e.g. "example.com.".
+func (c *Client) GetTXT(ctx context.Context, sessionID, name string) (*Record, error) {
+ payload := GetTXTRequest{
+ SessionID: sessionID,
+ PrimaryID: struct {
+ Name string `json:"name"`
+ Type string `json:"type"`
+ }{
+ Name: name,
+ Type: "txt",
+ },
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint.RawQuery = "dns_txt_get"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return nil, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return nil, err
+ }
+
+ return extractResponse[*Record](response)
+}
+
+// AddTXT adds a TXT record.
+// It returns the ID of the newly created record.
+func (c *Client) AddTXT(ctx context.Context, sessionID, clientID string, params RecordParams) (string, error) {
+ payload := AddTXTRequest{
+ SessionID: sessionID,
+ ClientID: clientID,
+ Params: ¶ms,
+ UpdateSerial: true,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return "", err
+ }
+
+ endpoint.RawQuery = "dns_txt_add"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return "", err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return "", err
+ }
+
+ return extractResponse[string](response)
+}
+
+// DeleteTXT deletes a TXT record.
+// It returns the number of deleted records.
+func (c *Client) DeleteTXT(ctx context.Context, sessionID, recordID string) (int, error) {
+ payload := DeleteTXTRequest{
+ SessionID: sessionID,
+ PrimaryID: recordID,
+ UpdateSerial: true,
+ }
+
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return 0, err
+ }
+
+ endpoint.RawQuery = "dns_txt_delete"
+
+ req, err := newJSONRequest(ctx, endpoint, payload)
+ if err != nil {
+ return 0, err
+ }
+
+ var response APIResponse
+
+ err = c.do(req, &response)
+ if err != nil {
+ return 0, err
+ }
+
+ return extractResponse[int](response)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func extractResponse[T any](response APIResponse) (T, error) {
+ if response.Code != "ok" {
+ var zero T
+
+ return zero, &APIError{APIResponse: response}
+ }
+
+ var result T
+
+ err := json.Unmarshal(response.Response, &result)
+ if err != nil {
+ var zero T
+ return zero, fmt.Errorf("unable to unmarshal response: %s, %w", string(response.Response), err)
+ }
+
+ return result, nil
+}
diff --git a/providers/dns/ispconfig/internal/client_test.go b/providers/dns/ispconfig/internal/client_test.go
new file mode 100644
index 000000000..a4db3d5f7
--- /dev/null
+++ b/providers/dns/ispconfig/internal/client_test.go
@@ -0,0 +1,175 @@
+package internal
+
+import (
+ "net/http/httptest"
+ "testing"
+ "time"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL)
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ })
+}
+
+func TestClient_Login(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("login.json"),
+ servermock.CheckRequestJSONBodyFromFixture("login-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("login", ""),
+ ).
+ Build(t)
+
+ sessionID, err := client.Login(t.Context(), "user", "secret")
+ require.NoError(t, err)
+
+ assert.Equal(t, "abc", sessionID)
+}
+
+func TestClient_Login_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("error.json"),
+ ).
+ Build(t)
+
+ _, err := client.Login(t.Context(), "user", "secret")
+ require.EqualError(t, err, `code: remote_fault, message: The login failed. Username or password wrong., response: false`)
+}
+
+func TestClient_GetClientID(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("client_get_id.json"),
+ servermock.CheckRequestJSONBodyFromFixture("client_get_id-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("client_get_id", ""),
+ ).
+ Build(t)
+
+ id, err := client.GetClientID(t.Context(), "sessionA", "sysA")
+ require.NoError(t, err)
+
+ assert.Equal(t, 123, id)
+}
+
+func TestClient_GetZoneID(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_zone_get_id.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_zone_get_id-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_zone_get_id", ""),
+ ).
+ Build(t)
+
+ zoneID, err := client.GetZoneID(t.Context(), "sessionA", "example.com")
+ require.NoError(t, err)
+
+ assert.Equal(t, 123, zoneID)
+}
+
+func TestClient_GetZone(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_zone_get.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_zone_get-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_zone_get", ""),
+ ).
+ Build(t)
+
+ zone, err := client.GetZone(t.Context(), "sessionA", "example.com.")
+ require.NoError(t, err)
+
+ expected := &Zone{
+ ID: "456",
+ ServerID: "123",
+ SysUserID: "789",
+ SysGroupID: "2",
+ Origin: "example.com.",
+ Serial: "2025102902",
+ Active: "Y",
+ }
+
+ assert.Equal(t, expected, zone)
+}
+
+func TestClient_GetTXT(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_txt_get.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_txt_get-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_txt_get", ""),
+ ).
+ Build(t)
+
+ record, err := client.GetTXT(t.Context(), "sessionA", "example.com.")
+ require.NoError(t, err)
+
+ expected := &Record{ID: 123}
+
+ assert.Equal(t, expected, record)
+}
+
+func TestClient_AddTXT(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_txt_add.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_txt_add-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_txt_add", ""),
+ ).
+ Build(t)
+
+ now := time.Date(2025, 12, 25, 1, 1, 1, 0, time.UTC)
+
+ params := RecordParams{
+ ServerID: "serverA",
+ Zone: "example.com.",
+ Name: "foo.example.com.",
+ Type: "txt",
+ Data: "txtTXTtxt",
+ Aux: "0",
+ TTL: "3600",
+ Active: "y",
+ Stamp: now.Format("2006-01-02 15:04:05"),
+ UpdateSerial: true,
+ }
+
+ recordID, err := client.AddTXT(t.Context(), "sessionA", "clientA", params)
+ require.NoError(t, err)
+
+ assert.Equal(t, "123", recordID)
+}
+
+func TestClient_DeleteTXT(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /",
+ servermock.ResponseFromFixture("dns_txt_delete.json"),
+ servermock.CheckRequestJSONBodyFromFixture("dns_txt_delete-request.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("dns_txt_delete", ""),
+ ).
+ Build(t)
+
+ count, err := client.DeleteTXT(t.Context(), "sessionA", "123")
+ require.NoError(t, err)
+
+ assert.Equal(t, 1, count)
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/client_get_id-request.json b/providers/dns/ispconfig/internal/fixtures/client_get_id-request.json
new file mode 100644
index 000000000..ba573f824
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/client_get_id-request.json
@@ -0,0 +1,4 @@
+{
+ "session_id": "sessionA",
+ "sys_userid": "sysA"
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/client_get_id.json b/providers/dns/ispconfig/internal/fixtures/client_get_id.json
new file mode 100644
index 000000000..7b9f667a0
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/client_get_id.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 123
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_add-request.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_add-request.json
new file mode 100644
index 000000000..bf5242cd1
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_add-request.json
@@ -0,0 +1,17 @@
+{
+ "session_id": "sessionA",
+ "client_id": "clientA",
+ "params": {
+ "server_id": "serverA",
+ "zone": "example.com.",
+ "name": "foo.example.com.",
+ "type": "txt",
+ "data": "txtTXTtxt",
+ "aux": "0",
+ "ttl": "3600",
+ "active": "y",
+ "stamp": "2025-12-25 01:01:01",
+ "update_serial": true
+ },
+ "update_serial": true
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_add.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_add.json
new file mode 100644
index 000000000..7980619fe
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_add.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": "123"
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_delete-request.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete-request.json
new file mode 100644
index 000000000..240976654
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete-request.json
@@ -0,0 +1,5 @@
+{
+ "session_id": "sessionA",
+ "primary_id": "123",
+ "update_serial": true
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_delete.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete.json
new file mode 100644
index 000000000..960b650bd
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_delete.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 1
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_get-request.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_get-request.json
new file mode 100644
index 000000000..8bda44067
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_get-request.json
@@ -0,0 +1,7 @@
+{
+ "session_id": "sessionA",
+ "primary_id": {
+ "name": "example.com.",
+ "type": "txt"
+ }
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_txt_get.json b/providers/dns/ispconfig/internal/fixtures/dns_txt_get.json
new file mode 100644
index 000000000..f707d50c3
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_txt_get.json
@@ -0,0 +1,7 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": {
+ "id": 123
+ }
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_zone_get-request.json b/providers/dns/ispconfig/internal/fixtures/dns_zone_get-request.json
new file mode 100644
index 000000000..3d44d468f
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get-request.json
@@ -0,0 +1,4 @@
+{
+ "primary_id": "example.com.",
+ "session_id": "sessionA"
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_zone_get.json b/providers/dns/ispconfig/internal/fixtures/dns_zone_get.json
new file mode 100644
index 000000000..37975d0e6
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get.json
@@ -0,0 +1,32 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": {
+ "id": "456",
+ "sys_userid": "789",
+ "sys_groupid": "2",
+ "sys_perm_user": "riud",
+ "sys_perm_group": "riud",
+ "sys_perm_other": "",
+ "server_id": "123",
+ "origin": "example.com.",
+ "ns": "ns1.example.org.",
+ "mbox": "support.example.net.",
+ "serial": "2025102902",
+ "refresh": "7200",
+ "retry": "540",
+ "expire": "604800",
+ "minimum": "3600",
+ "ttl": "3600",
+ "active": "Y",
+ "xfer": "",
+ "also_notify": "",
+ "update_acl": "",
+ "dnssec_initialized": "N",
+ "dnssec_wanted": "N",
+ "dnssec_algo": "ECDSAP256SHA256",
+ "dnssec_last_signed": "0",
+ "dnssec_info": "",
+ "rendered_zone": ""
+ }
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id-request.json b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id-request.json
new file mode 100644
index 000000000..e3084242e
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id-request.json
@@ -0,0 +1,4 @@
+{
+ "origin": "example.com",
+ "session_id": "sessionA"
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id.json b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id.json
new file mode 100644
index 000000000..7b9f667a0
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/dns_zone_get_id.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 123
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/error.json b/providers/dns/ispconfig/internal/fixtures/error.json
new file mode 100644
index 000000000..a9c76546c
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/error.json
@@ -0,0 +1,5 @@
+{
+ "code": "remote_fault",
+ "message": "The login failed. Username or password wrong.",
+ "response": false
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/login-request.json b/providers/dns/ispconfig/internal/fixtures/login-request.json
new file mode 100644
index 000000000..c3293a2e8
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/login-request.json
@@ -0,0 +1,5 @@
+{
+ "username": "user",
+ "password": "secret",
+ "client_login": false
+}
diff --git a/providers/dns/ispconfig/internal/fixtures/login.json b/providers/dns/ispconfig/internal/fixtures/login.json
new file mode 100644
index 000000000..e380a86ec
--- /dev/null
+++ b/providers/dns/ispconfig/internal/fixtures/login.json
@@ -0,0 +1,5 @@
+{
+ "code": "ok",
+ "message": "foo",
+ "response": "abc"
+}
diff --git a/providers/dns/ispconfig/internal/readme.md b/providers/dns/ispconfig/internal/readme.md
new file mode 100644
index 000000000..2284c338f
--- /dev/null
+++ b/providers/dns/ispconfig/internal/readme.md
@@ -0,0 +1,249 @@
+## Error Response
+
+```json
+{
+ "code": "",
+ "message": "",
+ "response": false
+}
+```
+
+## Login Endpoint
+
+* URL: `?login`
+* HTTP Method: `POST`
+
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/login.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/login.php
+
+### Request Body (JSON)
+
+```json
+{
+ "username": "",
+ "password": "",
+ "client_login": false
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": "abc"
+}
+```
+
+- `response`: is the `sessionID`
+
+## Get Client ID Endpoint
+
+* URL: `?client_get_id`
+* HTTP Method: `POST`
+
+- function `client_get_id`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/client.inc.php#L97
+- TABLE `sys_user`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L1852
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/client_get_id.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/client_get_id.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "sys_userid": ""
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 123
+}
+```
+
+## DNS Zone Get ID Endpoint
+
+* URL: `?dns_zone_get_id`
+* HTTP Method: `POST`
+
+- function `dns_zone_get_id`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L142
+- TABLE `dns_soa`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L615
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "origin": ""
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 123
+}
+```
+
+## DNS Zone Get Endpoint
+
+* URL: `?dns_zone_get`
+* HTTP Method: `POST`
+
+- function `dns_zone_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L87
+- function `getDataRecord`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remoting_lib.inc.php#L248
+- TABLE `dns_soa`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L615
+- Depending on the request, the response may be an array or an object (`primary_id` can be a string, an array or an object).
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_zone_get.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_zone_get.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "primary_id": ""
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": {
+ "id": 456,
+ "server_id": 123,
+ "sys_userid": 789
+ }
+}
+```
+
+## DNS TXT Get Endpoint
+
+* URL: `?dns_txt_get`
+* HTTP Method: `POST`
+
+- function `dns_txt_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L640
+- function `dns_rr_get`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L195
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- TABLE `dns_rr`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql?ref_type=heads#L490
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_get.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_get.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "primary_id": {
+ "name": ".",
+ "type": "TXT"
+ }
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": {
+ "id": 123
+ }
+}
+```
+
+## DNS TXT Add Endpoint
+
+* URL: `?dns_txt_add`
+* HTTP Method: `POST`
+
+- function `dns_txt_add`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L645
+- function `dns_rr_add` https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L212
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_add.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_add.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "client_id": "",
+ "params": {
+ "server_id": "",
+ "zone": "",
+ "name": ".",
+ "type": "txt",
+ "data": "",
+ "aux": "0",
+ "ttl": "3600",
+ "active": "y",
+ "stamp": "",
+ "update_serial": true
+ },
+ "update_serial": true
+}
+```
+
+- `stamp`: (ex: `2025-12-17 23:35:58`)
+- `serial`: (ex: `1766010947`)
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": "123"
+}
+```
+
+## DNS TXT Delete Endpoint
+
+* URL: `?dns_txt_delete`
+* HTTP Method: `POST`
+
+- function `dns_txt_delete`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L655
+- function `dns_rr_delete`: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L247
+- form: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/dns/form/dns_txt.tform.php
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/dns_txt_delete.html
+- https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/dns_txt_delete.php
+
+### Request Body (JSON)
+
+```json
+{
+ "session_id": "",
+ "primary_id": "",
+ "update_serial": true
+}
+```
+
+### Response Body (JSON)
+
+```json
+{
+ "code": "ok",
+ "message": "foo",
+ "response": 1
+}
+```
+
+---
+
+https://www.ispconfig.org/
+https://git.ispconfig.org/ispconfig/ispconfig3
+https://forum.howtoforge.com/#ispconfig-3.23
diff --git a/providers/dns/ispconfig/internal/types.go b/providers/dns/ispconfig/internal/types.go
new file mode 100644
index 000000000..7db0846cc
--- /dev/null
+++ b/providers/dns/ispconfig/internal/types.go
@@ -0,0 +1,95 @@
+package internal
+
+import (
+ "encoding/json"
+ "strings"
+)
+
+type APIError struct {
+ APIResponse
+}
+
+func (e *APIError) Error() string {
+ var msg strings.Builder
+
+ msg.WriteString("code: " + e.Code)
+
+ if e.Message != "" {
+ msg.WriteString(", message: " + e.Message)
+ }
+
+ if len(e.Response) > 0 {
+ msg.WriteString(", response: " + string(e.Response))
+ }
+
+ return msg.String()
+}
+
+type APIResponse struct {
+ Code string `json:"code"`
+ Message string `json:"message"`
+ Response json.RawMessage `json:"response"`
+}
+
+type LoginRequest struct {
+ Username string `json:"username"`
+ Password string `json:"password"`
+ ClientLogin bool `json:"client_login"`
+}
+
+type ClientIDRequest struct {
+ SessionID string `json:"session_id"`
+ SysUserID string `json:"sys_userid"`
+}
+
+type Zone struct {
+ ID string `json:"id"`
+ ServerID string `json:"server_id"`
+ SysUserID string `json:"sys_userid"`
+ SysGroupID string `json:"sys_groupid"`
+ Origin string `json:"origin"`
+ Serial string `json:"serial"`
+ Active string `json:"active"`
+}
+
+type GetTXTRequest struct {
+ SessionID string `json:"session_id"`
+ PrimaryID struct {
+ Name string `json:"name"`
+ Type string `json:"type"`
+ } `json:"primary_id"`
+}
+
+type Record struct {
+ ID int `json:"id"`
+}
+
+type AddTXTRequest struct {
+ SessionID string `json:"session_id"`
+ ClientID string `json:"client_id"`
+ Params *RecordParams `json:"params,omitempty"`
+ UpdateSerial bool `json:"update_serial"`
+}
+
+type RecordParams struct {
+ ServerID string `json:"server_id"`
+ Zone string `json:"zone"`
+ Name string `json:"name"`
+ // 'a','aaaa','alias','cname','hinfo','mx','naptr','ns','ds','ptr','rp','srv','txt'
+ Type string `json:"type"`
+ Data string `json:"data"`
+ // "0"
+ Aux string `json:"aux"`
+ TTL string `json:"ttl"`
+ // 'n','y'
+ Active string `json:"active"`
+ // `2025-12-17 23:35:58`
+ Stamp string `json:"stamp"`
+ UpdateSerial bool `json:"update_serial"`
+}
+
+type DeleteTXTRequest struct {
+ SessionID string `json:"session_id"`
+ PrimaryID string `json:"primary_id"`
+ UpdateSerial bool `json:"update_serial"`
+}
diff --git a/providers/dns/ispconfig/ispconfig.go b/providers/dns/ispconfig/ispconfig.go
new file mode 100644
index 000000000..9396430b7
--- /dev/null
+++ b/providers/dns/ispconfig/ispconfig.go
@@ -0,0 +1,220 @@
+// Package ispconfig implements a DNS provider for solving the DNS-01 challenge using ISPConfig.
+package ispconfig
+
+import (
+ "context"
+ "crypto/tls"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/ispconfig/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "ISPCONFIG_"
+
+ EnvServerURL = envNamespace + "SERVER_URL"
+ EnvUsername = envNamespace + "USERNAME"
+ EnvPassword = envNamespace + "PASSWORD"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+ EnvInsecureSkipVerify = envNamespace + "INSECURE_SKIP_VERIFY"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ ServerURL string
+ Username string
+ Password string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+ InsecureSkipVerify bool
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordIDs map[string]string
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for ISPConfig.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvServerURL, EnvUsername, EnvPassword)
+ if err != nil {
+ return nil, fmt.Errorf("ispconfig: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.ServerURL = values[EnvServerURL]
+ config.Username = values[EnvUsername]
+ config.Password = values[EnvPassword]
+ config.InsecureSkipVerify = env.GetOrDefaultBool(EnvInsecureSkipVerify, false)
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for ISPConfig.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("ispconfig: the configuration of the DNS provider is nil")
+ }
+
+ if config.ServerURL == "" {
+ return nil, errors.New("ispconfig: missing server URL")
+ }
+
+ if config.Username == "" || config.Password == "" {
+ return nil, errors.New("ispconfig: credentials missing")
+ }
+
+ client, err := internal.NewClient(config.ServerURL)
+ if err != nil {
+ return nil, fmt.Errorf("ispconfig: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ if config.InsecureSkipVerify {
+ client.HTTPClient.Transport = &http.Transport{
+ TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+ }
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]string),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ sessionID, err := d.client.Login(ctx, d.config.Username, d.config.Password)
+ if err != nil {
+ return fmt.Errorf("ispconfig: login: %w", err)
+ }
+
+ zoneID, err := d.findZone(ctx, sessionID, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("ispconfig: get zone id: %w", err)
+ }
+
+ zone, err := d.client.GetZone(ctx, sessionID, strconv.Itoa(zoneID))
+ if err != nil {
+ return fmt.Errorf("ispconfig: get zone: %w", err)
+ }
+
+ clientID, err := d.client.GetClientID(ctx, sessionID, zone.SysUserID)
+ if err != nil {
+ return fmt.Errorf("ispconfig: get client id: %w", err)
+ }
+
+ params := internal.RecordParams{
+ ServerID: "serverA",
+ Zone: zone.ID,
+ Name: info.EffectiveFQDN,
+ Type: "txt",
+ Data: info.Value,
+ Aux: "0",
+ TTL: strconv.Itoa(d.config.TTL),
+ Active: "y",
+ Stamp: time.Now().UTC().Format("2006-01-02 15:04:05"),
+ }
+
+ recordID, err := d.client.AddTXT(ctx, sessionID, strconv.Itoa(clientID), params)
+ if err != nil {
+ return fmt.Errorf("ispconfig: add txt record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.recordIDs[token] = recordID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ // gets the record's unique ID
+ d.recordIDsMu.Lock()
+ recordID, ok := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("ispconfig: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ sessionID, err := d.client.Login(ctx, d.config.Username, d.config.Password)
+ if err != nil {
+ return fmt.Errorf("ispconfig: login: %w", err)
+ }
+
+ _, err = d.client.DeleteTXT(ctx, sessionID, recordID)
+ if err != nil {
+ return fmt.Errorf("ispconfig: delete txt record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, sessionID, fqdn string) (int, error) {
+ for domain := range dns01.UnFqdnDomainsSeq(fqdn) {
+ zoneID, err := d.client.GetZoneID(ctx, sessionID, domain)
+ if err == nil {
+ return zoneID, nil
+ }
+ }
+
+ return 0, fmt.Errorf("zone not found for %q", fqdn)
+}
diff --git a/providers/dns/ispconfig/ispconfig.toml b/providers/dns/ispconfig/ispconfig.toml
new file mode 100644
index 000000000..4defd5509
--- /dev/null
+++ b/providers/dns/ispconfig/ispconfig.toml
@@ -0,0 +1,27 @@
+Name = "ISPConfig 3"
+Description = ''''''
+URL = "https://www.ispconfig.org/"
+Code = "ispconfig"
+Since = "v4.31.0"
+
+Example = '''
+ISPCONFIG_SERVER_URL="https://example.com:8080/remote/json.php" \
+ISPCONFIG_USERNAME="xxx" \
+ISPCONFIG_PASSWORD="yyy" \
+lego --dns ispconfig -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ ISPCONFIG_SERVER_URL = "Server URL"
+ ISPCONFIG_USERNAME = "Username"
+ ISPCONFIG_PASSWORD = "Password"
+ [Configuration.Additional]
+ ISPCONFIG_INSECURE_SKIP_VERIFY = "Whether to verify the API certificate"
+ ISPCONFIG_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ ISPCONFIG_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ ISPCONFIG_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ ISPCONFIG_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/API-docs/index.html"
diff --git a/providers/dns/ispconfig/ispconfig_test.go b/providers/dns/ispconfig/ispconfig_test.go
new file mode 100644
index 000000000..b03463aee
--- /dev/null
+++ b/providers/dns/ispconfig/ispconfig_test.go
@@ -0,0 +1,173 @@
+package ispconfig
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvServerURL,
+ EnvUsername,
+ EnvPassword,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com:80/",
+ EnvUsername: "user",
+ EnvPassword: "secret",
+ },
+ },
+ {
+ desc: "missing server URL",
+ envVars: map[string]string{
+ EnvServerURL: "",
+ EnvUsername: "user",
+ EnvPassword: "secret",
+ },
+ expected: "ispconfig: some credentials information are missing: ISPCONFIG_SERVER_URL",
+ },
+ {
+ desc: "missing username",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com:80/",
+ EnvUsername: "",
+ EnvPassword: "secret",
+ },
+ expected: "ispconfig: some credentials information are missing: ISPCONFIG_USERNAME",
+ },
+ {
+ desc: "missing password",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com:80/",
+ EnvUsername: "user",
+ EnvPassword: "",
+ },
+ expected: "ispconfig: some credentials information are missing: ISPCONFIG_PASSWORD",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "ispconfig: some credentials information are missing: ISPCONFIG_SERVER_URL,ISPCONFIG_USERNAME,ISPCONFIG_PASSWORD",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ serverURL string
+ username string
+ password string
+ expected string
+ }{
+ {
+ desc: "success",
+ serverURL: "https://example.com:80/",
+ username: "user",
+ password: "secret",
+ },
+ {
+ desc: "missing server URL",
+ username: "user",
+ password: "secret",
+ expected: "ispconfig: missing server URL",
+ },
+ {
+ desc: "missing username",
+ serverURL: "https://example.com:80/",
+ password: "secret",
+ expected: "ispconfig: credentials missing",
+ },
+ {
+ desc: "missing password",
+ serverURL: "https://example.com:80/",
+ username: "user",
+ expected: "ispconfig: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "ispconfig: missing server URL",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.ServerURL = test.serverURL
+ config.Username = test.username
+ config.Password = test.password
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/ispconfigddns/internal/client.go b/providers/dns/ispconfigddns/internal/client.go
new file mode 100644
index 000000000..700b58f89
--- /dev/null
+++ b/providers/dns/ispconfigddns/internal/client.go
@@ -0,0 +1,111 @@
+package internal
+
+import (
+ "context"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ querystring "github.com/google/go-querystring/query"
+)
+
+const (
+ addAction = "add"
+ deleteAction = "delete"
+)
+
+type Client struct {
+ token string
+ serverURL string
+
+ HTTPClient *http.Client
+}
+
+func NewClient(serverURL, token string) (*Client, error) {
+ _, err := url.Parse(serverURL)
+ if err != nil {
+ return nil, fmt.Errorf("server URL: %w", err)
+ }
+
+ return &Client{
+ serverURL: serverURL,
+ token: token,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) AddTXTRecord(ctx context.Context, zone, fqdn, content string) error {
+ return c.updateRecord(ctx, UpdateRecord{Action: addAction, Zone: zone, Type: "TXT", Record: fqdn, Data: content})
+}
+
+func (c *Client) DeleteTXTRecord(ctx context.Context, zone, fqdn, recordContent string) error {
+ return c.updateRecord(ctx, UpdateRecord{Action: deleteAction, Zone: zone, Type: "TXT", Record: fqdn, Data: recordContent})
+}
+
+func (c *Client) updateRecord(ctx context.Context, action UpdateRecord) error {
+ req, err := c.newRequest(ctx, action)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req)
+}
+
+func (c *Client) do(req *http.Request) error {
+ useragent.SetHeader(req.Header)
+
+ req.SetBasicAuth("anonymous", c.token)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ // The endpoint uses the `DefaultDdnsResponseWriter`,
+ // and this writer uses HTTP status code to determine if the request was successful or not.
+ // - https://github.com/mhofer117/ispconfig-ddns-module/blob/8b011a5bb138881d9f13360a5c4fec10c0084613/lib/updater/DdnsUpdater.php#L53-L57
+ // - https://github.com/mhofer117/ispconfig-ddns-module/blob/master/lib/updater/response/DefaultDdnsResponseWriter.php
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return nil
+}
+
+func (c *Client) newRequest(ctx context.Context, action UpdateRecord) (*http.Request, error) {
+ endpoint, err := url.Parse(c.serverURL)
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint = endpoint.JoinPath("ddns", "update.php")
+
+ values, err := querystring.Values(action)
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint.RawQuery = values.Encode()
+
+ method := http.MethodPost
+ if action.Action == deleteAction {
+ method = http.MethodDelete
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), nil)
+ if err != nil {
+ return nil, err
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ return req, nil
+}
diff --git a/providers/dns/ispconfigddns/internal/client_test.go b/providers/dns/ispconfigddns/internal/client_test.go
new file mode 100644
index 000000000..774e5ee46
--- /dev/null
+++ b/providers/dns/ispconfigddns/internal/client_test.go
@@ -0,0 +1,83 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+func setupClient(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL, "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+
+ return client, nil
+}
+
+func TestClient_AddTXTRecord(t *testing.T) {
+ client := servermock.NewBuilder[*Client](setupClient).
+ Route("POST /ddns/update.php",
+ servermock.Noop(),
+ servermock.CheckHeader().
+ WithBasicAuth("anonymous", "secret"),
+ servermock.CheckQueryParameter().Strict().
+ With("action", "add").
+ With("zone", "example.com").
+ With("type", "TXT").
+ With("record", "_acme-challenge.example.com.").
+ With("data", "token"),
+ ).
+ Build(t)
+
+ err := client.AddTXTRecord(t.Context(), "example.com", "_acme-challenge.example.com.", "token")
+ require.NoError(t, err)
+}
+
+func TestClient_AddTXTRecord_error(t *testing.T) {
+ client := servermock.NewBuilder[*Client](setupClient).
+ Route("POST /ddns/update.php",
+ servermock.RawStringResponse("Missing or invalid token.").
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ err := client.AddTXTRecord(t.Context(), "example.com", "_acme-challenge.example.com.", "token")
+ require.EqualError(t, err, "unexpected status code: [status code: 401] body: Missing or invalid token.")
+}
+
+func TestClient_DeleteTXTRecord(t *testing.T) {
+ client := servermock.NewBuilder[*Client](setupClient).
+ Route("DELETE /ddns/update.php",
+ servermock.Noop(),
+ servermock.CheckHeader().
+ WithBasicAuth("anonymous", "secret"),
+ servermock.CheckQueryParameter().Strict().
+ With("action", "delete").
+ With("zone", "example.com").
+ With("type", "TXT").
+ With("record", "_acme-challenge.example.com.").
+ With("data", "token"),
+ ).
+ Build(t)
+
+ err := client.DeleteTXTRecord(t.Context(), "example.com", "_acme-challenge.example.com.", "token")
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteTXTRecord_error(t *testing.T) {
+ client := servermock.NewBuilder[*Client](setupClient).
+ Route("DELETE /ddns/update.php",
+ servermock.RawStringResponse("Missing or invalid token.").
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ err := client.DeleteTXTRecord(t.Context(), "example.com", "_acme-challenge.example.com.", "token")
+ require.EqualError(t, err, "unexpected status code: [status code: 401] body: Missing or invalid token.")
+}
diff --git a/providers/dns/ispconfigddns/internal/types.go b/providers/dns/ispconfigddns/internal/types.go
new file mode 100644
index 000000000..278738108
--- /dev/null
+++ b/providers/dns/ispconfigddns/internal/types.go
@@ -0,0 +1,9 @@
+package internal
+
+type UpdateRecord struct {
+ Action string `url:"action,omitempty"`
+ Zone string `url:"zone,omitempty"`
+ Type string `url:"type,omitempty"`
+ Record string `url:"record,omitempty"`
+ Data string `url:"data,omitempty"`
+}
diff --git a/providers/dns/ispconfigddns/ispconfigddns.go b/providers/dns/ispconfigddns/ispconfigddns.go
new file mode 100644
index 000000000..eab5d413f
--- /dev/null
+++ b/providers/dns/ispconfigddns/ispconfigddns.go
@@ -0,0 +1,145 @@
+// Package ispconfigddns implements a DNS provider for solving the DNS-01 challenge using ISPConfig 3 Dynamic DNS (DDNS) Module.
+package ispconfigddns
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/ispconfigddns/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "ISPCONFIG_DDNS_"
+
+ EnvServerURL = envNamespace + "SERVER_URL"
+ EnvToken = envNamespace + "TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ ServerURL string
+ Token string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, 3600),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for ISPConfig 3 Dynamic DNS (DDNS) Module.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvServerURL, EnvToken)
+ if err != nil {
+ return nil, fmt.Errorf("ispconfig (DDNS module): %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.ServerURL = values[EnvServerURL]
+ config.Token = values[EnvToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for ISPConfig 3 Dynamic DNS (DDNS) Module.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("ispconfig (DDNS module): the configuration of the DNS provider is nil")
+ }
+
+ if config.ServerURL == "" {
+ return nil, errors.New("ispconfig (DDNS module): missing server URL")
+ }
+
+ if config.Token == "" {
+ return nil, errors.New("ispconfig (DDNS module): missing token")
+ }
+
+ client, err := internal.NewClient(config.ServerURL, config.Token)
+ if err != nil {
+ return nil, fmt.Errorf("ispconfig (DDNS module): %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to control checking compliance to spec.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record to fulfill the dns-01 challenge.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ zone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("ispconfig (DDNS module): could not find zone for domain %q: %w", domain, err)
+ }
+
+ err = d.client.AddTXTRecord(context.Background(), dns01.UnFqdn(zone), info.EffectiveFQDN, info.Value)
+ if err != nil {
+ return fmt.Errorf("ispconfig (DDNS module): add record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ zone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("ispconfig (DDNS module): could not find zone for domain %q: %w", domain, err)
+ }
+
+ err = d.client.DeleteTXTRecord(context.Background(), dns01.UnFqdn(zone), info.EffectiveFQDN, info.Value)
+ if err != nil {
+ return fmt.Errorf("ispconfig (DDNS module): delete record: %w", err)
+ }
+
+ return nil
+}
diff --git a/providers/dns/ispconfigddns/ispconfigddns.toml b/providers/dns/ispconfigddns/ispconfigddns.toml
new file mode 100644
index 000000000..158ee9fbd
--- /dev/null
+++ b/providers/dns/ispconfigddns/ispconfigddns.toml
@@ -0,0 +1,32 @@
+Name = "ISPConfig 3 - Dynamic DNS (DDNS) Module"
+Description = ''''''
+URL = "https://www.ispconfig.org/"
+Code = "ispconfigddns"
+Since = "v4.31.0"
+
+Example = '''
+ISPCONFIG_DDNS_SERVER_URL="https://panel.example.com:8080" \
+ISPCONFIG_DDNS_TOKEN=xxxxxx \
+lego --dns ispconfigddns -d '*.example.com' -d example.com run
+'''
+
+Additional = '''
+ISPConfig DNS provider supports leveraging the [ISPConfig 3 Dynamic DNS (DDNS) Module](https://github.com/mhofer117/ispconfig-ddns-module).
+
+Requires the DDNS module described at https://www.ispconfig.org/ispconfig/download/
+
+See https://www.howtoforge.com/community/threads/ispconfig-3-danymic-dns-ddns-module.87967/ for additional details.
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ ISPCONFIG_DDNS_SERVER_URL = "API server URL (ex: https://panel.example.com:8080)"
+ ISPCONFIG_DDNS_TOKEN = "DDNS API token"
+ [Configuration.Additional]
+ ISPCONFIG_DDNS_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ ISPCONFIG_DDNS_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ ISPCONFIG_DDNS_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 3600)"
+ ISPCONFIG_DDNS_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://github.com/mhofer117/ispconfig-ddns-module/tree/master/lib/updater"
diff --git a/providers/dns/ispconfigddns/ispconfigddns_test.go b/providers/dns/ispconfigddns/ispconfigddns_test.go
new file mode 100644
index 000000000..58e7a8f54
--- /dev/null
+++ b/providers/dns/ispconfigddns/ispconfigddns_test.go
@@ -0,0 +1,193 @@
+package ispconfigddns
+
+import (
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvServerURL, EnvToken).
+ WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com",
+ EnvToken: "secret",
+ },
+ },
+ {
+ desc: "missing server URL",
+ envVars: map[string]string{
+ EnvServerURL: "",
+ EnvToken: "secret",
+ },
+ expected: "ispconfig (DDNS module): some credentials information are missing: ISPCONFIG_DDNS_SERVER_URL",
+ },
+ {
+ desc: "missing token",
+ envVars: map[string]string{
+ EnvServerURL: "https://example.com",
+ EnvToken: "",
+ },
+ expected: "ispconfig (DDNS module): some credentials information are missing: ISPCONFIG_DDNS_TOKEN",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "ispconfig (DDNS module): some credentials information are missing: ISPCONFIG_DDNS_SERVER_URL,ISPCONFIG_DDNS_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ serverURL string
+ token string
+ expected string
+ }{
+ {
+ desc: "success",
+ serverURL: "https://example.com",
+ token: "secret",
+ },
+ {
+ desc: "missing server URL",
+ serverURL: "",
+ token: "secret",
+ expected: "ispconfig (DDNS module): missing server URL",
+ },
+ {
+ desc: "missing token",
+ serverURL: "https://example.com",
+ token: "",
+ expected: "ispconfig (DDNS module): missing token",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.ServerURL = test.serverURL
+ config.Token = test.token
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
+ config.Token = "secret"
+ config.ServerURL = server.URL
+
+ return NewDNSProviderConfig(config)
+ },
+ servermock.CheckHeader().
+ WithBasicAuth("anonymous", "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /ddns/update.php",
+ servermock.DumpRequest(),
+ servermock.CheckQueryParameter().Strict().
+ With("action", "add").
+ With("zone", "example.com").
+ With("type", "TXT").
+ With("record", "_acme-challenge.example.com.").
+ With("data", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /ddns/update.php",
+ servermock.DumpRequest(),
+ servermock.CheckQueryParameter().Strict().
+ With("action", "delete").
+ With("zone", "example.com").
+ With("type", "TXT").
+ With("record", "_acme-challenge.example.com.").
+ With("data", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"),
+ ).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/iwantmyname/internal/client.go b/providers/dns/iwantmyname/internal/client.go
deleted file mode 100644
index c3418c854..000000000
--- a/providers/dns/iwantmyname/internal/client.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package internal
-
-import (
- "context"
- "fmt"
- "net/http"
- "net/url"
- "time"
-
- "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
- querystring "github.com/google/go-querystring/query"
-)
-
-const defaultBaseURL = "https://iwantmyname.com/basicauth/ddns"
-
-// Client iwantmyname client.
-type Client struct {
- username string
- password string
-
- baseURL *url.URL
- HTTPClient *http.Client
-}
-
-// NewClient creates a new Client.
-func NewClient(username, password string) *Client {
- baseURL, _ := url.Parse(defaultBaseURL)
-
- return &Client{
- username: username,
- password: password,
- baseURL: baseURL,
- HTTPClient: &http.Client{Timeout: 10 * time.Second},
- }
-}
-
-// SendRequest send a request (create/add/delete) to the API.
-func (c *Client) SendRequest(ctx context.Context, record Record) error {
- values, err := querystring.Values(record)
- if err != nil {
- return err
- }
-
- endpoint := c.baseURL
- endpoint.RawQuery = values.Encode()
-
- req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint.String(), http.NoBody)
- if err != nil {
- return fmt.Errorf("unable to create request: %w", err)
- }
-
- req.SetBasicAuth(c.username, c.password)
-
- resp, err := c.HTTPClient.Do(req)
- if err != nil {
- return errutils.NewHTTPDoError(req, err)
- }
-
- defer func() { _ = resp.Body.Close() }()
-
- if resp.StatusCode/100 != 2 {
- return errutils.NewUnexpectedResponseStatusCodeError(req, resp)
- }
-
- return nil
-}
diff --git a/providers/dns/iwantmyname/internal/client_test.go b/providers/dns/iwantmyname/internal/client_test.go
deleted file mode 100644
index c25eb56ef..000000000
--- a/providers/dns/iwantmyname/internal/client_test.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package internal
-
-import (
- "fmt"
- "net/http"
- "net/http/httptest"
- "net/url"
- "testing"
-
- "github.com/go-acme/lego/v4/platform/tester/servermock"
- "github.com/stretchr/testify/require"
-)
-
-func setupClient(server *httptest.Server) (*Client, error) {
- client := NewClient("user", "secret")
- client.HTTPClient = server.Client()
- client.baseURL, _ = url.Parse(server.URL)
-
- return client, nil
-}
-
-func TestClient_Do(t *testing.T) {
- client := servermock.NewBuilder[*Client](setupClient,
- servermock.CheckHeader().
- WithBasicAuth("user", "secret"),
- ).
- Route("POST /", http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
- fmt.Println(req)
- }),
- servermock.CheckQueryParameter().Strict().
- With("hostname", "example.com").
- With("ttl", "120").
- With("type", "TXT").
- With("value", "data")).
- Build(t)
-
- record := Record{
- Hostname: "example.com",
- Type: "TXT",
- Value: "data",
- TTL: 120,
- }
-
- err := client.SendRequest(t.Context(), record)
- require.NoError(t, err)
-}
diff --git a/providers/dns/iwantmyname/internal/types.go b/providers/dns/iwantmyname/internal/types.go
deleted file mode 100644
index b259235f5..000000000
--- a/providers/dns/iwantmyname/internal/types.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package internal
-
-// Record represents a record.
-type Record struct {
- Hostname string `url:"hostname,omitempty"`
- Type string `url:"type,omitempty"`
- Value string `url:"value,omitempty"`
- TTL int `url:"ttl,omitempty"`
-}
diff --git a/providers/dns/iwantmyname/iwantmyname.go b/providers/dns/iwantmyname/iwantmyname.go
index 2b53377ed..f53287e69 100644
--- a/providers/dns/iwantmyname/iwantmyname.go
+++ b/providers/dns/iwantmyname/iwantmyname.go
@@ -2,16 +2,13 @@
package iwantmyname
import (
- "context"
"errors"
"fmt"
"net/http"
"time"
"github.com/go-acme/lego/v4/challenge"
- "github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
- "github.com/go-acme/lego/v4/providers/dns/iwantmyname/internal"
)
// Environment variables names.
@@ -41,20 +38,12 @@ type Config struct {
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
- return &Config{
- TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
- PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
- PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
- HTTPClient: &http.Client{
- Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
- },
- }
+ return &Config{}
}
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
config *Config
- client *internal.Client
}
// NewDNSProvider returns a DNSProvider instance configured for iwantmyname.
@@ -74,24 +63,7 @@ func NewDNSProvider() (*DNSProvider, error) {
// NewDNSProviderConfig return a DNSProvider instance configured for iwantmyname.
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
- if config == nil {
- return nil, errors.New("iwantmyname: the configuration of the DNS provider is nil")
- }
-
- if config.Username == "" || config.Password == "" {
- return nil, errors.New("iwantmyname: credentials missing")
- }
-
- client := internal.NewClient(config.Username, config.Password)
-
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- return &DNSProvider{
- config: config,
- client: client,
- }, nil
+ return nil, errors.New("iwantmyname: the iwantmyname API has shut down https://github.com/go-acme/lego/issues/2563")
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
@@ -102,38 +74,10 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, _, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- record := internal.Record{
- Hostname: dns01.UnFqdn(info.EffectiveFQDN),
- Type: "TXT",
- Value: info.Value,
- TTL: d.config.TTL,
- }
-
- err := d.client.SendRequest(context.Background(), record)
- if err != nil {
- return fmt.Errorf("iwantmyname: %w", err)
- }
-
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- record := internal.Record{
- Hostname: dns01.UnFqdn(info.EffectiveFQDN),
- Type: "TXT",
- Value: "delete",
- TTL: d.config.TTL,
- }
-
- err := d.client.SendRequest(context.Background(), record)
- if err != nil {
- return fmt.Errorf("iwantmyname: %w", err)
- }
-
return nil
}
diff --git a/providers/dns/iwantmyname/iwantmyname.toml b/providers/dns/iwantmyname/iwantmyname.toml
index 00a45b714..a82c2b749 100644
--- a/providers/dns/iwantmyname/iwantmyname.toml
+++ b/providers/dns/iwantmyname/iwantmyname.toml
@@ -1,5 +1,9 @@
-Name = "iwantmyname"
-Description = ''''''
+Name = "iwantmyname (Deprecated)"
+Description = '''
+The iwantmyname API has shut down.
+
+https://github.com/go-acme/lego/issues/2563
+'''
URL = "https://iwantmyname.com"
Code = "iwantmyname"
Since = "v4.7.0"
@@ -7,7 +11,7 @@ Since = "v4.7.0"
Example = '''
IWANTMYNAME_USERNAME=xxxxxxxx \
IWANTMYNAME_PASSWORD=xxxxxxxx \
-lego --email you@example.com --dns iwantmyname -d '*.example.com' -d example.com run
+lego --dns iwantmyname -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/jdcloud/fixtures/create_record-request.json b/providers/dns/jdcloud/fixtures/create_record-request.json
new file mode 100644
index 000000000..581c00fea
--- /dev/null
+++ b/providers/dns/jdcloud/fixtures/create_record-request.json
@@ -0,0 +1,15 @@
+{
+ "domainId": "20",
+ "regionId": "cn-north-1",
+ "req": {
+ "hostRecord": "_acme-challenge",
+ "hostValue": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "jcloudRes": null,
+ "mxPriority": null,
+ "port": null,
+ "ttl": 120,
+ "type": "TXT",
+ "viewValue": -1,
+ "weight": null
+ }
+}
diff --git a/providers/dns/jdcloud/fixtures/create_record.json b/providers/dns/jdcloud/fixtures/create_record.json
new file mode 100644
index 000000000..08bd3db26
--- /dev/null
+++ b/providers/dns/jdcloud/fixtures/create_record.json
@@ -0,0 +1,25 @@
+{
+ "requestId": "azerty",
+ "error": {
+ "code": 0,
+ "status": "",
+ "message": ""
+ },
+ "result": {
+ "dataList": {
+ "id": 123,
+ "hostRecord": "_acme-challenge",
+ "hostValue": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "jcloudRes": false,
+ "mxPriority": 0,
+ "port": 0,
+ "ttl": 120,
+ "type": "TXT",
+ "weight": 0,
+ "viewValue": [
+ 1,
+ 2
+ ]
+ }
+ }
+}
diff --git a/providers/dns/jdcloud/fixtures/delete_record.json b/providers/dns/jdcloud/fixtures/delete_record.json
new file mode 100644
index 000000000..20525751c
--- /dev/null
+++ b/providers/dns/jdcloud/fixtures/delete_record.json
@@ -0,0 +1,9 @@
+{
+ "requestId": "azerty",
+ "error": {
+ "code": 0,
+ "status": "",
+ "message": ""
+ },
+ "result": {}
+}
diff --git a/providers/dns/jdcloud/fixtures/describe_domains_page1.json b/providers/dns/jdcloud/fixtures/describe_domains_page1.json
new file mode 100644
index 000000000..cde6dcd6f
--- /dev/null
+++ b/providers/dns/jdcloud/fixtures/describe_domains_page1.json
@@ -0,0 +1,55 @@
+{
+ "requestId": "azerty",
+ "error": {
+ "code": 0,
+ "status": "",
+ "message": ""
+ },
+ "result": {
+ "dataList": [
+ {
+ "id": 1,
+ "domainName": "1.example"
+ },
+ {
+ "id": 2,
+ "domainName": "2.example"
+ },
+ {
+ "id": 3,
+ "domainName": "3.example"
+ },
+ {
+ "id": 4,
+ "domainName": "4.example"
+ },
+ {
+ "id": 5,
+ "domainName": "5.example"
+ },
+ {
+ "id": 6,
+ "domainName": "6.example"
+ },
+ {
+ "id": 7,
+ "domainName": "7.example"
+ },
+ {
+ "id": 8,
+ "domainName": "8.example"
+ },
+ {
+ "id": 9,
+ "domainName": "9.example"
+ },
+ {
+ "id": 10,
+ "domainName": "10.example"
+ }
+ ],
+ "currentCount": 10,
+ "totalCount": 20,
+ "totalPage": 2
+ }
+}
diff --git a/providers/dns/jdcloud/fixtures/describe_domains_page2.json b/providers/dns/jdcloud/fixtures/describe_domains_page2.json
new file mode 100644
index 000000000..b1e1560ab
--- /dev/null
+++ b/providers/dns/jdcloud/fixtures/describe_domains_page2.json
@@ -0,0 +1,55 @@
+{
+ "requestId": "azerty",
+ "error": {
+ "code": 0,
+ "status": "",
+ "message": ""
+ },
+ "result": {
+ "dataList": [
+ {
+ "id": 11,
+ "domainName": "11.example"
+ },
+ {
+ "id": 12,
+ "domainName": "12.example"
+ },
+ {
+ "id": 13,
+ "domainName": "13.example"
+ },
+ {
+ "id": 14,
+ "domainName": "14.example"
+ },
+ {
+ "id": 15,
+ "domainName": "15.example"
+ },
+ {
+ "id": 16,
+ "domainName": "16.example"
+ },
+ {
+ "id": 17,
+ "domainName": "17.example"
+ },
+ {
+ "id": 18,
+ "domainName": "18.example"
+ },
+ {
+ "id": 19,
+ "domainName": "19.example"
+ },
+ {
+ "id": 20,
+ "domainName": "example.com"
+ }
+ ],
+ "currentCount": 10,
+ "totalCount": 20,
+ "totalPage": 2
+ }
+}
diff --git a/providers/dns/jdcloud/jdcloud.go b/providers/dns/jdcloud/jdcloud.go
new file mode 100644
index 000000000..7d9ad4e6b
--- /dev/null
+++ b/providers/dns/jdcloud/jdcloud.go
@@ -0,0 +1,217 @@
+// Package jdcloud implements a DNS provider for solving the DNS-01 challenge using JD Cloud.
+package jdcloud
+
+import (
+ "errors"
+ "fmt"
+ "strconv"
+ "sync"
+ "time"
+
+ "github.com/go-acme/jdcloud-sdk-go/core"
+ "github.com/go-acme/jdcloud-sdk-go/services/domainservice/apis"
+ jdcclient "github.com/go-acme/jdcloud-sdk-go/services/domainservice/client"
+ domainservice "github.com/go-acme/jdcloud-sdk-go/services/domainservice/models"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "JDCLOUD_"
+
+ EnvAccessKeyID = envNamespace + "ACCESS_KEY_ID"
+ EnvAccessKeySecret = envNamespace + "ACCESS_KEY_SECRET"
+ EnvRegionID = envNamespace + "REGION_ID"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ AccessKeyID string
+ AccessKeySecret string
+ RegionID string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPTimeout time.Duration
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *jdcclient.DomainserviceClient
+
+ recordIDs map[string]int
+ domainIDs map[string]int
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for JD Cloud.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAccessKeyID, EnvAccessKeySecret)
+ if err != nil {
+ return nil, fmt.Errorf("jdcloud: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.AccessKeyID = values[EnvAccessKeyID]
+ config.AccessKeySecret = values[EnvAccessKeySecret]
+
+ // https://docs.jdcloud.com/en/common-declaration/api/introduction#Region%20Code
+ config.RegionID = env.GetOrDefaultString(EnvRegionID, "cn-north-1")
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for JD Cloud.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("jdcloud: the configuration of the DNS provider is nil")
+ }
+
+ if config.AccessKeyID == "" || config.AccessKeySecret == "" {
+ return nil, errors.New("jdcloud: missing credentials")
+ }
+
+ cred := core.NewCredentials(config.AccessKeyID, config.AccessKeySecret)
+
+ client := jdcclient.NewDomainserviceClient(cred)
+ client.DisableLogger()
+ client.Config.SetTimeout(config.HTTPTimeout)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]int),
+ domainIDs: make(map[string]int),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("jdcloud: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("jdcloud: %w", err)
+ }
+
+ zone, err := d.findZone(dns01.UnFqdn(authZone))
+ if err != nil {
+ return fmt.Errorf("jdcloud: %w", err)
+ }
+
+ // https://docs.jdcloud.com/cn/jd-cloud-dns/api/createresourcerecord
+ crrr := apis.NewCreateResourceRecordRequestWithAllParams(
+ d.config.RegionID,
+ strconv.Itoa(zone.Id),
+ &domainservice.AddRR{
+ HostRecord: subDomain,
+ HostValue: info.Value,
+ Ttl: d.config.TTL,
+ Type: "TXT",
+ ViewValue: -1,
+ },
+ )
+
+ record, err := jdcclient.CreateResourceRecord(d.client, crrr)
+ if err != nil {
+ return fmt.Errorf("jdcloud: create resource record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.domainIDs[token] = zone.Id
+ d.recordIDs[token] = record.Result.DataList.Id
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.recordIDsMu.Lock()
+ recordID, recordOK := d.recordIDs[token]
+ domainID, domainOK := d.domainIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !recordOK {
+ return fmt.Errorf("jdcloud: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ if !domainOK {
+ return fmt.Errorf("jdcloud: unknown domain ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ // https://docs.jdcloud.com/cn/jd-cloud-dns/api/deleteresourcerecord
+ drrr := apis.NewDeleteResourceRecordRequestWithAllParams(
+ d.config.RegionID,
+ strconv.Itoa(domainID),
+ strconv.Itoa(recordID),
+ )
+
+ _, err := jdcclient.DeleteResourceRecord(d.client, drrr)
+ if err != nil {
+ return fmt.Errorf("jdcloud: delete resource record: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findZone(zone string) (*domainservice.DomainInfo, error) {
+ // https://docs.jdcloud.com/cn/jd-cloud-dns/api/describedomains
+ ddr := apis.NewDescribeDomainsRequestWithoutParam()
+ ddr.SetRegionId(d.config.RegionID)
+ ddr.SetPageNumber(1)
+ ddr.SetPageSize(10)
+ ddr.SetDomainName(zone)
+
+ for {
+ response, err := jdcclient.DescribeDomains(d.client, ddr)
+ if err != nil {
+ return nil, fmt.Errorf("describe domains: %w", err)
+ }
+
+ for _, d := range response.Result.DataList {
+ if d.DomainName == zone {
+ return &d, nil
+ }
+ }
+
+ if len(response.Result.DataList) < ddr.PageSize || response.Result.TotalPage <= ddr.PageNumber {
+ break
+ }
+
+ ddr.SetPageNumber(ddr.PageNumber + 1)
+ }
+
+ return nil, errors.New("zone not found")
+}
diff --git a/providers/dns/jdcloud/jdcloud.toml b/providers/dns/jdcloud/jdcloud.toml
new file mode 100644
index 000000000..7ab403822
--- /dev/null
+++ b/providers/dns/jdcloud/jdcloud.toml
@@ -0,0 +1,27 @@
+Name = "JD Cloud"
+Description = ''''''
+URL = "https://www.jdcloud.com/"
+Code = "jdcloud"
+Since = "v4.31.0"
+
+Example = '''
+JDCLOUD_ACCESS_KEY_ID="xxx" \
+JDCLOUD_ACCESS_KEY_SECRET="yyy" \
+lego --dns jdcloud -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ JDCLOUD_ACCESS_KEY_ID = "Access key ID"
+ JDCLOUD_ACCESS_KEY_SECRET = "Access key secret"
+ [Configuration.Additional]
+ JDCLOUD_REGION_ID = "Region ID (Default: cn-north-1)"
+ JDCLOUD_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ JDCLOUD_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ JDCLOUD_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ JDCLOUD_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://docs.jdcloud.com/cn/jd-cloud-dns/api/overview"
+ Common = "https://docs.jdcloud.com/en/common-declaration/api/introduction"
+ GoClient = "https://github.com/jdcloud-api/jdcloud-sdk-go"
diff --git a/providers/dns/jdcloud/jdcloud_test.go b/providers/dns/jdcloud/jdcloud_test.go
new file mode 100644
index 000000000..6b3368938
--- /dev/null
+++ b/providers/dns/jdcloud/jdcloud_test.go
@@ -0,0 +1,242 @@
+package jdcloud
+
+import (
+ "fmt"
+ "net"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvAccessKeyID,
+ EnvAccessKeySecret,
+ EnvRegionID,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAccessKeyID: "abc123",
+ EnvAccessKeySecret: "secret",
+ },
+ },
+ {
+ desc: "missing access key ID",
+ envVars: map[string]string{
+ EnvAccessKeyID: "",
+ EnvAccessKeySecret: "secret",
+ },
+ expected: "jdcloud: some credentials information are missing: JDCLOUD_ACCESS_KEY_ID",
+ },
+ {
+ desc: "missing access key secret",
+ envVars: map[string]string{
+ EnvAccessKeyID: "abc123",
+ EnvAccessKeySecret: "",
+ },
+ expected: "jdcloud: some credentials information are missing: JDCLOUD_ACCESS_KEY_SECRET",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "jdcloud: some credentials information are missing: JDCLOUD_ACCESS_KEY_ID,JDCLOUD_ACCESS_KEY_SECRET",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ accessKeyID string
+ accessKeySecret string
+ expected string
+ }{
+ {
+ desc: "success",
+ accessKeyID: "abc123",
+ accessKeySecret: "secret",
+ },
+ {
+ desc: "missing access key ID",
+ accessKeySecret: "secret",
+ expected: "jdcloud: missing credentials",
+ },
+ {
+ desc: "missing access key secret",
+ accessKeyID: "abc123",
+ expected: "jdcloud: missing credentials",
+ },
+ {
+ desc: "missing credentials",
+ expected: "jdcloud: missing credentials",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.AccessKeyID = test.accessKeyID
+ config.AccessKeySecret = test.accessKeySecret
+ config.RegionID = "cn-north-1"
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.AccessKeyID = "abc123"
+ config.AccessKeySecret = "secret"
+ config.RegionID = "cn-north-1"
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ serverURL, _ := url.Parse(server.URL)
+
+ p.client.Config.SetEndpoint(net.JoinHostPort(serverURL.Hostname(), serverURL.Port()))
+ p.client.Config.SetScheme(serverURL.Scheme)
+ p.client.Config.SetTimeout(server.Client().Timeout)
+
+ return p, nil
+ },
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /v2/regions/cn-north-1/domain",
+ http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+ pageNumber := req.URL.Query().Get("pageNumber")
+
+ servermock.ResponseFromFixture(
+ fmt.Sprintf("describe_domains_page%s.json", pageNumber),
+ ).ServeHTTP(rw, req)
+ }),
+ servermock.CheckQueryParameter().Strict().
+ With("domainName", "example.com").
+ WithRegexp("pageNumber", `(1|2)`).
+ With("pageSize", "10"),
+ servermock.CheckHeader().
+ WithRegexp("Authorization",
+ `JDCLOUD2-HMAC-SHA256 Credential=abc123/\d{8}/cn-north-1/domainservice/jdcloud2_request, SignedHeaders=content-type;host;x-jdcloud-date;x-jdcloud-nonce, Signature=\w+`).
+ WithRegexp("X-Jdcloud-Date", `\d{8}T\d{6}Z`).
+ WithRegexp("X-Jdcloud-Nonce", `[\w-]+`),
+ ).
+ Route("POST /v2/regions/cn-north-1/domain/20/ResourceRecord",
+ servermock.ResponseFromFixture("create_record.json"),
+ servermock.CheckRequestJSONBodyFromFixture("create_record-request.json"),
+ servermock.CheckHeader().
+ WithRegexp("Authorization",
+ `JDCLOUD2-HMAC-SHA256 Credential=abc123/\d{8}/cn-north-1/domainservice/jdcloud2_request, SignedHeaders=content-type;host;x-jdcloud-date;x-jdcloud-nonce, Signature=\w+`).
+ WithRegexp("X-Jdcloud-Date", `\d{8}T\d{6}Z`).
+ WithRegexp("X-Jdcloud-Nonce", `[\w-]+`),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+
+ require.Len(t, provider.domainIDs, 1)
+ require.Len(t, provider.recordIDs, 1)
+
+ assert.Equal(t, 20, provider.domainIDs["abc"])
+ assert.Equal(t, 123, provider.recordIDs["abc"])
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /v2/regions/cn-north-1/domain/20/ResourceRecord/123",
+ servermock.ResponseFromFixture("delete_record.json"),
+ servermock.CheckHeader().
+ WithRegexp("Authorization",
+ `JDCLOUD2-HMAC-SHA256 Credential=abc123/\d{8}/cn-north-1/domainservice/jdcloud2_request, SignedHeaders=content-type;host;x-jdcloud-date;x-jdcloud-nonce, Signature=\w+`).
+ WithRegexp("X-Jdcloud-Date", `\d{8}T\d{6}Z`).
+ WithRegexp("X-Jdcloud-Nonce", `[\w-]+`),
+ ).
+ Build(t)
+
+ provider.domainIDs["abc"] = 20
+ provider.recordIDs["abc"] = 123
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/joker/internal/dmapi/client.go b/providers/dns/joker/internal/dmapi/client.go
index 6496abe2e..576410723 100644
--- a/providers/dns/joker/internal/dmapi/client.go
+++ b/providers/dns/joker/internal/dmapi/client.go
@@ -176,12 +176,15 @@ func RemoveTxtEntryFromZone(zone, relative string) (string, bool) {
prefix := fmt.Sprintf("%s TXT 0 ", relative)
modified := false
+
var zoneEntries []string
+
for line := range strings.Lines(zone) {
if strings.HasPrefix(line, prefix) {
modified = true
continue
}
+
zoneEntries = append(zoneEntries, line)
}
diff --git a/providers/dns/joker/internal/dmapi/identity.go b/providers/dns/joker/internal/dmapi/identity.go
index 351d987e9..63c0b2ea1 100644
--- a/providers/dns/joker/internal/dmapi/identity.go
+++ b/providers/dns/joker/internal/dmapi/identity.go
@@ -24,6 +24,7 @@ type Token struct {
// login performs a log in to Joker's DMAPI.
func (c *Client) login(ctx context.Context) (*Response, error) {
var values url.Values
+
switch {
case c.username != "" && c.password != "":
values = url.Values{
@@ -106,5 +107,6 @@ func formatResponseError(response *Response, err error) error {
if response != nil {
return fmt.Errorf("joker: DMAPI error: %w Response: %v", err, response.Headers)
}
+
return fmt.Errorf("joker: DMAPI error: %w", err)
}
diff --git a/providers/dns/joker/joker.toml b/providers/dns/joker/joker.toml
index 35713df18..20e481a6d 100644
--- a/providers/dns/joker/joker.toml
+++ b/providers/dns/joker/joker.toml
@@ -9,17 +9,17 @@ Example = '''
JOKER_API_MODE=SVC \
JOKER_USERNAME= \
JOKER_PASSWORD= \
-lego --email you@example.com --dns joker -d '*.example.com' -d example.com run
+lego --dns joker -d '*.example.com' -d example.com run
# DMAPI
JOKER_API_MODE=DMAPI \
JOKER_USERNAME= \
JOKER_PASSWORD= \
-lego --email you@example.com --dns joker -d '*.example.com' -d example.com run
+lego --dns joker -d '*.example.com' -d example.com run
## or
JOKER_API_MODE=DMAPI \
JOKER_API_KEY= \
-lego --email you@example.com --dns joker -d '*.example.com' -d example.com run
+lego --dns joker -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/joker/joker_test.go b/providers/dns/joker/joker_test.go
index 20e3fc7a5..bc21ccbbc 100644
--- a/providers/dns/joker/joker_test.go
+++ b/providers/dns/joker/joker_test.go
@@ -53,6 +53,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -112,6 +113,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -125,6 +127,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/joker/provider_dmapi.go b/providers/dns/joker/provider_dmapi.go
index 5c623467a..11f850136 100644
--- a/providers/dns/joker/provider_dmapi.go
+++ b/providers/dns/joker/provider_dmapi.go
@@ -10,6 +10,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/joker/internal/dmapi"
)
@@ -27,6 +28,7 @@ func newDmapiProvider() (*dmapiProvider, error) {
values, err := env.Get(EnvAPIKey)
if err != nil {
var errU error
+
values, errU = env.Get(EnvUsername, EnvPassword)
if errU != nil {
//nolint:errorlint // false-positive
@@ -66,6 +68,8 @@ func newDmapiProviderConfig(config *Config) (*dmapiProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &dmapiProvider{config: config, client: client}, nil
}
@@ -158,6 +162,7 @@ func (d *dmapiProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return formatResponseError(response, err)
}
+
return nil
}
@@ -166,5 +171,6 @@ func formatResponseError(response *dmapi.Response, err error) error {
if response != nil {
return fmt.Errorf("joker: DMAPI error: %w Response: %v", err, response.Headers)
}
+
return fmt.Errorf("joker: DMAPI error: %w", err)
}
diff --git a/providers/dns/joker/provider_dmapi_test.go b/providers/dns/joker/provider_dmapi_test.go
index 4704f2b80..06f283872 100644
--- a/providers/dns/joker/provider_dmapi_test.go
+++ b/providers/dns/joker/provider_dmapi_test.go
@@ -58,6 +58,7 @@ func Test_newDmapiProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
diff --git a/providers/dns/joker/provider_svc.go b/providers/dns/joker/provider_svc.go
index 991772fe7..f4d8fcf3f 100644
--- a/providers/dns/joker/provider_svc.go
+++ b/providers/dns/joker/provider_svc.go
@@ -9,6 +9,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/joker/internal/svc"
)
@@ -47,6 +48,8 @@ func newSvcProviderConfig(config *Config) (*svcProvider, error) {
client := svc.NewClient(config.Username, config.Password)
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &svcProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/joker/provider_svc_test.go b/providers/dns/joker/provider_svc_test.go
index ad6c74c87..dc981b6b4 100644
--- a/providers/dns/joker/provider_svc_test.go
+++ b/providers/dns/joker/provider_svc_test.go
@@ -49,6 +49,7 @@ func Test_newSvcProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
diff --git a/providers/dns/keyhelp/internal/client.go b/providers/dns/keyhelp/internal/client.go
new file mode 100644
index 000000000..a5a80db5c
--- /dev/null
+++ b/providers/dns/keyhelp/internal/client.go
@@ -0,0 +1,175 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+)
+
+// APIKeyHeader API key header.
+const APIKeyHeader = "X-Api-Key"
+
+// Client the KeyHelp API client.
+type Client struct {
+ apiKey string
+
+ baseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(baseURL, apiKey string) (*Client, error) {
+ if baseURL == "" {
+ return nil, errors.New("missing base URL")
+ }
+
+ if apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ base, err := url.Parse(baseURL)
+ if err != nil {
+ return nil, fmt.Errorf("parse base URL: %w", err)
+ }
+
+ return &Client{
+ apiKey: apiKey,
+ baseURL: base.JoinPath("api", "v2"),
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ req.Header.Set(APIKeyHeader, c.apiKey)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func (c *Client) ListDomains(ctx context.Context) ([]Domain, error) {
+ endpoint := c.baseURL.JoinPath("domains")
+
+ query := endpoint.Query()
+ query.Set("sort", "domain_utf8")
+ endpoint.RawQuery = query.Encode()
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var result []Domain
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+func (c *Client) ListDomainRecords(ctx context.Context, domainID int) (*DomainRecords, error) {
+ endpoint := c.baseURL.JoinPath("dns", strconv.Itoa(domainID))
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var result DomainRecords
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return &result, nil
+}
+
+func (c *Client) UpdateDomainRecords(ctx context.Context, domainID int, records DomainRecords) (*DomainID, error) {
+ endpoint := c.baseURL.JoinPath("dns", strconv.Itoa(domainID))
+
+ req, err := newJSONRequest(ctx, http.MethodPut, endpoint, records)
+ if err != nil {
+ return nil, err
+ }
+
+ var result DomainID
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return &result, nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/keyhelp/internal/client_test.go b/providers/dns/keyhelp/internal/client_test.go
new file mode 100644
index 000000000..80b21495b
--- /dev/null
+++ b/providers/dns/keyhelp/internal/client_test.go
@@ -0,0 +1,169 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL, "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ With(APIKeyHeader, "secret").
+ WithJSONHeaders(),
+ )
+}
+
+func TestClient_ListDomains(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/v2/domains",
+ servermock.ResponseFromFixture("get_domains.json"),
+ servermock.CheckQueryParameter().
+ With("sort", "domain_utf8").
+ Strict()).
+ Build(t)
+
+ domains, err := client.ListDomains(t.Context())
+ require.NoError(t, err)
+
+ expected := []Domain{{
+ ID: 8,
+ UserID: 4,
+ ParentDomainID: 0,
+ Status: 1,
+ Domain: "example.com",
+ DomainUTF8: "example.com",
+ IsEmailDomain: true,
+ }}
+
+ assert.Equal(t, expected, domains)
+}
+
+func TestClient_ListDomains_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/v2/domains",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ _, err := client.ListDomains(t.Context())
+
+ require.EqualError(t, err, "401 Unauthorized: API key is missing or invalid.")
+}
+
+func TestClient_ListDomainRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/v2/dns/123",
+ servermock.ResponseFromFixture("get_domain_records.json")).
+ Build(t)
+
+ domainRecords, err := client.ListDomainRecords(t.Context(), 123)
+ require.NoError(t, err)
+
+ expected := &DomainRecords{
+ DkimRecord: `default._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; " "...DKIM KEY..." )`,
+ Records: &Records{
+ Soa: &SOARecord{
+ TTL: 86400,
+ PrimaryNs: "ns.example.com.",
+ RName: "root.example.com.",
+ Refresh: 14400,
+ Retry: 1800,
+ Expire: 604800,
+ Minimum: 3600,
+ },
+ Other: []Record{{
+ Host: "@",
+ TTL: 86400,
+ Type: "A",
+ Value: "192.168.178.1",
+ }},
+ },
+ }
+
+ assert.Equal(t, expected, domainRecords)
+}
+
+func TestClient_ListDomainRecords_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/v2/dns/8",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ _, err := client.ListDomainRecords(t.Context(), 8)
+
+ require.EqualError(t, err, "401 Unauthorized: API key is missing or invalid.")
+}
+
+func TestClient_UpdateDomainRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("PUT /api/v2/dns/8",
+ servermock.ResponseFromFixture("update_domain_records.json"),
+ servermock.CheckRequestJSONBodyFromFixture("update_domain_records-request.json")).
+ Build(t)
+
+ records := DomainRecords{
+ DkimRecord: `default._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; " "...DKIM KEY..." )`,
+ Records: &Records{
+ Soa: &SOARecord{
+ TTL: 86400,
+ PrimaryNs: "ns.example.com.",
+ RName: "root.example.com.",
+ Refresh: 14400,
+ Retry: 1800,
+ Expire: 604800,
+ Minimum: 3600,
+ },
+ Other: []Record{
+ {
+ Host: "@",
+ TTL: 86400,
+ Type: "A",
+ Value: "192.168.178.1",
+ },
+ {
+ Host: "_acme-challenge",
+ TTL: 120,
+ Type: "TXT",
+ Value: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ },
+ },
+ },
+ }
+
+ domainID, err := client.UpdateDomainRecords(t.Context(), 8, records)
+ require.NoError(t, err)
+
+ expected := &DomainID{ID: 8}
+
+ assert.Equal(t, expected, domainID)
+}
+
+func TestClient_UpdateDomainRecords_error(t *testing.T) {
+ client := mockBuilder().
+ Route("PUT /api/v2/dns/123",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ records := DomainRecords{}
+
+ _, err := client.UpdateDomainRecords(t.Context(), 123, records)
+
+ require.EqualError(t, err, "401 Unauthorized: API key is missing or invalid.")
+}
diff --git a/providers/dns/keyhelp/internal/fixtures/error.json b/providers/dns/keyhelp/internal/fixtures/error.json
new file mode 100644
index 000000000..4fdf5e8f5
--- /dev/null
+++ b/providers/dns/keyhelp/internal/fixtures/error.json
@@ -0,0 +1,4 @@
+{
+ "code": "401 Unauthorized",
+ "message": "API key is missing or invalid."
+}
diff --git a/providers/dns/keyhelp/internal/fixtures/get_domain_records.json b/providers/dns/keyhelp/internal/fixtures/get_domain_records.json
new file mode 100644
index 000000000..50483bb8e
--- /dev/null
+++ b/providers/dns/keyhelp/internal/fixtures/get_domain_records.json
@@ -0,0 +1,24 @@
+{
+ "is_custom_dns": false,
+ "is_dns_disabled": false,
+ "dkim_record": "default._domainkey IN TXT ( \"v=DKIM1; k=rsa; s=email; \" \"...DKIM KEY...\" )",
+ "records": {
+ "soa": {
+ "ttl": 86400,
+ "primary_ns": "ns.example.com.",
+ "rname": "root.example.com.",
+ "refresh": 14400,
+ "retry": 1800,
+ "expire": 604800,
+ "minimum": 3600
+ },
+ "other": [
+ {
+ "host": "@",
+ "ttl": 86400,
+ "type": "A",
+ "value": "192.168.178.1"
+ }
+ ]
+ }
+}
diff --git a/providers/dns/keyhelp/internal/fixtures/get_domain_records2.json b/providers/dns/keyhelp/internal/fixtures/get_domain_records2.json
new file mode 100644
index 000000000..cd49fd6d0
--- /dev/null
+++ b/providers/dns/keyhelp/internal/fixtures/get_domain_records2.json
@@ -0,0 +1,30 @@
+{
+ "is_custom_dns": false,
+ "is_dns_disabled": false,
+ "dkim_record": "default._domainkey IN TXT ( \"v=DKIM1; k=rsa; s=email; \" \"...DKIM KEY...\" )",
+ "records": {
+ "soa": {
+ "ttl": 86400,
+ "primary_ns": "ns.example.com.",
+ "rname": "root.example.com.",
+ "refresh": 14400,
+ "retry": 1800,
+ "expire": 604800,
+ "minimum": 3600
+ },
+ "other": [
+ {
+ "host": "@",
+ "ttl": 86400,
+ "type": "A",
+ "value": "192.168.178.1"
+ },
+ {
+ "host": "_acme-challenge",
+ "ttl": 120,
+ "type": "TXT",
+ "value": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ }
+ ]
+ }
+}
diff --git a/providers/dns/keyhelp/internal/fixtures/get_domains.json b/providers/dns/keyhelp/internal/fixtures/get_domains.json
new file mode 100644
index 000000000..28ae0887d
--- /dev/null
+++ b/providers/dns/keyhelp/internal/fixtures/get_domains.json
@@ -0,0 +1,41 @@
+[
+ {
+ "id": 8,
+ "id_user": 4,
+ "id_parent_domain": 0,
+ "status": 1,
+ "domain": "example.com",
+ "domain_utf8": "example.com",
+ "created_at": "2019-08-15T11:29:13+02:00",
+ "php_version": "",
+ "traffic": 32434624,
+ "is_disabled": false,
+ "delete_on": "2025-09-02T19:31:14+0000",
+ "dkim_selector": "default",
+ "dkim_record": "default._domainkey IN TXT ( \"v=DKIM1; k=rsa; s=email; \" \"...DKIM KEY...\" )",
+ "is_custom_dns": false,
+ "is_dns_disabled": false,
+ "is_subdomain": false,
+ "is_system_domain": false,
+ "is_email_domain": true,
+ "is_email_sending_only": false,
+ "target": {
+ "target": "https://www.keyhelp.de",
+ "is_forwarding": true,
+ "forwarding_type": 301
+ },
+ "security": {
+ "id_certificate": 0,
+ "lets_encrypt": true,
+ "is_prefer_https": true,
+ "is_hsts": true,
+ "hsts_max_age": 10368000,
+ "hsts_include": true,
+ "hsts_preload": true
+ },
+ "apache": {
+ "http_directives": "# My custom HTTP directives",
+ "https_directives": "# My custom HTTPS directives"
+ }
+ }
+]
diff --git a/providers/dns/keyhelp/internal/fixtures/update_domain_records-request.json b/providers/dns/keyhelp/internal/fixtures/update_domain_records-request.json
new file mode 100644
index 000000000..6f83ead11
--- /dev/null
+++ b/providers/dns/keyhelp/internal/fixtures/update_domain_records-request.json
@@ -0,0 +1,28 @@
+{
+ "dkim_record": "default._domainkey IN TXT ( \"v=DKIM1; k=rsa; s=email; \" \"...DKIM KEY...\" )",
+ "records": {
+ "soa": {
+ "ttl": 86400,
+ "primary_ns": "ns.example.com.",
+ "rname": "root.example.com.",
+ "refresh": 14400,
+ "retry": 1800,
+ "expire": 604800,
+ "minimum": 3600
+ },
+ "other": [
+ {
+ "host": "@",
+ "ttl": 86400,
+ "type": "A",
+ "value": "192.168.178.1"
+ },
+ {
+ "host": "_acme-challenge",
+ "ttl": 120,
+ "type": "TXT",
+ "value": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ }
+ ]
+ }
+}
diff --git a/providers/dns/keyhelp/internal/fixtures/update_domain_records-request2.json b/providers/dns/keyhelp/internal/fixtures/update_domain_records-request2.json
new file mode 100644
index 000000000..3ebb2ee7a
--- /dev/null
+++ b/providers/dns/keyhelp/internal/fixtures/update_domain_records-request2.json
@@ -0,0 +1,22 @@
+{
+ "dkim_record": "default._domainkey IN TXT ( \"v=DKIM1; k=rsa; s=email; \" \"...DKIM KEY...\" )",
+ "records": {
+ "soa": {
+ "ttl": 86400,
+ "primary_ns": "ns.example.com.",
+ "rname": "root.example.com.",
+ "refresh": 14400,
+ "retry": 1800,
+ "expire": 604800,
+ "minimum": 3600
+ },
+ "other": [
+ {
+ "host": "@",
+ "ttl": 86400,
+ "type": "A",
+ "value": "192.168.178.1"
+ }
+ ]
+ }
+}
diff --git a/providers/dns/keyhelp/internal/fixtures/update_domain_records.json b/providers/dns/keyhelp/internal/fixtures/update_domain_records.json
new file mode 100644
index 000000000..a335b5ba5
--- /dev/null
+++ b/providers/dns/keyhelp/internal/fixtures/update_domain_records.json
@@ -0,0 +1,3 @@
+{
+ "id": 8
+}
diff --git a/providers/dns/keyhelp/internal/types.go b/providers/dns/keyhelp/internal/types.go
new file mode 100644
index 000000000..8716fa0c8
--- /dev/null
+++ b/providers/dns/keyhelp/internal/types.go
@@ -0,0 +1,63 @@
+package internal
+
+import (
+ "fmt"
+)
+
+type APIError struct {
+ Code string `json:"code,omitempty"`
+ Message string `json:"message,omitempty"`
+}
+
+func (a *APIError) Error() string {
+ return fmt.Sprintf("%s: %s", a.Code, a.Message)
+}
+
+type Domain struct {
+ ID int `json:"id,omitempty"`
+ UserID int `json:"id_user,omitempty"`
+ ParentDomainID int `json:"id_parent_domain,omitempty"`
+ Status int `json:"status,omitempty"`
+ Domain string `json:"domain,omitempty"`
+ DomainUTF8 string `json:"domain_utf8,omitempty"`
+ IsDisabled bool `json:"is_disabled,omitempty"`
+ IsCustomDNS bool `json:"is_custom_dns,omitempty"`
+ IsDNSDisabled bool `json:"is_dns_disabled,omitempty"`
+ IsSubdomain bool `json:"is_subdomain,omitempty"`
+ IsSystemDomain bool `json:"is_system_domain,omitempty"`
+ IsEmailDomain bool `json:"is_email_domain,omitempty"`
+ IsEmailSendingOnly bool `json:"is_email_sending_only,omitempty"`
+}
+
+type DomainID struct {
+ ID int `json:"id,omitempty"`
+}
+
+type DomainRecords struct {
+ IsCustomDNS bool `json:"is_custom_dns,omitempty"`
+ IsDNSDisabled bool `json:"is_dns_disabled,omitempty"`
+ DkimRecord string `json:"dkim_record,omitempty"`
+ Records *Records `json:"records,omitempty"`
+}
+
+type Records struct {
+ Soa *SOARecord `json:"soa,omitempty"`
+ Other []Record `json:"other,omitempty"`
+}
+
+type SOARecord struct {
+ TTL int `json:"ttl,omitempty"`
+ PrimaryNs string `json:"primary_ns,omitempty"`
+ RName string `json:"rname,omitempty"`
+ Refresh int `json:"refresh,omitempty"`
+ Retry int `json:"retry,omitempty"`
+ Expire int `json:"expire,omitempty"`
+ Minimum int `json:"minimum,omitempty"`
+}
+
+type Record struct {
+ Host string `json:"host"`
+ TTL int `json:"ttl"`
+ Type string `json:"type"`
+ Value string `json:"value"`
+}
diff --git a/providers/dns/keyhelp/keyhelp.go b/providers/dns/keyhelp/keyhelp.go
new file mode 100644
index 000000000..67ceaaa63
--- /dev/null
+++ b/providers/dns/keyhelp/keyhelp.go
@@ -0,0 +1,225 @@
+// Package keyhelp implements a DNS provider for solving the DNS-01 challenge using KeyHelp.
+package keyhelp
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/keyhelp/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "KEYHELP_"
+
+ EnvBaseURL = envNamespace + "BASE_URL"
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ BaseURL string
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ domainIDs map[string]int
+ domainIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for KeyHelp.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvBaseURL, EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("keyhelp: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.BaseURL = values[EnvBaseURL]
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for KeyHelp.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("keyhelp: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.BaseURL, config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("keyhelp: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ domainIDs: make(map[string]int),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("keyhelp: could not find zone for domain %q: %w", domain, err)
+ }
+
+ ctx := context.Background()
+
+ domainInfo, err := d.findDomain(ctx, dns01.UnFqdn(authZone))
+ if err != nil {
+ return fmt.Errorf("keyhelp: %w", err)
+ }
+
+ domainRecords, err := d.client.ListDomainRecords(ctx, domainInfo.ID)
+ if err != nil {
+ return fmt.Errorf("keyhelp: list domain records: %w", err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("keyhelp: %w", err)
+ }
+
+ records := domainRecords.Records.Other
+ records = append(records, internal.Record{
+ Host: subDomain,
+ TTL: d.config.TTL,
+ Type: "TXT",
+ Value: info.Value,
+ })
+
+ req := internal.DomainRecords{
+ DkimRecord: domainRecords.DkimRecord,
+ Records: &internal.Records{
+ Soa: domainRecords.Records.Soa,
+ Other: records,
+ },
+ }
+
+ _, err = d.client.UpdateDomainRecords(ctx, domainInfo.ID, req)
+ if err != nil {
+ return fmt.Errorf("keyhelp: update domain records (add): %w", err)
+ }
+
+ d.domainIDsMu.Lock()
+ d.domainIDs[token] = domainInfo.ID
+ d.domainIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ // get the domain's unique ID from when we created it
+ d.domainIDsMu.Lock()
+ domainID, ok := d.domainIDs[token]
+ d.domainIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("keyhelp: unknown record ID for '%s'", info.EffectiveFQDN)
+ }
+
+ domainRecords, err := d.client.ListDomainRecords(ctx, domainID)
+ if err != nil {
+ return fmt.Errorf("keyhelp: list domain records: %w", err)
+ }
+
+ var records []internal.Record
+
+ for _, record := range domainRecords.Records.Other {
+ if record.Type == "TXT" && record.Value == info.Value {
+ continue
+ }
+
+ records = append(records, record)
+ }
+
+ req := internal.DomainRecords{
+ DkimRecord: domainRecords.DkimRecord,
+ Records: &internal.Records{
+ Soa: domainRecords.Records.Soa,
+ Other: records,
+ },
+ }
+
+ _, err = d.client.UpdateDomainRecords(ctx, domainID, req)
+ if err != nil {
+ return fmt.Errorf("keyhelp: update domain records (delete): %w", err)
+ }
+
+ // Delete domain ID from map
+ d.domainIDsMu.Lock()
+ delete(d.domainIDs, token)
+ d.domainIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findDomain(ctx context.Context, zone string) (internal.Domain, error) {
+ domains, err := d.client.ListDomains(ctx)
+ if err != nil {
+ return internal.Domain{}, fmt.Errorf("list domains: %w", err)
+ }
+
+ for _, domain := range domains {
+ if domain.DomainUTF8 == zone || domain.Domain == zone {
+ return domain, nil
+ }
+ }
+
+ return internal.Domain{}, fmt.Errorf("domain not found: %s", zone)
+}
diff --git a/providers/dns/keyhelp/keyhelp.toml b/providers/dns/keyhelp/keyhelp.toml
new file mode 100644
index 000000000..e622794ca
--- /dev/null
+++ b/providers/dns/keyhelp/keyhelp.toml
@@ -0,0 +1,24 @@
+Name = "KeyHelp"
+Description = ''''''
+URL = "https://www.keyweb.de/en/keyhelp/keyhelp/"
+Code = "keyhelp"
+Since = "v4.26.0"
+
+Example = '''
+KEYHELP_BASE_URL="https://keyhelp.example.com" \
+KEYHELP_API_KEY="xxx" \
+lego --dns keyhelp -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ KEYHELP_BASE_URL= "Server URL"
+ KEYHELP_API_KEY = "API key"
+ [Configuration.Additional]
+ KEYHELP_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ KEYHELP_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ KEYHELP_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ KEYHELP_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://app.swaggerhub.com/apis-docs/keyhelp/api/"
diff --git a/providers/dns/keyhelp/keyhelp_test.go b/providers/dns/keyhelp/keyhelp_test.go
new file mode 100644
index 000000000..8d8ac821d
--- /dev/null
+++ b/providers/dns/keyhelp/keyhelp_test.go
@@ -0,0 +1,198 @@
+package keyhelp
+
+import (
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/go-acme/lego/v4/providers/dns/keyhelp/internal"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvBaseURL, EnvAPIKey).
+ WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvBaseURL: "https://keyhelp.example.com",
+ EnvAPIKey: "secret",
+ },
+ },
+ {
+ desc: "missing base URL",
+ envVars: map[string]string{
+ EnvAPIKey: "secret",
+ },
+ expected: "keyhelp: some credentials information are missing: KEYHELP_BASE_URL",
+ },
+ {
+ desc: "missing API key",
+ envVars: map[string]string{
+ EnvBaseURL: "https://keyhelp.example.com",
+ },
+ expected: "keyhelp: some credentials information are missing: KEYHELP_API_KEY",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "keyhelp: some credentials information are missing: KEYHELP_BASE_URL,KEYHELP_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ baseURL string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ baseURL: "https://keyhelp.example.com",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing base URL",
+ apiKey: "secret",
+ expected: "keyhelp: missing base URL",
+ },
+ {
+ desc: "missing API key",
+ baseURL: "https://keyhelp.example.com",
+ expected: "keyhelp: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "keyhelp: missing base URL",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.BaseURL = test.baseURL
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
+ config.APIKey = "secret"
+ config.BaseURL = server.URL
+
+ return NewDNSProviderConfig(config)
+ },
+ servermock.CheckHeader().
+ With(internal.APIKeyHeader, "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /api/v2/domains",
+ servermock.ResponseFromInternal("get_domains.json"),
+ servermock.CheckQueryParameter().
+ With("sort", "domain_utf8").
+ Strict()).
+ Route("GET /api/v2/dns/8",
+ servermock.ResponseFromInternal("get_domain_records.json")).
+ Route("PUT /api/v2/dns/8",
+ servermock.ResponseFromInternal("update_domain_records.json"),
+ servermock.CheckRequestJSONBodyFromInternal("update_domain_records-request.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+
+ assert.Equal(t, 8, provider.domainIDs["abc"])
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /api/v2/dns/8",
+ servermock.ResponseFromInternal("get_domain_records2.json")).
+ Route("PUT /api/v2/dns/8",
+ servermock.ResponseFromInternal("update_domain_records.json"),
+ servermock.CheckRequestJSONBodyFromInternal("update_domain_records-request2.json")).
+ Build(t)
+
+ provider.domainIDs["abc"] = 8
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/leaseweb/internal/client.go b/providers/dns/leaseweb/internal/client.go
new file mode 100644
index 000000000..01619d49b
--- /dev/null
+++ b/providers/dns/leaseweb/internal/client.go
@@ -0,0 +1,216 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+const defaultBaseURL = "https://api.leaseweb.com/hosting/v2"
+
+const AuthHeader = "X-LSW-Auth"
+
+// Client the Leaseweb API client.
+type Client struct {
+ apiKey string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(apiKey string) (*Client, error) {
+ if apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ apiKey: apiKey,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+// CreateRRSet creates a resource record set.
+// https://developer.leaseweb.com/docs/#tag/DNS/operation/createResourceRecordSet
+func (c *Client) CreateRRSet(ctx context.Context, domainName string, rrset RRSet) (*RRSet, error) {
+ endpoint := c.BaseURL.JoinPath("domains", domainName, "resourceRecordSets")
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, rrset)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &RRSet{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// GetRRSet gets a resource record set.
+// https://developer.leaseweb.com/docs/#tag/DNS/operation/getResourceRecordSet
+func (c *Client) GetRRSet(ctx context.Context, domainName, name, rType string) (*RRSet, error) {
+ endpoint := c.BaseURL.JoinPath("domains", domainName, "resourceRecordSets", name, rType)
+
+ req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &RRSet{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// UpdateRRSet updates a resource record set.
+// https://developer.leaseweb.com/docs/#tag/DNS/operation/updateResourceRecordSet
+func (c *Client) UpdateRRSet(ctx context.Context, domainName string, rrset RRSet) (*RRSet, error) {
+ endpoint := c.BaseURL.JoinPath("domains", domainName, "resourceRecordSets", rrset.Name, rrset.Type)
+
+ // Reset values that are not allowed to be updated.
+ rrset.Name = ""
+ rrset.Type = ""
+ rrset.Editable = false
+
+ req, err := newJSONRequest(ctx, http.MethodPut, endpoint, rrset)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &RRSet{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+// DeleteRRSet deletes a resource record set.
+// https://developer.leaseweb.com/docs/#tag/DNS/operation/deleteResourceRecordSet
+func (c *Client) DeleteRRSet(ctx context.Context, domainName, name, rType string) error {
+ endpoint := c.BaseURL.JoinPath("domains", domainName, "resourceRecordSets", name, rType)
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Add(AuthHeader, c.apiKey)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ if resp.StatusCode == http.StatusNotFound {
+ return &NotFoundError{APIError{
+ CorrelationID: resp.Header.Get("Correlation-Id"),
+ ErrorCode: strconv.Itoa(http.StatusNotFound),
+ ErrorMessage: string(raw),
+ }}
+ }
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if errAPI.ErrorCode == strconv.Itoa(http.StatusNotFound) {
+ return &NotFoundError{APIError: errAPI}
+ }
+
+ return &errAPI
+}
+
+// TTLRounder rounds the given TTL in seconds to the next accepted value.
+// Accepted TTL values are: 60, 300, 1800, 3600, 14400, 28800, 43200, 86400.
+func TTLRounder(ttl int) int {
+ for _, validTTL := range []int{60, 300, 1800, 3600, 14400, 28800, 43200, 86400} {
+ if ttl <= validTTL {
+ return validTTL
+ }
+ }
+
+ return 3600
+}
diff --git a/providers/dns/leaseweb/internal/client_test.go b/providers/dns/leaseweb/internal/client_test.go
new file mode 100644
index 000000000..5762aad4b
--- /dev/null
+++ b/providers/dns/leaseweb/internal/client_test.go
@@ -0,0 +1,149 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With(AuthHeader, "secret"),
+ )
+}
+
+func TestClient_CreateRRSet(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/example.com/resourceRecordSets",
+ servermock.ResponseFromFixture("createResourceRecordSet.json"),
+ servermock.CheckRequestJSONBodyFromFixture("createResourceRecordSet-request.json"),
+ ).
+ Build(t)
+
+ rrset := RRSet{
+ Content: []string{"ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"},
+ Name: "_acme-challenge.example.com.",
+ TTL: 300,
+ Type: "TXT",
+ }
+
+ result, err := client.CreateRRSet(t.Context(), "example.com", rrset)
+ require.NoError(t, err)
+
+ expected := &RRSet{
+ Content: []string{"ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"},
+ Name: "_acme-challenge.example.com.",
+ Editable: true,
+ TTL: 300,
+ Type: "TXT",
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_GetRRSet(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromFixture("getResourceRecordSet.json"),
+ ).
+ Build(t)
+
+ result, err := client.GetRRSet(t.Context(), "example.com", "_acme-challenge.example.com.", "TXT")
+ require.NoError(t, err)
+
+ expected := &RRSet{
+ Content: []string{"foo", "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo"},
+ Name: "_acme-challenge.example.com.",
+ Editable: true,
+ TTL: 3600,
+ Type: "TXT",
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_GetRRSet_error_404(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromFixture("error_404.json").
+ WithStatusCode(http.StatusNotFound),
+ ).
+ Build(t)
+
+ _, err := client.GetRRSet(t.Context(), "example.com", "_acme-challenge.example.com.", "TXT")
+ require.EqualError(t, err, "404: Resource not found (289346a1-3eaf-4da4-b707-62ef12eb08be)")
+
+ target := &NotFoundError{}
+ require.ErrorAs(t, err, &target)
+}
+
+func TestClient_UpdateRRSet(t *testing.T) {
+ client := mockBuilder().
+ Route("PUT /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromFixture("updateResourceRecordSet.json"),
+ servermock.CheckRequestJSONBodyFromFixture("updateResourceRecordSet-request.json"),
+ ).
+ Build(t)
+
+ rrset := RRSet{
+ Content: []string{"foo", "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"},
+ Name: "_acme-challenge.example.com.",
+ TTL: 3600,
+ Type: "TXT",
+ }
+
+ result, err := client.UpdateRRSet(t.Context(), "example.com", rrset)
+ require.NoError(t, err)
+
+ expected := &RRSet{
+ Content: []string{"foo", "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"},
+ Name: "_acme-challenge.example.com.",
+ Editable: true,
+ TTL: 3600,
+ Type: "TXT",
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_DeleteRRSet(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ ).
+ Build(t)
+
+ err := client.DeleteRRSet(t.Context(), "example.com", "_acme-challenge.example.com.", "TXT")
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteRRSet_error(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromFixture("error_401.json").
+ WithStatusCode(http.StatusUnauthorized),
+ ).
+ Build(t)
+
+ err := client.DeleteRRSet(t.Context(), "example.com", "_acme-challenge.example.com.", "TXT")
+ require.EqualError(t, err, "401: You are not authorized to view this resource. (289346a1-3eaf-4da4-b707-62ef12eb08be)")
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/createResourceRecordSet-request.json b/providers/dns/leaseweb/internal/fixtures/createResourceRecordSet-request.json
new file mode 100644
index 000000000..af53fcf04
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/createResourceRecordSet-request.json
@@ -0,0 +1,8 @@
+{
+ "content": [
+ "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ ],
+ "name": "_acme-challenge.example.com.",
+ "ttl": 300,
+ "type": "TXT"
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/createResourceRecordSet.json b/providers/dns/leaseweb/internal/fixtures/createResourceRecordSet.json
new file mode 100644
index 000000000..8ca040d63
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/createResourceRecordSet.json
@@ -0,0 +1,17 @@
+{
+ "_links": {
+ "self": {
+ "href": "/domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT"
+ },
+ "collection": {
+ "href": "/domains/example.com/resourceRecordSets"
+ }
+ },
+ "content": [
+ "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ ],
+ "editable": true,
+ "name": "_acme-challenge.example.com.",
+ "ttl": 300,
+ "type": "TXT"
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/error_400.json b/providers/dns/leaseweb/internal/fixtures/error_400.json
new file mode 100644
index 000000000..1a980b6bb
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/error_400.json
@@ -0,0 +1,6 @@
+{
+ "correlationId": "289346a1-3eaf-4da4-b707-62ef12eb08be",
+ "errorCode": "400",
+ "errorDetails": {},
+ "errorMessage": "The API could not interpret your request correctly."
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/error_401.json b/providers/dns/leaseweb/internal/fixtures/error_401.json
new file mode 100644
index 000000000..47d8a311d
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/error_401.json
@@ -0,0 +1,5 @@
+{
+ "correlationId": "289346a1-3eaf-4da4-b707-62ef12eb08be",
+ "errorCode": "401",
+ "errorMessage": "You are not authorized to view this resource."
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/error_404.json b/providers/dns/leaseweb/internal/fixtures/error_404.json
new file mode 100644
index 000000000..1deaf5606
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/error_404.json
@@ -0,0 +1,5 @@
+{
+ "correlationId": "289346a1-3eaf-4da4-b707-62ef12eb08be",
+ "errorCode": "404",
+ "errorMessage": "Resource not found"
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/getResourceRecordSet.json b/providers/dns/leaseweb/internal/fixtures/getResourceRecordSet.json
new file mode 100644
index 000000000..fd48f60c6
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/getResourceRecordSet.json
@@ -0,0 +1,18 @@
+{
+ "_links": {
+ "self": {
+ "href": "/domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT"
+ },
+ "collection": {
+ "href": "/domains/example.com/resourceRecordSets"
+ }
+ },
+ "content": [
+ "foo",
+ "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo"
+ ],
+ "editable": true,
+ "name": "_acme-challenge.example.com.",
+ "ttl": 3600,
+ "type": "TXT"
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/getResourceRecordSet2.json b/providers/dns/leaseweb/internal/fixtures/getResourceRecordSet2.json
new file mode 100644
index 000000000..abf3fb4c3
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/getResourceRecordSet2.json
@@ -0,0 +1,17 @@
+{
+ "_links": {
+ "self": {
+ "href": "/domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT"
+ },
+ "collection": {
+ "href": "/domains/example.com/resourceRecordSets"
+ }
+ },
+ "content": [
+ "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo"
+ ],
+ "editable": true,
+ "name": "_acme-challenge.example.com.",
+ "ttl": 3600,
+ "type": "TXT"
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet-request.json b/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet-request.json
new file mode 100644
index 000000000..e781958c8
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet-request.json
@@ -0,0 +1,8 @@
+{
+ "content": [
+ "foo",
+ "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo",
+ "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ ],
+ "ttl": 3600
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet-request2.json b/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet-request2.json
new file mode 100644
index 000000000..0acc314de
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet-request2.json
@@ -0,0 +1,6 @@
+{
+ "content": [
+ "foo"
+ ],
+ "ttl": 3600
+}
diff --git a/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet.json b/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet.json
new file mode 100644
index 000000000..2b877982c
--- /dev/null
+++ b/providers/dns/leaseweb/internal/fixtures/updateResourceRecordSet.json
@@ -0,0 +1,19 @@
+{
+ "_links": {
+ "self": {
+ "href": "/domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT"
+ },
+ "collection": {
+ "href": "/domains/example.com/resourceRecordSets"
+ }
+ },
+ "content": [
+ "foo",
+ "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo",
+ "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
+ ],
+ "editable": true,
+ "name": "_acme-challenge.example.com.",
+ "ttl": 3600,
+ "type": "TXT"
+}
diff --git a/providers/dns/leaseweb/internal/types.go b/providers/dns/leaseweb/internal/types.go
new file mode 100644
index 000000000..7a4547584
--- /dev/null
+++ b/providers/dns/leaseweb/internal/types.go
@@ -0,0 +1,35 @@
+package internal
+
+import (
+ "encoding/json"
+ "fmt"
+)
+
+type NotFoundError struct {
+ APIError
+}
+
+type APIError struct {
+ CorrelationID string `json:"correlationId,omitempty"`
+ ErrorCode string `json:"errorCode,omitempty"`
+ ErrorMessage string `json:"errorMessage,omitempty"`
+ ErrorDetails json.RawMessage `json:"errorDetails,omitempty"`
+}
+
+func (a *APIError) Error() string {
+ msg := fmt.Sprintf("%s: %s (%s)", a.ErrorCode, a.ErrorMessage, a.CorrelationID)
+
+ if len(a.ErrorDetails) > 0 {
+ msg += fmt.Sprintf(": %s", string(a.ErrorDetails))
+ }
+
+ return msg
+}
+
+type RRSet struct {
+ Content []string `json:"content,omitempty"`
+ Name string `json:"name,omitempty"`
+ Editable bool `json:"editable,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Type string `json:"type,omitempty"`
+}
diff --git a/providers/dns/leaseweb/leaseweb.go b/providers/dns/leaseweb/leaseweb.go
new file mode 100644
index 000000000..fafaf1c4d
--- /dev/null
+++ b/providers/dns/leaseweb/leaseweb.go
@@ -0,0 +1,187 @@
+// Package leaseweb implements a DNS provider for solving the DNS-01 challenge using Leaseweb.
+package leaseweb
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/leaseweb/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "LEASEWEB_"
+
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Leaseweb.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("leaseweb: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Leaseweb.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("leaseweb: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("leaseweb: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("leaseweb: could not find zone for domain %q: %w", domain, err)
+ }
+
+ existingRRSet, err := d.client.GetRRSet(ctx, dns01.UnFqdn(authZone), info.EffectiveFQDN, "TXT")
+ if err != nil {
+ notfoundErr := &internal.NotFoundError{}
+ if !errors.As(err, ¬foundErr) {
+ return fmt.Errorf("leaseweb: get RRSet: %w", err)
+ }
+
+ // Create the RRSet.
+
+ rrset := internal.RRSet{
+ Content: []string{info.Value},
+ Name: info.EffectiveFQDN,
+ TTL: internal.TTLRounder(d.config.TTL),
+ Type: "TXT",
+ }
+
+ _, err = d.client.CreateRRSet(ctx, dns01.UnFqdn(authZone), rrset)
+ if err != nil {
+ return fmt.Errorf("leaseweb: create RRSet: %w", err)
+ }
+
+ return nil
+ }
+
+ // Update the RRSet.
+
+ existingRRSet.Content = append(existingRRSet.Content, info.Value)
+
+ _, err = d.client.UpdateRRSet(ctx, dns01.UnFqdn(authZone), *existingRRSet)
+ if err != nil {
+ return fmt.Errorf("leaseweb: update RRSet: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("leaseweb: could not find zone for domain %q: %w", domain, err)
+ }
+
+ existingRRSet, err := d.client.GetRRSet(ctx, dns01.UnFqdn(authZone), info.EffectiveFQDN, "TXT")
+ if err != nil {
+ return fmt.Errorf("leaseweb: get RRSet: %w", err)
+ }
+
+ var content []string
+
+ for _, s := range existingRRSet.Content {
+ if s != info.Value {
+ content = append(content, s)
+ }
+ }
+
+ if len(content) == 0 {
+ err = d.client.DeleteRRSet(ctx, dns01.UnFqdn(authZone), info.EffectiveFQDN, "TXT")
+ if err != nil {
+ return fmt.Errorf("leaseweb: delete RRSet: %w", err)
+ }
+
+ return nil
+ }
+
+ existingRRSet.Content = content
+
+ _, err = d.client.UpdateRRSet(ctx, dns01.UnFqdn(authZone), *existingRRSet)
+ if err != nil {
+ return fmt.Errorf("leaseweb: update RRSet: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/leaseweb/leaseweb.toml b/providers/dns/leaseweb/leaseweb.toml
new file mode 100644
index 000000000..2c3503291
--- /dev/null
+++ b/providers/dns/leaseweb/leaseweb.toml
@@ -0,0 +1,22 @@
+Name = "Leaseweb"
+Description = ''''''
+URL = "https://www.leaseweb.com/en/"
+Code = "leaseweb"
+Since = "v4.32.0"
+
+Example = '''
+LEASEWEB_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --dns leaseweb -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ LEASEWEB_API_KEY = "API key"
+ [Configuration.Additional]
+ LEASEWEB_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ LEASEWEB_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ LEASEWEB_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ LEASEWEB_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://developer.leaseweb.com/docs/#tag/DNS"
diff --git a/providers/dns/leaseweb/leaseweb_test.go b/providers/dns/leaseweb/leaseweb_test.go
new file mode 100644
index 000000000..0450cd2c2
--- /dev/null
+++ b/providers/dns/leaseweb/leaseweb_test.go
@@ -0,0 +1,204 @@
+package leaseweb
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/go-acme/lego/v4/providers/dns/leaseweb/internal"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIKey: "secret",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "leaseweb: some credentials information are missing: LEASEWEB_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing credentials",
+ expected: "leaseweb: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIKey = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With(internal.AuthHeader, "secret"),
+ )
+}
+
+func TestDNSProvider_Present_create(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromInternal("error_404.json").
+ WithStatusCode(http.StatusNotFound),
+ ).
+ Route("POST /domains/example.com/resourceRecordSets",
+ servermock.ResponseFromInternal("createResourceRecordSet.json"),
+ servermock.CheckRequestJSONBodyFromInternal("createResourceRecordSet-request.json"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_Present_update(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromInternal("getResourceRecordSet.json"),
+ ).
+ Route("PUT /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromInternal("updateResourceRecordSet.json"),
+ servermock.CheckRequestJSONBodyFromInternal("updateResourceRecordSet-request.json"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp_delete(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromInternal("getResourceRecordSet2.json"),
+ ).
+ Route("DELETE /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.Noop().
+ WithStatusCode(http.StatusNoContent),
+ ).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "1234d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp_update(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromInternal("getResourceRecordSet.json"),
+ ).
+ Route("PUT /domains/example.com/resourceRecordSets/_acme-challenge.example.com./TXT",
+ servermock.ResponseFromInternal("updateResourceRecordSet.json"),
+ servermock.CheckRequestJSONBodyFromInternal("updateResourceRecordSet-request2.json"),
+ ).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "1234d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/liara/internal/client.go b/providers/dns/liara/internal/client.go
index 3d4af1d3b..95c39695b 100644
--- a/providers/dns/liara/internal/client.go
+++ b/providers/dns/liara/internal/client.go
@@ -20,17 +20,23 @@ const defaultBaseURL = "https://dns-service.iran.liara.ir"
type Client struct {
baseURL *url.URL
httpClient *http.Client
+
+ teamID string
}
// NewClient creates a new Client.
-func NewClient(hc *http.Client) *Client {
+func NewClient(hc *http.Client, teamID string) *Client {
baseURL, _ := url.Parse(defaultBaseURL)
if hc == nil {
hc = &http.Client{Timeout: 10 * time.Second}
}
- return &Client{httpClient: hc, baseURL: baseURL}
+ return &Client{
+ httpClient: hc,
+ baseURL: baseURL,
+ teamID: teamID,
+ }
}
// GetRecords gets the records of a domain.
@@ -38,7 +44,7 @@ func NewClient(hc *http.Client) *Client {
func (c *Client) GetRecords(ctx context.Context, domainName string) ([]Record, error) {
endpoint := c.baseURL.JoinPath("api", "v1", "zones", domainName, "dns-records")
- req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ req, err := c.newJSONRequest(ctx, http.MethodGet, endpoint, nil)
if err != nil {
return nil, fmt.Errorf("create request: %w", err)
}
@@ -60,6 +66,7 @@ func (c *Client) GetRecords(ctx context.Context, domainName string) ([]Record, e
}
var response Response[[]Record]
+
err = json.Unmarshal(raw, &response)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -72,7 +79,7 @@ func (c *Client) GetRecords(ctx context.Context, domainName string) ([]Record, e
func (c *Client) CreateRecord(ctx context.Context, domainName string, record Record) (*Record, error) {
endpoint := c.baseURL.JoinPath("api", "v1", "zones", domainName, "dns-records")
- req, err := newJSONRequest(ctx, http.MethodPost, endpoint, record)
+ req, err := c.newJSONRequest(ctx, http.MethodPost, endpoint, record)
if err != nil {
return nil, fmt.Errorf("create request: %w", err)
}
@@ -94,6 +101,7 @@ func (c *Client) CreateRecord(ctx context.Context, domainName string, record Rec
}
var response Response[*Record]
+
err = json.Unmarshal(raw, &response)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -106,7 +114,7 @@ func (c *Client) CreateRecord(ctx context.Context, domainName string, record Rec
func (c *Client) GetRecord(ctx context.Context, domainName, recordID string) (*Record, error) {
endpoint := c.baseURL.JoinPath("api", "v1", "zones", domainName, "dns-records", recordID)
- req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ req, err := c.newJSONRequest(ctx, http.MethodGet, endpoint, nil)
if err != nil {
return nil, fmt.Errorf("create request: %w", err)
}
@@ -128,6 +136,7 @@ func (c *Client) GetRecord(ctx context.Context, domainName, recordID string) (*R
}
var response Response[*Record]
+
err = json.Unmarshal(raw, &response)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -140,7 +149,7 @@ func (c *Client) GetRecord(ctx context.Context, domainName, recordID string) (*R
func (c *Client) DeleteRecord(ctx context.Context, domainName, recordID string) error {
endpoint := c.baseURL.JoinPath("api", "v1", "zones", domainName, "dns-records", recordID)
- req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ req, err := c.newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
if err != nil {
return fmt.Errorf("create request: %w", err)
}
@@ -159,7 +168,14 @@ func (c *Client) DeleteRecord(ctx context.Context, domainName, recordID string)
return nil
}
-func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+func (c *Client) newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ if c.teamID != "" {
+ query := endpoint.Query()
+ query.Set("teamID", c.teamID)
+
+ endpoint.RawQuery = query.Encode()
+ }
+
buf := new(bytes.Buffer)
if payload != nil {
@@ -187,6 +203,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/liara/internal/client_test.go b/providers/dns/liara/internal/client_test.go
index 57ac7e8b3..b6d007046 100644
--- a/providers/dns/liara/internal/client_test.go
+++ b/providers/dns/liara/internal/client_test.go
@@ -13,10 +13,10 @@ import (
const apiKey = "key"
-func mockBuilder() *servermock.Builder[*Client] {
+func mockBuilder(teamID string) *servermock.Builder[*Client] {
return servermock.NewBuilder[*Client](
func(server *httptest.Server) (*Client, error) {
- client := NewClient(OAuthStaticAccessToken(server.Client(), apiKey))
+ client := NewClient(OAuthStaticAccessToken(server.Client(), apiKey), teamID)
client.baseURL, _ = url.Parse(server.URL)
return client, nil
@@ -26,7 +26,7 @@ func mockBuilder() *servermock.Builder[*Client] {
}
func TestClient_GetRecords(t *testing.T) {
- client := mockBuilder().
+ client := mockBuilder("").
Route("GET /api/v1/zones/example.com/dns-records", servermock.ResponseFromFixture("RecordsResponse.json")).
Build(t)
@@ -50,7 +50,7 @@ func TestClient_GetRecords(t *testing.T) {
}
func TestClient_GetRecord(t *testing.T) {
- client := mockBuilder().
+ client := mockBuilder("").
Route("GET /api/v1/zones/example.com/dns-records/123", servermock.ResponseFromFixture("RecordResponse.json")).
Build(t)
@@ -72,7 +72,7 @@ func TestClient_GetRecord(t *testing.T) {
}
func TestClient_CreateRecord(t *testing.T) {
- client := mockBuilder().
+ client := mockBuilder("").
Route("POST /api/v1/zones/example.com/dns-records",
servermock.ResponseFromFixture("RecordResponse.json").
WithStatusCode(http.StatusCreated),
@@ -108,8 +108,47 @@ func TestClient_CreateRecord(t *testing.T) {
assert.Equal(t, expected, record)
}
+func TestClient_CreateRecord_withTeamID(t *testing.T) {
+ client := mockBuilder("123").
+ Route("POST /api/v1/zones/example.com/dns-records",
+ servermock.ResponseFromFixture("RecordResponse.json").
+ WithStatusCode(http.StatusCreated),
+ servermock.CheckRequestJSONBody(`{"name":"string","type":"string","ttl":3600,"contents":[{"text":"string"}]}`),
+ servermock.CheckQueryParameter().Strict().With("teamID", "123"),
+ ).
+ Build(t)
+
+ data := Record{
+ Type: "string",
+ Name: "string",
+ Contents: []Content{
+ {
+ Text: "string",
+ },
+ },
+ TTL: 3600,
+ }
+
+ record, err := client.CreateRecord(t.Context(), "example.com", data)
+ require.NoError(t, err)
+
+ expected := &Record{
+ ID: "string",
+ Type: "string",
+ Name: "string",
+ Contents: []Content{
+ {
+ Text: "string",
+ },
+ },
+ TTL: 3600,
+ }
+
+ assert.Equal(t, expected, record)
+}
+
func TestClient_DeleteRecord(t *testing.T) {
- client := mockBuilder().
+ client := mockBuilder("").
Route("DELETE /api/v1/zones/example.com/dns-records/123",
servermock.Noop().
WithStatusCode(http.StatusNoContent)).
@@ -120,7 +159,7 @@ func TestClient_DeleteRecord(t *testing.T) {
}
func TestClient_DeleteRecord_NotFound_Response(t *testing.T) {
- client := mockBuilder().
+ client := mockBuilder("").
Route("DELETE /api/v1/zones/example.com/dns-records/123",
servermock.Noop().
WithStatusCode(http.StatusNotFound)).
@@ -131,7 +170,7 @@ func TestClient_DeleteRecord_NotFound_Response(t *testing.T) {
}
func TestClient_DeleteRecord_error(t *testing.T) {
- client := mockBuilder().
+ client := mockBuilder("").
Route("DELETE /api/v1/zones/example.com/dns-records/123",
servermock.ResponseFromFixture("error.json").
WithStatusCode(http.StatusUnauthorized)).
diff --git a/providers/dns/liara/liara.go b/providers/dns/liara/liara.go
index a0437b0eb..c7e403eed 100644
--- a/providers/dns/liara/liara.go
+++ b/providers/dns/liara/liara.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/liara/internal"
"github.com/hashicorp/go-retryablehttp"
)
@@ -22,6 +23,7 @@ const (
envNamespace = "LIARA_"
EnvAPIKey = envNamespace + "API_KEY"
+ EnvTeamID = envNamespace + "TEAM_ID"
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@@ -38,7 +40,9 @@ var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- APIKey string
+ APIKey string
+ TeamID string
+
TTL int
PropagationTimeout time.Duration
PollingInterval time.Duration
@@ -76,6 +80,7 @@ func NewDNSProvider() (*DNSProvider, error) {
config := NewDefaultConfig()
config.APIKey = values[EnvAPIKey]
+ config.TeamID = env.GetOrFile(EnvTeamID)
return NewDNSProviderConfig(config)
}
@@ -99,13 +104,20 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
}
retryClient := retryablehttp.NewClient()
+
retryClient.RetryMax = 5
if config.HTTPClient != nil {
retryClient.HTTPClient = config.HTTPClient
}
+
retryClient.Logger = log.Logger
- client := internal.NewClient(internal.OAuthStaticAccessToken(retryClient.StandardClient(), config.APIKey))
+ client := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(retryClient.StandardClient(), config.APIKey),
+ ),
+ config.TeamID,
+ )
return &DNSProvider{
config: config,
@@ -140,6 +152,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
Contents: []internal.Content{{Text: info.Value}},
TTL: d.config.TTL,
}
+
newRecord, err := d.client.CreateRecord(context.Background(), dns01.UnFqdn(authZone), record)
if err != nil {
return fmt.Errorf("liara: failed to create TXT record, fqdn=%s: %w", info.EffectiveFQDN, err)
@@ -165,6 +178,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("liara: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
diff --git a/providers/dns/liara/liara.toml b/providers/dns/liara/liara.toml
index 1259999a2..f471de04e 100644
--- a/providers/dns/liara/liara.toml
+++ b/providers/dns/liara/liara.toml
@@ -6,13 +6,14 @@ Since = "v4.10.0"
Example = '''
LIARA_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns liara -d '*.example.com' -d example.com run
+lego --dns liara -d '*.example.com' -d example.com run
'''
[Configuration]
[Configuration.Credentials]
LIARA_API_KEY = "The API key"
[Configuration.Additional]
+ LIARA_TEAM_ID = "The team ID to access services in a team"
LIARA_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
LIARA_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
LIARA_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 3600)"
diff --git a/providers/dns/liara/liara_test.go b/providers/dns/liara/liara_test.go
index 4256be55e..b1f3f77c9 100644
--- a/providers/dns/liara/liara_test.go
+++ b/providers/dns/liara/liara_test.go
@@ -38,6 +38,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -113,6 +114,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -126,6 +128,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/lightsail/lightsail.go b/providers/dns/lightsail/lightsail.go
index ddaf7baca..95b07c503 100644
--- a/providers/dns/lightsail/lightsail.go
+++ b/providers/dns/lightsail/lightsail.go
@@ -99,6 +99,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
retryCount := min(attempt, 7)
delay := (1 << uint(retryCount)) * (rand.Intn(50) + 200)
+
return time.Duration(delay) * time.Millisecond, nil
})
})
diff --git a/providers/dns/lightsail/lightsail_integration_test.go b/providers/dns/lightsail/lightsail_integration_test.go
index 718e57460..dc86bf079 100644
--- a/providers/dns/lightsail/lightsail_integration_test.go
+++ b/providers/dns/lightsail/lightsail_integration_test.go
@@ -34,6 +34,7 @@ func TestLiveTTL(t *testing.T) {
require.NoError(t, err)
svc := lightsail.NewFromConfig(cfg)
+
require.NoError(t, err)
defer func() {
diff --git a/providers/dns/lightsail/lightsail_test.go b/providers/dns/lightsail/lightsail_test.go
index 010e794a9..a6b46045e 100644
--- a/providers/dns/lightsail/lightsail_test.go
+++ b/providers/dns/lightsail/lightsail_test.go
@@ -34,6 +34,7 @@ var envTest = tester.NewEnvTest(
func TestCredentialsFromEnv(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
_ = os.Setenv(envAwsAccessKeyID, "123")
@@ -60,6 +61,7 @@ func TestDNSProvider_Present(t *testing.T) {
func(server *httptest.Server) (*DNSProvider, error) {
return &DNSProvider{
client: lightsail.NewFromConfig(aws.Config{
+ HTTPClient: server.Client(),
Credentials: credentials.NewStaticCredentialsProvider("abc", "123", " "),
Region: "mock-region",
BaseEndpoint: aws.String(server.URL),
@@ -75,5 +77,5 @@ func TestDNSProvider_Present(t *testing.T) {
keyAuth := "123456d=="
err := provider.Present(domain, "", keyAuth)
- require.NoError(t, err, "Expected Present to return no error")
+ require.NoError(t, err)
}
diff --git a/providers/dns/limacity/internal/client.go b/providers/dns/limacity/internal/client.go
index 07622e121..ae6ab87eb 100644
--- a/providers/dns/limacity/internal/client.go
+++ b/providers/dns/limacity/internal/client.go
@@ -41,6 +41,7 @@ func (c *Client) GetDomains(ctx context.Context) ([]Domain, error) {
}
var results DomainsResponse
+
err = c.do(req, &results)
if err != nil {
return nil, err
@@ -58,6 +59,7 @@ func (c *Client) GetRecords(ctx context.Context, domainID int) ([]Record, error)
}
var results RecordsResponse
+
err = c.do(req, &results)
if err != nil {
return nil, err
@@ -75,6 +77,7 @@ func (c *Client) AddRecord(ctx context.Context, domainID int, record Record) err
}
var results APIResponse
+
err = c.do(req, &results)
if err != nil {
return err
@@ -92,6 +95,7 @@ func (c *Client) UpdateRecord(ctx context.Context, domainID, recordID int, recor
}
var results APIResponse
+
err = c.do(req, &results)
if err != nil {
return err
@@ -110,6 +114,7 @@ func (c *Client) DeleteRecord(ctx context.Context, domainID, recordID int) error
}
var results APIResponse
+
err = c.do(req, &results)
if err != nil {
return err
@@ -177,6 +182,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIResponse
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/limacity/internal/types.go b/providers/dns/limacity/internal/types.go
index 5fdbacef9..7411632ea 100644
--- a/providers/dns/limacity/internal/types.go
+++ b/providers/dns/limacity/internal/types.go
@@ -10,7 +10,7 @@ type RecordsResponse struct {
}
type NameserverRecordPayload struct {
- Data Record `json:"nameserver_record,omitempty"`
+ Data Record `json:"nameserver_record"`
}
type DomainsResponse struct {
diff --git a/providers/dns/limacity/limacity.go b/providers/dns/limacity/limacity.go
index 58755aabe..3291faf66 100644
--- a/providers/dns/limacity/limacity.go
+++ b/providers/dns/limacity/limacity.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/limacity/internal"
)
@@ -89,6 +90,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client := internal.NewClient(config.APIKey)
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -110,9 +117,11 @@ func (d *DNSProvider) Sequential() time.Duration {
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- domains, err := d.client.GetDomains(context.Background())
+ domains, err := d.client.GetDomains(ctx)
if err != nil {
return fmt.Errorf("limacity: get domains: %w", err)
}
@@ -134,7 +143,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
Type: "TXT",
}
- err = d.client.AddRecord(context.Background(), dom.ID, record)
+ err = d.client.AddRecord(ctx, dom.ID, record)
if err != nil {
return fmt.Errorf("limacity: add record: %w", err)
}
@@ -148,22 +157,26 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
// gets the domain's unique ID
d.domainIDsMu.Lock()
domainID, ok := d.domainIDs[token]
d.domainIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("limacity: unknown domain ID for '%s' '%s'", info.EffectiveFQDN, token)
}
- records, err := d.client.GetRecords(context.Background(), domainID)
+ records, err := d.client.GetRecords(ctx, domainID)
if err != nil {
return fmt.Errorf("limacity: get records: %w", err)
}
var recordID int
+
for _, record := range records {
if record.Type == "TXT" && record.Content == strconv.Quote(info.Value) {
recordID = record.ID
@@ -175,11 +188,15 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return errors.New("limacity: TXT record not found")
}
- err = d.client.DeleteRecord(context.Background(), domainID, recordID)
+ err = d.client.DeleteRecord(ctx, domainID, recordID)
if err != nil {
return fmt.Errorf("limacity: delete record (domain ID=%d, record ID=%d): %w", domainID, recordID, err)
}
+ d.domainIDsMu.Lock()
+ delete(d.domainIDs, info.EffectiveFQDN)
+ d.domainIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/limacity/limacity.toml b/providers/dns/limacity/limacity.toml
index b9b9f0018..d236577d0 100644
--- a/providers/dns/limacity/limacity.toml
+++ b/providers/dns/limacity/limacity.toml
@@ -6,7 +6,7 @@ Since = "v4.18.0"
Example = '''
LIMACITY_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns limacity -d '*.example.com' -d example.com run
+lego --dns limacity -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/limacity/limacity_test.go b/providers/dns/limacity/limacity_test.go
index 2834a5f1f..3301fcb2e 100644
--- a/providers/dns/limacity/limacity_test.go
+++ b/providers/dns/limacity/limacity_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -92,6 +93,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -105,6 +107,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/linode/linode.go b/providers/dns/linode/linode.go
index 25e1b07d1..b03dee4f5 100644
--- a/providers/dns/linode/linode.go
+++ b/providers/dns/linode/linode.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
"github.com/linode/linodego"
"golang.org/x/oauth2"
@@ -102,7 +103,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
},
}
- client := linodego.NewClient(oauth2Client)
+ client := linodego.NewClient(clientdebug.Wrap(oauth2Client))
client.SetUserAgent(useragent.Get())
return &DNSProvider{config: config, client: &client}, nil
@@ -130,9 +131,11 @@ func (d *DNSProvider) Timeout() (time.Duration, time.Duration) {
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- zone, err := d.getHostedZoneInfo(info.EffectiveFQDN)
+ zone, err := d.getHostedZoneInfo(ctx, info.EffectiveFQDN)
if err != nil {
return err
}
@@ -144,22 +147,26 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
Type: linodego.RecordTypeTXT,
}
- _, err = d.client.CreateDomainRecord(context.Background(), zone.domainID, createOpts)
+ _, err = d.client.CreateDomainRecord(ctx, zone.domainID, createOpts)
+
return err
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- zone, err := d.getHostedZoneInfo(info.EffectiveFQDN)
+ zone, err := d.getHostedZoneInfo(ctx, info.EffectiveFQDN)
if err != nil {
return err
}
// Get all TXT records for the specified domain.
listOpts := linodego.NewListOptions(0, `{"type":"TXT"}`)
- resources, err := d.client.ListDomainRecords(context.Background(), zone.domainID, listOpts)
+
+ resources, err := d.client.ListDomainRecords(ctx, zone.domainID, listOpts)
if err != nil {
return err
}
@@ -168,7 +175,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
for _, resource := range resources {
if (resource.Name == dns01.UnFqdn(info.EffectiveFQDN) || resource.Name == zone.resourceName) &&
resource.Target == info.Value {
- if err := d.client.DeleteDomainRecord(context.Background(), zone.domainID, resource.ID); err != nil {
+ if err := d.client.DeleteDomainRecord(ctx, zone.domainID, resource.ID); err != nil {
return err
}
}
@@ -177,7 +184,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return nil
}
-func (d *DNSProvider) getHostedZoneInfo(fqdn string) (*hostedZoneInfo, error) {
+func (d *DNSProvider) getHostedZoneInfo(ctx context.Context, fqdn string) (*hostedZoneInfo, error) {
// Lookup the zone that handles the specified FQDN.
authZone, err := dns01.FindZoneByFqdn(fqdn)
if err != nil {
@@ -191,7 +198,8 @@ func (d *DNSProvider) getHostedZoneInfo(fqdn string) (*hostedZoneInfo, error) {
}
listOpts := linodego.NewListOptions(0, string(filter))
- domains, err := d.client.ListDomains(context.Background(), listOpts)
+
+ domains, err := d.client.ListDomains(ctx, listOpts)
if err != nil {
return nil, err
}
diff --git a/providers/dns/linode/linode.toml b/providers/dns/linode/linode.toml
index f046d3f9b..9ea30b92b 100644
--- a/providers/dns/linode/linode.toml
+++ b/providers/dns/linode/linode.toml
@@ -7,7 +7,7 @@ Since = "v1.1.0"
Example = '''
LINODE_TOKEN=xxxxx \
-lego --email you@example.com --dns linode -d '*.example.com' -d example.com run
+lego --dns linode -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/linode/linode_test.go b/providers/dns/linode/linode_test.go
index 08549ab7e..1c4903aca 100644
--- a/providers/dns/linode/linode_test.go
+++ b/providers/dns/linode/linode_test.go
@@ -39,6 +39,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -94,6 +95,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
func TestDNSProvider_Present(t *testing.T) {
defer envTest.RestoreEnv()
+
os.Setenv(EnvToken, "testing")
domain := "example.com"
@@ -178,6 +180,7 @@ func TestDNSProvider_Present(t *testing.T) {
func TestDNSProvider_CleanUp(t *testing.T) {
defer envTest.RestoreEnv()
+
os.Setenv(EnvToken, "testing")
domain := "example.com"
diff --git a/providers/dns/liquidweb/liquidweb.go b/providers/dns/liquidweb/liquidweb.go
index 2d0a46142..6e93e2a12 100644
--- a/providers/dns/liquidweb/liquidweb.go
+++ b/providers/dns/liquidweb/liquidweb.go
@@ -62,8 +62,9 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *lw.API
+ config *Config
+ client *lw.API
+
recordIDs map[string]int
recordIDsMu sync.Mutex
}
@@ -159,6 +160,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
params := &network.DNSRecordParams{ID: recordID}
+
_, err := d.client.NetworkDNS.Delete(params)
if err != nil {
return fmt.Errorf("liquidweb: could not remove TXT record: %w", err)
@@ -179,6 +181,7 @@ func (d *DNSProvider) findZone(domain string) (string, error) {
// filter the zones on the account to only ones that match
var zs []network.DNSZone
+
for _, item := range zones.Items {
if strings.HasSuffix(domain, item.Name) {
zs = append(zs, item)
diff --git a/providers/dns/liquidweb/liquidweb.toml b/providers/dns/liquidweb/liquidweb.toml
index 22789f41e..386b99cab 100644
--- a/providers/dns/liquidweb/liquidweb.toml
+++ b/providers/dns/liquidweb/liquidweb.toml
@@ -7,7 +7,7 @@ Since = "v3.1.0"
Example = '''
LWAPI_USERNAME=someuser \
LWAPI_PASSWORD=somepass \
-lego --email you@example.com --dns liquidweb -d '*.example.com' -d example.com run
+lego --dns liquidweb -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/liquidweb/liquidweb_test.go b/providers/dns/liquidweb/liquidweb_test.go
index b0788c7f5..a34d19037 100644
--- a/providers/dns/liquidweb/liquidweb_test.go
+++ b/providers/dns/liquidweb/liquidweb_test.go
@@ -27,16 +27,16 @@ func TestNewDNSProvider(t *testing.T) {
{
desc: "minimum-success",
envVars: map[string]string{
- EnvUsername: "blars",
- EnvPassword: "tacoman",
+ EnvUsername: "user",
+ EnvPassword: "secret",
},
},
{
desc: "set-everything",
envVars: map[string]string{
- EnvURL: "https://storm.com",
- EnvUsername: "blars",
- EnvPassword: "tacoman",
+ EnvURL: "https://storm.example",
+ EnvUsername: "user",
+ EnvPassword: "secret",
EnvZone: "blars.com",
},
},
@@ -48,16 +48,16 @@ func TestNewDNSProvider(t *testing.T) {
{
desc: "missing username",
envVars: map[string]string{
- EnvPassword: "tacoman",
- EnvZone: "blars.com",
+ EnvPassword: "secret",
+ EnvZone: "blars.example",
},
expected: "liquidweb: some credentials information are missing: LIQUID_WEB_USERNAME",
},
{
desc: "missing password",
envVars: map[string]string{
- EnvUsername: "blars",
- EnvZone: "blars.com",
+ EnvUsername: "user",
+ EnvZone: "blars.example",
},
expected: "liquidweb: some credentials information are missing: LIQUID_WEB_PASSWORD",
},
@@ -66,6 +66,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -147,13 +148,13 @@ func TestNewDNSProviderConfig(t *testing.T) {
func TestDNSProvider_Present(t *testing.T) {
provider := mockProvider(t)
- err := provider.Present("tacoman.com", "", "")
+ err := provider.Present("tacoman.example", "", "")
require.NoError(t, err)
}
func TestDNSProvider_CleanUp(t *testing.T) {
provider := mockProvider(t, network.DNSRecord{
- Name: "_acme-challenge.tacoman.com",
+ Name: "_acme-challenge.tacoman.example",
RData: "123d==",
Type: "TXT",
TTL: 300,
@@ -163,7 +164,7 @@ func TestDNSProvider_CleanUp(t *testing.T) {
provider.recordIDs["123d=="] = 1234567
- err := provider.CleanUp("tacoman.com.", "123d==", "")
+ err := provider.CleanUp("tacoman.example.", "123d==", "")
require.NoError(t, err)
}
@@ -180,7 +181,7 @@ func TestDNSProvider(t *testing.T) {
}{
{
desc: "expected successful",
- domain: "tacoman.com",
+ domain: "tacoman.example",
token: "123",
keyAuth: "456",
present: true,
@@ -188,7 +189,7 @@ func TestDNSProvider(t *testing.T) {
},
{
desc: "other successful",
- domain: "banana.com",
+ domain: "banana.example",
token: "123",
keyAuth: "456",
present: true,
@@ -196,16 +197,16 @@ func TestDNSProvider(t *testing.T) {
},
{
desc: "zone not on account",
- domain: "huckleberry.com",
+ domain: "huckleberry.example",
token: "123",
keyAuth: "456",
present: true,
- expPresentErr: "no valid zone in account for certificate '_acme-challenge.huckleberry.com'",
+ expPresentErr: "no valid zone in account for certificate '_acme-challenge.huckleberry.example'",
cleanup: false,
},
{
desc: "ssl for domain",
- domain: "sundae.cherry.com",
+ domain: "sundae.cherry.example",
token: "5847953",
keyAuth: "34872934",
present: true,
@@ -213,7 +214,7 @@ func TestDNSProvider(t *testing.T) {
},
{
desc: "complicated domain",
- domain: "always.money.stand.banana.com",
+ domain: "always.money.stand.banana.example",
token: "5847953",
keyAuth: "there is always money in the banana stand",
present: true,
@@ -248,6 +249,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/liquidweb/servermock_test.go b/providers/dns/liquidweb/servermock_test.go
index 9cb434761..4886e17f1 100644
--- a/providers/dns/liquidweb/servermock_test.go
+++ b/providers/dns/liquidweb/servermock_test.go
@@ -26,14 +26,14 @@ func mockProvider(t *testing.T, initRecs ...network.DNSRecord) *DNSProvider {
return servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
- config.Username = "blars"
- config.Password = "tacoman"
+ config.Username = "user"
+ config.Password = "secret"
config.BaseURL = server.URL
return NewDNSProviderConfig(config)
},
servermock.CheckHeader().
- WithBasicAuth("blars", "tacoman"),
+ WithBasicAuth("user", "secret"),
).
Route("/v1/Network/DNS/Record/delete", mockAPIDelete(recs)).
Route("/v1/Network/DNS/Record/create", mockAPICreate(recs)).
@@ -62,6 +62,7 @@ func mockAPICreate(recs map[int]network.DNSRecord) http.HandlerFunc {
http.Error(rw, makeEncodingError(body), http.StatusBadRequest)
return
}
+
payload.Params.ID = types.FlexInt(rand.Intn(10000000))
payload.Params.ZoneID = types.FlexInt(mockAPIServerZones[payload.Params.Name])
@@ -69,6 +70,7 @@ func mockAPICreate(recs map[int]network.DNSRecord) http.HandlerFunc {
http.Error(rw, "dns record already exists", http.StatusTeapot)
return
}
+
recs[int(payload.Params.ID)] = payload.Params
resp, err := json.Marshal(payload.Params)
@@ -76,6 +78,7 @@ func mockAPICreate(recs map[int]network.DNSRecord) http.HandlerFunc {
http.Error(rw, "", http.StatusInternalServerError)
return
}
+
http.Error(rw, string(resp), http.StatusOK)
}
}
@@ -109,6 +112,7 @@ func mockAPIDelete(recs map[int]network.DNSRecord) http.HandlerFunc {
http.Error(rw, fmt.Sprintf(`{"error":"","error_class":"LW::Exception::RecordNotFound","field":"network_dns_rr","full_message":"Record 'network_dns_rr: %d' not found","input":"%d","public_message":null}`, payload.Params.ID, payload.Params.ID), http.StatusOK)
return
}
+
delete(recs, payload.Params.ID)
http.Error(rw, fmt.Sprintf("{\"deleted\":%d}", payload.Params.ID), http.StatusOK)
}
@@ -141,6 +145,7 @@ func mockAPIListZones() http.HandlerFunc {
case payload.Params.PageNum > len(mockZones):
payload.Params.PageNum = len(mockZones)
}
+
resp := mockZones[payload.Params.PageNum]
resp.ItemTotal = types.FlexInt(len(mockAPIServerZones))
resp.PageNum = types.FlexInt(payload.Params.PageNum)
@@ -167,38 +172,38 @@ func makeMockZones() (map[int]network.DNSZoneList, map[string]int) {
Items: []network.DNSZone{
{
ID: 1,
- Name: "blars.com",
+ Name: "blars.example",
Active: 1,
DelegationStatus: "CORRECT",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 2,
- Name: "tacoman.com",
+ Name: "tacoman.example",
Active: 1,
DelegationStatus: "CORRECT",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 3,
- Name: "storm.com",
+ Name: "storm.example",
Active: 1,
DelegationStatus: "CORRECT",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 4,
- Name: "not-apple.com",
+ Name: "not-apple.example",
Active: 1,
DelegationStatus: "BAD_NAMESERVERS",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 5,
Name: "example.com",
Active: 1,
DelegationStatus: "BAD_NAMESERVERS",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
},
},
@@ -206,38 +211,38 @@ func makeMockZones() (map[int]network.DNSZoneList, map[string]int) {
Items: []network.DNSZone{
{
ID: 6,
- Name: "banana.com",
+ Name: "banana.example",
Active: 1,
DelegationStatus: "NXDOMAIN",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 7,
- Name: "cherry.com",
+ Name: "cherry.example",
Active: 1,
DelegationStatus: "SERVFAIL",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 8,
- Name: "dates.com",
+ Name: "dates.example",
Active: 1,
DelegationStatus: "SERVFAIL",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 9,
- Name: "eggplant.com",
+ Name: "eggplant.example",
Active: 1,
DelegationStatus: "SERVFAIL",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 10,
- Name: "fig.com",
+ Name: "fig.example",
Active: 1,
DelegationStatus: "UNKNOWN",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
},
},
@@ -245,41 +250,43 @@ func makeMockZones() (map[int]network.DNSZoneList, map[string]int) {
Items: []network.DNSZone{
{
ID: 11,
- Name: "grapes.com",
+ Name: "grapes.example",
Active: 1,
DelegationStatus: "UNKNOWN",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 12,
- Name: "money.banana.com",
+ Name: "money.banana.example",
Active: 1,
DelegationStatus: "UNKNOWN",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 13,
- Name: "money.stand.banana.com",
+ Name: "money.stand.banana.example",
Active: 1,
DelegationStatus: "UNKNOWN",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
{
ID: 14,
- Name: "stand.banana.com",
+ Name: "stand.banana.example",
Active: 1,
DelegationStatus: "UNKNOWN",
- PrimaryNameserver: "ns.liquidweb.com",
+ PrimaryNameserver: "ns.example.org",
},
},
},
}
mockAPIServerZones := make(map[string]int)
+
for _, page := range mockZones {
for _, zone := range page.Items {
mockAPIServerZones[zone.Name] = int(zone.ID)
}
}
+
return mockZones, mockAPIServerZones
}
diff --git a/providers/dns/loopia/internal/client_test.go b/providers/dns/loopia/internal/client_test.go
index 63962b06e..fed7d94f1 100644
--- a/providers/dns/loopia/internal/client_test.go
+++ b/providers/dns/loopia/internal/client_test.go
@@ -15,6 +15,7 @@ func mockBuilder(password string) *servermock.Builder[*Client] {
return servermock.NewBuilder[*Client](
func(server *httptest.Server) (*Client, error) {
client := NewClient("apiuser", password)
+ client.HTTPClient = server.Client()
client.BaseURL = server.URL + "/"
return client, nil
diff --git a/providers/dns/loopia/internal/types.go b/providers/dns/loopia/internal/types.go
index c286c01fd..c3425c8b1 100644
--- a/providers/dns/loopia/internal/types.go
+++ b/providers/dns/loopia/internal/types.go
@@ -66,6 +66,7 @@ type response interface {
type responseString struct {
responseFault
+
Value string `xml:"params>param>value>string"`
}
@@ -88,6 +89,7 @@ func (e RPCError) Error() string {
type recordObjectsResponse struct {
responseFault
+
XMLName xml.Name `xml:"methodResponse"`
Params []RecordObj `xml:"params>param>value>array>data>value>struct"`
}
@@ -102,6 +104,7 @@ type RecordObj struct {
func (r *RecordObj) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
var name string
+
for {
t, err := d.Token()
if err != nil {
@@ -144,6 +147,7 @@ func (r *RecordObj) decodeValueString(name string, d *xml.Decoder, start xml.Sta
}
s = strings.TrimSpace(s)
+
switch name {
case "type":
r.Type = s
diff --git a/providers/dns/loopia/loopia.go b/providers/dns/loopia/loopia.go
index 8389ae5f6..be3416ddf 100644
--- a/providers/dns/loopia/loopia.go
+++ b/providers/dns/loopia/loopia.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/loopia/internal"
)
@@ -113,6 +114,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
if config.BaseURL != "" {
client.BaseURL = config.BaseURL
}
diff --git a/providers/dns/loopia/loopia.toml b/providers/dns/loopia/loopia.toml
index 4a127ec55..a201852c9 100644
--- a/providers/dns/loopia/loopia.toml
+++ b/providers/dns/loopia/loopia.toml
@@ -7,7 +7,7 @@ Since = "v4.2.0"
Example = '''
LOOPIA_API_USER=xxxxxxxx \
LOOPIA_API_PASSWORD=yyyyyyyy \
-lego --email you@example.com --dns loopia -d '*.example.com' -d example.com run
+lego --dns loopia -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/loopia/loopia_test.go b/providers/dns/loopia/loopia_test.go
index e397c9639..b3163fc77 100644
--- a/providers/dns/loopia/loopia_test.go
+++ b/providers/dns/loopia/loopia_test.go
@@ -103,6 +103,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -192,6 +193,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -205,6 +207,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/luadns/internal/client.go b/providers/dns/luadns/internal/client.go
index 8e46418f2..5ce9cca86 100644
--- a/providers/dns/luadns/internal/client.go
+++ b/providers/dns/luadns/internal/client.go
@@ -49,6 +49,7 @@ func (c *Client) ListZones(ctx context.Context) ([]DNSZone, error) {
}
var zones []DNSZone
+
err = c.do(req, &zones)
if err != nil {
return nil, fmt.Errorf("could not list zones: %w", err)
@@ -68,6 +69,7 @@ func (c *Client) CreateRecord(ctx context.Context, zone DNSZone, newRecord DNSRe
}
var record *DNSRecord
+
err = c.do(req, &record)
if err != nil {
return nil, fmt.Errorf("could not create record %#v: %w", record, err)
@@ -153,6 +155,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errResp errorResponse
+
err := json.Unmarshal(raw, &errResp)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/luadns/luadns.go b/providers/dns/luadns/luadns.go
index 026a0da70..68b9c66b8 100644
--- a/providers/dns/luadns/luadns.go
+++ b/providers/dns/luadns/luadns.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/luadns/internal"
)
@@ -100,11 +101,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
- config: config,
- client: client,
- recordsMu: sync.Mutex{},
- records: make(map[string]*internal.DNSRecord),
+ config: config,
+ client: client,
+ records: make(map[string]*internal.DNSRecord),
}, nil
}
diff --git a/providers/dns/luadns/luadns.toml b/providers/dns/luadns/luadns.toml
index c80929c21..e56fac0b6 100644
--- a/providers/dns/luadns/luadns.toml
+++ b/providers/dns/luadns/luadns.toml
@@ -7,7 +7,7 @@ Since = "v3.7.0"
Example = '''
LUADNS_API_USERNAME=youremail \
LUADNS_API_TOKEN=xxxxxxxx \
-lego --email you@example.com --dns luadns -d '*.example.com' -d example.com run
+lego --dns luadns -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/luadns/luadns_test.go b/providers/dns/luadns/luadns_test.go
index ea4d06ae1..a1aa36872 100644
--- a/providers/dns/luadns/luadns_test.go
+++ b/providers/dns/luadns/luadns_test.go
@@ -58,6 +58,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -199,6 +200,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -212,6 +214,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/mailinabox/mailinabox.go b/providers/dns/mailinabox/mailinabox.go
index 3ea8a9f29..cf6202a92 100644
--- a/providers/dns/mailinabox/mailinabox.go
+++ b/providers/dns/mailinabox/mailinabox.go
@@ -5,11 +5,13 @@ import (
"context"
"errors"
"fmt"
+ "net/http"
"time"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/nrdcg/mailinabox"
)
@@ -23,6 +25,7 @@ const (
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
@@ -34,6 +37,7 @@ type Config struct {
BaseURL string
PropagationTimeout time.Duration
PollingInterval time.Duration
+ HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
@@ -41,6 +45,9 @@ func NewDefaultConfig() *Config {
return &Config{
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 4*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
}
}
@@ -81,7 +88,13 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("mailinabox: missing base URL")
}
- client, err := mailinabox.New(config.BaseURL, config.Email, config.Password)
+ if config.HTTPClient == nil {
+ config.HTTPClient = &http.Client{Timeout: 30 * time.Second}
+ }
+
+ config.HTTPClient = clientdebug.Wrap(config.HTTPClient)
+
+ client, err := mailinabox.New(config.BaseURL, config.Email, config.Password, mailinabox.WithHTTPClient(config.HTTPClient))
if err != nil {
return nil, fmt.Errorf("mailinabox: %w", err)
}
diff --git a/providers/dns/mailinabox/mailinabox.toml b/providers/dns/mailinabox/mailinabox.toml
index 4b30dd9e2..74d8aabbc 100644
--- a/providers/dns/mailinabox/mailinabox.toml
+++ b/providers/dns/mailinabox/mailinabox.toml
@@ -8,7 +8,7 @@ Example = '''
MAILINABOX_EMAIL=user@example.com \
MAILINABOX_PASSWORD=yyyy \
MAILINABOX_BASE_URL=https://box.example.com \
-lego --email you@example.com --dns mailinabox -d '*.example.com' -d example.com run
+lego --dns mailinabox -d '*.example.com' -d example.com run
'''
[Configuration]
@@ -19,6 +19,7 @@ lego --email you@example.com --dns mailinabox -d '*.example.com' -d example.com
[Configuration.Additional]
MAILINABOX_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 4)"
MAILINABOX_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
+ MAILINABOX_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
[Links]
API = "https://mailinabox.email/api-docs.html"
diff --git a/providers/dns/mailinabox/mailinabox_test.go b/providers/dns/mailinabox/mailinabox_test.go
index 1b95c220d..11143a11f 100644
--- a/providers/dns/mailinabox/mailinabox_test.go
+++ b/providers/dns/mailinabox/mailinabox_test.go
@@ -59,6 +59,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -136,6 +137,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -149,6 +151,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/manageengine/internal/client.go b/providers/dns/manageengine/internal/client.go
index b360840f0..b5a7dbae7 100644
--- a/providers/dns/manageengine/internal/client.go
+++ b/providers/dns/manageengine/internal/client.go
@@ -24,12 +24,12 @@ type Client struct {
}
// NewClient creates a new Client.
-func NewClient(ctx context.Context, clientID, clientSecret string) *Client {
+func NewClient(hc *http.Client) *Client {
baseURL, _ := url.Parse(defaultBaseURL)
return &Client{
baseURL: baseURL,
- httpClient: createOAuthClient(ctx, clientID, clientSecret),
+ httpClient: hc,
}
}
@@ -109,6 +109,7 @@ func (c *Client) UpdateZoneRecord(ctx context.Context, record ZoneRecord) error
if record.SpfTxtDomainID == 0 {
return errors.New("SpfTxtDomainID is empty")
}
+
if record.ZoneID == 0 {
return errors.New("ZoneID is empty")
}
@@ -188,6 +189,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/manageengine/internal/client_test.go b/providers/dns/manageengine/internal/client_test.go
index 0c18a245f..25d1730f6 100644
--- a/providers/dns/manageengine/internal/client_test.go
+++ b/providers/dns/manageengine/internal/client_test.go
@@ -1,7 +1,6 @@
package internal
import (
- "context"
"net/http"
"net/http/httptest"
"net/url"
@@ -15,9 +14,8 @@ import (
func mockBuilder() *servermock.Builder[*Client] {
return servermock.NewBuilder[*Client](
func(server *httptest.Server) (*Client, error) {
- client := NewClient(context.Background(), "abc", "secret")
+ client := NewClient(server.Client())
- client.httpClient = server.Client()
client.baseURL, _ = url.Parse(server.URL)
return client, nil
diff --git a/providers/dns/manageengine/internal/identity.go b/providers/dns/manageengine/internal/identity.go
index 66a659188..ec28121e4 100644
--- a/providers/dns/manageengine/internal/identity.go
+++ b/providers/dns/manageengine/internal/identity.go
@@ -9,7 +9,7 @@ import (
const defaultAuthURL = "https://clouddns.manageengine.com/oauth2/token/"
-func createOAuthClient(ctx context.Context, clientID, clientSecret string) *http.Client {
+func CreateOAuthClient(ctx context.Context, clientID, clientSecret string) *http.Client {
config := &clientcredentials.Config{
TokenURL: defaultAuthURL,
ClientID: clientID,
diff --git a/providers/dns/manageengine/manageengine.go b/providers/dns/manageengine/manageengine.go
index f26ae33b5..76b6644c0 100644
--- a/providers/dns/manageengine/manageengine.go
+++ b/providers/dns/manageengine/manageengine.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/manageengine/internal"
)
@@ -75,11 +76,13 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("manageengine: credentials missing")
}
- client := internal.NewClient(context.Background(), config.ClientID, config.ClientSecret)
-
return &DNSProvider{
config: config,
- client: client,
+ client: internal.NewClient(
+ clientdebug.Wrap(
+ internal.CreateOAuthClient(context.Background(), config.ClientID, config.ClientSecret),
+ ),
+ ),
}, nil
}
@@ -192,6 +195,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// Update the zone record.
var values []string
+
for _, value := range record.Values {
if value != info.Value {
values = append(values, value)
diff --git a/providers/dns/manageengine/manageengine.toml b/providers/dns/manageengine/manageengine.toml
index 7708fa74f..43a782841 100644
--- a/providers/dns/manageengine/manageengine.toml
+++ b/providers/dns/manageengine/manageengine.toml
@@ -7,7 +7,7 @@ Since = "v4.21.0"
Example = '''
MANAGEENGINE_CLIENT_ID="xxx" \
MANAGEENGINE_CLIENT_SECRET="yyy" \
-lego --email you@example.com --dns manageengine -d '*.example.com' -d example.com run
+lego --dns manageengine -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/manageengine/manageengine_test.go b/providers/dns/manageengine/manageengine_test.go
index 624459be9..215de68dd 100644
--- a/providers/dns/manageengine/manageengine_test.go
+++ b/providers/dns/manageengine/manageengine_test.go
@@ -50,6 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -122,6 +123,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -135,6 +137,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/manual/manual.go b/providers/dns/manual/manual.go
new file mode 100644
index 000000000..2985bc595
--- /dev/null
+++ b/providers/dns/manual/manual.go
@@ -0,0 +1,13 @@
+package manual
+
+import (
+ "github.com/go-acme/lego/v4/challenge/dns01"
+)
+
+// DNSProvider is an implementation of the ChallengeProvider interface.
+type DNSProvider = dns01.DNSProviderManual
+
+// NewDNSProvider returns a DNSProvider instance.
+func NewDNSProvider() (*DNSProvider, error) {
+ return &DNSProvider{}, nil
+}
diff --git a/docs/content/dns/manual.md b/providers/dns/manual/manual.toml
similarity index 76%
rename from docs/content/dns/manual.md
rename to providers/dns/manual/manual.toml
index 3f9cf0a8e..fc47a8fae 100644
--- a/docs/content/dns/manual.md
+++ b/providers/dns/manual/manual.toml
@@ -1,24 +1,19 @@
----
-title: "Manual"
-date: 2019-03-03T16:39:46+01:00
-draft: false
-slug: manual
-dnsprovider:
- since: v0.3.0
- code: manual
- url:
----
+Name = "Manual"
+Description = '''Solving the DNS-01 challenge using CLI prompt.'''
+Code = "manual"
+Since = "v0.3.0"
-Solving the DNS-01 challenge using CLI prompt.
-
-
+Example = '''
+lego --dns manual -d '*.example.com' -d example.com run
+'''
+Additional = '''
## Example
To start using the CLI prompt "provider", start lego with `--dns manual`:
```console
-$ lego --email "you@example.com" --domains="example.com" --dns "manual" run
+$ lego --dns manual -d example.com run
```
What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions:
@@ -36,13 +31,13 @@ If you accept the linked Terms of Service, hit `Enter`.
[INFO] acme: Registering account for you@example.com
!!!! HEADS UP !!!!
- Your account credentials have been saved in your Let's Encrypt
- configuration directory at "./.lego/accounts".
+Your account credentials have been saved in your
+configuration directory at "./.lego/accounts".
- You should make a secure backup of this folder now. This
- configuration directory will also contain certificates and
- private keys obtained from Let's Encrypt so making regular
- backups of this folder is ideal.
+You should make a secure backup of this folder now. This
+configuration directory will also contain private keys
+generated by lego and certificates obtained from the ACME
+server. Making regular backups of this folder is ideal.
[INFO] [example.com] acme: Obtaining bundled SAN certificate
[INFO] [example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2345678901
[INFO] [example.com] acme: Could not find solver for: tls-alpn-01
@@ -70,3 +65,5 @@ _acme-challenge.example.com. 120 IN TXT "hX0dPkG6Gfs9hUvBAchQclkyyoEKbShbpvJ9mY5
```
As mentioned, you can now remove the TXT record again.
+
+'''
diff --git a/challenge/dns01/dns_challenge_manual_test.go b/providers/dns/manual/manual_test.go
similarity index 94%
rename from challenge/dns01/dns_challenge_manual_test.go
rename to providers/dns/manual/manual_test.go
index 26a508d1c..7badd4b8b 100644
--- a/challenge/dns01/dns_challenge_manual_test.go
+++ b/providers/dns/manual/manual_test.go
@@ -1,4 +1,4 @@
-package dns01
+package manual
import (
"io"
@@ -10,6 +10,7 @@ import (
func TestDNSProviderManual(t *testing.T) {
backupStdin := os.Stdin
+
defer func() { os.Stdin = backupStdin }()
testCases := []struct {
@@ -43,7 +44,7 @@ func TestDNSProviderManual(t *testing.T) {
os.Stdin = file
- manualProvider, err := NewDNSProviderManual()
+ manualProvider, err := NewDNSProvider()
require.NoError(t, err)
err = manualProvider.Present("example.com", "", "")
diff --git a/providers/dns/metaname/metaname.go b/providers/dns/metaname/metaname.go
index 9b8c41def..d6e962024 100644
--- a/providers/dns/metaname/metaname.go
+++ b/providers/dns/metaname/metaname.go
@@ -79,6 +79,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config.AccountReference == "" {
return nil, errors.New("metaname: missing account reference")
}
+
if config.APIKey == "" {
return nil, errors.New("metaname: missing api key")
}
@@ -152,6 +153,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("metaname: delete record: %w", err)
}
+ d.recordsMu.Lock()
+ delete(d.records, token)
+ d.recordsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/metaname/metaname.toml b/providers/dns/metaname/metaname.toml
index 4a147d043..654dcaed0 100644
--- a/providers/dns/metaname/metaname.toml
+++ b/providers/dns/metaname/metaname.toml
@@ -7,7 +7,7 @@ Since = "v4.13.0"
Example = '''
METANAME_ACCOUNT_REFERENCE=xxxx \
METANAME_API_KEY=yyyyyyy \
-lego --email you@example.com --dns metaname -d '*.example.com' -d example.com run
+lego --dns metaname -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/metaname/metaname_test.go b/providers/dns/metaname/metaname_test.go
index 174af4014..855fc493d 100644
--- a/providers/dns/metaname/metaname_test.go
+++ b/providers/dns/metaname/metaname_test.go
@@ -51,6 +51,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -122,6 +123,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -135,6 +137,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/metaregistrar/internal/client.go b/providers/dns/metaregistrar/internal/client.go
index 711a1e94c..df99d81ba 100644
--- a/providers/dns/metaregistrar/internal/client.go
+++ b/providers/dns/metaregistrar/internal/client.go
@@ -121,6 +121,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/metaregistrar/metaregistrar.go b/providers/dns/metaregistrar/metaregistrar.go
index 28526fcb4..7a601ef21 100644
--- a/providers/dns/metaregistrar/metaregistrar.go
+++ b/providers/dns/metaregistrar/metaregistrar.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/metaregistrar/internal"
)
@@ -82,6 +83,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/metaregistrar/metaregistrar.toml b/providers/dns/metaregistrar/metaregistrar.toml
index 952c7ea61..e505e0ce2 100644
--- a/providers/dns/metaregistrar/metaregistrar.toml
+++ b/providers/dns/metaregistrar/metaregistrar.toml
@@ -6,7 +6,7 @@ Since = "v4.23.0"
Example = '''
METAREGISTRAR_API_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns metaregistrar -d '*.example.com' -d example.com run
+lego --dns metaregistrar -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/metaregistrar/metaregistrar_test.go b/providers/dns/metaregistrar/metaregistrar_test.go
index ffd7965d9..aa9bbbb58 100644
--- a/providers/dns/metaregistrar/metaregistrar_test.go
+++ b/providers/dns/metaregistrar/metaregistrar_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -92,6 +93,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -105,6 +107,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/mijnhost/internal/client.go b/providers/dns/mijnhost/internal/client.go
index 1a67a73b1..a51233211 100644
--- a/providers/dns/mijnhost/internal/client.go
+++ b/providers/dns/mijnhost/internal/client.go
@@ -47,6 +47,7 @@ func (c *Client) ListDomains(ctx context.Context) ([]Domain, error) {
}
var results Response[DomainData]
+
err = c.do(req, &results)
if err != nil {
return nil, err
@@ -66,6 +67,7 @@ func (c *Client) GetRecords(ctx context.Context, domain string) ([]Record, error
}
var results Response[RecordData]
+
err = c.do(req, &results)
if err != nil {
return nil, err
@@ -151,6 +153,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/mijnhost/mijnhost.go b/providers/dns/mijnhost/mijnhost.go
index 21aca3c9e..adb3e9ce3 100644
--- a/providers/dns/mijnhost/mijnhost.go
+++ b/providers/dns/mijnhost/mijnhost.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/mijnhost/internal"
)
@@ -86,6 +87,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client := internal.NewClient(config.APIKey)
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -106,9 +113,11 @@ func (d *DNSProvider) Sequential() time.Duration {
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- domains, err := d.client.ListDomains(context.Background())
+ domains, err := d.client.ListDomains(ctx)
if err != nil {
return fmt.Errorf("mijnhost: list domains: %w", err)
}
@@ -118,7 +127,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("mijnhost: find domain: %w", err)
}
- records, err := d.client.GetRecords(context.Background(), dom.Domain)
+ records, err := d.client.GetRecords(ctx, dom.Domain)
if err != nil {
return fmt.Errorf("mijnhost: get records: %w", err)
}
@@ -143,7 +152,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
cleanedRecords = append(cleanedRecords, record)
- err = d.client.UpdateRecords(context.Background(), dom.Domain, cleanedRecords)
+ err = d.client.UpdateRecords(ctx, dom.Domain, cleanedRecords)
if err != nil {
return fmt.Errorf("mijnhost: update records: %w", err)
}
@@ -153,9 +162,11 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- domains, err := d.client.ListDomains(context.Background())
+ domains, err := d.client.ListDomains(ctx)
if err != nil {
return fmt.Errorf("mijnhost: list domains: %w", err)
}
@@ -165,7 +176,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("mijnhost: find domain: %w", err)
}
- records, err := d.client.GetRecords(context.Background(), dom.Domain)
+ records, err := d.client.GetRecords(ctx, dom.Domain)
if err != nil {
return fmt.Errorf("mijnhost: get records: %w", err)
}
@@ -174,7 +185,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return record.Type == txtType && record.Value == info.Value
})
- err = d.client.UpdateRecords(context.Background(), dom.Domain, cleanedRecords)
+ err = d.client.UpdateRecords(ctx, dom.Domain, cleanedRecords)
if err != nil {
return fmt.Errorf("mijnhost: update records: %w", err)
}
diff --git a/providers/dns/mijnhost/mijnhost.toml b/providers/dns/mijnhost/mijnhost.toml
index 00152e132..416fdde53 100644
--- a/providers/dns/mijnhost/mijnhost.toml
+++ b/providers/dns/mijnhost/mijnhost.toml
@@ -6,7 +6,7 @@ Since = "v4.18.0"
Example = '''
MIJNHOST_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns mijnhost -d '*.example.com' -d example.com run
+lego --dns mijnhost -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/mijnhost/mijnhost_test.go b/providers/dns/mijnhost/mijnhost_test.go
index a48f84ca8..c87ae0a40 100644
--- a/providers/dns/mijnhost/mijnhost_test.go
+++ b/providers/dns/mijnhost/mijnhost_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -94,6 +95,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -107,6 +109,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/mittwald/internal/client.go b/providers/dns/mittwald/internal/client.go
index 69222903d..2b1564dc1 100644
--- a/providers/dns/mittwald/internal/client.go
+++ b/providers/dns/mittwald/internal/client.go
@@ -47,6 +47,7 @@ func (c *Client) ListDomains(ctx context.Context) ([]Domain, error) {
}
var result []Domain
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -66,6 +67,7 @@ func (c *Client) GetDNSZone(ctx context.Context, zoneID string) (*DNSZone, error
}
result := &DNSZone{}
+
err = c.do(req, result)
if err != nil {
return nil, err
@@ -85,6 +87,7 @@ func (c *Client) ListDNSZones(ctx context.Context, projectID string) ([]DNSZone,
}
var result []DNSZone
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -104,6 +107,7 @@ func (c *Client) CreateDNSZone(ctx context.Context, zone CreateDNSZoneRequest) (
}
result := &DNSZone{}
+
err = c.do(req, result)
if err != nil {
return nil, err
@@ -197,6 +201,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var response APIError
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/mittwald/internal/types.go b/providers/dns/mittwald/internal/types.go
index df10ab293..86cdf065c 100644
--- a/providers/dns/mittwald/internal/types.go
+++ b/providers/dns/mittwald/internal/types.go
@@ -1,6 +1,9 @@
package internal
-import "fmt"
+import (
+ "fmt"
+ "strings"
+)
// https://api.mittwald.de/v2/docs/#/Domain/domain-list-domains
@@ -36,7 +39,7 @@ type NewDNSZone struct {
// https://api.mittwald.de/v2/docs/#/Domain/dns-update-record-set
type TXTRecord struct {
- Settings Settings `json:"settings,omitempty"`
+ Settings Settings `json:"settings"`
Entries []string `json:"entries,omitempty"`
}
@@ -58,23 +61,25 @@ type APIError struct {
}
func (a APIError) Error() string {
- msg := fmt.Sprintf("%s: %s", a.Type, a.Message)
+ msg := new(strings.Builder)
+
+ _, _ = fmt.Fprintf(msg, "%s: %s", a.Type, a.Message)
if len(a.ValidationErrors) > 0 {
for _, validationError := range a.ValidationErrors {
- msg += fmt.Sprintf(" [%s: %s (%s, %s)]",
+ _, _ = fmt.Fprintf(msg, " [%s: %s (%s, %s)]",
validationError.Type, validationError.Message, validationError.Path, validationError.Context.Format)
}
}
- return msg
+ return msg.String()
}
type ValidationError struct {
Message string `json:"message,omitempty"`
Path string `json:"path,omitempty"`
Type string `json:"type,omitempty"`
- Context ValidationErrorContext `json:"context,omitempty"`
+ Context ValidationErrorContext `json:"context"`
}
type ValidationErrorContext struct {
diff --git a/providers/dns/mittwald/mittwald.go b/providers/dns/mittwald/mittwald.go
index 2c3c5a8f3..dcd882482 100644
--- a/providers/dns/mittwald/mittwald.go
+++ b/providers/dns/mittwald/mittwald.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/mittwald/internal"
)
@@ -92,9 +93,17 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, fmt.Errorf("mittwald: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
}
+ client := internal.NewClient(config.Token)
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
- client: internal.NewClient(config.Token),
+ client: client,
zoneIDs: map[string]string{},
}, nil
}
@@ -149,6 +158,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.zoneIDsMu.Lock()
zoneID, ok := d.zoneIDs[token]
d.zoneIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("mittwald: unknown zone ID for '%s'", info.EffectiveFQDN)
}
@@ -160,6 +170,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("mittwald: update/delete TXT record: %w", err)
}
+ d.zoneIDsMu.Lock()
+ delete(d.zoneIDs, token)
+ d.zoneIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/mittwald/mittwald.toml b/providers/dns/mittwald/mittwald.toml
index 937b9c172..36a9f6c16 100644
--- a/providers/dns/mittwald/mittwald.toml
+++ b/providers/dns/mittwald/mittwald.toml
@@ -6,7 +6,7 @@ Since = "v1.48.0"
Example = '''
MITTWALD_TOKEN=my-token \
-lego --email you@example.com --dns mittwald -d '*.example.com' -d example.com run
+lego --dns mittwald -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/mittwald/mittwald_test.go b/providers/dns/mittwald/mittwald_test.go
index d8cbdb263..6a6599536 100644
--- a/providers/dns/mittwald/mittwald_test.go
+++ b/providers/dns/mittwald/mittwald_test.go
@@ -38,6 +38,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -104,6 +105,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -117,6 +119,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/myaddr/myaddr.go b/providers/dns/myaddr/myaddr.go
index df280f2f4..fb7ea66a0 100644
--- a/providers/dns/myaddr/myaddr.go
+++ b/providers/dns/myaddr/myaddr.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/myaddr/internal"
)
@@ -91,6 +92,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/myaddr/myaddr.toml b/providers/dns/myaddr/myaddr.toml
index 5ff306526..2f5fe6c1f 100644
--- a/providers/dns/myaddr/myaddr.toml
+++ b/providers/dns/myaddr/myaddr.toml
@@ -6,7 +6,7 @@ Since = "v4.22.0"
Example = '''
MYADDR_PRIVATE_KEYS_MAPPING="example:123,test:456" \
-lego --email you@example.com --dns myaddr -d '*.example.com' -d example.com run
+lego --dns myaddr -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/myaddr/myaddr_test.go b/providers/dns/myaddr/myaddr_test.go
index d95a0cf5c..8e555ecfd 100644
--- a/providers/dns/myaddr/myaddr_test.go
+++ b/providers/dns/myaddr/myaddr_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -92,6 +93,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -105,6 +107,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/mydnsjp/mydnsjp.go b/providers/dns/mydnsjp/mydnsjp.go
index d0565e8bd..8a790c88e 100644
--- a/providers/dns/mydnsjp/mydnsjp.go
+++ b/providers/dns/mydnsjp/mydnsjp.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/mydnsjp/internal"
)
@@ -79,9 +80,17 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("mydnsjp: some credentials information are missing")
}
+ client := internal.NewClient(config.MasterID, config.Password)
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
- client: internal.NewClient(config.MasterID, config.Password),
+ client: client,
}, nil
}
@@ -100,6 +109,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("mydnsjp: %w", err)
}
+
return nil
}
@@ -112,5 +122,6 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("mydnsjp: %w", err)
}
+
return nil
}
diff --git a/providers/dns/mydnsjp/mydnsjp.toml b/providers/dns/mydnsjp/mydnsjp.toml
index ab842e37f..eb9e73acc 100644
--- a/providers/dns/mydnsjp/mydnsjp.toml
+++ b/providers/dns/mydnsjp/mydnsjp.toml
@@ -7,7 +7,7 @@ Since = "v1.2.0"
Example = '''
MYDNSJP_MASTER_ID=xxxxx \
MYDNSJP_PASSWORD=xxxxx \
-lego --email you@example.com --dns mydnsjp -d '*.example.com' -d example.com run
+lego --dns mydnsjp -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/mydnsjp/mydnsjp_test.go b/providers/dns/mydnsjp/mydnsjp_test.go
index 96eb95865..c82bd2264 100644
--- a/providers/dns/mydnsjp/mydnsjp_test.go
+++ b/providers/dns/mydnsjp/mydnsjp_test.go
@@ -56,6 +56,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -124,6 +125,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -137,6 +139,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/mythicbeasts/internal/client.go b/providers/dns/mythicbeasts/internal/client.go
index 87464553c..82c51dbf3 100644
--- a/providers/dns/mythicbeasts/internal/client.go
+++ b/providers/dns/mythicbeasts/internal/client.go
@@ -99,6 +99,7 @@ func (c *Client) createTXTRecord(ctx context.Context, zone, leaf, recordType, va
}
resp := &createTXTResponse{}
+
err = c.do(req, resp)
if err != nil {
return nil, err
diff --git a/providers/dns/mythicbeasts/internal/identity.go b/providers/dns/mythicbeasts/internal/identity.go
index 417f1c759..15e35ba69 100644
--- a/providers/dns/mythicbeasts/internal/identity.go
+++ b/providers/dns/mythicbeasts/internal/identity.go
@@ -44,6 +44,7 @@ func (c *Client) obtainToken(ctx context.Context) (*Token, error) {
}
tok := Token{}
+
err = json.Unmarshal(raw, &tok)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -83,6 +84,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errResp := &authResponseError{}
+
err := json.Unmarshal(raw, errResp)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/mythicbeasts/mythicbeasts.go b/providers/dns/mythicbeasts/mythicbeasts.go
index ae8f72d33..e8f5081f7 100644
--- a/providers/dns/mythicbeasts/mythicbeasts.go
+++ b/providers/dns/mythicbeasts/mythicbeasts.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/mythicbeasts/internal"
)
@@ -87,6 +88,7 @@ func NewDNSProvider() (*DNSProvider, error) {
if err != nil {
return nil, fmt.Errorf("mythicbeasts: %w", err)
}
+
config.UserName = values[EnvUserName]
config.Password = values[EnvPassword]
@@ -117,6 +119,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/mythicbeasts/mythicbeasts.toml b/providers/dns/mythicbeasts/mythicbeasts.toml
index 011abba1f..cada3041d 100644
--- a/providers/dns/mythicbeasts/mythicbeasts.toml
+++ b/providers/dns/mythicbeasts/mythicbeasts.toml
@@ -7,7 +7,7 @@ Since = "v0.3.7"
Example = '''
MYTHICBEASTS_USERNAME=myuser \
MYTHICBEASTS_PASSWORD=mypass \
-lego --email you@example.com --dns mythicbeasts -d '*.example.com' -d example.com run
+lego --dns mythicbeasts -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/mythicbeasts/mythicbeasts_test.go b/providers/dns/mythicbeasts/mythicbeasts_test.go
index 5a8a9d4bb..c684725b7 100644
--- a/providers/dns/mythicbeasts/mythicbeasts_test.go
+++ b/providers/dns/mythicbeasts/mythicbeasts_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -108,6 +109,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
t.Run(test.desc, func(t *testing.T) {
config, err := NewDefaultConfig()
require.NoError(t, err)
+
config.UserName = test.username
config.Password = test.password
@@ -130,6 +132,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -143,6 +146,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/namecheap/internal/client.go b/providers/dns/namecheap/internal/client.go
index 0fb32b1be..6fb737b95 100644
--- a/providers/dns/namecheap/internal/client.go
+++ b/providers/dns/namecheap/internal/client.go
@@ -54,6 +54,7 @@ func (c *Client) GetHosts(ctx context.Context, sld, tld string) ([]Record, error
}
var ghr getHostsResponse
+
err = c.do(request, &ghr)
if err != nil {
return nil, err
@@ -88,6 +89,7 @@ func (c *Client) SetHosts(ctx context.Context, sld, tld string, hosts []Record)
}
var shr setHostsResponse
+
err = c.do(req, &shr)
if err != nil {
return err
@@ -96,6 +98,7 @@ func (c *Client) SetHosts(ctx context.Context, sld, tld string, hosts []Record)
if len(shr.Errors) > 0 {
return shr.Errors[0]
}
+
if shr.Result.IsSuccess != "true" {
return errors.New("setHosts failed")
}
diff --git a/providers/dns/namecheap/namecheap.go b/providers/dns/namecheap/namecheap.go
index 48b9492c4..54640f8e0 100644
--- a/providers/dns/namecheap/namecheap.go
+++ b/providers/dns/namecheap/namecheap.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/namecheap/internal"
"golang.org/x/net/publicsuffix"
)
@@ -75,7 +76,8 @@ func NewDefaultConfig() *Config {
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, time.Hour),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 15*time.Second),
HTTPClient: &http.Client{
- Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, time.Minute),
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, time.Minute),
+ Transport: defaultTransport(envNamespace),
},
}
}
@@ -117,6 +119,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if err != nil {
return nil, fmt.Errorf("namecheap: %w", err)
}
+
config.ClientIP = clientIP
}
@@ -127,6 +130,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
@@ -171,6 +176,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("namecheap: %w", err)
}
+
return nil
}
@@ -190,8 +196,11 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
// Find the challenge TXT record and remove it if found.
- var found bool
- var newRecords []internal.Record
+ var (
+ found bool
+ newRecords []internal.Record
+ )
+
for _, h := range records {
if h.Name == pr.key && h.Type == "TXT" {
found = true
@@ -208,6 +217,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("namecheap: %w", err)
}
+
return nil
}
diff --git a/providers/dns/namecheap/namecheap.toml b/providers/dns/namecheap/namecheap.toml
index 3a5be870c..b0f92a1bd 100644
--- a/providers/dns/namecheap/namecheap.toml
+++ b/providers/dns/namecheap/namecheap.toml
@@ -14,7 +14,7 @@ More information in the section [Enabling API Access](https://www.namecheap.com/
Example = '''
NAMECHEAP_API_USER=user \
NAMECHEAP_API_KEY=key \
-lego --email you@example.com --dns namecheap -d '*.example.com' -d example.com run
+lego --dns namecheap -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/namecheap/namecheap_test.go b/providers/dns/namecheap/namecheap_test.go
index 922e48ebb..e55a4a6bc 100644
--- a/providers/dns/namecheap/namecheap_test.go
+++ b/providers/dns/namecheap/namecheap_test.go
@@ -1,10 +1,8 @@
package namecheap
import (
- "net/http"
"net/http/httptest"
"testing"
- "time"
"github.com/go-acme/lego/v4/platform/tester/servermock"
"github.com/stretchr/testify/assert"
@@ -154,6 +152,7 @@ func Test_newPseudoRecord_domainSplit(t *testing.T) {
for _, test := range tests {
t.Run(test.domain, func(t *testing.T) {
valid := true
+
ch, err := newPseudoRecord(test.domain, "")
if err != nil {
valid = false
@@ -179,11 +178,11 @@ func Test_newPseudoRecord_domainSplit(t *testing.T) {
func mockBuilder() *servermock.Builder[*DNSProvider] {
return servermock.NewBuilder(func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
config.BaseURL = server.URL
config.APIUser = envTestUser
config.APIKey = envTestKey
config.ClientIP = envTestClientIP
- config.HTTPClient = &http.Client{Timeout: 60 * time.Second}
return NewDNSProviderConfig(config)
})
diff --git a/providers/dns/namecheap/transport.go b/providers/dns/namecheap/transport.go
new file mode 100644
index 000000000..584dc6e50
--- /dev/null
+++ b/providers/dns/namecheap/transport.go
@@ -0,0 +1,71 @@
+package namecheap
+
+import (
+ "net/http"
+ "net/url"
+ "strings"
+ "sync"
+
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "golang.org/x/net/http/httpproxy"
+)
+
+const (
+ envHTTPProxy = "HTTP_PROXY"
+ envHTTPProxyLower = "http_proxy"
+ envHTTPSProxy = "HTTPS_PROXY"
+ envHTTPSProxyLower = "https_proxy"
+ envNoProxy = "NO_PROXY"
+ envNoProxyLower = "no_proxy"
+ envRequestMethod = "REQUEST_METHOD"
+)
+
+// Allows lazy loading of the proxy.
+var (
+ envProxyOnce sync.Once
+ envProxyFuncValue func(*url.URL) (*url.URL, error)
+)
+
+func defaultTransport(namespace string) http.RoundTripper {
+ tr, ok := http.DefaultTransport.(*http.Transport)
+ if !ok {
+ return nil
+ }
+
+ clone := tr.Clone()
+ clone.Proxy = proxyFromEnvironment(namespace)
+
+ return clone
+}
+
+// Inspired by:
+// - https://pkg.go.dev/net/http#ProxyFromEnvironment
+// - https://pkg.go.dev/golang.org/x/net/http/httpproxy#FromEnvironment
+func envProxyFunc(namespace string) func(*url.URL) (*url.URL, error) {
+ envProxyOnce.Do(func() {
+ cfg := &httpproxy.Config{
+ HTTPProxy: getEnv(namespace, envHTTPProxy, envHTTPProxyLower),
+ HTTPSProxy: getEnv(namespace, envHTTPSProxy, envHTTPSProxyLower),
+ NoProxy: getEnv(namespace, envNoProxy, envNoProxyLower),
+ CGI: env.GetOneWithFallback(namespace+envRequestMethod, "", env.ParseString, envRequestMethod) != "",
+ }
+
+ envProxyFuncValue = cfg.ProxyFunc()
+ })
+
+ return envProxyFuncValue
+}
+
+// Inspired by:
+// - https://pkg.go.dev/net/http#ProxyFromEnvironment
+// - https://pkg.go.dev/golang.org/x/net/http/httpproxy#FromEnvironment
+func proxyFromEnvironment(namespace string) func(req *http.Request) (*url.URL, error) {
+ return func(req *http.Request) (*url.URL, error) {
+ return envProxyFunc(namespace)(req.URL)
+ }
+}
+
+func getEnv(namespace, baseEnvName, baseEnvNameLower string) string {
+ return env.GetOneWithFallback(namespace+baseEnvName, "", env.ParseString,
+ strings.ToLower(namespace)+baseEnvNameLower, baseEnvName, baseEnvNameLower)
+}
diff --git a/providers/dns/namecheap/transport_test.go b/providers/dns/namecheap/transport_test.go
new file mode 100644
index 000000000..cd3e9ff17
--- /dev/null
+++ b/providers/dns/namecheap/transport_test.go
@@ -0,0 +1,39 @@
+package namecheap
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func Test_defaultTransport(t *testing.T) {
+ client := servermock.NewBuilder(
+ func(server *httptest.Server) (*http.Client, error) {
+ cl := server.Client()
+
+ t.Setenv("NAMECHEAP_HTTP_PROXY", server.URL)
+
+ cl.Transport = defaultTransport(envNamespace)
+
+ return cl, nil
+ }).
+ Route("/",
+ servermock.Noop().WithStatusCode(http.StatusTeapot)).
+ Build(t)
+
+ req, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
+ require.NoError(t, err)
+
+ resp, err := client.Do(req)
+ require.NoError(t, err)
+
+ t.Cleanup(func() {
+ _ = resp.Body.Close()
+ })
+
+ assert.Equal(t, http.StatusTeapot, resp.StatusCode)
+}
diff --git a/providers/dns/namedotcom/namedotcom.go b/providers/dns/namedotcom/namedotcom.go
index 789599552..04c8b5967 100644
--- a/providers/dns/namedotcom/namedotcom.go
+++ b/providers/dns/namedotcom/namedotcom.go
@@ -10,6 +10,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/namedotcom/go/v4/namecom"
)
@@ -97,7 +98,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
}
client := namecom.New(config.Username, config.APIToken)
- client.Client = config.HTTPClient
+
+ if config.HTTPClient != nil {
+ client.Client = config.HTTPClient
+ }
+
+ client.Client = clientdebug.Wrap(client.Client)
if config.Server != "" {
client.Server = config.Server
@@ -110,7 +116,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
- // TODO(ldez) replace domain by FQDN to follow CNAME.
+ if info.EffectiveFQDN != info.FQDN {
+ domain = dns01.UnFqdn(info.EffectiveFQDN)
+ }
+
domainDetails, err := d.client.GetDomain(&namecom.GetDomainRequest{DomainName: domain})
if err != nil {
return fmt.Errorf("namedotcom: API call failed: %w", err)
@@ -121,7 +130,6 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("namedotcom: %w", err)
}
- // TODO(ldez) replace domain by FQDN to follow CNAME.
request := &namecom.Record{
DomainName: domain,
Host: subDomain,
@@ -142,7 +150,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
- // TODO(ldez) replace domain by FQDN to follow CNAME.
+ if info.EffectiveFQDN != info.FQDN {
+ domain = dns01.UnFqdn(info.EffectiveFQDN)
+ }
+
records, err := d.getRecords(domain)
if err != nil {
return fmt.Errorf("namedotcom: %w", err)
@@ -150,11 +161,11 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
for _, rec := range records {
if rec.Fqdn == info.EffectiveFQDN && rec.Type == "TXT" {
- // TODO(ldez) replace domain by FQDN to follow CNAME.
request := &namecom.DeleteRecordRequest{
DomainName: domain,
ID: rec.ID,
}
+
_, err := d.client.DeleteRecord(request)
if err != nil {
return fmt.Errorf("namedotcom: %w", err)
@@ -178,6 +189,7 @@ func (d *DNSProvider) getRecords(domain string) ([]*namecom.Record, error) {
}
var records []*namecom.Record
+
for request.Page > 0 {
response, err := d.client.ListRecords(request)
if err != nil {
diff --git a/providers/dns/namedotcom/namedotcom.toml b/providers/dns/namedotcom/namedotcom.toml
index e6de796d1..3651c424b 100644
--- a/providers/dns/namedotcom/namedotcom.toml
+++ b/providers/dns/namedotcom/namedotcom.toml
@@ -7,7 +7,7 @@ Since = "v0.5.0"
Example = '''
NAMECOM_USERNAME=foo.bar \
NAMECOM_API_TOKEN=a379a6f6eeafb9a55e378c118034e2751e682fab \
-lego --email you@example.com --dns namedotcom -d '*.example.com' -d example.com run
+lego --dns namedotcom -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/namedotcom/namedotcom_test.go b/providers/dns/namedotcom/namedotcom_test.go
index c7d4deaa1..da9878bdc 100644
--- a/providers/dns/namedotcom/namedotcom_test.go
+++ b/providers/dns/namedotcom/namedotcom_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -131,6 +132,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -144,6 +146,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/namesilo/namesilo.go b/providers/dns/namesilo/namesilo.go
index f76c8549e..0297b4e1c 100644
--- a/providers/dns/namesilo/namesilo.go
+++ b/providers/dns/namesilo/namesilo.go
@@ -2,6 +2,7 @@
package namesilo
import (
+ "context"
"errors"
"fmt"
"time"
@@ -9,6 +10,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/nrdcg/namesilo"
)
@@ -79,12 +81,15 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, fmt.Errorf("namesilo: TTL should be in [%d, %d]", defaultTTL, maxTTL)
}
- transport, err := namesilo.NewTokenTransport(config.APIKey)
- if err != nil {
- return nil, fmt.Errorf("namesilo: %w", err)
+ if config.APIKey == "" {
+ return nil, errors.New("namesilo: credentials missing")
}
- return &DNSProvider{client: namesilo.NewClient(transport.Client()), config: config}, nil
+ client := namesilo.NewClient(config.APIKey)
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{client: client, config: config}, nil
}
// Present creates a TXT record to fulfill the dns-01 challenge.
@@ -103,7 +108,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("namesilo: %w", err)
}
- _, err = d.client.DnsAddRecord(&namesilo.DnsAddRecordParams{
+ _, err = d.client.DnsAddRecord(context.Background(), &namesilo.DnsAddRecordParams{
Domain: zoneName,
Type: "TXT",
Host: subdomain,
@@ -113,11 +118,14 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("namesilo: failed to add record %w", err)
}
+
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
zone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
@@ -127,7 +135,7 @@ func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
zoneName := dns01.UnFqdn(zone)
- resp, err := d.client.DnsListRecords(&namesilo.DnsListRecordsParams{Domain: zoneName})
+ resp, err := d.client.DnsListRecords(ctx, &namesilo.DnsListRecordsParams{Domain: zoneName})
if err != nil {
return fmt.Errorf("namesilo: %w", err)
}
@@ -139,7 +147,7 @@ func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
for _, r := range resp.Reply.ResourceRecord {
if r.Type == "TXT" && r.Value == info.Value && (r.Host == subdomain || r.Host == dns01.UnFqdn(info.EffectiveFQDN)) {
- _, err := d.client.DnsDeleteRecord(&namesilo.DnsDeleteRecordParams{Domain: zoneName, ID: r.RecordID})
+ _, err := d.client.DnsDeleteRecord(ctx, &namesilo.DnsDeleteRecordParams{Domain: zoneName, ID: r.RecordID})
if err != nil {
return fmt.Errorf("namesilo: %w", err)
}
diff --git a/providers/dns/namesilo/namesilo.toml b/providers/dns/namesilo/namesilo.toml
index bab7905bf..113ddb5c5 100644
--- a/providers/dns/namesilo/namesilo.toml
+++ b/providers/dns/namesilo/namesilo.toml
@@ -6,7 +6,7 @@ Since = "v2.7.0"
Example = '''
NAMESILO_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \
-lego --email you@example.com --dns namesilo -d '*.example.com' -d example.com run
+lego --dns namesilo -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/namesilo/namesilo_test.go b/providers/dns/namesilo/namesilo_test.go
index 4b01d7388..09eacd035 100644
--- a/providers/dns/namesilo/namesilo_test.go
+++ b/providers/dns/namesilo/namesilo_test.go
@@ -45,6 +45,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -77,7 +78,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
{
desc: "missing API key",
ttl: defaultTTL,
- expected: "namesilo: credentials missing: API key",
+ expected: "namesilo: credentials missing",
},
{
desc: "unavailable TTL",
@@ -112,6 +113,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/namesurfer/internal/client.go b/providers/dns/namesurfer/internal/client.go
new file mode 100644
index 000000000..e40a7988c
--- /dev/null
+++ b/providers/dns/namesurfer/internal/client.go
@@ -0,0 +1,226 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "crypto/hmac"
+ "crypto/sha256"
+ "encoding/hex"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "slices"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+)
+
+type Client struct {
+ apiKey string
+ apiSecret string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+func NewClient(baseURL, apiKey, apiSecret string) (*Client, error) {
+ if apiKey == "" || apiSecret == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ if baseURL == "" {
+ return nil, errors.New("base URL missing")
+ }
+
+ apiEndpoint, err := url.Parse(baseURL)
+ if err != nil {
+ return nil, err
+ }
+
+ return &Client{
+ apiKey: apiKey,
+ apiSecret: apiSecret,
+ BaseURL: apiEndpoint.JoinPath("jsonrpc10"),
+ HTTPClient: &http.Client{
+ Timeout: 5 * time.Second,
+ },
+ }, nil
+}
+
+// AddDNSRecord adds a DNS record.
+// http://95.128.3.201:8053/API/NSService_10#addDNSRecord
+func (d *Client) AddDNSRecord(ctx context.Context, zoneName, viewName string, record DNSNode) error {
+ digest := d.computeDigest(
+ zoneName,
+ viewName,
+ record.Name,
+ record.Type,
+ strconv.Itoa(record.TTL),
+ record.Data,
+ )
+
+ // JSON-RPC 1.0 requires positional parameters array
+ params := []any{
+ digest,
+ zoneName,
+ viewName,
+ record,
+ }
+
+ var ok bool
+
+ err := d.doRequest(ctx, "addDNSRecord", params, &ok)
+ if err != nil {
+ return err
+ }
+
+ if !ok {
+ return errors.New("addDNSRecord failed")
+ }
+
+ return nil
+}
+
+// UpdateDNSHost updates a DNS host record.
+// Passing an empty newNode removes the oldNode.
+// http://95.128.3.201:8053/API/NSService_10#updateDNSHost
+func (d *Client) UpdateDNSHost(ctx context.Context, zoneName, viewName string, oldNode, newNode DNSNode) error {
+ digest := d.computeDigest(zoneName, viewName)
+
+ // JSON-RPC 1.0 requires positional parameters array
+ params := []any{
+ digest,
+ zoneName,
+ viewName,
+ oldNode,
+ newNode,
+ }
+
+ var ok bool
+
+ err := d.doRequest(ctx, "updateDNSHost", params, &ok)
+ if err != nil {
+ return err
+ }
+
+ if !ok {
+ return errors.New("updateDNSHost failed")
+ }
+
+ return nil
+}
+
+// SearchDNSHosts searches for DNS host records.
+// http://95.128.3.201:8053/API/NSService_10#searchDNSHosts
+func (d *Client) SearchDNSHosts(ctx context.Context, pattern string) ([]DNSNode, error) {
+ digest := d.computeDigest(pattern)
+
+ // JSON-RPC 1.0 requires positional parameters array
+ params := []any{
+ digest,
+ pattern,
+ }
+
+ var nodes []DNSNode
+
+ err := d.doRequest(ctx, "searchDNSHosts", params, &nodes)
+ if err != nil {
+ return nil, err
+ }
+
+ return nodes, nil
+}
+
+// ListZones lists DNS zones.
+// http://95.128.3.201:8053/API/NSService_10#listZones
+func (d *Client) ListZones(ctx context.Context, mode string) ([]DNSZone, error) {
+ digest := d.computeDigest()
+
+ // JSON-RPC 1.0 requires positional parameters array
+ params := []any{
+ digest,
+ mode,
+ }
+
+ var zones []DNSZone
+
+ err := d.doRequest(ctx, "listZones", params, &zones)
+ if err != nil {
+ return nil, err
+ }
+
+ return zones, nil
+}
+
+func (d *Client) doRequest(ctx context.Context, method string, params []any, result any) error {
+ payload := APIRequest{
+ ID: 1,
+ Method: method,
+ Params: slices.Concat([]any{d.apiKey}, params),
+ }
+
+ buf := new(bytes.Buffer)
+
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+
+ req, err := http.NewRequestWithContext(ctx, http.MethodPost, d.BaseURL.String(), buf)
+ if err != nil {
+ return fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Content-Type", "application/json")
+ req.Header.Set("Accept", "application/json")
+
+ resp, err := d.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ if resp.StatusCode/100 != 2 {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ var rpcResp APIResponse
+
+ err = json.Unmarshal(raw, &rpcResp)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ if rpcResp.Error != nil {
+ return rpcResp.Error
+ }
+
+ err = json.Unmarshal(rpcResp.Result, result)
+ if err != nil {
+ return fmt.Errorf("unable to unmarshal response: %w: %s", err, rpcResp.Result)
+ }
+
+ return nil
+}
+
+func (d *Client) computeDigest(parts ...string) string {
+ params := []string{d.apiKey}
+ params = append(params, parts...)
+ params = append(params, d.apiSecret)
+
+ mac := hmac.New(sha256.New, []byte(d.apiSecret))
+ mac.Write([]byte(strings.Join(params, "&")))
+
+ return hex.EncodeToString(mac.Sum(nil))
+}
diff --git a/providers/dns/namesurfer/internal/client_test.go b/providers/dns/namesurfer/internal/client_test.go
new file mode 100644
index 000000000..9e8f917bc
--- /dev/null
+++ b/providers/dns/namesurfer/internal/client_test.go
@@ -0,0 +1,158 @@
+package internal
+
+import (
+ "net/http/httptest"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(server.URL, "user", "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestClient_AddDNSRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /jsonrpc10",
+ servermock.ResponseFromFixture("addDNSRecord.json"),
+ servermock.CheckRequestJSONBodyFromFixture("addDNSRecord-request.json"),
+ ).
+ Build(t)
+
+ record := DNSNode{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Data: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 300,
+ }
+
+ err := client.AddDNSRecord(t.Context(), "example.com", "viewA", record)
+ require.NoError(t, err)
+}
+
+func TestClient_AddDNSRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /jsonrpc10",
+ servermock.ResponseFromFixture("error.json"),
+ ).
+ Build(t)
+
+ record := DNSNode{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Data: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 300,
+ }
+
+ err := client.AddDNSRecord(t.Context(), "example.com", "viewA", record)
+ require.EqualError(t, err, "code: Server.Keyfailure, "+
+ "filename: service, line: 13, "+
+ "message: Unknown keyname user, "+
+ `detail: Traceback (most recent call last): File "/usr/local/namesurfer/python/lib/python2.6/site-packages/ladon/server/dispatcher.py", line 159, in dispatch_request result = self.call_method(method,req_dict,tc,export_dict,log_line) File "/usr/local/namesurfer/python/lib/python2.6/site-packages/ladon/server/dispatcher.py", line 96, in call_method result = getattr(service_class_instance,req_dict['methodname'])(*args) File "/usr/local/namesurfer/python/lib/python2.6/site-packages/ladon/ladonizer/decorator.py", line 77, in injector res = f(*args,**kw) File "/usr/local/namesurfer/webui2/webui/service/service10/NSService_10.py", line 502, in addDNSRecord key = validate_key(keyname, digest, [zonename, viewname, record.name, record.type, str(record.ttl), record.data]) File "/usr/local/namesurfer/webui2/webui/service/base/implementation.py", line 63, in validate_key raise ApiFault('Server.Keyfailure', 'Unknown keyname %s' % keyname) ApiFault: service(13): Unknown keyname user `)
+}
+
+func TestClient_UpdateDNSHost(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /jsonrpc10",
+ servermock.ResponseFromFixture("updateDNSHost.json"),
+ servermock.CheckRequestJSONBodyFromFixture("updateDNSHost-request.json"),
+ ).
+ Build(t)
+
+ record := DNSNode{
+ Name: "_acme-challenge",
+ Type: "TXT",
+ Data: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: 300,
+ }
+
+ err := client.UpdateDNSHost(t.Context(), "example.com", "viewA", record, DNSNode{})
+ require.NoError(t, err)
+}
+
+func TestClient_SearchDNSHosts(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /jsonrpc10",
+ servermock.ResponseFromFixture("searchDNSHosts.json"),
+ servermock.CheckRequestJSONBodyFromFixture("searchDNSHosts-request.json"),
+ ).
+ Build(t)
+
+ records, err := client.SearchDNSHosts(t.Context(), "value")
+ require.NoError(t, err)
+
+ expected := []DNSNode{
+ {Name: "foo", Type: "TXT", Data: "xxx", TTL: 300},
+ {Name: "_acme-challenge", Type: "TXT", Data: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY", TTL: 300},
+ {Name: "bar", Type: "A", Data: "yyy", TTL: 300},
+ }
+
+ assert.Equal(t, expected, records)
+}
+
+func TestClient_ListZones(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /jsonrpc10",
+ servermock.ResponseFromFixture("listZones.json"),
+ servermock.CheckRequestJSONBodyFromFixture("listZones-request.json"),
+ ).
+ Build(t)
+
+ zones, err := client.ListZones(t.Context(), "value")
+ require.NoError(t, err)
+
+ expected := []DNSZone{
+ {Name: "example.com", View: "viewA"},
+ {Name: "example.org", View: "viewB"},
+ {Name: "example.net", View: "viewC"},
+ }
+
+ assert.Equal(t, expected, zones)
+}
+
+func TestClient_computeDigest(t *testing.T) {
+ client, err := NewClient("https://test.example.com", "testkey", "testsecret")
+ require.NoError(t, err)
+
+ testCases := []struct {
+ desc string
+ parts []string
+ expected string
+ }{
+ {
+ desc: "no parts",
+ parts: []string{},
+ expected: "99b5dcdc19bfc0ce2af3fe848f4bcb6f7beb352e9599e8ba50544d86de567282",
+ },
+ {
+ desc: "parts",
+ parts: []string{"zone.example.com", "default"},
+ expected: "94efef76383889b1ae620582a25d1c3aa9bd9ba9ac4bdccdf4aefbc3ae6e8329",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ digest := client.computeDigest(test.parts...)
+
+ assert.Equal(t, test.expected, digest)
+ })
+ }
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/addDNSRecord-request.json b/providers/dns/namesurfer/internal/fixtures/addDNSRecord-request.json
new file mode 100644
index 000000000..660109aae
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/addDNSRecord-request.json
@@ -0,0 +1,16 @@
+{
+ "id": 1,
+ "method": "addDNSRecord",
+ "params": [
+ "user",
+ "4fcc5fa29531709b0381c8debea127a6a26e71cb9491727876819cf5805c4990",
+ "example.com",
+ "viewA",
+ {
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "data": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 300
+ }
+ ]
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/addDNSRecord.json b/providers/dns/namesurfer/internal/fixtures/addDNSRecord.json
new file mode 100644
index 000000000..f41779e30
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/addDNSRecord.json
@@ -0,0 +1,4 @@
+{
+ "id": 1,
+ "result": true
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/error.json b/providers/dns/namesurfer/internal/fixtures/error.json
new file mode 100644
index 000000000..8ddf8df25
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/error.json
@@ -0,0 +1,24 @@
+{
+ "result": null,
+ "error": {
+ "filename": "service",
+ "lineno": 13,
+ "code": "Server.Keyfailure",
+ "string": "Unknown keyname user",
+ "detail": [
+ "Traceback (most recent call last):",
+ " File \"/usr/local/namesurfer/python/lib/python2.6/site-packages/ladon/server/dispatcher.py\", line 159, in dispatch_request",
+ " result = self.call_method(method,req_dict,tc,export_dict,log_line)",
+ " File \"/usr/local/namesurfer/python/lib/python2.6/site-packages/ladon/server/dispatcher.py\", line 96, in call_method",
+ " result = getattr(service_class_instance,req_dict['methodname'])(*args)",
+ " File \"/usr/local/namesurfer/python/lib/python2.6/site-packages/ladon/ladonizer/decorator.py\", line 77, in injector",
+ " res = f(*args,**kw)",
+ " File \"/usr/local/namesurfer/webui2/webui/service/service10/NSService_10.py\", line 502, in addDNSRecord",
+ " key = validate_key(keyname, digest, [zonename, viewname, record.name, record.type, str(record.ttl), record.data])",
+ " File \"/usr/local/namesurfer/webui2/webui/service/base/implementation.py\", line 63, in validate_key",
+ " raise ApiFault('Server.Keyfailure', 'Unknown keyname %s' % keyname)",
+ "ApiFault: service(13): Unknown keyname user",
+ ""
+ ]
+ }
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/listZones-request.json b/providers/dns/namesurfer/internal/fixtures/listZones-request.json
new file mode 100644
index 000000000..06689de7a
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/listZones-request.json
@@ -0,0 +1,9 @@
+{
+ "id": 1,
+ "method": "listZones",
+ "params": [
+ "user",
+ "2739461ea1a3dc51302993f724f40228409c53b78025d8d7b1d7bba3c1bf2d66",
+ "value"
+ ]
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/listZones.json b/providers/dns/namesurfer/internal/fixtures/listZones.json
new file mode 100644
index 000000000..37fa2053b
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/listZones.json
@@ -0,0 +1,17 @@
+{
+ "id": 1,
+ "result": [
+ {
+ "name": "example.com",
+ "view": "viewA"
+ },
+ {
+ "name": "example.org",
+ "view": "viewB"
+ },
+ {
+ "name": "example.net",
+ "view": "viewC"
+ }
+ ]
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/searchDNSHosts-request.json b/providers/dns/namesurfer/internal/fixtures/searchDNSHosts-request.json
new file mode 100644
index 000000000..4a88340e2
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/searchDNSHosts-request.json
@@ -0,0 +1,9 @@
+{
+ "id": 1,
+ "method": "searchDNSHosts",
+ "params": [
+ "user",
+ "02cf1a2f6e124507d16738d595f583932185313fc96afc2d8404960acaec29b4",
+ "value"
+ ]
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/searchDNSHosts.json b/providers/dns/namesurfer/internal/fixtures/searchDNSHosts.json
new file mode 100644
index 000000000..822459148
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/searchDNSHosts.json
@@ -0,0 +1,23 @@
+{
+ "id": 1,
+ "result": [
+ {
+ "name": "foo",
+ "type": "TXT",
+ "data": "xxx",
+ "ttl": 300
+ },
+ {
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "data": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 300
+ },
+ {
+ "name": "bar",
+ "type": "A",
+ "data": "yyy",
+ "ttl": 300
+ }
+ ]
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/updateDNSHost-request.json b/providers/dns/namesurfer/internal/fixtures/updateDNSHost-request.json
new file mode 100644
index 000000000..494de20c6
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/updateDNSHost-request.json
@@ -0,0 +1,22 @@
+{
+ "id": 1,
+ "method": "updateDNSHost",
+ "params": [
+ "user",
+ "510e63288ac874c1d5ba313a9411591daa346e5621fb0153263adc278794e378",
+ "example.com",
+ "viewA",
+ {
+ "name": "_acme-challenge",
+ "type": "TXT",
+ "data": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "ttl": 300
+ },
+ {
+ "name": "",
+ "type": "",
+ "data": "",
+ "ttl": 0
+ }
+ ]
+}
diff --git a/providers/dns/namesurfer/internal/fixtures/updateDNSHost.json b/providers/dns/namesurfer/internal/fixtures/updateDNSHost.json
new file mode 100644
index 000000000..f41779e30
--- /dev/null
+++ b/providers/dns/namesurfer/internal/fixtures/updateDNSHost.json
@@ -0,0 +1,4 @@
+{
+ "id": 1,
+ "result": true
+}
diff --git a/providers/dns/namesurfer/internal/types.go b/providers/dns/namesurfer/internal/types.go
new file mode 100644
index 000000000..d364c1876
--- /dev/null
+++ b/providers/dns/namesurfer/internal/types.go
@@ -0,0 +1,72 @@
+package internal
+
+import (
+ "encoding/json"
+ "fmt"
+ "strings"
+)
+
+// DNSNode represents a DNS record.
+// http://95.128.3.201:8053/API/NSService_10#DNSNode
+type DNSNode struct {
+ Name string `json:"name"`
+ Type string `json:"type"`
+ Data string `json:"data"`
+ TTL int `json:"ttl"`
+}
+
+// DNSZone represents a DNS zone.
+// http://95.128.3.201:8053/API/NSService_10#DNSZone
+type DNSZone struct {
+ Name string `json:"name,omitempty"`
+ View string `json:"view,omitempty"`
+}
+
+// APIRequest represents a JSON-RPC request.
+// https://www.jsonrpc.org/specification_v1#a1.1Requestmethodinvocation
+type APIRequest struct {
+ ID any `json:"id"` // Can be int or string depending on API
+ Method string `json:"method"`
+ Params []any `json:"params"`
+}
+
+// APIResponse represents a JSON-RPC response.
+// https://www.jsonrpc.org/specification_v1#a1.2Response
+type APIResponse struct {
+ ID any `json:"id"` // Can be int or string depending on API
+ Result json.RawMessage `json:"result"`
+ Error *APIError `json:"error"`
+}
+
+// APIError represents an error.
+type APIError struct {
+ Code any `json:"code"` // Can be int or string depending on API
+ Filename string `json:"filename"`
+ LineNumber int `json:"lineno"`
+ Message string `json:"string"`
+ Detail []string `json:"detail"`
+}
+
+func (e *APIError) Error() string {
+ msg := new(strings.Builder)
+
+ _, _ = fmt.Fprintf(msg, "code: %v", e.Code)
+
+ if e.Filename != "" {
+ _, _ = fmt.Fprintf(msg, ", filename: %s", e.Filename)
+ }
+
+ if e.LineNumber > 0 {
+ _, _ = fmt.Fprintf(msg, ", line: %d", e.LineNumber)
+ }
+
+ if e.Message != "" {
+ _, _ = fmt.Fprintf(msg, ", message: %s", e.Message)
+ }
+
+ if len(e.Detail) > 0 {
+ _, _ = fmt.Fprintf(msg, ", detail: %v", strings.Join(e.Detail, " "))
+ }
+
+ return msg.String()
+}
diff --git a/providers/dns/namesurfer/namesurfer.go b/providers/dns/namesurfer/namesurfer.go
new file mode 100644
index 000000000..6b7f48402
--- /dev/null
+++ b/providers/dns/namesurfer/namesurfer.go
@@ -0,0 +1,214 @@
+// Package namesurfer implements a DNS provider for solving the DNS-01 challenge using FusionLayer NameSurfer API.
+package namesurfer
+
+import (
+ "context"
+ "crypto/tls"
+ "errors"
+ "fmt"
+ "net/http"
+ "strings"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/namesurfer/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "NAMESURFER_"
+
+ EnvBaseURL = envNamespace + "BASE_URL"
+ EnvAPIKey = envNamespace + "API_KEY"
+ EnvAPISecret = envNamespace + "API_SECRET"
+ EnvView = envNamespace + "VIEW"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+ EnvInsecureSkipVerify = envNamespace + "INSECURE_SKIP_VERIFY"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ BaseURL string
+ APIKey string
+ APISecret string
+ View string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, 300),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ zones map[string]string
+ zonesMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for FusionLayer NameSurfer.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvBaseURL, EnvAPIKey, EnvAPISecret)
+ if err != nil {
+ return nil, fmt.Errorf("namesurfer: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.BaseURL = values[EnvBaseURL]
+ config.APIKey = values[EnvAPIKey]
+ config.APISecret = values[EnvAPISecret]
+ config.View = env.GetOrDefaultString(EnvView, "")
+
+ if env.GetOrDefaultBool(EnvInsecureSkipVerify, false) {
+ config.HTTPClient.Transport = &http.Transport{
+ TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+ }
+ }
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for FusionLayer NameSurfer.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("namesurfer: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.BaseURL, config.APIKey, config.APISecret)
+ if err != nil {
+ return nil, fmt.Errorf("namesurfer: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ zones: make(map[string]string),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ zone, err := d.findZone(ctx, info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("namesurfer: %w", err)
+ }
+
+ d.zonesMu.Lock()
+ d.zones[token] = zone
+ d.zonesMu.Unlock()
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zone)
+ if err != nil {
+ return fmt.Errorf("namesurfer: %w", err)
+ }
+
+ record := internal.DNSNode{
+ Name: subDomain,
+ Type: "TXT",
+ TTL: d.config.TTL,
+ Data: info.Value,
+ }
+
+ err = d.client.AddDNSRecord(ctx, zone, d.config.View, record)
+ if err != nil {
+ return fmt.Errorf("namesurfer: add DNS record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.zonesMu.Lock()
+ zone, ok := d.zones[token]
+ d.zonesMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("namesurfer: unknown zone for '%s'", info.EffectiveFQDN)
+ }
+
+ d.zonesMu.Lock()
+ delete(d.zones, token)
+ d.zonesMu.Unlock()
+
+ existing, err := d.client.SearchDNSHosts(ctx, dns01.UnFqdn(info.EffectiveFQDN))
+ if err != nil {
+ return fmt.Errorf("namesurfer: search DNS hosts: %w", err)
+ }
+
+ for _, node := range existing {
+ if node.Type != "TXT" || node.Data != info.Value {
+ continue
+ }
+
+ err = d.client.UpdateDNSHost(ctx, zone, d.config.View, node, internal.DNSNode{})
+ if err != nil {
+ return fmt.Errorf("namesurfer: update DNS host: %w", err)
+ }
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) findZone(ctx context.Context, fqdn string) (string, error) {
+ zones, err := d.client.ListZones(ctx, "forward")
+ if err != nil {
+ return "", fmt.Errorf("list zones: %w", err)
+ }
+
+ domain := dns01.UnFqdn(fqdn)
+
+ var zoneName string
+
+ for _, zone := range zones {
+ if strings.HasSuffix(domain, zone.Name) && len(zone.Name) > len(zoneName) {
+ zoneName = zone.Name
+ }
+ }
+
+ if zoneName == "" {
+ return "", fmt.Errorf("no zone found for %s", fqdn)
+ }
+
+ return zoneName, nil
+}
diff --git a/providers/dns/namesurfer/namesurfer.toml b/providers/dns/namesurfer/namesurfer.toml
new file mode 100644
index 000000000..fd914ec0c
--- /dev/null
+++ b/providers/dns/namesurfer/namesurfer.toml
@@ -0,0 +1,28 @@
+Name = "FusionLayer NameSurfer"
+Description = ''''''
+URL = "https://www.fusionlayer.com/"
+Code = "namesurfer"
+Since = "v4.32.0"
+
+Example = '''
+NAMESURFER_BASE_URL=https://foo.example.com:8443/API/NSService_10 \
+NAMESURFER_API_KEY=xxx \
+NAMESURFER_API_SECRET=yyy \
+lego --dns namesurfer -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ NAMESURFER_BASE_URL = "The base URL of NameSurfer API (jsonrpc10) endpoint URL (e.g., https://foo.example.com:8443/API/NSService_10)"
+ NAMESURFER_API_KEY = "API key name"
+ NAMESURFER_API_SECRET = "API secret"
+ [Configuration.Additional]
+ NAMESURFER_VIEW = "DNS view name (optional, default: empty string)"
+ NAMESURFER_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ NAMESURFER_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
+ NAMESURFER_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 300)"
+ NAMESURFER_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+ NAMESURFER_INSECURE_SKIP_VERIFY = "Whether to verify the API certificate"
+
+[Links]
+ API = "https://web.archive.org/web/20260213170737/http://95.128.3.201:8053/API/NSService_10"
diff --git a/providers/dns/namesurfer/namesurfer_test.go b/providers/dns/namesurfer/namesurfer_test.go
new file mode 100644
index 000000000..ce3aa37af
--- /dev/null
+++ b/providers/dns/namesurfer/namesurfer_test.go
@@ -0,0 +1,174 @@
+package namesurfer
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(
+ EnvBaseURL,
+ EnvAPIKey,
+ EnvAPISecret,
+ EnvView,
+).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvBaseURL: "https://example.com",
+ EnvAPIKey: "user",
+ EnvAPISecret: "secret",
+ },
+ },
+ {
+ desc: "missing base URL",
+ envVars: map[string]string{
+ EnvBaseURL: "",
+ EnvAPIKey: "user",
+ EnvAPISecret: "secret",
+ },
+ expected: "namesurfer: some credentials information are missing: NAMESURFER_BASE_URL",
+ },
+ {
+ desc: "missing API key",
+ envVars: map[string]string{
+ EnvBaseURL: "https://example.com",
+ EnvAPIKey: "",
+ EnvAPISecret: "secret",
+ },
+ expected: "namesurfer: some credentials information are missing: NAMESURFER_API_KEY",
+ },
+ {
+ desc: "missing API secret",
+ envVars: map[string]string{
+ EnvBaseURL: "https://example.com",
+ EnvAPIKey: "user",
+ EnvAPISecret: "",
+ },
+ expected: "namesurfer: some credentials information are missing: NAMESURFER_API_SECRET",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "namesurfer: some credentials information are missing: NAMESURFER_BASE_URL,NAMESURFER_API_KEY,NAMESURFER_API_SECRET",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ baseURL string
+ apiKey string
+ apiSecret string
+ expected string
+ }{
+ {
+ desc: "success",
+ baseURL: "https://example.com",
+ apiKey: "user",
+ apiSecret: "secret",
+ },
+ {
+ desc: "missing base URL",
+ apiKey: "user",
+ apiSecret: "secret",
+ expected: "namesurfer: base URL missing",
+ },
+ {
+ desc: "missing API key",
+ baseURL: "https://example.com",
+ apiSecret: "secret",
+ expected: "namesurfer: credentials missing",
+ },
+ {
+ desc: "missing API secret",
+ baseURL: "https://example.com",
+ apiKey: "user",
+ expected: "namesurfer: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "namesurfer: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.BaseURL = test.baseURL
+ config.APIKey = test.apiKey
+ config.APISecret = test.apiSecret
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/nearlyfreespeech/internal/client.go b/providers/dns/nearlyfreespeech/internal/client.go
index fcfe4e9b7..5d7e79fbe 100644
--- a/providers/dns/nearlyfreespeech/internal/client.go
+++ b/providers/dns/nearlyfreespeech/internal/client.go
@@ -97,6 +97,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errAPI := &APIError{}
+
err := json.Unmarshal(raw, errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
@@ -118,7 +119,6 @@ func (c Signer) Sign(uri, body, login, apiKey string) string {
// Header is "login;timestamp;salt;hash".
// hash is SHA1("login;timestamp;salt;api-key;request-uri;body-hash")
// and body-hash is SHA1(body).
-
bodyHash := sha1.Sum([]byte(body))
timestamp := strconv.FormatInt(c.clock().Unix(), 10)
diff --git a/providers/dns/nearlyfreespeech/internal/client_test.go b/providers/dns/nearlyfreespeech/internal/client_test.go
index 1445286c3..26e4552be 100644
--- a/providers/dns/nearlyfreespeech/internal/client_test.go
+++ b/providers/dns/nearlyfreespeech/internal/client_test.go
@@ -163,6 +163,7 @@ func TestSigner_Sign(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
+
signer := NewSigner()
signer.saltShaker = func() []byte { return []byte(test.salt) }
signer.clock = func() time.Time { return time.Unix(test.now, 0) }
diff --git a/providers/dns/nearlyfreespeech/nearlyfreespeech.go b/providers/dns/nearlyfreespeech/nearlyfreespeech.go
index 464ac35d0..af5e5363c 100644
--- a/providers/dns/nearlyfreespeech/nearlyfreespeech.go
+++ b/providers/dns/nearlyfreespeech/nearlyfreespeech.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/nearlyfreespeech/internal"
)
@@ -92,6 +93,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/nearlyfreespeech/nearlyfreespeech.toml b/providers/dns/nearlyfreespeech/nearlyfreespeech.toml
index 80d4fd6bc..3a1e25942 100644
--- a/providers/dns/nearlyfreespeech/nearlyfreespeech.toml
+++ b/providers/dns/nearlyfreespeech/nearlyfreespeech.toml
@@ -7,7 +7,7 @@ Since = "v4.8.0"
Example = '''
NEARLYFREESPEECH_API_KEY=xxxxxx \
NEARLYFREESPEECH_LOGIN=xxxx \
-lego --email you@example.com --dns nearlyfreespeech -d '*.example.com' -d example.com run
+lego --dns nearlyfreespeech -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/nearlyfreespeech/nearlyfreespeech_test.go b/providers/dns/nearlyfreespeech/nearlyfreespeech_test.go
index adc7efe1e..b67b350e9 100644
--- a/providers/dns/nearlyfreespeech/nearlyfreespeech_test.go
+++ b/providers/dns/nearlyfreespeech/nearlyfreespeech_test.go
@@ -54,6 +54,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -126,6 +127,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -139,6 +141,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/neodigit/neodigit.go b/providers/dns/neodigit/neodigit.go
new file mode 100644
index 000000000..d41846307
--- /dev/null
+++ b/providers/dns/neodigit/neodigit.go
@@ -0,0 +1,103 @@
+// Package neodigit implements a DNS provider for solving the DNS-01 challenge using Neodigit DNS.
+package neodigit
+
+import (
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/tecnocratica"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "NEODIGIT_"
+
+ EnvToken = envNamespace + "TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+const defaultBaseURL = "https://api.neodigit.net/v1"
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config = tecnocratica.Config
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 5*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ prv challenge.ProviderTimeout
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Neodigit.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvToken)
+ if err != nil {
+ return nil, fmt.Errorf("neodigit: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.Token = values[EnvToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Neodigit.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("neodigit: the configuration of the DNS provider is nil")
+ }
+
+ provider, err := tecnocratica.NewDNSProviderConfig(config, defaultBaseURL)
+ if err != nil {
+ return nil, fmt.Errorf("neodigit: %w", err)
+ }
+
+ return &DNSProvider{prv: provider}, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ err := d.prv.Present(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("neodigit: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ err := d.prv.CleanUp(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("neodigit: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
+}
diff --git a/providers/dns/neodigit/neodigit.toml b/providers/dns/neodigit/neodigit.toml
new file mode 100644
index 000000000..91b3cfb07
--- /dev/null
+++ b/providers/dns/neodigit/neodigit.toml
@@ -0,0 +1,22 @@
+Name = "Neodigit"
+Description = ''''''
+URL = "https://www.neodigit.net"
+Code = "neodigit"
+Since = "v4.30.0"
+
+Example = '''
+NEODIGIT_TOKEN=xxxxxx \
+lego --dns neodigit -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ NEODIGIT_TOKEN = "API token"
+ [Configuration.Additional]
+ NEODIGIT_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
+ NEODIGIT_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 300)"
+ NEODIGIT_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ NEODIGIT_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://developers.neodigit.net/#dns"
diff --git a/providers/dns/neodigit/neodigit_test.go b/providers/dns/neodigit/neodigit_test.go
new file mode 100644
index 000000000..39f67c59c
--- /dev/null
+++ b/providers/dns/neodigit/neodigit_test.go
@@ -0,0 +1,116 @@
+package neodigit
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvToken).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvToken: "secret",
+ },
+ },
+ {
+ desc: "missing credentials: token",
+ envVars: map[string]string{
+ EnvToken: "",
+ },
+ expected: "neodigit: some credentials information are missing: NEODIGIT_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.prv)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ token string
+ expected string
+ }{
+ {
+ desc: "success",
+ token: "secret",
+ },
+ {
+ desc: "missing token",
+ expected: "neodigit: missing credentials",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.Token = test.token
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.prv)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/netcup/internal/client.go b/providers/dns/netcup/internal/client.go
index 553733175..1287a8d7a 100644
--- a/providers/dns/netcup/internal/client.go
+++ b/providers/dns/netcup/internal/client.go
@@ -80,6 +80,7 @@ func (c *Client) GetDNSRecords(ctx context.Context, hostname string) ([]DNSRecor
}
var responseData InfoDNSRecordsResponse
+
err := c.doRequest(ctx, payload, &responseData)
if err != nil {
return nil, fmt.Errorf("error when sending the request: %w", err)
@@ -139,6 +140,7 @@ func GetDNSRecordIdx(records []DNSRecord, record DNSRecord) (int, error) {
return index, nil
}
}
+
return -1, errors.New("no DNS Record found")
}
@@ -173,6 +175,7 @@ func unmarshalResponseMsg(req *http.Request, resp *http.Response) (*ResponseMsg,
}
var respMsg ResponseMsg
+
err = json.Unmarshal(raw, &respMsg)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/netcup/internal/client_live_test.go b/providers/dns/netcup/internal/client_live_test.go
index 3cf6c8c0b..68621882e 100644
--- a/providers/dns/netcup/internal/client_live_test.go
+++ b/providers/dns/netcup/internal/client_live_test.go
@@ -38,7 +38,7 @@ func TestClient_GetDNSRecords_Live(t *testing.T) {
info := dns01.GetChallengeInfo(envTest.GetDomain(), "123d==")
zone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
- require.NoError(t, err, "error finding DNSZone")
+ require.NoError(t, err)
zone = dns01.UnFqdn(zone)
@@ -103,7 +103,7 @@ func TestClient_UpdateDNSRecord_Live(t *testing.T) {
// Tear down
err = client.UpdateDNSRecord(ctx, envTest.GetDomain(), []DNSRecord{records[recordIdx]})
- require.NoError(t, err, "Did not remove record! Please do so yourself.")
+ require.NoError(t, err)
err = client.Logout(ctx)
require.NoError(t, err)
diff --git a/providers/dns/netcup/internal/session.go b/providers/dns/netcup/internal/session.go
index 6627d74e1..b53751edf 100644
--- a/providers/dns/netcup/internal/session.go
+++ b/providers/dns/netcup/internal/session.go
@@ -24,6 +24,7 @@ func (c *Client) login(ctx context.Context) (string, error) {
}
var responseData LoginResponse
+
err := c.doRequest(ctx, payload, &responseData)
if err != nil {
return "", fmt.Errorf("loging error: %w", err)
diff --git a/providers/dns/netcup/netcup.go b/providers/dns/netcup/netcup.go
index f0544bbcd..13b329e07 100644
--- a/providers/dns/netcup/netcup.go
+++ b/providers/dns/netcup/netcup.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/netcup/internal"
)
@@ -92,7 +93,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, fmt.Errorf("netcup: %w", err)
}
- client.HTTPClient = config.HTTPClient
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
return &DNSProvider{client: client, config: config}, nil
}
diff --git a/providers/dns/netcup/netcup.toml b/providers/dns/netcup/netcup.toml
index 0df09b0df..4ef8688c6 100644
--- a/providers/dns/netcup/netcup.toml
+++ b/providers/dns/netcup/netcup.toml
@@ -8,7 +8,7 @@ Example = '''
NETCUP_CUSTOMER_NUMBER=xxxx \
NETCUP_API_KEY=yyyy \
NETCUP_API_PASSWORD=zzzz \
-lego --email you@example.com --dns netcup -d '*.example.com' -d example.com run
+lego --dns netcup -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/netcup/netcup_test.go b/providers/dns/netcup/netcup_test.go
index f9cc43ab9..fedc56ba9 100644
--- a/providers/dns/netcup/netcup_test.go
+++ b/providers/dns/netcup/netcup_test.go
@@ -72,6 +72,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -158,13 +159,14 @@ func TestLivePresentAndCleanup(t *testing.T) {
}
envTest.RestoreEnv()
+
p, err := NewDNSProvider()
require.NoError(t, err)
info := dns01.GetChallengeInfo(envTest.GetDomain(), "123d==")
zone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
- require.NoError(t, err, "error finding DNSZone")
+ require.NoError(t, err)
zone = dns01.UnFqdn(zone)
@@ -181,7 +183,7 @@ func TestLivePresentAndCleanup(t *testing.T) {
require.NoError(t, err)
err = p.CleanUp(test, "987d", "123d==")
- require.NoError(t, err, "Did not clean up! Please remove record yourself.")
+ require.NoError(t, err)
})
}
}
diff --git a/providers/dns/netlify/internal/client.go b/providers/dns/netlify/internal/client.go
index a8e3b35c3..3b6b681fe 100644
--- a/providers/dns/netlify/internal/client.go
+++ b/providers/dns/netlify/internal/client.go
@@ -59,6 +59,7 @@ func (c *Client) GetRecords(ctx context.Context, zoneID string) ([]DNSRecord, er
}
var records []DNSRecord
+
err = json.Unmarshal(raw, &records)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -93,6 +94,7 @@ func (c *Client) CreateRecord(ctx context.Context, zoneID string, record DNSReco
}
var recordResp DNSRecord
+
err = json.Unmarshal(raw, &recordResp)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/netlify/netlify.go b/providers/dns/netlify/netlify.go
index 1d4c78f4f..5b2980d24 100644
--- a/providers/dns/netlify/netlify.go
+++ b/providers/dns/netlify/netlify.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/netlify/internal"
)
@@ -84,7 +85,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("netlify: incomplete credentials, missing token")
}
- client := internal.NewClient(internal.OAuthStaticAccessToken(config.HTTPClient, config.Token))
+ client := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.Token),
+ ),
+ )
return &DNSProvider{
config: config,
@@ -144,6 +149,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("netlify: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
diff --git a/providers/dns/netlify/netlify.toml b/providers/dns/netlify/netlify.toml
index c5cb670f9..9d3c0f6b5 100644
--- a/providers/dns/netlify/netlify.toml
+++ b/providers/dns/netlify/netlify.toml
@@ -6,7 +6,7 @@ Since = "v3.7.0"
Example = '''
NETLIFY_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns netlify -d '*.example.com' -d example.com run
+lego --dns netlify -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/netlify/netlify_test.go b/providers/dns/netlify/netlify_test.go
index f351802da..1e84517be 100644
--- a/providers/dns/netlify/netlify_test.go
+++ b/providers/dns/netlify/netlify_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -93,6 +94,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -106,6 +108,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/nicmanager/internal/client.go b/providers/dns/nicmanager/internal/client.go
index eb84e29ec..16bfe497b 100644
--- a/providers/dns/nicmanager/internal/client.go
+++ b/providers/dns/nicmanager/internal/client.go
@@ -83,6 +83,7 @@ func (c *Client) GetZone(ctx context.Context, name string) (*Zone, error) {
}
var zone Zone
+
err = c.do(req, http.StatusOK, &zone)
if err != nil {
return nil, err
diff --git a/providers/dns/nicmanager/nicmanager.go b/providers/dns/nicmanager/nicmanager.go
index 2a5742373..9b27df64e 100644
--- a/providers/dns/nicmanager/nicmanager.go
+++ b/providers/dns/nicmanager/nicmanager.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/nicmanager/internal"
)
@@ -128,6 +129,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{client: client, config: config}, nil
}
@@ -188,8 +191,11 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
name := dns01.UnFqdn(info.EffectiveFQDN)
- var existingRecord internal.Record
- var existingRecordFound bool
+ var (
+ existingRecord internal.Record
+ existingRecordFound bool
+ )
+
for _, record := range zone.Records {
if strings.EqualFold(record.Type, "TXT") && strings.EqualFold(record.Name, name) && record.Content == info.Value {
existingRecord = record
diff --git a/providers/dns/nicmanager/nicmanager.toml b/providers/dns/nicmanager/nicmanager.toml
index 7fdf296c4..d5921de5a 100644
--- a/providers/dns/nicmanager/nicmanager.toml
+++ b/providers/dns/nicmanager/nicmanager.toml
@@ -13,7 +13,7 @@ NICMANAGER_API_PASSWORD = "password" \
# Optionally, if your account has TOTP enabled, set the secret here
NICMANAGER_API_OTP = "long-secret" \
-lego --email you@example.com --dns nicmanager -d '*.example.com' -d example.com run
+lego --dns nicmanager -d '*.example.com' -d example.com run
## Login using account name + username
@@ -24,7 +24,7 @@ NICMANAGER_API_PASSWORD = "password" \
# Optionally, if your account has TOTP enabled, set the secret here
NICMANAGER_API_OTP = "long-secret" \
-lego --email you@example.com --dns nicmanager -d '*.example.com' -d example.com run
+lego --dns nicmanager -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/nicmanager/nicmanager_test.go b/providers/dns/nicmanager/nicmanager_test.go
index bc2f50cc3..114cdb7ca 100644
--- a/providers/dns/nicmanager/nicmanager_test.go
+++ b/providers/dns/nicmanager/nicmanager_test.go
@@ -66,6 +66,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -159,6 +160,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -172,6 +174,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/nicru/internal/client.go b/providers/dns/nicru/internal/client.go
index 37acd68f1..5d851fc76 100644
--- a/providers/dns/nicru/internal/client.go
+++ b/providers/dns/nicru/internal/client.go
@@ -30,6 +30,7 @@ func (tr Trimmer) Token() (xml.Token, error) {
if cd, ok := t.(xml.CharData); ok {
t = xml.CharData(bytes.TrimSpace(cd))
}
+
return t, err
}
diff --git a/providers/dns/nicru/nicru.go b/providers/dns/nicru/nicru.go
index 9320f94c2..cf4255bdb 100644
--- a/providers/dns/nicru/nicru.go
+++ b/providers/dns/nicru/nicru.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/nicru/internal"
)
@@ -90,7 +91,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, fmt.Errorf("nicru: %w", err)
}
- client, err := internal.NewClient(oauthClient)
+ client, err := internal.NewClient(clientdebug.Wrap(oauthClient))
if err != nil {
return nil, fmt.Errorf("nicru: unable to build API client: %w", err)
}
diff --git a/providers/dns/nicru/nicru.toml b/providers/dns/nicru/nicru.toml
index 6bffe74a5..f955511a2 100644
--- a/providers/dns/nicru/nicru.toml
+++ b/providers/dns/nicru/nicru.toml
@@ -9,7 +9,7 @@ NICRU_USER="" \
NICRU_PASSWORD="" \
NICRU_SERVICE_ID="" \
NICRU_SECRET="" \
-lego --dns nicru --domains "*.example.com" --email you@example.com run
+lego --dns nicru -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/nicru/nicru_test.go b/providers/dns/nicru/nicru_test.go
index 12db3a4ff..7e71f9d2c 100644
--- a/providers/dns/nicru/nicru_test.go
+++ b/providers/dns/nicru/nicru_test.go
@@ -75,6 +75,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -171,6 +172,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -184,6 +186,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/nifcloud/internal/client.go b/providers/dns/nifcloud/internal/client.go
index 4469a1f78..0f3851883 100644
--- a/providers/dns/nifcloud/internal/client.go
+++ b/providers/dns/nifcloud/internal/client.go
@@ -59,6 +59,7 @@ func (c *Client) ChangeResourceRecordSets(ctx context.Context, hostedZoneID stri
}
output := &ChangeResourceRecordSetsResponse{}
+
err = c.do(req, output)
if err != nil {
return nil, err
@@ -77,6 +78,7 @@ func (c *Client) GetChange(ctx context.Context, statusID string) (*GetChangeResp
}
output := &GetChangeResponse{}
+
err = c.do(req, output)
if err != nil {
return nil, err
@@ -129,6 +131,7 @@ func (c *Client) sign(req *http.Request) error {
}
mac := hmac.New(sha1.New, []byte(c.secretKey))
+
_, err := mac.Write([]byte(req.Header.Get("Date")))
if err != nil {
return err
@@ -148,6 +151,7 @@ func newXMLRequest(ctx context.Context, method string, endpoint *url.URL, payloa
if payload != nil {
body.WriteString(xml.Header)
+
err := xml.NewEncoder(body).Encode(payload)
if err != nil {
return nil, fmt.Errorf("failed to create request XML body: %w", err)
@@ -170,6 +174,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errResp := &ErrorResponse{}
+
err := xml.Unmarshal(raw, errResp)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/nifcloud/nifcloud.go b/providers/dns/nifcloud/nifcloud.go
index e73333c52..ced7eff09 100644
--- a/providers/dns/nifcloud/nifcloud.go
+++ b/providers/dns/nifcloud/nifcloud.go
@@ -9,10 +9,12 @@ import (
"net/url"
"time"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/platform/wait"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/nifcloud/internal"
)
@@ -93,6 +95,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
if config.BaseURL != "" {
baseURL, err := url.Parse(config.BaseURL)
if err != nil {
@@ -107,23 +111,29 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- err := d.changeRecord("CREATE", info.EffectiveFQDN, info.Value, d.config.TTL)
+ err := d.changeRecord(ctx, "CREATE", info.EffectiveFQDN, info.Value, d.config.TTL)
if err != nil {
return fmt.Errorf("nifcloud: %w", err)
}
+
return err
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- err := d.changeRecord("DELETE", info.EffectiveFQDN, info.Value, d.config.TTL)
+ err := d.changeRecord(ctx, "DELETE", info.EffectiveFQDN, info.Value, d.config.TTL)
if err != nil {
return fmt.Errorf("nifcloud: %w", err)
}
+
return err
}
@@ -133,7 +143,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval
}
-func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
+func (d *DNSProvider) changeRecord(ctx context.Context, action, fqdn, value string, ttl int) error {
authZone, err := dns01.FindZoneByFqdn(fqdn)
if err != nil {
return fmt.Errorf("could not find zone: %w", err)
@@ -170,8 +180,6 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
},
}
- ctx := context.Background()
-
resp, err := d.client.ChangeResourceRecordSets(ctx, dns01.UnFqdn(authZone), reqParams)
if err != nil {
return fmt.Errorf("failed to change record set: %w", err)
@@ -179,11 +187,20 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
statusID := resp.ChangeInfo.ID
- return wait.For("nifcloud", 120*time.Second, 4*time.Second, func() (bool, error) {
- resp, err := d.client.GetChange(ctx, statusID)
- if err != nil {
- return false, fmt.Errorf("failed to query change status: %w", err)
- }
- return resp.ChangeInfo.Status == "INSYNC", nil
- })
+ return wait.Retry(ctx,
+ func() error {
+ resp, err := d.client.GetChange(ctx, statusID)
+ if err != nil {
+ return fmt.Errorf("get change: %w", err)
+ }
+
+ if resp.ChangeInfo.Status != "INSYNC" {
+ return fmt.Errorf("change status: %s", resp.ChangeInfo.Status)
+ }
+
+ return nil
+ },
+ backoff.WithBackOff(backoff.NewConstantBackOff(4*time.Second)),
+ backoff.WithMaxElapsedTime(120*time.Second),
+ )
}
diff --git a/providers/dns/nifcloud/nifcloud.toml b/providers/dns/nifcloud/nifcloud.toml
index b692bb9d3..3c43b1dc0 100644
--- a/providers/dns/nifcloud/nifcloud.toml
+++ b/providers/dns/nifcloud/nifcloud.toml
@@ -7,7 +7,7 @@ Since = "v1.1.0"
Example = '''
NIFCLOUD_ACCESS_KEY_ID=xxxx \
NIFCLOUD_SECRET_ACCESS_KEY=yyyy \
-lego --email you@example.com --dns nifcloud -d '*.example.com' -d example.com run
+lego --dns nifcloud -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/nifcloud/nifcloud_test.go b/providers/dns/nifcloud/nifcloud_test.go
index 9b635edfc..0eff98a71 100644
--- a/providers/dns/nifcloud/nifcloud_test.go
+++ b/providers/dns/nifcloud/nifcloud_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -129,6 +130,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -142,6 +144,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/njalla/internal/client.go b/providers/dns/njalla/internal/client.go
index f64db3c80..d2893253f 100644
--- a/providers/dns/njalla/internal/client.go
+++ b/providers/dns/njalla/internal/client.go
@@ -46,6 +46,7 @@ func (c *Client) AddRecord(ctx context.Context, record Record) (*Record, error)
}
var result APIResponse[*Record]
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -92,6 +93,7 @@ func (c *Client) ListRecords(ctx context.Context, domain string) ([]Record, erro
}
var result APIResponse[Records]
+
err = c.do(req, &result)
if err != nil {
return nil, err
diff --git a/providers/dns/njalla/njalla.go b/providers/dns/njalla/njalla.go
index b08ce69de..2f9aef8ea 100644
--- a/providers/dns/njalla/njalla.go
+++ b/providers/dns/njalla/njalla.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/njalla/internal"
"github.com/miekg/dns"
)
@@ -90,6 +91,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -145,6 +148,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("njalla: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
diff --git a/providers/dns/njalla/njalla.toml b/providers/dns/njalla/njalla.toml
index ef1fe158e..ff4750b7d 100644
--- a/providers/dns/njalla/njalla.toml
+++ b/providers/dns/njalla/njalla.toml
@@ -6,7 +6,7 @@ Since = "v4.3.0"
Example = '''
NJALLA_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns njalla -d '*.example.com' -d example.com run
+lego --dns njalla -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/njalla/njalla_test.go b/providers/dns/njalla/njalla_test.go
index f1489257b..61f106d75 100644
--- a/providers/dns/njalla/njalla_test.go
+++ b/providers/dns/njalla/njalla_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -95,6 +96,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -108,6 +110,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/nodion/nodion.go b/providers/dns/nodion/nodion.go
index 1fdc8b87d..4bc887568 100644
--- a/providers/dns/nodion/nodion.go
+++ b/providers/dns/nodion/nodion.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/nrdcg/nodion"
)
@@ -93,6 +94,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -169,6 +172,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.zoneIDsMu.Lock()
zoneID, ok := d.zoneIDs[token]
d.zoneIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("nodion: unknown zone ID for '%s' '%s'", info.EffectiveFQDN, token)
}
@@ -204,5 +208,9 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("regru: failed to remove TXT records [domain: %s]: %w", dns01.UnFqdn(authZone), err)
}
+ d.zoneIDsMu.Lock()
+ delete(d.zoneIDs, token)
+ d.zoneIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/nodion/nodion.toml b/providers/dns/nodion/nodion.toml
index 0888f96c3..c9db46e61 100644
--- a/providers/dns/nodion/nodion.toml
+++ b/providers/dns/nodion/nodion.toml
@@ -6,7 +6,7 @@ Since = "v4.11.0"
Example = '''
NODION_API_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns nodion -d '*.example.com' -d example.com run
+lego --dns nodion -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/nodion/nodion_test.go b/providers/dns/nodion/nodion_test.go
index fbf4b89eb..0ec5c1627 100644
--- a/providers/dns/nodion/nodion_test.go
+++ b/providers/dns/nodion/nodion_test.go
@@ -34,6 +34,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -91,6 +92,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -104,6 +106,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/ns1/ns1.go b/providers/dns/ns1/ns1.go
index c3bf168cb..6a7846e85 100644
--- a/providers/dns/ns1/ns1.go
+++ b/providers/dns/ns1/ns1.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"gopkg.in/ns1/ns1-go.v2/rest"
"gopkg.in/ns1/ns1-go.v2/rest/model/dns"
)
@@ -80,7 +81,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("ns1: credentials missing")
}
- client := rest.NewClient(config.HTTPClient, rest.SetAPIKey(config.APIKey))
+ if config.HTTPClient == nil {
+ // Because the rest.NewClient uses the http.DefaultClient.
+ config.HTTPClient = &http.Client{Timeout: 10 * time.Second}
+ }
+
+ client := rest.NewClient(clientdebug.Wrap(config.HTTPClient), rest.SetAPIKey(config.APIKey))
return &DNSProvider{client: client, config: config}, nil
}
@@ -141,10 +147,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
name := dns01.UnFqdn(info.EffectiveFQDN)
+
_, err = d.client.Records.Delete(zone.Zone, name, "TXT")
if err != nil {
return fmt.Errorf("ns1: failed to delete record [zone: %q, domain: %q]: %w", zone.Zone, name, err)
}
+
return nil
}
diff --git a/providers/dns/ns1/ns1.toml b/providers/dns/ns1/ns1.toml
index 2a6b10deb..829663bf5 100644
--- a/providers/dns/ns1/ns1.toml
+++ b/providers/dns/ns1/ns1.toml
@@ -6,7 +6,7 @@ Since = "v0.4.0"
Example = '''
NS1_API_KEY=xxxx \
-lego --email you@example.com --dns ns1 -d '*.example.com' -d example.com run
+lego --dns ns1 -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/ns1/ns1_test.go b/providers/dns/ns1/ns1_test.go
index 6df6b4afb..82fa70c52 100644
--- a/providers/dns/ns1/ns1_test.go
+++ b/providers/dns/ns1/ns1_test.go
@@ -37,6 +37,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -96,6 +97,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -109,6 +111,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/octenium/fixtures/add_dns_record.json b/providers/dns/octenium/fixtures/add_dns_record.json
new file mode 100644
index 000000000..25edcdf11
--- /dev/null
+++ b/providers/dns/octenium/fixtures/add_dns_record.json
@@ -0,0 +1,14 @@
+{
+ "api-status": "success",
+ "api-response": {
+ "record": {
+ "type": "TXT",
+ "name": "_acme-challenge.example.com.",
+ "ttl": 120,
+ "value": "w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI",
+ "raw": {
+ "txtdata": "w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI"
+ }
+ }
+ }
+}
diff --git a/providers/dns/octenium/fixtures/delete_dns_record.json b/providers/dns/octenium/fixtures/delete_dns_record.json
new file mode 100644
index 000000000..2aa9415cc
--- /dev/null
+++ b/providers/dns/octenium/fixtures/delete_dns_record.json
@@ -0,0 +1,11 @@
+{
+ "api-status": "success",
+ "api-response": {
+ "deleted": {
+ "count": 1,
+ "lines": [
+ 123
+ ]
+ }
+ }
+}
diff --git a/providers/dns/octenium/fixtures/list_dns_records.json b/providers/dns/octenium/fixtures/list_dns_records.json
new file mode 100644
index 000000000..405afff11
--- /dev/null
+++ b/providers/dns/octenium/fixtures/list_dns_records.json
@@ -0,0 +1,27 @@
+{
+ "api-status": "success",
+ "api-response": {
+ "records": [
+ {
+ "line": 31,
+ "type": "TXT",
+ "name": "_dmarc.example.com.",
+ "ttl": 300,
+ "value": "xxx",
+ "raw": {
+ "txtdata": "xxx"
+ }
+ },
+ {
+ "line": 123,
+ "type": "TXT",
+ "name": "_acme-challenge.example.com.",
+ "ttl": 300,
+ "value": "w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI",
+ "raw": {
+ "txtdata": "w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI"
+ }
+ }
+ ]
+ }
+}
diff --git a/providers/dns/octenium/fixtures/list_domains.json b/providers/dns/octenium/fixtures/list_domains.json
new file mode 100644
index 000000000..a62febcda
--- /dev/null
+++ b/providers/dns/octenium/fixtures/list_domains.json
@@ -0,0 +1,13 @@
+{
+ "api-status": "success",
+ "api-response": {
+ "domains": {
+ "2976": {
+ "domain-name": "example.com",
+ "registration-date": "21\/08\/2025",
+ "expiration-date": "-",
+ "status": "active"
+ }
+ }
+ }
+}
diff --git a/providers/dns/octenium/internal/client.go b/providers/dns/octenium/internal/client.go
new file mode 100644
index 000000000..474770aeb
--- /dev/null
+++ b/providers/dns/octenium/internal/client.go
@@ -0,0 +1,204 @@
+package internal
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ querystring "github.com/google/go-querystring/query"
+)
+
+const defaultBaseURL = "https://api.panel.octenium.com/"
+
+const statusSuccess = "success"
+
+// Client the Octenium API client.
+type Client struct {
+ apiKey string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(apiKey string) (*Client, error) {
+ if apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ apiKey: apiKey,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+// ListDomains retrieves a list of domains.
+// https://octenium.com/api#tag/Domains/operation/listdomains
+func (c *Client) ListDomains(ctx context.Context, domain string) (map[string]Domain, error) {
+ endpoint := c.BaseURL.JoinPath("domains")
+
+ data := endpoint.Query()
+ data.Set("domain-name", domain)
+ endpoint.RawQuery = data.Encode()
+
+ req, err := newRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &DomainsResponse{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Domains, nil
+}
+
+// ListDNSRecords retrieves a list of DNS records.
+// https://octenium.com/api#tag/Domains-DNS/operation/domains-dns-records-list
+func (c *Client) ListDNSRecords(ctx context.Context, orderID, recordType string) ([]Record, error) {
+ endpoint := c.BaseURL.JoinPath("domains", "dns-records", "list")
+
+ data := make(url.Values)
+ data.Set("order-id", orderID)
+ data.Set("types[]", recordType)
+
+ req, err := newRequest(ctx, http.MethodPost, endpoint, data)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &ListRecordsResponse{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Records, nil
+}
+
+// AddDNSRecord adds a DNS record.
+// https://octenium.com/api#tag/Domains-DNS/operation/domains-dns-records-add
+func (c *Client) AddDNSRecord(ctx context.Context, orderID string, record Record) (*Record, error) {
+ endpoint := c.BaseURL.JoinPath("domains", "dns-records", "add")
+
+ data, err := querystring.Values(record)
+ if err != nil {
+ return nil, err
+ }
+
+ data.Set("order-id", orderID)
+
+ req, err := newRequest(ctx, http.MethodPost, endpoint, data)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &AddRecordResponse{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Record, nil
+}
+
+// DeleteDNSRecord deletes a DNS record.
+// https://octenium.com/api#tag/Domains-DNS/operation/domains-dns-records-delete
+func (c *Client) DeleteDNSRecord(ctx context.Context, orderID string, recordID int) (*DeletedRecordInfo, error) {
+ endpoint := c.BaseURL.JoinPath("domains", "dns-records", "delete")
+
+ data := make(url.Values)
+ data.Set("order-id", orderID)
+ data.Set("line", strconv.Itoa(recordID))
+
+ req, err := newRequest(ctx, http.MethodPost, endpoint, data)
+ if err != nil {
+ return nil, err
+ }
+
+ result := &DeleteRecordResponse{}
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Deleted, nil
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ req.Header.Set("X-Api-Key", c.apiKey)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ var response APIResponse
+
+ err = json.Unmarshal(raw, &response)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ if response.Status != statusSuccess {
+ return fmt.Errorf("unexpected status: %s: %s", response.Status, response.Error)
+ }
+
+ err = json.Unmarshal(response.Response, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, response.Response, err)
+ }
+
+ return nil
+}
+
+func newRequest(ctx context.Context, method string, endpoint *url.URL, payload url.Values) (*http.Request, error) {
+ var body io.Reader = http.NoBody
+
+ if method == http.MethodPost && payload != nil {
+ body = strings.NewReader(payload.Encode())
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), body)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if method == http.MethodPost && payload != nil {
+ req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+ }
+
+ return req, nil
+}
diff --git a/providers/dns/octenium/internal/client_test.go b/providers/dns/octenium/internal/client_test.go
new file mode 100644
index 000000000..ff1b21961
--- /dev/null
+++ b/providers/dns/octenium/internal/client_test.go
@@ -0,0 +1,224 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithAccept("application/json").
+ With("X-Api-Key", "secret"),
+ )
+}
+
+func TestClient_ListDomains(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /domains",
+ servermock.ResponseFromFixture("list_domains.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("domain-name", "example.com")).
+ Build(t)
+
+ domains, err := client.ListDomains(t.Context(), "example.com")
+ require.NoError(t, err)
+
+ expected := map[string]Domain{
+ "2976": {DomainName: "example.com", RegistrationDate: "12/09/2021", ExpirationDate: "12/09/2024", Status: "active"},
+ "2977": {DomainName: "example.org", RegistrationDate: "01/10/2021", ExpirationDate: "01/10/2024", Status: "active"},
+ "2978": {DomainName: "example.net", RegistrationDate: "21/08/2025", ExpirationDate: "-", Status: "active"},
+ }
+
+ assert.Equal(t, expected, domains)
+}
+
+func TestClient_ListDomains_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /domains",
+ servermock.Noop().WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ _, err := client.ListDomains(t.Context(), "example.com")
+ require.EqualError(t, err, "unexpected status code: [status code: 400] body: ")
+}
+
+func TestClient_ListDomains_api_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /domains",
+ servermock.ResponseFromFixture("error.json")).
+ Build(t)
+
+ _, err := client.ListDomains(t.Context(), "example.com")
+ require.EqualError(t, err, "unexpected status: error: missing required fields (type, name, ttl)")
+}
+
+func TestClient_ListDNSRecords(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/list",
+ servermock.ResponseFromFixture("list_dns_records.json"),
+ servermock.CheckHeader().
+ WithContentType("application/x-www-form-urlencoded"),
+ servermock.CheckForm().Strict().
+ With("order-id", "abc").
+ With("types[]", "TXT")).
+ Build(t)
+
+ records, err := client.ListDNSRecords(t.Context(), "abc", "TXT")
+ require.NoError(t, err)
+
+ expected := []Record{
+ {ID: 15, Type: "A", Name: "example.com.", TTL: 14400, Value: "203.0.113.10"},
+ {ID: 22, Type: "MX", Name: "example.com.", TTL: 14400, Value: "10 mail.example.com."},
+ {ID: 31, Type: "TXT", Name: "_dmarc.example.com.", TTL: 300, Value: "v=DMARC1; p=none; rua=mailto:dmarc@example.com"},
+ }
+
+ assert.Equal(t, expected, records)
+}
+
+func TestClient_ListDNSRecords_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/list",
+ servermock.Noop().WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ _, err := client.ListDNSRecords(t.Context(), "abc", "TXT")
+ require.EqualError(t, err, "unexpected status code: [status code: 400] body: ")
+}
+
+func TestClient_ListDNSRecords_api_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/list",
+ servermock.ResponseFromFixture("error.json")).
+ Build(t)
+
+ _, err := client.ListDNSRecords(t.Context(), "abc", "TXT")
+ require.EqualError(t, err, "unexpected status: error: missing required fields (type, name, ttl)")
+}
+
+func TestClient_AddDNSRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/add",
+ servermock.ResponseFromFixture("add_dns_record.json"),
+ servermock.CheckHeader().
+ WithContentType("application/x-www-form-urlencoded"),
+ servermock.CheckForm().Strict().
+ With("order-id", "abc").
+ With("name", "example.com.").
+ With("ttl", "120").
+ With("type", "TXT").
+ With("value", "txtTXTtxt")).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Name: "example.com.",
+ TTL: 120,
+ Value: "txtTXTtxt",
+ }
+
+ result, err := client.AddDNSRecord(t.Context(), "abc", record)
+ require.NoError(t, err)
+
+ expected := &Record{
+ Type: "A",
+ Name: "example.com.",
+ TTL: 14400,
+ Value: "203.0.113.10",
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_AddDNSRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/add",
+ servermock.Noop().WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Name: "example.com.",
+ TTL: 120,
+ Value: "txtTXTtxt",
+ }
+
+ _, err := client.AddDNSRecord(t.Context(), "abc", record)
+ require.EqualError(t, err, "unexpected status code: [status code: 400] body: ")
+}
+
+func TestClient_AddDNSRecord_api_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/add",
+ servermock.ResponseFromFixture("error.json")).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Name: "example.com.",
+ TTL: 120,
+ Value: "txtTXTtxt",
+ }
+
+ _, err := client.AddDNSRecord(t.Context(), "abc", record)
+ require.EqualError(t, err, "unexpected status: error: missing required fields (type, name, ttl)")
+}
+
+func TestClient_DeleteDNSRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/delete",
+ servermock.ResponseFromFixture("delete_dns_record.json"),
+ servermock.CheckHeader().
+ WithContentType("application/x-www-form-urlencoded"),
+ servermock.CheckForm().Strict().
+ With("order-id", "abc").
+ With("line", "123")).
+ Build(t)
+
+ result, err := client.DeleteDNSRecord(t.Context(), "abc", 123)
+ require.NoError(t, err)
+
+ expected := &DeletedRecordInfo{
+ Count: 1,
+ Lines: []int{15},
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_DeleteDNSRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/delete",
+ servermock.Noop().WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ _, err := client.DeleteDNSRecord(t.Context(), "abc", 123)
+ require.EqualError(t, err, "unexpected status code: [status code: 400] body: ")
+}
+
+func TestClient_DeleteDNSRecord_api_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/dns-records/delete",
+ servermock.ResponseFromFixture("error.json")).
+ Build(t)
+
+ _, err := client.DeleteDNSRecord(t.Context(), "abc", 123)
+ require.EqualError(t, err, "unexpected status: error: missing required fields (type, name, ttl)")
+}
diff --git a/providers/dns/octenium/internal/fixtures/add_dns_record.json b/providers/dns/octenium/internal/fixtures/add_dns_record.json
new file mode 100644
index 000000000..6c73ea1f9
--- /dev/null
+++ b/providers/dns/octenium/internal/fixtures/add_dns_record.json
@@ -0,0 +1,14 @@
+{
+ "api-status": "success",
+ "api-response": {
+ "record": {
+ "type": "A",
+ "name": "example.com.",
+ "ttl": 14400,
+ "value": "203.0.113.10",
+ "raw": {
+ "address": "203.0.113.10"
+ }
+ }
+ }
+}
diff --git a/providers/dns/octenium/internal/fixtures/delete_dns_record.json b/providers/dns/octenium/internal/fixtures/delete_dns_record.json
new file mode 100644
index 000000000..0d4692ffd
--- /dev/null
+++ b/providers/dns/octenium/internal/fixtures/delete_dns_record.json
@@ -0,0 +1,11 @@
+{
+ "api-status": "success",
+ "api-response": {
+ "deleted": {
+ "count": 1,
+ "lines": [
+ 15
+ ]
+ }
+ }
+}
diff --git a/providers/dns/octenium/internal/fixtures/error.json b/providers/dns/octenium/internal/fixtures/error.json
new file mode 100644
index 000000000..85a90e425
--- /dev/null
+++ b/providers/dns/octenium/internal/fixtures/error.json
@@ -0,0 +1,5 @@
+{
+ "api-status": "error",
+ "api-response": [],
+ "api-error": "missing required fields (type, name, ttl)"
+}
diff --git a/providers/dns/octenium/internal/fixtures/list_dns_records.json b/providers/dns/octenium/internal/fixtures/list_dns_records.json
new file mode 100644
index 000000000..8fa60d86f
--- /dev/null
+++ b/providers/dns/octenium/internal/fixtures/list_dns_records.json
@@ -0,0 +1,38 @@
+{
+ "api-status": "success",
+ "api-response": {
+ "records": [
+ {
+ "line": 15,
+ "type": "A",
+ "name": "example.com.",
+ "ttl": 14400,
+ "value": "203.0.113.10",
+ "raw": {
+ "address": "203.0.113.10"
+ }
+ },
+ {
+ "line": 22,
+ "type": "MX",
+ "name": "example.com.",
+ "ttl": 14400,
+ "value": "10 mail.example.com.",
+ "raw": {
+ "preference": 10,
+ "exchange": "mail.example.com."
+ }
+ },
+ {
+ "line": 31,
+ "type": "TXT",
+ "name": "_dmarc.example.com.",
+ "ttl": 300,
+ "value": "v=DMARC1; p=none; rua=mailto:dmarc@example.com",
+ "raw": {
+ "txtdata": "v=DMARC1; p=none; rua=mailto:dmarc@example.com"
+ }
+ }
+ ]
+ }
+}
diff --git a/providers/dns/octenium/internal/fixtures/list_domains.json b/providers/dns/octenium/internal/fixtures/list_domains.json
new file mode 100644
index 000000000..b10b705c9
--- /dev/null
+++ b/providers/dns/octenium/internal/fixtures/list_domains.json
@@ -0,0 +1,25 @@
+{
+ "api-status": "success",
+ "api-response": {
+ "domains": {
+ "2976": {
+ "domain-name": "example.com",
+ "registration-date": "12/09/2021",
+ "expiration-date": "12/09/2024",
+ "status": "active"
+ },
+ "2977": {
+ "domain-name": "example.org",
+ "registration-date": "01/10/2021",
+ "expiration-date": "01/10/2024",
+ "status": "active"
+ },
+ "2978": {
+ "domain-name": "example.net",
+ "registration-date": "21\/08\/2025",
+ "expiration-date": "-",
+ "status": "active"
+ }
+ }
+ }
+}
diff --git a/providers/dns/octenium/internal/types.go b/providers/dns/octenium/internal/types.go
new file mode 100644
index 000000000..a31e40921
--- /dev/null
+++ b/providers/dns/octenium/internal/types.go
@@ -0,0 +1,45 @@
+package internal
+
+import "encoding/json"
+
+type APIResponse struct {
+ Status string `json:"api-status,omitempty"`
+ Response json.RawMessage `json:"api-response,omitempty"`
+ Error string `json:"api-error,omitempty"`
+}
+
+type Domain struct {
+ DomainName string `json:"domain-name,omitempty"`
+ RegistrationDate string `json:"registration-date,omitempty"`
+ ExpirationDate string `json:"expiration-date,omitempty"`
+ Status string `json:"status,omitempty"`
+}
+
+type Record struct {
+ ID int `json:"line,omitempty" url:"-"`
+ Type string `json:"type,omitempty" url:"type,omitempty"`
+ Name string `json:"name,omitempty" url:"name,omitempty"`
+ TTL int `json:"ttl,omitempty" url:"ttl,omitempty"`
+ Value string `json:"value,omitempty" url:"value,omitempty"`
+}
+
+type DomainsResponse struct {
+ Domains map[string]Domain `json:"domains,omitempty"`
+}
+
+type AddRecordResponse struct {
+ Record *Record `json:"record,omitempty"`
+}
+
+type ListRecordsResponse struct {
+ Records []Record `json:"records,omitempty"`
+}
+
+type DeleteRecordResponse struct {
+ Deleted *DeletedRecordInfo `json:"deleted,omitempty"`
+}
+
+type DeletedRecordInfo struct {
+ Count int `json:"count,omitempty"`
+ Lines []int `json:"lines,omitempty"`
+}
diff --git a/providers/dns/octenium/octenium.go b/providers/dns/octenium/octenium.go
new file mode 100644
index 000000000..6032dcce1
--- /dev/null
+++ b/providers/dns/octenium/octenium.go
@@ -0,0 +1,204 @@
+// Package octenium implements a DNS provider for solving the DNS-01 challenge using Octenium.
+package octenium
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/log"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/octenium/internal"
+ "github.com/hashicorp/go-retryablehttp"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "OCTENIUM_"
+
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ domainIDs map[string]string
+ domainIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Octenium.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("octenium: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Octenium.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("octenium: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("octenium: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ retryClient := retryablehttp.NewClient()
+ retryClient.RetryMax = 5
+ retryClient.HTTPClient = client.HTTPClient
+ retryClient.Logger = log.Logger
+
+ client.HTTPClient = clientdebug.Wrap(retryClient.StandardClient())
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ domainIDs: make(map[string]string),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("octenium: could not find zone for domain '%s': %w", domain, err)
+ }
+
+ domainID, err := d.getDomainID(ctx, authZone)
+ if err != nil {
+ return fmt.Errorf("octenium: get domain ID: %w", err)
+ }
+
+ d.domainIDsMu.Lock()
+ d.domainIDs[token] = domainID
+ d.domainIDsMu.Unlock()
+
+ record := internal.Record{
+ Type: "TXT",
+ Name: info.EffectiveFQDN,
+ TTL: d.config.TTL,
+ Value: info.Value,
+ }
+
+ _, err = d.client.AddDNSRecord(ctx, domainID, record)
+ if err != nil {
+ return fmt.Errorf("octenium: add record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.domainIDsMu.Lock()
+ domainID, ok := d.domainIDs[token]
+ d.domainIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("octenium: unknown domain ID for '%s'", info.EffectiveFQDN)
+ }
+
+ records, err := d.client.ListDNSRecords(ctx, domainID, "TXT")
+ if err != nil {
+ return fmt.Errorf("octenium: list records: %w", err)
+ }
+
+ for _, record := range records {
+ if record.Type != "TXT" || record.Name != info.EffectiveFQDN || record.Value != info.Value {
+ continue
+ }
+
+ _, err = d.client.DeleteDNSRecord(ctx, domainID, record.ID)
+ if err != nil {
+ return fmt.Errorf("octenium: delete record: %w", err)
+ }
+
+ break
+ }
+
+ d.domainIDsMu.Lock()
+ delete(d.domainIDs, token)
+ d.domainIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+func (d *DNSProvider) getDomainID(ctx context.Context, authZone string) (string, error) {
+ domains, err := d.client.ListDomains(ctx, dns01.UnFqdn(authZone))
+ if err != nil {
+ return "", fmt.Errorf("list domains: %w", err)
+ }
+
+ if len(domains) == 0 {
+ return "", errors.New("domain not found")
+ }
+
+ if len(domains) > 1 {
+ return "", errors.New("multiple domains found")
+ }
+
+ for id := range domains {
+ return id, nil
+ }
+
+ return "", errors.New("domain ID not found")
+}
diff --git a/providers/dns/octenium/octenium.toml b/providers/dns/octenium/octenium.toml
new file mode 100644
index 000000000..e3c9d894f
--- /dev/null
+++ b/providers/dns/octenium/octenium.toml
@@ -0,0 +1,22 @@
+Name = "Octenium"
+Description = ''''''
+URL = "https://octenium.com/"
+Code = "octenium"
+Since = "v4.27.0"
+
+Example = '''
+OCTENIUM_API_KEY="xxx" \
+lego --dns octenium -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ OCTENIUM_API_KEY = "API key"
+ [Configuration.Additional]
+ OCTENIUM_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ OCTENIUM_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ OCTENIUM_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ OCTENIUM_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://octenium.com/api#tag/Domains-DNS"
diff --git a/providers/dns/octenium/octenium_test.go b/providers/dns/octenium/octenium_test.go
new file mode 100644
index 000000000..dbb8d64b3
--- /dev/null
+++ b/providers/dns/octenium/octenium_test.go
@@ -0,0 +1,198 @@
+package octenium
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIKey: "secret",
+ },
+ },
+ {
+ desc: "missing API key",
+ envVars: map[string]string{
+ EnvAPIKey: "",
+ },
+ expected: "octenium: some credentials information are missing: OCTENIUM_API_KEY",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "octenium: some credentials information are missing: OCTENIUM_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing API key",
+ expected: "octenium: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "octenium: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIKey = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithAccept("application/json").
+ With("X-Api-Key", "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /domains",
+ servermock.ResponseFromFixture("list_domains.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("domain-name", "example.com")).
+ Route("POST /domains/dns-records/add",
+ servermock.ResponseFromFixture("add_dns_record.json"),
+ servermock.CheckHeader().
+ WithContentType("application/x-www-form-urlencoded"),
+ servermock.CheckForm().Strict().
+ With("order-id", "2976").
+ With("name", "_acme-challenge.example.com.").
+ With("ttl", "120").
+ With("type", "TXT").
+ With("value", "w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI")).
+ Build(t)
+
+ err := provider.Present("example.com", "", "foobar")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /domains/dns-records/list",
+ servermock.ResponseFromFixture("list_dns_records.json"),
+ servermock.CheckHeader().
+ WithContentType("application/x-www-form-urlencoded"),
+ servermock.CheckForm().Strict().
+ With("order-id", "2976").
+ With("types[]", "TXT")).
+ Route("POST /domains/dns-records/delete",
+ servermock.ResponseFromFixture("delete_dns_record.json"),
+ servermock.CheckHeader().
+ WithContentType("application/x-www-form-urlencoded"),
+ servermock.CheckForm().Strict().
+ With("order-id", "2976").
+ With("line", "123")).
+ Build(t)
+
+ provider.domainIDs["token"] = "2976"
+
+ err := provider.CleanUp("example.com", "token", "foobar")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/oraclecloud/configprovider.go b/providers/dns/oraclecloud/configprovider.go
deleted file mode 100644
index 7a51811a6..000000000
--- a/providers/dns/oraclecloud/configprovider.go
+++ /dev/null
@@ -1,97 +0,0 @@
-package oraclecloud
-
-import (
- "crypto/rsa"
- "encoding/base64"
- "errors"
- "fmt"
- "os"
-
- "github.com/go-acme/lego/v4/platform/config/env"
- "github.com/nrdcg/oci-go-sdk/common/v1065"
-)
-
-type configProvider struct {
- values map[string]string
- privateKeyPassphrase string
-}
-
-func newConfigProvider(values map[string]string) *configProvider {
- return &configProvider{
- values: values,
- privateKeyPassphrase: env.GetOrFile(EnvPrivKeyPass),
- }
-}
-
-func (p *configProvider) PrivateRSAKey() (*rsa.PrivateKey, error) {
- privateKey, err := getPrivateKey(envPrivKey)
- if err != nil {
- return nil, err
- }
-
- return common.PrivateKeyFromBytesWithPassword(privateKey, []byte(p.privateKeyPassphrase))
-}
-
-func (p *configProvider) KeyID() (string, error) {
- tenancy, err := p.TenancyOCID()
- if err != nil {
- return "", err
- }
-
- user, err := p.UserOCID()
- if err != nil {
- return "", err
- }
-
- fingerprint, err := p.KeyFingerprint()
- if err != nil {
- return "", err
- }
-
- return fmt.Sprintf("%s/%s/%s", tenancy, user, fingerprint), nil
-}
-
-func (p *configProvider) TenancyOCID() (value string, err error) {
- return p.values[EnvTenancyOCID], nil
-}
-
-func (p *configProvider) UserOCID() (string, error) {
- return p.values[EnvUserOCID], nil
-}
-
-func (p *configProvider) KeyFingerprint() (string, error) {
- return p.values[EnvPubKeyFingerprint], nil
-}
-
-func (p *configProvider) Region() (string, error) {
- return p.values[EnvRegion], nil
-}
-
-func (p *configProvider) AuthType() (common.AuthConfig, error) {
- // Inspired by https://github.com/oracle/oci-go-sdk/blob/e7635c292e60d0a9dcdd3a1e7de180d7c99b1eee/common/configuration.go#L231-L234
- return common.AuthConfig{AuthType: common.UnknownAuthenticationType}, errors.New("unsupported, keep the interface")
-}
-
-func getPrivateKey(envVar string) ([]byte, error) {
- envVarValue := os.Getenv(envVar)
- if envVarValue != "" {
- bytes, err := base64.StdEncoding.DecodeString(envVarValue)
- if err != nil {
- return nil, fmt.Errorf("failed to read base64 value %s (defined by env var %s): %w", envVarValue, envVar, err)
- }
- return bytes, nil
- }
-
- fileVar := envVar + "_FILE"
- fileVarValue := os.Getenv(fileVar)
- if fileVarValue == "" {
- return nil, fmt.Errorf("no value provided for: %s or %s", envVar, fileVar)
- }
-
- fileContents, err := os.ReadFile(fileVarValue)
- if err != nil {
- return nil, fmt.Errorf("failed to read the file %s (defined by env var %s): %w", fileVarValue, fileVar, err)
- }
-
- return fileContents, nil
-}
diff --git a/providers/dns/oraclecloud/configurationprovider.go b/providers/dns/oraclecloud/configurationprovider.go
new file mode 100644
index 000000000..97710108c
--- /dev/null
+++ b/providers/dns/oraclecloud/configurationprovider.go
@@ -0,0 +1,144 @@
+package oraclecloud
+
+import (
+ "crypto/rsa"
+ "encoding/base64"
+ "errors"
+ "fmt"
+ "os"
+ "slices"
+ "strings"
+
+ "github.com/go-acme/lego/v4/log"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/nrdcg/oci-go-sdk/common/v1065"
+)
+
+type environmentConfigurationProvider struct {
+ values map[string]string
+}
+
+func newEnvironmentConfigurationProvider() (*environmentConfigurationProvider, error) {
+ values, err := env.GetWithFallback(
+ []string{EnvRegion, altEnvTFVarRegion},
+ []string{EnvUserOCID, altEnvTFVarUserOCID},
+ []string{EnvTenancyOCID, altEnvTFVarTenancyOCID},
+ []string{EnvPubKeyFingerprint, altEnvFingerprint, altEnvTFVarFingerprint},
+ )
+ if err != nil {
+ return nil, err
+ }
+
+ return &environmentConfigurationProvider{
+ values: values,
+ }, nil
+}
+
+func (p *environmentConfigurationProvider) PrivateRSAKey() (*rsa.PrivateKey, error) {
+ privateKey, err := getPrivateKey()
+ if err != nil {
+ return nil, err
+ }
+
+ return common.PrivateKeyFromBytesWithPassword(privateKey, []byte(p.privateKeyPassword()))
+}
+
+func (p *environmentConfigurationProvider) KeyID() (string, error) {
+ tenancy, err := p.TenancyOCID()
+ if err != nil {
+ return "", err
+ }
+
+ user, err := p.UserOCID()
+ if err != nil {
+ return "", err
+ }
+
+ fingerprint, err := p.KeyFingerprint()
+ if err != nil {
+ return "", err
+ }
+
+ return fmt.Sprintf("%s/%s/%s", tenancy, user, fingerprint), nil
+}
+
+func (p *environmentConfigurationProvider) TenancyOCID() (string, error) {
+ return p.values[EnvTenancyOCID], nil
+}
+
+func (p *environmentConfigurationProvider) UserOCID() (string, error) {
+ return p.values[EnvUserOCID], nil
+}
+
+func (p *environmentConfigurationProvider) KeyFingerprint() (string, error) {
+ return p.values[EnvPubKeyFingerprint], nil
+}
+
+func (p *environmentConfigurationProvider) Region() (string, error) {
+ return p.values[EnvRegion], nil
+}
+
+func (p *environmentConfigurationProvider) AuthType() (common.AuthConfig, error) {
+ // Inspired by https://github.com/oracle/oci-go-sdk/blob/e7635c292e60d0a9dcdd3a1e7de180d7c99b1eee/common/configuration.go#L231-L234
+ return common.AuthConfig{AuthType: common.UnknownAuthenticationType}, errors.New("unsupported, keep the interface")
+}
+
+func (p *environmentConfigurationProvider) privateKeyPassword() string {
+ return env.GetOneWithFallback(EnvPrivKeyPass, "", env.ParseString, altEnvPrivateKeyPassword, altEnvTFVarPrivateKeyPassword)
+}
+
+func getPrivateKey() ([]byte, error) {
+ base64EnvKeys := []string{envPrivKey, altEnvPrivateKey}
+
+ envVarValue := getEnvWithStrictFallback(base64EnvKeys...)
+ if envVarValue != "" {
+ bytes, err := base64.StdEncoding.DecodeString(envVarValue)
+ if err != nil {
+ return nil, fmt.Errorf("failed to read base64 value %s (defined by env vars %s): %w", envVarValue,
+ strings.Join(base64EnvKeys, " or "), err)
+ }
+
+ return bytes, nil
+ }
+
+ fileEnvKeys := []string{EnvPrivKeyFile, altEnvPrivateKeyPath, altEnvTFVarPrivateKeyPath}
+
+ fileVarValue := getEnvFileWithStrictFallback(fileEnvKeys...)
+ if len(fileVarValue) == 0 {
+ return nil, fmt.Errorf("no value provided for: %s",
+ strings.Join(slices.Concat(base64EnvKeys, fileEnvKeys), " or "),
+ )
+ }
+
+ return fileVarValue, nil
+}
+
+func getEnvWithStrictFallback(keys ...string) string {
+ for _, key := range keys {
+ envVarValue := os.Getenv(key)
+ if envVarValue != "" {
+ return envVarValue
+ }
+ }
+
+ return ""
+}
+
+func getEnvFileWithStrictFallback(keys ...string) []byte {
+ for _, key := range keys {
+ fileVarValue := os.Getenv(key)
+ if fileVarValue == "" {
+ continue
+ }
+
+ fileContents, err := os.ReadFile(fileVarValue)
+ if err != nil {
+ log.Printf("Failed to read the file %s (defined by env var %s): %s", fileVarValue, key, err)
+ return nil
+ }
+
+ return fileContents
+ }
+
+ return nil
+}
diff --git a/providers/dns/oraclecloud/fixtures/cert.pem b/providers/dns/oraclecloud/fixtures/cert.pem
new file mode 100644
index 000000000..fc1dcfb53
--- /dev/null
+++ b/providers/dns/oraclecloud/fixtures/cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHzCCAgegAwIBAgIQKIExaCLIXtXecrT1dWGLszANBgkqhkiG9w0BAQsFADAS
+MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
+MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwM4wEPHOGAu8tZNNWx3cH6AMuqKwAmB2RwbA3OK034MzhydOjnDm
+igw93eUc4nd3dnICyNpb2rbP9FgGlAuMlJ8raHQkG4DSXF1Bf14neOhLpfBItaX9
++EB3oO0NupKZhaHrsTKzLGD7bauAPX6PDXuAPp3u5mgGGuZjpLZoKqg3//WImb/2
+xEMVsmvPKTb5FxS/tAMtywjGSUtCTCrudUEh4Gnj6IboVdwYmt539ETDK/Rerxf3
+/GsmEbuOkDUdBixQwLo0U+UAoMOw4zoyQDrrtyUmvffDxI50RAdZDFyFtqZ0ZQa8
+lQqrMdQdf+x1Wb7BKozSktAw4igRP/mknQIDAQABo28wbTAOBgNVHQ8BAf8EBAMC
+AqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUcetTliVbYxxutNS8JRkotRY4DRkwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcw
+DQYJKoZIhvcNAQELBQADggEBAEJP74/XB+12aGQ+EMERIX2Pn6YaaBLt6rTLqV7A
+zFxI9YGIc4xlGa0qkpDhpz6RSypTQG6HN5aZ5b8dz3foMleUVP2cXd8zduc8GQCb
+p4/8PpEhSl6dQb5+mg/qyHGUAaDl40VAbTLXHtn98dhacaJc+TKuXVJAgYRU3Sm3
+wFJxULZSnx+aGdE9s2brOGhvz1fVWnhvWzDvJSM+8xDURz8UiEnimTpV6m3CKItz
+2GatNjM8ADKC7MHQI4I5v4fEwronN/g3NfPfFSmnOKk+lPSAW42WEvhFol+2VvdX
+3p5X2QracSLCIj/DUBebZP9110C8Lj/YfFtOjFokqtQ9Fh4=
+-----END CERTIFICATE-----
diff --git a/providers/dns/oraclecloud/fixtures/key.pem b/providers/dns/oraclecloud/fixtures/key.pem
new file mode 100644
index 000000000..1a56bb5a4
--- /dev/null
+++ b/providers/dns/oraclecloud/fixtures/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAzjAQ8c4YC7y1
+k01bHdwfoAy6orACYHZHBsDc4rTfgzOHJ06OcOaKDD3d5Rzid3d2cgLI2lvats/0
+WAaUC4yUnytodCQbgNJcXUF/Xid46Eul8Ei1pf34QHeg7Q26kpmFoeuxMrMsYPtt
+q4A9fo8Ne4A+ne7maAYa5mOktmgqqDf/9YiZv/bEQxWya88pNvkXFL+0Ay3LCMZJ
+S0JMKu51QSHgaePohuhV3Bia3nf0RMMr9F6vF/f8ayYRu46QNR0GLFDAujRT5QCg
+w7DjOjJAOuu3JSa998PEjnREB1kMXIW2pnRlBryVCqsx1B1/7HVZvsEqjNKS0DDi
+KBE/+aSdAgMBAAECggEAWl2pWJ/ErS9/HIl0NbMKk0YEAUuz/AEzHnoTVdPp22KW
+eY+aOZe/7c7sBj7WqWw98SVhmbsCV0HcuNSzDJtXIedyRGw+6icYMVNCGgzKqlgR
+8K3snjq1DLBGgYXpq9r/Got4ON6e7LttzIqXufrB2JtcUbzbFmGGDwCRjkcyDl9l
+M8ufwD/Xgcd2L8jainU43d2pVxvxUIpRlRdoupCCSlkRYPsXiWlqav7YO4F/Txos
+z3gJyzkXzc3WwfNZdQtEMYwBwozO+Dp2p4TUBr0Ta3MbfrKfDoTs4XT/Ce9IwJJS
+/h6E9cxZD8t5oMT50quFjwhHBKodMiUqIlh2YQEAbwKBgQDIULzo/tgDgTwveyEn
+L9n8yVbEh/SfrE9QtXcjkDB5+tYmIsIaz16NRWlAqnJVGZvcanrCq7ZTxgUcs/hW
+Ag+sfWkeg7lmfeJAkiZ6kmi1h2qJjXMOBri+Cm6MTOsE6qdIc3eT4PnYkNpV7o6S
+70hWNncVadXLV4Thm9BLAbMbQwKBgQD2ZwKe/2zRQcbuBe1loF0HWIsJPxcKQ3LH
+hVf7f0YLQlIuzOhK8TQXgM0G4hxLlk1XeLjgf3z4Ju7hfh2JQLor1QYPRGUj66SX
+KTE5eDwE0yEX1c9m5PW6M+f8vkOU4LQ/OtPw5OrKyYxpLf9dp42nmDYY/8IvUk96
+iKZNY1sSnwKBgQC27tS2SxVmjf0yt1WdfdurOQueSzKhJzD/2djFh4Zdvy8WgKOW
+7E3C4eKvBXmIMezeq/cUFNBbTPmaLtjZYuSBd74p+c20xb17jnzJby9kqBgpKh4q
+bwUDuG8gfZYbVVgTmC9ZwxkoJ5Dc7RETKqZ65R53VcHDA1f82Nitxw2UFQKBgBDl
+c2qPvViEGC4OPf8wBfERA0e5Cc1sXpyL6kKWsajn/Va0OmGZNKc/788/Bg2w2tDa
+uGK8m0cw9ESGL2RQCfQjgWzelcjmybyL2JJGSmdSSvylbrlxjeAc2xWbvmqhFfsX
+/5yPNgJ926ECxHYZnT8W0u7X6urvy/9tC2pXG9GlAoGBAKOAfij4fMbHY+Z1m825
+VhY110FDnePYFJWmExP8GAVqOzhCs0mzyCnYh6nvS/OY8moH2LOuwPUlDfF3IzyT
+hTUuXnykWT3w40eYQXXIaXEGhue+guL8ch16vEEJy5ltwEdIPNMTErbqAAk2W6Ps
+NB46HzETzEIWnzoamX6iQVWj
+-----END PRIVATE KEY-----
diff --git a/providers/dns/oraclecloud/oraclecloud.go b/providers/dns/oraclecloud/oraclecloud.go
index 2fb392e3e..730b3f212 100644
--- a/providers/dns/oraclecloud/oraclecloud.go
+++ b/providers/dns/oraclecloud/oraclecloud.go
@@ -11,7 +11,9 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/nrdcg/oci-go-sdk/common/v1065"
+ "github.com/nrdcg/oci-go-sdk/common/v1065/auth"
"github.com/nrdcg/oci-go-sdk/dns/v1065"
)
@@ -19,14 +21,22 @@ import (
const (
envNamespace = "OCI_"
- EnvCompartmentOCID = envNamespace + "COMPARTMENT_OCID"
+ EnvAuthType = envNamespace + "AUTH_TYPE"
+
+ EnvCompartmentOCID = envNamespace + "COMPARTMENT_OCID"
+ EnvRegion = envNamespace + "REGION"
+
envPrivKey = envNamespace + "PRIVKEY"
EnvPrivKeyFile = envPrivKey + "_FILE"
EnvPrivKeyPass = envPrivKey + "_PASS"
EnvTenancyOCID = envNamespace + "TENANCY_OCID"
EnvUserOCID = envNamespace + "USER_OCID"
EnvPubKeyFingerprint = envNamespace + "PUBKEY_FINGERPRINT"
- EnvRegion = envNamespace + "REGION"
+
+ altEnvPrivateKey = envNamespace + "PRIVATE_KEY" // alias on OCI_PRIVKEY
+ altEnvPrivateKeyPath = altEnvPrivateKey + "_PATH" // alias on OCI_PRIVKEY_FILE
+ altEnvPrivateKeyPassword = altEnvPrivateKey + "_PASSWORD" // alias on OCI_PRIVKEY_PASS
+ altEnvFingerprint = envNamespace + "FINGERPRINT" // alias on OCI_PUBKEY_FINGERPRINT
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@@ -34,12 +44,25 @@ const (
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
+// https://github.com/oracle/oci-go-sdk/blob/7f425f74c74fd0c6a5acb74466c85eb5346e0092/common/client.go#L350
+// https://github.com/oracle/oci-go-sdk/blob/7f425f74c74fd0c6a5acb74466c85eb5346e0092/common/configuration.go#L174-L175
+const (
+ altEnvTFVarNamespace = "TF_VAR_"
+ altEnvTFVarRegion = altEnvTFVarNamespace + "region" // alias on OCI_REGION
+ altEnvTFVarFingerprint = altEnvTFVarNamespace + "fingerprint" // alias on OCI_PUBKEY_FINGERPRINT
+ altEnvTFVarUserOCID = altEnvTFVarNamespace + "user_ocid" // alias on OCI_USER_OCID
+ altEnvTFVarTenancyOCID = altEnvTFVarNamespace + "tenancy_ocid" // alias on OCI_TENANCY_OCID
+ altEnvTFVarPrivateKeyPath = altEnvTFVarNamespace + "private_key_path" // alias on OCI_PRIVKEY_FILE
+ altEnvTFVarPrivateKeyPassword = altEnvTFVarNamespace + "private_key_password" // alias on OCI_PRIVKEY_PASS
+)
+
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- CompartmentID string
- OCIConfigProvider common.ConfigurationProvider
+ CompartmentID string
+ OCIConfigProvider common.ConfigurationProvider
+
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
@@ -66,14 +89,41 @@ type DNSProvider struct {
// NewDNSProvider returns a DNSProvider instance configured for OracleCloud.
func NewDNSProvider() (*DNSProvider, error) {
- values, err := env.Get(envPrivKey, EnvTenancyOCID, EnvUserOCID, EnvPubKeyFingerprint, EnvRegion, EnvCompartmentOCID)
- if err != nil {
- return nil, fmt.Errorf("oraclecloud: %w", err)
- }
-
config := NewDefaultConfig()
- config.CompartmentID = values[EnvCompartmentOCID]
- config.OCIConfigProvider = newConfigProvider(values)
+
+ switch env.GetOrFile(EnvAuthType) {
+ case string(common.InstancePrincipal):
+ values, err := env.Get(EnvCompartmentOCID)
+ if err != nil {
+ return nil, fmt.Errorf("oraclecloud: %w", err)
+ }
+
+ config.CompartmentID = values[EnvCompartmentOCID]
+
+ region := env.GetOneWithFallback(EnvRegion, "", env.ParseString, altEnvTFVarRegion)
+
+ configurationProvider, err := auth.InstancePrincipalConfigurationProviderForRegion(common.Region(region))
+ if err != nil {
+ return nil, fmt.Errorf("oraclecloud: %w", err)
+ }
+
+ config.OCIConfigProvider = configurationProvider
+
+ default:
+ values, err := env.Get(EnvCompartmentOCID)
+ if err != nil {
+ return nil, fmt.Errorf("oraclecloud: %w", err)
+ }
+
+ config.CompartmentID = values[EnvCompartmentOCID]
+
+ ecp, err := newEnvironmentConfigurationProvider()
+ if err != nil {
+ return nil, fmt.Errorf("oraclecloud: %w", err)
+ }
+
+ config.OCIConfigProvider = ecp
+ }
return NewDNSProviderConfig(config)
}
@@ -98,7 +148,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
}
if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
+ client.HTTPClient = clientdebug.Wrap(config.HTTPClient)
}
return &DNSProvider{client: &client, config: config}, nil
@@ -168,6 +218,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var deleteHash *string
+
for _, record := range domainRecords.Items {
if record.Rdata != nil && *record.Rdata == `"`+info.Value+`"` {
deleteHash = record.RecordHash
diff --git a/providers/dns/oraclecloud/oraclecloud.toml b/providers/dns/oraclecloud/oraclecloud.toml
index 8c756a374..f6155052e 100644
--- a/providers/dns/oraclecloud/oraclecloud.toml
+++ b/providers/dns/oraclecloud/oraclecloud.toml
@@ -5,26 +5,39 @@ Code = "oraclecloud"
Since = "v2.3.0"
Example = '''
-OCI_PRIVKEY_FILE="~/.oci/oci_api_key.pem" \
-OCI_PRIVKEY_PASS="secret" \
+# Using API Key authentication:
+OCI_PRIVATE_KEY_PATH="~/.oci/oci_api_key.pem" \
+OCI_PRIVATE_KEY_PASSWORD="secret" \
OCI_TENANCY_OCID="ocid1.tenancy.oc1..secret" \
OCI_USER_OCID="ocid1.user.oc1..secret" \
-OCI_PUBKEY_FINGERPRINT="00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" \
+OCI_FINGERPRINT="00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" \
OCI_REGION="us-phoenix-1" \
OCI_COMPARTMENT_OCID="ocid1.tenancy.oc1..secret" \
-lego --email you@example.com --dns oraclecloud -d '*.example.com' -d example.com run
+lego --dns oraclecloud -d '*.example.com' -d example.com run
+
+# Using Instance Principal authentication (when running on OCI compute instances):
+# https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
+OCI_AUTH_TYPE="instance_principal" \
+OCI_COMPARTMENT_OCID="ocid1.tenancy.oc1..secret" \
+lego --dns oraclecloud -d '*.example.com' -d example.com run
'''
[Configuration]
[Configuration.Credentials]
- OCI_PRIVKEY_FILE = "Private key file"
- OCI_PRIVKEY_PASS = "Private key password"
- OCI_TENANCY_OCID = "Tenancy OCID"
- OCI_USER_OCID = "User OCID"
- OCI_PUBKEY_FINGERPRINT = "Public key fingerprint"
- OCI_REGION = "Region"
OCI_COMPARTMENT_OCID = "Compartment OCID"
+ OCI_REGION = "Region (it can be empty if `OCI_AUTH_TYPE=instance_principal`)."
+ OCI_PRIVATE_KEY_PATH = "Private key file (ignored if `OCI_AUTH_TYPE=instance_principal`)"
+ OCI_PRIVATE_KEY_PASSWORD = "Private key password (ignored if `OCI_AUTH_TYPE=instance_principal`)"
+ OCI_TENANCY_OCID = "Tenancy OCID (ignored if `OCI_AUTH_TYPE=instance_principal`)"
+ OCI_USER_OCID = "User OCID (ignored if `OCI_AUTH_TYPE=instance_principal`)"
+ OCI_FINGERPRINT = "Public key fingerprint (ignored if `OCI_AUTH_TYPE=instance_principal`)"
[Configuration.Additional]
+ OCI_AUTH_TYPE = "Authorization type. Possible values: 'instance_principal', '' (Default: '')"
+ TF_VAR_region = "Alias on `OCI_REGION`"
+ TF_VAR_fingerprint = "Alias on `OCI_FINGERPRINT`"
+ TF_VAR_user_ocid = "Alias on `OCI_USER_OCID`"
+ TF_VAR_tenancy_ocid = "Alias on `OCI_TENANCY_OCID`"
+ TF_VAR_private_key_path = "Alias on `OCI_PRIVATE_KEY_PATH`"
OCI_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
OCI_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
OCI_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
diff --git a/providers/dns/oraclecloud/oraclecloud_test.go b/providers/dns/oraclecloud/oraclecloud_test.go
index 5d35c01a8..74ee06eac 100644
--- a/providers/dns/oraclecloud/oraclecloud_test.go
+++ b/providers/dns/oraclecloud/oraclecloud_test.go
@@ -6,19 +6,31 @@ import (
"crypto/x509"
"encoding/base64"
"encoding/pem"
+ "maps"
+ "net/http/httptest"
"os"
"testing"
"time"
"github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
"github.com/nrdcg/oci-go-sdk/common/v1065"
"github.com/stretchr/testify/require"
)
const envDomain = envNamespace + "DOMAIN"
+// Used by Instance Principal authentication.
+const (
+ envMetadataBaseURL = "OCI_METADATA_BASE_URL"
+ envSDKAuthClientRegionURL = "OCI_SDK_AUTH_CLIENT_REGION_URL"
+)
+
var envTest = tester.NewEnvTest(
envPrivKey,
+ EnvAuthType,
+ envMetadataBaseURL,
+ envSDKAuthClientRegionURL,
EnvPrivKeyFile,
EnvPrivKeyPass,
EnvTenancyOCID,
@@ -49,7 +61,7 @@ func TestNewDNSProvider(t *testing.T) {
{
desc: "success file",
envVars: map[string]string{
- EnvPrivKeyFile: mustGeneratePrivateKeyFile("secret1"),
+ EnvPrivKeyFile: mustGeneratePrivateKeyFile(t, "secret1"),
EnvPrivKeyPass: "secret1",
EnvTenancyOCID: "ocid1.tenancy.oc1..secret",
EnvUserOCID: "ocid1.user.oc1..secret",
@@ -61,7 +73,7 @@ func TestNewDNSProvider(t *testing.T) {
{
desc: "missing credentials",
envVars: map[string]string{},
- expected: "oraclecloud: some credentials information are missing: OCI_PRIVKEY,OCI_TENANCY_OCID,OCI_USER_OCID,OCI_PUBKEY_FINGERPRINT,OCI_REGION,OCI_COMPARTMENT_OCID",
+ expected: "oraclecloud: some credentials information are missing: OCI_COMPARTMENT_OCID",
},
{
desc: "missing CompartmentID",
@@ -87,7 +99,7 @@ func TestNewDNSProvider(t *testing.T) {
EnvRegion: "us-phoenix-1",
EnvCompartmentOCID: "123",
},
- expected: "oraclecloud: some credentials information are missing: OCI_PRIVKEY",
+ expected: "oraclecloud: can not create client, bad configuration: no value provided for: OCI_PRIVKEY or OCI_PRIVATE_KEY or OCI_PRIVKEY_FILE or OCI_PRIVATE_KEY_PATH or TF_VAR_private_key_path",
},
{
desc: "missing OCI_PRIVKEY_PASS",
@@ -176,8 +188,10 @@ func TestNewDNSProvider(t *testing.T) {
if privKeyFile != "" {
_ = os.Remove(privKeyFile)
}
+
envTest.RestoreEnv()
}()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -197,6 +211,74 @@ func TestNewDNSProvider(t *testing.T) {
}
}
+func TestNewDNSProvider_instance_principal(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAuthType: "instance_principal",
+ EnvCompartmentOCID: "123",
+ },
+ },
+ {
+ desc: "missing CompartmentID",
+ envVars: map[string]string{
+ EnvAuthType: "instance_principal",
+ },
+ expected: "oraclecloud: some credentials information are missing: OCI_COMPARTMENT_OCID",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer func() {
+ envTest.RestoreEnv()
+ }()
+
+ envTest.ClearEnv()
+
+ serverURL := servermock.NewBuilder(
+ func(server *httptest.Server) (string, error) {
+ return server.URL, nil
+ }).
+ Route("GET /instance/region", servermock.RawStringResponse("oc1")).
+ // To generate fake certificates:
+ // go run `go env GOROOT`/src/crypto/tls/generate_cert.go --host example.org --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
+ Route("GET /identity/cert.pem", servermock.ResponseFromFixture("cert.pem")).
+ Route("GET /identity/key.pem", servermock.ResponseFromFixture("key.pem")).
+ Route("GET /identity/intermediate.pem", servermock.ResponseFromFixture("cert.pem")).
+ // https://github.com/oracle/oci-go-sdk/blob/413a2f277f95c5eb76e26a0e0833c396a518bf50/common/auth/jwt_test.go#L12
+ Route("POST /v1/x509", servermock.RawStringResponse(`{"token":"eyJhbGciOiJSUzI1NiIsImtpZCI6ImFzdyIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvcGMub3JhY2xlLmNvbSIsImV4cCI6MTUxMTgzODc5MywiaWF0IjoxNTExODE3MTkzLCJpc3MiOiJhdXRoU2VydmljZS5vcmFjbGUuY29tIiwib3BjLWNlcnR0eXBlIjoiaW5zdGFuY2UiLCJvcGMtY29tcGFydG1lbnQiOiJvY2lkMS5jb21wYXJ0bWVudC5vYzEuLmJsdWhibHVoYmx1aCIsIm9wYy1pbnN0YW5jZSI6Im9jaWQxLmluc3RhbmNlLm9jMS5waHguYmx1aGJsdWhibHVoIiwib3BjLXRlbmFudCI6Im9jaWR2MTp0ZW5hbmN5Om9jMTpwaHg6MTIzNDU2Nzg5MDpibHVoYmx1aGJsdWgiLCJwdHlwZSI6Imluc3RhbmNlIiwic3ViIjoib2NpZDEuaW5zdGFuY2Uub2MxLnBoeC5ibHVoYmx1aGJsdWgiLCJ0ZW5hbnQiOiJvY2lkdjE6dGVuYW5jeTpvYzE6cGh4OjEyMzQ1Njc4OTA6Ymx1aGJsdWhibHVoIiwidHR5cGUiOiJ4NTA5In0.zen7q2yJSpMjzH4ym_H7VEwZA0-vTT4Wcild-HRfLxX6A1ej4tlpACa7A24j5JoZYI4mHooZVJ8e7ZezFenK0zZx5j8RbIjsqJKwroYXExOiBXLCUwMWOLXIndEsUzzGLqnPfKHXd80vrhMLmtkVTCJqBMzvPUSYkH_ciWgmjP9m0YETdQ9ifghkADhZGt9IlnOswg0s3Bx9ASwxFZEtom0BmU9GwEuITTTZfKvndk785BlNeZMOjhovaD97-LYpv5B_PiWEz8zialK5zxjijLCw06zyA8CQRQqmVCagNUPilfz_BcPyImzvFDuzQcPyDkTcsB7weX35tafHmA_Ul"}`)).
+ Build(t)
+
+ envVars := map[string]string{
+ envMetadataBaseURL: serverURL,
+ envSDKAuthClientRegionURL: serverURL,
+ }
+
+ maps.Copy(envVars, test.envVars)
+
+ envTest.Apply(envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.Error(t, err)
+ require.Contains(t, err.Error(), test.expected)
+ }
+ })
+ }
+}
+
func TestNewDNSProviderConfig(t *testing.T) {
envTest.ClearEnv()
defer envTest.RestoreEnv()
@@ -251,6 +333,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -264,6 +347,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -273,21 +357,20 @@ func TestLiveCleanUp(t *testing.T) {
require.NoError(t, err)
}
-func mockConfigurationProvider(keyPassphrase string) *configProvider {
+func mockConfigurationProvider(keyPassphrase string) *environmentConfigurationProvider {
envTest.Apply(map[string]string{
envPrivKey: mustGeneratePrivateKey("secret"),
})
- return &configProvider{
+ return &environmentConfigurationProvider{
values: map[string]string{
EnvCompartmentOCID: "test",
- EnvPrivKeyPass: "test",
+ EnvPrivKeyPass: keyPassphrase,
EnvTenancyOCID: "test",
EnvUserOCID: "test",
EnvPubKeyFingerprint: "test",
EnvRegion: "test",
},
- privateKeyPassphrase: keyPassphrase,
}
}
@@ -300,21 +383,21 @@ func mustGeneratePrivateKey(pwd string) string {
return base64.StdEncoding.EncodeToString(pem.EncodeToMemory(block))
}
-func mustGeneratePrivateKeyFile(pwd string) string {
- block, err := generatePrivateKey(pwd)
- if err != nil {
- panic(err)
- }
+func mustGeneratePrivateKeyFile(t *testing.T, pwd string) string {
+ t.Helper()
- file, err := os.CreateTemp("", "lego_oci_*.pem")
- if err != nil {
- panic(err)
- }
+ block, err := generatePrivateKey(pwd)
+ require.NoError(t, err)
+
+ file, err := os.CreateTemp(t.TempDir(), "lego_oci_*.pem")
+ require.NoError(t, err)
+
+ defer func() {
+ _ = file.Close()
+ }()
err = pem.Encode(file, block)
- if err != nil {
- panic(err)
- }
+ require.NoError(t, err)
return file.Name()
}
diff --git a/providers/dns/otc/internal/client.go b/providers/dns/otc/internal/client.go
index e3e225314..adb0682e1 100644
--- a/providers/dns/otc/internal/client.go
+++ b/providers/dns/otc/internal/client.go
@@ -42,8 +42,8 @@ func NewClient(username, password, domainName, projectName string) *Client {
}
}
-func (c *Client) GetZoneID(ctx context.Context, zone string) (string, error) {
- zonesResp, err := c.getZones(ctx, zone)
+func (c *Client) GetZoneID(ctx context.Context, zone string, privateZone bool) (string, error) {
+ zonesResp, err := c.getZones(ctx, zone, privateZone)
if err != nil {
return "", err
}
@@ -62,13 +62,18 @@ func (c *Client) GetZoneID(ctx context.Context, zone string) (string, error) {
}
// https://docs.otc.t-systems.com/domain-name-service/api-ref/apis/public_zone_management/querying_public_zones.html
-func (c *Client) getZones(ctx context.Context, zone string) (*ZonesResponse, error) {
+func (c *Client) getZones(ctx context.Context, zone string, privateZone bool) (*ZonesResponse, error) {
c.muBaseURL.Lock()
endpoint := c.baseURL.JoinPath("zones")
c.muBaseURL.Unlock()
query := endpoint.Query()
query.Set("name", zone)
+
+ if privateZone {
+ query.Set("type", "private")
+ }
+
endpoint.RawQuery = query.Encode()
req, err := newJSONRequest(ctx, http.MethodGet, endpoint, nil)
@@ -77,6 +82,7 @@ func (c *Client) getZones(ctx context.Context, zone string) (*ZonesResponse, err
}
var zones ZonesResponse
+
err = c.do(req, &zones)
if err != nil {
return nil, err
@@ -123,6 +129,7 @@ func (c *Client) getRecordSet(ctx context.Context, zoneID, fqdn string) (*Record
}
var recordSetsRes RecordSetsResponse
+
err = c.do(req, &recordSetsRes)
if err != nil {
return nil, err
@@ -163,9 +170,11 @@ func (c *Client) DeleteRecordSet(ctx context.Context, zoneID, recordID string) e
func (c *Client) do(req *http.Request, result any) error {
c.muToken.Lock()
+
if c.token != "" {
req.Header.Set("X-Auth-Token", c.token)
}
+
c.muToken.Unlock()
resp, err := c.HTTPClient.Do(req)
diff --git a/providers/dns/otc/internal/client_test.go b/providers/dns/otc/internal/client_test.go
index ea3835a56..74b5bb3af 100644
--- a/providers/dns/otc/internal/client_test.go
+++ b/providers/dns/otc/internal/client_test.go
@@ -33,7 +33,22 @@ func TestClient_GetZoneID(t *testing.T) {
With("name", "example.com.")).
Build(t)
- zoneID, err := client.GetZoneID(context.Background(), "example.com.")
+ zoneID, err := client.GetZoneID(context.Background(), "example.com.", false)
+ require.NoError(t, err)
+
+ assert.Equal(t, "123123", zoneID)
+}
+
+func TestClient_GetZoneID_private(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /zones",
+ servermock.ResponseFromFixture("zones_GET.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("name", "example.com.").
+ With("type", "private")).
+ Build(t)
+
+ zoneID, err := client.GetZoneID(context.Background(), "example.com.", true)
require.NoError(t, err)
assert.Equal(t, "123123", zoneID)
@@ -47,7 +62,7 @@ func TestClient_GetZoneID_error(t *testing.T) {
With("name", "example.com.")).
Build(t)
- _, err := client.GetZoneID(context.Background(), "example.com.")
+ _, err := client.GetZoneID(context.Background(), "example.com.", false)
require.EqualError(t, err, "zone example.com. not found")
}
@@ -84,7 +99,8 @@ func TestClient_GetRecordSetID_error(t *testing.T) {
func TestClient_CreateRecordSet(t *testing.T) {
client := mockBuilder().
Route("POST /zones/123123/recordsets",
- servermock.ResponseFromFixture("zones-recordsets_POST.json")).
+ servermock.ResponseFromFixture("zones-recordsets_POST.json"),
+ servermock.CheckRequestJSONBodyFromFixture("zones-recordsets_POST-request.json")).
Build(t)
rs := RecordSets{
@@ -92,7 +108,7 @@ func TestClient_CreateRecordSet(t *testing.T) {
Description: "Added TXT record for ACME dns-01 challenge using lego client",
Type: "TXT",
TTL: 300,
- Records: []string{strconv.Quote("w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI")},
+ Records: []string{strconv.Quote("ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY")},
}
err := client.CreateRecordSet(context.Background(), "123123", rs)
require.NoError(t, err)
diff --git a/providers/dns/otc/internal/fixtures/zones-recordsets_POST-request.json b/providers/dns/otc/internal/fixtures/zones-recordsets_POST-request.json
new file mode 100644
index 000000000..41cab72a8
--- /dev/null
+++ b/providers/dns/otc/internal/fixtures/zones-recordsets_POST-request.json
@@ -0,0 +1,9 @@
+{
+ "name": "_acme-challenge.example.com.",
+ "description": "Added TXT record for ACME dns-01 challenge using lego client",
+ "type": "TXT",
+ "ttl": 300,
+ "records": [
+ "\"ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY\""
+ ]
+}
diff --git a/providers/dns/otc/internal/identity.go b/providers/dns/otc/internal/identity.go
index f9e7cb08f..154ec65e2 100644
--- a/providers/dns/otc/internal/identity.go
+++ b/providers/dns/otc/internal/identity.go
@@ -46,6 +46,7 @@ func (c *Client) Login(ctx context.Context) error {
c.muToken.Lock()
defer c.muToken.Unlock()
+
c.token = token
if c.token == "" {
@@ -96,6 +97,7 @@ func (c *Client) obtainUserToken(ctx context.Context, payload LoginRequest) (*To
}
var newToken TokenResponse
+
err = json.Unmarshal(raw, &newToken)
if err != nil {
return nil, "", errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -106,6 +108,7 @@ func (c *Client) obtainUserToken(ctx context.Context, payload LoginRequest) (*To
func getBaseURL(tokenResp *TokenResponse) (*url.URL, error) {
var endpoints []Endpoint
+
for _, v := range tokenResp.Token.Catalog {
if v.Type == "dns" {
endpoints = append(endpoints, v.Endpoints...)
diff --git a/providers/dns/otc/internal/types.go b/providers/dns/otc/internal/types.go
index 38da4f110..e7bfe8fcb 100644
--- a/providers/dns/otc/internal/types.go
+++ b/providers/dns/otc/internal/types.go
@@ -41,8 +41,8 @@ type TokenResponse struct {
}
type Token struct {
- User UserR `json:"user,omitempty"`
- Domain Domain `json:"domain,omitempty"`
+ User UserR `json:"user"`
+ Domain Domain `json:"domain"`
Catalog []Catalog `json:"catalog,omitempty"`
Methods []string `json:"methods,omitempty"`
Roles []Role `json:"roles,omitempty"`
@@ -59,7 +59,7 @@ type Catalog struct {
type UserR struct {
ID string `json:"id,omitempty"`
- Domain Domain `json:"domain,omitempty"`
+ Domain Domain `json:"domain"`
Name string `json:"name,omitempty"`
PasswordExpiresAt string `json:"password_expires_at,omitempty"`
}
@@ -106,7 +106,7 @@ type RecordSets struct {
// ZonesResponse
type ZonesResponse struct {
- Links Links `json:"links,omitempty"`
+ Links Links `json:"links"`
Zones []Zone `json:"zones"`
Metadata Metadata `json:"metadata"`
}
diff --git a/providers/dns/otc/otc.go b/providers/dns/otc/otc.go
index 3569e6343..65b362124 100644
--- a/providers/dns/otc/otc.go
+++ b/providers/dns/otc/otc.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/otc/internal"
)
@@ -23,6 +24,7 @@ const (
EnvPassword = envNamespace + "PASSWORD"
EnvProjectName = envNamespace + "PROJECT_NAME"
EnvIdentityEndpoint = envNamespace + "IDENTITY_ENDPOINT"
+ EnvPrivateZone = envNamespace + "PRIVATE_ZONE"
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@@ -40,11 +42,13 @@ var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- IdentityEndpoint string
- DomainName string
- ProjectName string
- UserName string
- Password string
+ DomainName string
+ ProjectName string
+ UserName string
+ Password string
+ IdentityEndpoint string
+ PrivateZone bool
+
PropagationTimeout time.Duration
PollingInterval time.Duration
SequenceInterval time.Duration
@@ -65,10 +69,12 @@ func NewDefaultConfig() *Config {
tr.DisableKeepAlives = true
return &Config{
+ PrivateZone: env.GetOrDefaultBool(EnvPrivateZone, false),
+ IdentityEndpoint: env.GetOrDefaultString(EnvIdentityEndpoint, defaultIdentityEndpoint),
+
TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
- IdentityEndpoint: env.GetOrDefaultString(EnvIdentityEndpoint, defaultIdentityEndpoint),
SequenceInterval: env.GetOrDefaultSecond(EnvSequenceInterval, dns01.DefaultPropagationTimeout),
HTTPClient: &http.Client{
Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 10*time.Second),
@@ -125,6 +131,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
@@ -144,7 +152,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("otc: %w", err)
}
- zoneID, err := d.client.GetZoneID(ctx, authZone)
+ zoneID, err := d.client.GetZoneID(ctx, authZone, d.config.PrivateZone)
if err != nil {
return fmt.Errorf("otc: unable to get zone: %w", err)
}
@@ -181,7 +189,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("otc: %w", err)
}
- zoneID, err := d.client.GetZoneID(ctx, authZone)
+ zoneID, err := d.client.GetZoneID(ctx, authZone, d.config.PrivateZone)
if err != nil {
return fmt.Errorf("otc: %w", err)
}
diff --git a/providers/dns/otc/otc.toml b/providers/dns/otc/otc.toml
index cb1910d26..e63077fda 100644
--- a/providers/dns/otc/otc.toml
+++ b/providers/dns/otc/otc.toml
@@ -4,7 +4,13 @@ URL = "https://cloud.telekom.de/en"
Code = "otc"
Since = "v0.4.1"
-Example = ''''''
+Example = '''
+OTC_DOMAIN_NAME=domain_name \
+OTC_USER_NAME=user_name \
+OTC_PASSWORD=password \
+OTC_PROJECT_NAME=project_name \
+lego --dns otc -d '*.example.com' -d example.com run
+'''
[Configuration]
[Configuration.Credentials]
@@ -12,8 +18,9 @@ Example = ''''''
OTC_PASSWORD = "Password"
OTC_PROJECT_NAME = "Project name"
OTC_DOMAIN_NAME = "Domain name"
- OTC_IDENTITY_ENDPOINT = "Identity endpoint URL"
[Configuration.Additional]
+ OTC_IDENTITY_ENDPOINT = "Identity endpoint URL (default: https://iam.eu-de.otc.t-systems.com:443/v3/auth/tokens)"
+ OTC_PRIVATE_ZONE = "Set to true to use private zones only (default: use public zones only)"
OTC_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
OTC_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
OTC_SEQUENCE_INTERVAL = "Time between sequential requests in seconds (Default: 60)"
diff --git a/providers/dns/otc/otc_test.go b/providers/dns/otc/otc_test.go
index c8b32bc78..518ce0f19 100644
--- a/providers/dns/otc/otc_test.go
+++ b/providers/dns/otc/otc_test.go
@@ -18,6 +18,7 @@ var envTest = tester.NewEnvTest(
EnvDomainName,
EnvUserName,
EnvPassword,
+ EnvPrivateZone,
EnvProjectName,
EnvIdentityEndpoint).
WithDomain(envDomain)
@@ -92,6 +93,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -190,6 +192,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -203,6 +206,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -213,12 +217,30 @@ func TestLiveCleanUp(t *testing.T) {
}
func TestDNSProvider_Present(t *testing.T) {
- provider := mockBuilder().
+ provider := mockBuilder(false).
Route("GET /v2/zones",
servermock.ResponseFromInternal("zones_GET.json"),
servermock.CheckQueryParameter().Strict().
With("name", "example.com.")).
- Route("/", servermock.DumpRequest()).
+ Route("POST /v2/zones/123123/recordsets",
+ servermock.Noop(),
+ servermock.CheckRequestJSONBodyFromInternal("zones-recordsets_POST-request.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_Present_private(t *testing.T) {
+ provider := mockBuilder(true).
+ Route("GET /v2/zones",
+ servermock.ResponseFromInternal("zones_GET.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("name", "example.com.").
+ With("type", "private")).
+ Route("POST /v2/zones/123123/recordsets",
+ servermock.Noop(),
+ servermock.CheckRequestJSONBodyFromInternal("zones-recordsets_POST-request.json")).
Build(t)
err := provider.Present("example.com", "", "123d==")
@@ -226,12 +248,11 @@ func TestDNSProvider_Present(t *testing.T) {
}
func TestDNSProvider_Present_emptyZone(t *testing.T) {
- provider := mockBuilder().
+ provider := mockBuilder(false).
Route("GET /v2/zones",
servermock.ResponseFromInternal("zones_GET_empty.json"),
servermock.CheckQueryParameter().Strict().
With("name", "example.com.")).
- Route("/", servermock.DumpRequest()).
Build(t)
err := provider.Present("example.com", "", "123d==")
@@ -239,7 +260,7 @@ func TestDNSProvider_Present_emptyZone(t *testing.T) {
}
func TestDNSProvider_Cleanup(t *testing.T) {
- provider := mockBuilder().
+ provider := mockBuilder(false).
Route("GET /v2/zones",
servermock.ResponseFromInternal("zones_GET.json"),
servermock.CheckQueryParameter().Strict().
@@ -257,8 +278,28 @@ func TestDNSProvider_Cleanup(t *testing.T) {
require.NoError(t, err)
}
+func TestDNSProvider_Cleanup_private(t *testing.T) {
+ provider := mockBuilder(true).
+ Route("GET /v2/zones",
+ servermock.ResponseFromInternal("zones_GET.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("name", "example.com.").
+ With("type", "private")).
+ Route("GET /v2/zones/123123/recordsets",
+ servermock.ResponseFromInternal("zones-recordsets_GET.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("name", "_acme-challenge.example.com.").
+ With("type", "TXT")).
+ Route("DELETE /v2/zones/123123/recordsets/321321",
+ servermock.ResponseFromInternal("zones-recordsets_DELETE.json")).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "", "123d==")
+ require.NoError(t, err)
+}
+
func TestDNSProvider_Cleanup_emptyRecordset(t *testing.T) {
- provider := mockBuilder().
+ provider := mockBuilder(false).
Route("GET /v2/zones",
servermock.ResponseFromInternal("zones_GET.json"),
servermock.CheckQueryParameter().Strict().
@@ -274,15 +315,17 @@ func TestDNSProvider_Cleanup_emptyRecordset(t *testing.T) {
require.EqualError(t, err, "otc: unable to get record _acme-challenge.example.com. for zone example.com: record not found")
}
-func mockBuilder() *servermock.Builder[*DNSProvider] {
+func mockBuilder(private bool) *servermock.Builder[*DNSProvider] {
return servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
config.UserName = "user"
config.Password = "secret"
config.DomainName = "example.com"
config.ProjectName = "test"
config.IdentityEndpoint = fmt.Sprintf("%s/v3/auth/token", server.URL)
+ config.PrivateZone = private
return NewDNSProviderConfig(config)
},
diff --git a/providers/dns/ovh/ovh.go b/providers/dns/ovh/ovh.go
index c70e943bc..a8d12d819 100644
--- a/providers/dns/ovh/ovh.go
+++ b/providers/dns/ovh/ovh.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
"github.com/ovh/go-ovh/ovh"
)
@@ -101,8 +102,9 @@ func (c *Config) hasAppKeyAuth() bool {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *ovh.Client
+ config *Config
+ client *ovh.Client
+
recordIDs map[string]int64
recordIDsMu sync.Mutex
}
@@ -190,6 +192,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// Create TXT record
var respData Record
+
err = d.client.Post(reqURL, reqData, &respData)
if err != nil {
return fmt.Errorf("ovh: error when call api to add record (%s): %w", reqURL, err)
@@ -197,6 +200,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// Apply the change
reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone)
+
err = d.client.Post(reqURL, nil, nil)
if err != nil {
return fmt.Errorf("ovh: error when call api to refresh zone (%s): %w", reqURL, err)
@@ -217,6 +221,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("ovh: unknown record ID for '%s'", info.EffectiveFQDN)
}
@@ -237,6 +242,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// Apply the change
reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone)
+
err = d.client.Post(reqURL, nil, nil)
if err != nil {
return fmt.Errorf("ovh: error when call api to refresh zone (%s): %w", reqURL, err)
@@ -257,8 +263,10 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
}
func newClient(config *Config) (*ovh.Client, error) {
- var client *ovh.Client
- var err error
+ var (
+ client *ovh.Client
+ err error
+ )
switch {
case config.hasAppKeyAuth():
@@ -277,5 +285,11 @@ func newClient(config *Config) (*ovh.Client, error) {
client.UserAgent = useragent.Get()
+ if config.HTTPClient != nil {
+ client.Client = config.HTTPClient
+ }
+
+ client.Client = clientdebug.Wrap(client.Client)
+
return client, nil
}
diff --git a/providers/dns/ovh/ovh.toml b/providers/dns/ovh/ovh.toml
index 95162185b..abf22bd7a 100644
--- a/providers/dns/ovh/ovh.toml
+++ b/providers/dns/ovh/ovh.toml
@@ -11,20 +11,20 @@ OVH_APPLICATION_KEY=1234567898765432 \
OVH_APPLICATION_SECRET=b9841238feb177a84330febba8a832089 \
OVH_CONSUMER_KEY=256vfsd347245sdfg \
OVH_ENDPOINT=ovh-eu \
-lego --email you@example.com --dns ovh -d '*.example.com' -d example.com run
+lego --dns ovh -d '*.example.com' -d example.com run
# Or Access Token:
OVH_ACCESS_TOKEN=xxx \
OVH_ENDPOINT=ovh-eu \
-lego --email you@example.com --dns ovh -d '*.example.com' -d example.com run
+lego --dns ovh -d '*.example.com' -d example.com run
# Or OAuth2:
OVH_CLIENT_ID=yyy \
OVH_CLIENT_SECRET=xxx \
OVH_ENDPOINT=ovh-eu \
-lego --email you@example.com --dns ovh -d '*.example.com' -d example.com run
+lego --dns ovh -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/ovh/ovh_test.go b/providers/dns/ovh/ovh_test.go
index fcb2300b6..332e7f192 100644
--- a/providers/dns/ovh/ovh_test.go
+++ b/providers/dns/ovh/ovh_test.go
@@ -162,6 +162,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -315,6 +316,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
// The OVH client use the same env vars than lego, so it requires to clean them.
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
for _, test := range testCases {
@@ -354,6 +356,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -367,6 +370,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/pdns/internal/client.go b/providers/dns/pdns/internal/client.go
index f6b55d5de..f72dd4d78 100644
--- a/providers/dns/pdns/internal/client.go
+++ b/providers/dns/pdns/internal/client.go
@@ -69,6 +69,7 @@ func (c *Client) getAPIVersion(ctx context.Context) (int, error) {
}
var versions []apiVersion
+
err = json.Unmarshal(result, &versions)
if err != nil {
return 0, err
@@ -98,6 +99,7 @@ func (c *Client) GetHostedZone(ctx context.Context, authZone string) (*HostedZon
}
var zone HostedZone
+
err = json.Unmarshal(result, &zone)
if err != nil {
return nil, err
@@ -180,6 +182,7 @@ func (c *Client) do(req *http.Request) (json.RawMessage, error) {
}
var msg json.RawMessage
+
err = json.NewDecoder(resp.Body).Decode(&msg)
if err != nil {
if errors.Is(err, io.EOF) {
@@ -193,10 +196,12 @@ func (c *Client) do(req *http.Request) (json.RawMessage, error) {
// check for PowerDNS error message
if len(msg) > 0 && msg[0] == '{' {
var errInfo apiError
+
err = json.Unmarshal(msg, &errInfo)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, msg, err)
}
+
if errInfo.ShortMsg != "" {
return nil, fmt.Errorf("error talking to PDNS API: %w", errInfo)
}
diff --git a/providers/dns/pdns/pdns.go b/providers/dns/pdns/pdns.go
index ec0ae2a70..e7ead7078 100644
--- a/providers/dns/pdns/pdns.go
+++ b/providers/dns/pdns/pdns.go
@@ -14,6 +14,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/pdns/internal"
)
@@ -103,6 +104,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client := internal.NewClient(config.Host, config.ServerName, config.APIVersion, config.APIKey)
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
if config.APIVersion <= 0 {
err := client.SetAPIVersion(context.Background())
if err != nil {
@@ -206,6 +213,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var records []internal.Record
+
for _, r := range set.Records {
if r.Content != strconv.Quote(info.Value) {
records = append(records, r)
diff --git a/providers/dns/pdns/pdns.toml b/providers/dns/pdns/pdns.toml
index 53b5547b9..a83d80922 100644
--- a/providers/dns/pdns/pdns.toml
+++ b/providers/dns/pdns/pdns.toml
@@ -7,7 +7,7 @@ Since = "v0.4.0"
Example = '''
PDNS_API_URL=http://pdns-server:80/ \
PDNS_API_KEY=xxxx \
-lego --email you@example.com --dns pdns -d '*.example.com' -d example.com run
+lego --dns pdns -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/pdns/pdns_test.go b/providers/dns/pdns/pdns_test.go
index 6762e892e..0213ba17c 100644
--- a/providers/dns/pdns/pdns_test.go
+++ b/providers/dns/pdns/pdns_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -136,6 +137,7 @@ func TestLivePresentAndCleanup(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -155,5 +157,6 @@ func mustParse(rawURL string) *url.URL {
if err != nil {
panic(err)
}
+
return u
}
diff --git a/providers/dns/plesk/internal/client.go b/providers/dns/plesk/internal/client.go
index 88a7fdd9f..47abba805 100644
--- a/providers/dns/plesk/internal/client.go
+++ b/providers/dns/plesk/internal/client.go
@@ -121,6 +121,7 @@ func (c *Client) doRequest(ctx context.Context, payload RequestPacketType) (*Res
endpoint := c.baseURL.JoinPath("/enterprise/control/agent.php")
body := new(bytes.Buffer)
+
err := xml.NewEncoder(body).Encode(payload)
if err != nil {
return nil, err
@@ -153,6 +154,7 @@ func (c *Client) doRequest(ctx context.Context, payload RequestPacketType) (*Res
}
var response ResponsePacketType
+
err = xml.Unmarshal(raw, &response)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/plesk/plesk.go b/providers/dns/plesk/plesk.go
index b7a7ebf77..5f07dcb50 100644
--- a/providers/dns/plesk/plesk.go
+++ b/providers/dns/plesk/plesk.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/plesk/internal"
)
@@ -107,6 +108,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -160,6 +163,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("plesk: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
@@ -169,5 +173,9 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("plesk: failed to delete record (%d): %w", recordID, err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/plesk/plesk.toml b/providers/dns/plesk/plesk.toml
index 5fb4ce073..0ef89d6b7 100644
--- a/providers/dns/plesk/plesk.toml
+++ b/providers/dns/plesk/plesk.toml
@@ -8,7 +8,7 @@ Example = '''
PLESK_SERVER_BASE_URL="https://plesk.myserver.com:8443" \
PLESK_USERNAME=xxxxxx \
PLESK_PASSWORD=yyyyyy \
-lego --email you@example.com --dns plesk -d '*.example.com' -d example.com run
+lego --dns plesk -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/plesk/plesk_test.go b/providers/dns/plesk/plesk_test.go
index 417e2c1da..506a26a2a 100644
--- a/providers/dns/plesk/plesk_test.go
+++ b/providers/dns/plesk/plesk_test.go
@@ -67,6 +67,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -149,6 +150,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -162,6 +164,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/porkbun/porkbun.go b/providers/dns/porkbun/porkbun.go
index 44bf1857b..2f999ebcc 100644
--- a/providers/dns/porkbun/porkbun.go
+++ b/providers/dns/porkbun/porkbun.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/nrdcg/porkbun"
)
@@ -100,6 +101,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -151,6 +154,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("porkbun: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
@@ -167,6 +171,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("porkbun: failed to delete record: %w", err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/porkbun/porkbun.toml b/providers/dns/porkbun/porkbun.toml
index d7ed3aedc..9ae036da6 100644
--- a/providers/dns/porkbun/porkbun.toml
+++ b/providers/dns/porkbun/porkbun.toml
@@ -8,7 +8,7 @@ Since = "v4.4.0"
Example = '''
PORKBUN_SECRET_API_KEY=xxxxxx \
PORKBUN_API_KEY=yyyyyy \
-lego --email you@example.com --dns porkbun -d '*.example.com' -d example.com run
+lego --dns porkbun -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/porkbun/porkbun_test.go b/providers/dns/porkbun/porkbun_test.go
index cdf022b5d..7c69edfdb 100644
--- a/providers/dns/porkbun/porkbun_test.go
+++ b/providers/dns/porkbun/porkbun_test.go
@@ -54,6 +54,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -124,6 +125,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -137,6 +139,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/rackspace/internal/client.go b/providers/dns/rackspace/internal/client.go
index 076409ebd..4a1872484 100644
--- a/providers/dns/rackspace/internal/client.go
+++ b/providers/dns/rackspace/internal/client.go
@@ -113,6 +113,7 @@ func (c *Client) listDomainsByName(ctx context.Context, domain string) (*ZoneSea
}
var zoneSearchResponse ZoneSearchResponse
+
err = c.do(req, &zoneSearchResponse)
if err != nil {
return nil, err
@@ -154,6 +155,7 @@ func (c *Client) searchRecords(ctx context.Context, zoneID, recordName, recordTy
}
var records Records
+
err = c.do(req, &records)
if err != nil {
return nil, err
diff --git a/providers/dns/rackspace/internal/identity.go b/providers/dns/rackspace/internal/identity.go
index 062350df5..3ff667fb8 100644
--- a/providers/dns/rackspace/internal/identity.go
+++ b/providers/dns/rackspace/internal/identity.go
@@ -65,6 +65,7 @@ func (a *Identifier) Login(ctx context.Context, apiUser, apiKey string) (*Identi
}
var identity Identity
+
err = json.Unmarshal(raw, &identity)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/rackspace/rackspace.go b/providers/dns/rackspace/rackspace.go
index b9ce8f6e3..b4c7b4a0f 100644
--- a/providers/dns/rackspace/rackspace.go
+++ b/providers/dns/rackspace/rackspace.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/rackspace/internal"
)
@@ -98,6 +99,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
// Iterate through the Service Catalog to get the DNS Endpoint
var dnsEndpoint string
+
for _, service := range identity.Access.ServiceCatalog {
if service.Name == "cloudDNS" {
dnsEndpoint = service.Endpoints[0].PublicURL
@@ -118,6 +120,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/rackspace/rackspace.toml b/providers/dns/rackspace/rackspace.toml
index 7ca2c3b7a..0a4a80ffc 100644
--- a/providers/dns/rackspace/rackspace.toml
+++ b/providers/dns/rackspace/rackspace.toml
@@ -7,7 +7,7 @@ Since = "v0.4.0"
Example = '''
RACKSPACE_USER=xxxx \
RACKSPACE_API_KEY=yyyy \
-lego --email you@example.com --dns rackspace -d '*.example.com' -d example.com run
+lego --dns rackspace -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/rackspace/rackspace_test.go b/providers/dns/rackspace/rackspace_test.go
index cefb46134..de0749fd3 100644
--- a/providers/dns/rackspace/rackspace_test.go
+++ b/providers/dns/rackspace/rackspace_test.go
@@ -75,6 +75,7 @@ func TestLiveNewDNSProvider_ValidEnv(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -87,6 +88,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -100,6 +102,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -113,6 +116,7 @@ func mockBuilder() *servermock.Builder[*DNSProvider] {
return servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
config.APIUser = "testUser"
config.APIKey = "testKey"
config.HTTPClient = server.Client()
diff --git a/providers/dns/rainyun/internal/client.go b/providers/dns/rainyun/internal/client.go
index 3d99bd9be..595b39f29 100644
--- a/providers/dns/rainyun/internal/client.go
+++ b/providers/dns/rainyun/internal/client.go
@@ -84,6 +84,7 @@ func (c *Client) ListRecords(ctx context.Context, domainID int) ([]Record, error
}
var recordData APIResponse[Record]
+
err = c.do(req, &recordData)
if err != nil {
return nil, err
@@ -173,6 +174,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/rainyun/rainyun.go b/providers/dns/rainyun/rainyun.go
index 43ef9cb1b..a4d1c4035 100644
--- a/providers/dns/rainyun/rainyun.go
+++ b/providers/dns/rainyun/rainyun.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/rainyun/internal"
)
@@ -85,6 +86,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/rainyun/rainyun.toml b/providers/dns/rainyun/rainyun.toml
index cca16cffe..fe2b3c07d 100644
--- a/providers/dns/rainyun/rainyun.toml
+++ b/providers/dns/rainyun/rainyun.toml
@@ -6,7 +6,7 @@ Since = "v4.21.0"
Example = '''
RAINYUN_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns rainyun -d '*.example.com' -d example.com run
+lego --dns rainyun -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/rainyun/rainyun_test.go b/providers/dns/rainyun/rainyun_test.go
index d0048e5d0..d27d47e81 100644
--- a/providers/dns/rainyun/rainyun_test.go
+++ b/providers/dns/rainyun/rainyun_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -92,6 +93,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -105,6 +107,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/rcodezero/internal/client.go b/providers/dns/rcodezero/internal/client.go
index d37fec2dd..5cf39907e 100644
--- a/providers/dns/rcodezero/internal/client.go
+++ b/providers/dns/rcodezero/internal/client.go
@@ -64,6 +64,7 @@ func (c *Client) do(req *http.Request) (*APIResponse, error) {
}
result := &APIResponse{}
+
raw, err := io.ReadAll(resp.Body)
if err != nil {
return nil, errutils.NewReadResponseError(req, resp.StatusCode, err)
@@ -105,6 +106,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errAPI := &APIResponse{}
+
err := json.Unmarshal(raw, errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/rcodezero/rcodezero.go b/providers/dns/rcodezero/rcodezero.go
index 93f3e957a..010a6dadc 100644
--- a/providers/dns/rcodezero/rcodezero.go
+++ b/providers/dns/rcodezero/rcodezero.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/rcodezero/internal"
)
@@ -86,6 +87,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/rcodezero/rcodezero.toml b/providers/dns/rcodezero/rcodezero.toml
index bba5588da..c2a4a1e7b 100644
--- a/providers/dns/rcodezero/rcodezero.toml
+++ b/providers/dns/rcodezero/rcodezero.toml
@@ -6,7 +6,7 @@ Since = "v4.13"
Example = '''
RCODEZERO_API_TOKEN= \
-lego --email you@example.com --dns rcodezero -d '*.example.com' -d example.com run
+lego --dns rcodezero -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/rcodezero/rcodezero_test.go b/providers/dns/rcodezero/rcodezero_test.go
index 1f0946072..a4a242c30 100644
--- a/providers/dns/rcodezero/rcodezero_test.go
+++ b/providers/dns/rcodezero/rcodezero_test.go
@@ -37,6 +37,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -94,6 +95,7 @@ func TestLivePresentAndCleanup(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/regfish/regfish.go b/providers/dns/regfish/regfish.go
index 6a8ccee98..85aac92e5 100644
--- a/providers/dns/regfish/regfish.go
+++ b/providers/dns/regfish/regfish.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
regfishapi "github.com/regfish/regfish-dnsapi-go"
)
@@ -84,6 +85,15 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client := regfishapi.NewClient(config.APIKey)
+ if config.HTTPClient != nil {
+ client.Client = config.HTTPClient
+ } else {
+ // Because the regfishapi.NewClient uses an empty http.Client.
+ client.Client = &http.Client{Timeout: 30 * time.Second}
+ }
+
+ client.Client = clientdebug.Wrap(client.Client)
+
return &DNSProvider{
config: config,
client: client,
@@ -122,6 +132,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("regfish: unknown record ID for '%s'", info.EffectiveFQDN)
}
diff --git a/providers/dns/regfish/regfish.toml b/providers/dns/regfish/regfish.toml
index 9869ed96e..fbaacbde4 100644
--- a/providers/dns/regfish/regfish.toml
+++ b/providers/dns/regfish/regfish.toml
@@ -6,7 +6,7 @@ Since = "v4.20.0"
Example = '''
REGFISH_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns regfish -d '*.example.com' -d example.com run
+lego --dns regfish -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/regfish/regfish_test.go b/providers/dns/regfish/regfish_test.go
index 80928048f..6613bd508 100644
--- a/providers/dns/regfish/regfish_test.go
+++ b/providers/dns/regfish/regfish_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -92,6 +93,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -105,6 +107,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/regru/internal/client.go b/providers/dns/regru/internal/client.go
index 4b0205b0f..b0b86d567 100644
--- a/providers/dns/regru/internal/client.go
+++ b/providers/dns/regru/internal/client.go
@@ -111,6 +111,7 @@ func (c *Client) doRequest(ctx context.Context, request any, fragments ...string
}
var apiResp APIResponse
+
err = json.Unmarshal(raw, &apiResp)
if err != nil {
return nil, errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
@@ -123,6 +124,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIResponse
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/regru/internal/client_test.go b/providers/dns/regru/internal/client_test.go
index 0779f0d5f..002da0185 100644
--- a/providers/dns/regru/internal/client_test.go
+++ b/providers/dns/regru/internal/client_test.go
@@ -13,6 +13,7 @@ func mockBuilder() *servermock.Builder[*Client] {
return servermock.NewBuilder[*Client](
func(server *httptest.Server) (*Client, error) {
client := NewClient("user", "secret")
+ client.HTTPClient = server.Client()
client.baseURL, _ = url.Parse(server.URL)
return client, nil
diff --git a/providers/dns/regru/regru.go b/providers/dns/regru/regru.go
index 1501863bd..b06b355c1 100644
--- a/providers/dns/regru/regru.go
+++ b/providers/dns/regru/regru.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/regru/internal"
)
@@ -97,6 +98,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
if config.TLSCert != "" || config.TLSKey != "" {
if config.TLSCert == "" {
return nil, errors.New("regru: TLS certificate is missing")
diff --git a/providers/dns/regru/regru.toml b/providers/dns/regru/regru.toml
index 2ccf3a58f..728bb2bf7 100644
--- a/providers/dns/regru/regru.toml
+++ b/providers/dns/regru/regru.toml
@@ -7,7 +7,7 @@ Since = "v3.5.0"
Example = '''
REGRU_USERNAME=xxxxxx \
REGRU_PASSWORD=yyyyyy \
-lego --email you@example.com --dns regru -d '*.example.com' -d example.com run
+lego --dns regru -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/regru/regru_test.go b/providers/dns/regru/regru_test.go
index 15d86d75c..762eeb4d3 100644
--- a/providers/dns/regru/regru_test.go
+++ b/providers/dns/regru/regru_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -129,6 +130,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -142,6 +144,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/rfc2136/rfc2136.go b/providers/dns/rfc2136/rfc2136.go
index 6b5c47072..2c4fe7aeb 100644
--- a/providers/dns/rfc2136/rfc2136.go
+++ b/providers/dns/rfc2136/rfc2136.go
@@ -131,7 +131,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
config.TSIGSecret = ""
} else {
// zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
- config.TSIGKey = strings.ToLower(dns.Fqdn(config.TSIGKey))
+ config.TSIGKey = dns.CanonicalName(config.TSIGKey)
}
if config.TSIGAlgorithm == "" {
@@ -171,6 +171,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("rfc2136: failed to insert: %w", err)
}
+
return nil
}
@@ -182,6 +183,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("rfc2136: failed to remove: %w", err)
}
+
return nil
}
@@ -193,14 +195,14 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
}
// Create RR
- rr := new(dns.TXT)
- rr.Hdr = dns.RR_Header{Name: fqdn, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: uint32(ttl)}
- rr.Txt = []string{value}
- rrs := []dns.RR{rr}
+ rrs := []dns.RR{&dns.TXT{
+ Hdr: dns.RR_Header{Name: fqdn, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: uint32(ttl)},
+ Txt: []string{value},
+ }}
// Create dynamic update packet
- m := new(dns.Msg)
- m.SetUpdate(zone)
+ m := new(dns.Msg).SetUpdate(zone)
+
switch action {
case "INSERT":
// Always remove old challenge left over from who knows what.
@@ -228,6 +230,7 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
if err != nil {
return fmt.Errorf("DNS update failed: %w", err)
}
+
if reply != nil && reply.Rcode != dns.RcodeSuccess {
return fmt.Errorf("DNS update failed: server replied: %s", dns.RcodeToString[reply.Rcode])
}
diff --git a/providers/dns/rfc2136/rfc2136.toml b/providers/dns/rfc2136/rfc2136.toml
index 9243440a4..6b5bbe599 100644
--- a/providers/dns/rfc2136/rfc2136.toml
+++ b/providers/dns/rfc2136/rfc2136.toml
@@ -9,7 +9,7 @@ RFC2136_NAMESERVER=127.0.0.1 \
RFC2136_TSIG_KEY=example.com \
RFC2136_TSIG_ALGORITHM=hmac-sha256. \
RFC2136_TSIG_SECRET=YWJjZGVmZGdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU= \
-lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run
+lego --dns rfc2136 -d '*.example.com' -d example.com run
## ---
@@ -17,7 +17,7 @@ keyname=example.com; keyfile=example.com.key; tsig-keygen $keyname > $keyfile
RFC2136_NAMESERVER=127.0.0.1 \
RFC2136_TSIG_FILE="$keyfile" \
-lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run
+lego --dns rfc2136 -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/rfc2136/rfc2136_test.go b/providers/dns/rfc2136/rfc2136_test.go
index 80fdc69cb..ce4859e84 100644
--- a/providers/dns/rfc2136/rfc2136_test.go
+++ b/providers/dns/rfc2136/rfc2136_test.go
@@ -2,24 +2,21 @@ package rfc2136
import (
"bytes"
- "fmt"
- "net"
"strings"
- "sync"
"testing"
"time"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/dnsmock"
"github.com/miekg/dns"
- "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const (
fakeDomain = "123456789.www.example.com"
fakeKeyAuth = "123d=="
- fakeValue = "Now36o-3BmlB623-0c1qCIUmgWVVmDJb88KGl24pqpo"
+ fakeValue = "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY"
fakeFqdn = "_acme-challenge.123456789.www.example.com."
fakeZone = "example.com."
fakeTTL = 120
@@ -87,6 +84,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -163,39 +161,16 @@ func TestNewDNSProviderConfig(t *testing.T) {
}
}
-func TestCanaryLocalTestServer(t *testing.T) {
+func TestDNSProvider_Present_success(t *testing.T) {
dns01.ClearFqdnCache()
- dns.HandleFunc("example.com.", serverHandlerHello)
- defer dns.HandleRemove("example.com.")
- server, addr, err := runLocalDNSTestServer(false)
- require.NoError(t, err, "Failed to start test server")
- defer func() { _ = server.Shutdown() }()
-
- c := new(dns.Client)
- m := new(dns.Msg)
-
- m.SetQuestion("example.com.", dns.TypeTXT)
-
- r, _, err := c.Exchange(m, addr)
- require.NoError(t, err, "Failed to communicate with test server")
- assert.Len(t, r.Extra, 1, "Failed to communicate with test server")
-
- txt := r.Extra[0].(*dns.TXT).Txt[0]
- assert.Equal(t, "Hello world", txt)
-}
-
-func TestServerSuccess(t *testing.T) {
- dns01.ClearFqdnCache()
- dns.HandleFunc(fakeZone, serverHandlerReturnSuccess)
- defer dns.HandleRemove(fakeZone)
-
- server, addr, err := runLocalDNSTestServer(false)
- require.NoError(t, err, "Failed to start test server")
- defer func() { _ = server.Shutdown() }()
+ addr := dnsmock.NewServer().
+ Query(fakeZone+" SOA", dnsmock.SOA("")).
+ Update(fakeZone+" SOA", dnsmock.Noop).
+ Build(t)
config := NewDefaultConfig()
- config.Nameserver = addr
+ config.Nameserver = addr.String()
provider, err := NewDNSProviderConfig(config)
require.NoError(t, err)
@@ -204,39 +179,98 @@ func TestServerSuccess(t *testing.T) {
require.NoError(t, err)
}
-func TestServerError(t *testing.T) {
+func TestDNSProvider_Present_success_updatePacket(t *testing.T) {
dns01.ClearFqdnCache()
- dns.HandleFunc(fakeZone, serverHandlerReturnErr)
- defer dns.HandleRemove(fakeZone)
- server, addr, err := runLocalDNSTestServer(false)
- require.NoError(t, err, "Failed to start test server")
- defer func() { _ = server.Shutdown() }()
+ reqChan := make(chan *dns.Msg, 1)
+
+ addr := dnsmock.NewServer().
+ Query("_acme-challenge.123456789.www.example.com. SOA", dnsmock.SOA(fakeZone)).
+ Update(fakeZone+" SOA", func(w dns.ResponseWriter, req *dns.Msg) {
+ dnsmock.Noop(w, req)
+
+ // Only talk back when it is not the SOA RR.
+ reqChan <- req
+ }).
+ Build(t)
config := NewDefaultConfig()
- config.Nameserver = addr
+ config.Nameserver = addr.String()
+
+ provider, err := NewDNSProviderConfig(config)
+ require.NoError(t, err)
+
+ err = provider.Present(fakeDomain, "", fakeKeyAuth)
+ require.NoError(t, err)
+
+ select {
+ case <-time.After(time.Second):
+ t.Fatal("timeout waiting for request")
+
+ case rcvMsg := <-reqChan:
+ txtRR := &dns.TXT{
+ Hdr: dns.RR_Header{Name: fakeFqdn, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: fakeTTL},
+ Txt: []string{fakeValue},
+ }
+
+ m := new(dns.Msg).SetUpdate(fakeZone)
+
+ m.RemoveRRset([]dns.RR{txtRR})
+ m.Insert([]dns.RR{txtRR})
+
+ expected, err := m.Pack()
+ require.NoError(t, err, "error packing")
+
+ rcvMsg.Id = m.Id
+
+ actual, err := rcvMsg.Pack()
+ require.NoError(t, err, "error packing")
+
+ if !bytes.Equal(actual, expected) {
+ tmp := new(dns.Msg)
+ require.NoError(t, tmp.Unpack(actual))
+
+ t.Errorf("Expected msg:\n%s", m)
+ t.Errorf("Actual msg:\n%s", tmp)
+ }
+ }
+}
+
+func TestDNSProvider_Present_error(t *testing.T) {
+ dns01.ClearFqdnCache()
+
+ addr := dnsmock.NewServer().
+ Query(fakeZone+" SOA", dnsmock.Error(dns.RcodeNotZone)).
+ Build(t)
+
+ config := NewDefaultConfig()
+ config.Nameserver = addr.String()
provider, err := NewDNSProviderConfig(config)
require.NoError(t, err)
err = provider.Present(fakeDomain, "", fakeKeyAuth)
require.Error(t, err)
+
if !strings.Contains(err.Error(), "NOTZONE") {
t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string, but it did not: %v", err)
}
}
-func TestTsigClient(t *testing.T) {
+func TestDNSProvider_Present_tsig_success(t *testing.T) {
dns01.ClearFqdnCache()
- dns.HandleFunc(fakeZone, serverHandlerReturnSuccess)
- defer dns.HandleRemove(fakeZone)
- server, addr, err := runLocalDNSTestServer(true)
- require.NoError(t, err, "Failed to start test server")
- defer func() { _ = server.Shutdown() }()
+ addr := dnsmock.NewServer().
+ Query(fakeZone+" SOA", dnsmock.SOA("")).
+ Update(fakeZone+" SOA", handleTSIG).
+ Build(t, func(server *dns.Server) error {
+ server.TsigSecret = map[string]string{fakeTsigKey: fakeTsigSecret}
+
+ return nil
+ })
config := NewDefaultConfig()
- config.Nameserver = addr
+ config.Nameserver = addr.String()
config.TSIGKey = fakeTsigKey
config.TSIGSecret = fakeTsigSecret
@@ -247,143 +281,50 @@ func TestTsigClient(t *testing.T) {
require.NoError(t, err)
}
-func TestValidUpdatePacket(t *testing.T) {
- reqChan := make(chan *dns.Msg, 10)
-
+func TestDNSProvider_Present_tsig_error(t *testing.T) {
dns01.ClearFqdnCache()
- dns.HandleFunc(fakeZone, serverHandlerPassBackRequest(reqChan))
- defer dns.HandleRemove(fakeZone)
- server, addr, err := runLocalDNSTestServer(false)
- require.NoError(t, err, "Failed to start test server")
- defer func() { _ = server.Shutdown() }()
+ addr := dnsmock.NewServer().
+ Query(fakeZone+" SOA", dnsmock.SOA("")).
+ Update(fakeZone+" SOA", handleTSIG).
+ Build(t, func(server *dns.Server) error {
+ server.TsigSecret = map[string]string{"example.org": fakeTsigSecret}
- txtRR, _ := dns.NewRR(fmt.Sprintf("%s %d IN TXT %s", fakeFqdn, fakeTTL, fakeValue))
- rrs := []dns.RR{txtRR}
- m := new(dns.Msg)
- m.SetUpdate(fakeZone)
- m.RemoveRRset(rrs)
- m.Insert(rrs)
- expectStr := m.String()
-
- expect, err := m.Pack()
- require.NoError(t, err, "error packing")
+ return nil
+ })
config := NewDefaultConfig()
- config.Nameserver = addr
+ config.Nameserver = addr.String()
+ config.TSIGKey = fakeTsigKey
+ config.TSIGSecret = fakeTsigSecret
provider, err := NewDNSProviderConfig(config)
require.NoError(t, err)
- err = provider.Present(fakeDomain, "", "1234d==")
- require.NoError(t, err)
-
- rcvMsg := <-reqChan
- rcvMsg.Id = m.Id
-
- actual, err := rcvMsg.Pack()
- require.NoError(t, err, "error packing")
-
- if !bytes.Equal(actual, expect) {
- tmp := new(dns.Msg)
- if err := tmp.Unpack(actual); err != nil {
- t.Fatalf("Error unpacking actual msg: %v", err)
- }
- t.Errorf("Expected msg:\n%s", expectStr)
- t.Errorf("Actual msg:\n%v", tmp)
- }
+ err = provider.Present(fakeDomain, "", fakeKeyAuth)
+ require.Error(t, err)
+ require.EqualError(t, err, "rfc2136: failed to insert: DNS update failed: server replied: NOTZONE")
}
-func runLocalDNSTestServer(tsig bool) (*dns.Server, string, error) {
- pc, err := net.ListenPacket("udp", "127.0.0.1:0")
+func handleTSIG(w dns.ResponseWriter, req *dns.Msg) {
+ m := new(dns.Msg)
+
+ tsig := req.IsTsig()
+ if tsig == nil {
+ _ = w.WriteMsg(m.SetRcode(req, dns.RcodeRefused))
+ return
+ }
+
+ err := w.TsigStatus()
if err != nil {
- return nil, "", err
+ _ = w.WriteMsg(m.SetRcode(req, dns.RcodeNotZone))
+
+ return
}
- server := &dns.Server{
- PacketConn: pc,
- ReadTimeout: time.Hour,
- WriteTimeout: time.Hour,
- MsgAcceptFunc: func(dh dns.Header) dns.MsgAcceptAction {
- // bypass defaultMsgAcceptFunc to allow dynamic update (https://github.com/miekg/dns/pull/830)
- return dns.MsgAccept
- },
- }
-
- if tsig {
- server.TsigSecret = map[string]string{fakeTsigKey: fakeTsigSecret}
- }
-
- waitLock := sync.Mutex{}
- waitLock.Lock()
- server.NotifyStartedFunc = waitLock.Unlock
-
- go func() {
- _ = server.ActivateAndServe()
- pc.Close()
- }()
-
- waitLock.Lock()
- return server, pc.LocalAddr().String(), nil
-}
-
-func serverHandlerHello(w dns.ResponseWriter, req *dns.Msg) {
- m := new(dns.Msg)
- m.SetReply(req)
- m.Extra = make([]dns.RR, 1)
- m.Extra[0] = &dns.TXT{
- Hdr: dns.RR_Header{Name: m.Question[0].Name, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 0},
- Txt: []string{"Hello world"},
- }
- _ = w.WriteMsg(m)
-}
-
-func serverHandlerReturnSuccess(w dns.ResponseWriter, req *dns.Msg) {
- m := new(dns.Msg)
- m.SetReply(req)
- if req.Opcode == dns.OpcodeQuery && req.Question[0].Qtype == dns.TypeSOA && req.Question[0].Qclass == dns.ClassINET {
- // Return SOA to appease findZoneByFqdn()
- soaRR, _ := dns.NewRR(fmt.Sprintf("%s %d IN SOA ns1.%s admin.%s 2016022801 28800 7200 2419200 1200", fakeZone, fakeTTL, fakeZone, fakeZone))
- m.Answer = []dns.RR{soaRR}
- }
-
- if t := req.IsTsig(); t != nil {
- if w.TsigStatus() == nil {
- // Validated
- m.SetTsig(fakeZone, dns.HmacSHA1, 300, time.Now().Unix())
- }
- }
-
- _ = w.WriteMsg(m)
-}
-
-func serverHandlerReturnErr(w dns.ResponseWriter, req *dns.Msg) {
- m := new(dns.Msg)
- m.SetRcode(req, dns.RcodeNotZone)
- _ = w.WriteMsg(m)
-}
-
-func serverHandlerPassBackRequest(reqChan chan *dns.Msg) func(w dns.ResponseWriter, req *dns.Msg) {
- return func(w dns.ResponseWriter, req *dns.Msg) {
- m := new(dns.Msg)
- m.SetReply(req)
- if req.Opcode == dns.OpcodeQuery && req.Question[0].Qtype == dns.TypeSOA && req.Question[0].Qclass == dns.ClassINET {
- // Return SOA to appease findZoneByFqdn()
- soaRR, _ := dns.NewRR(fmt.Sprintf("%s %d IN SOA ns1.%s admin.%s 2016022801 28800 7200 2419200 1200", fakeZone, fakeTTL, fakeZone, fakeZone))
- m.Answer = []dns.RR{soaRR}
- }
-
- if t := req.IsTsig(); t != nil {
- if w.TsigStatus() == nil {
- // Validated
- m.SetTsig(fakeZone, dns.HmacSHA1, 300, time.Now().Unix())
- }
- }
-
- _ = w.WriteMsg(m)
- if req.Opcode != dns.OpcodeQuery || req.Question[0].Qtype != dns.TypeSOA || req.Question[0].Qclass != dns.ClassINET {
- // Only talk back when it is not the SOA RR.
- reqChan <- req
- }
- }
+ // Validated
+ _ = w.WriteMsg(m.
+ SetReply(req).
+ SetTsig(tsig.Hdr.Name, tsig.Algorithm, tsig.Fudge, time.Now().Unix()),
+ )
}
diff --git a/providers/dns/rimuhosting/rimuhosting.go b/providers/dns/rimuhosting/rimuhosting.go
index 9051d0add..7a7e99f60 100644
--- a/providers/dns/rimuhosting/rimuhosting.go
+++ b/providers/dns/rimuhosting/rimuhosting.go
@@ -2,7 +2,6 @@
package rimuhosting
import (
- "context"
"errors"
"fmt"
"net/http"
@@ -29,19 +28,12 @@ const (
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- APIKey string
-
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = rimuhosting.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
- TTL: env.GetOrDefaultInt(EnvTTL, 3600),
+ TTL: env.GetOrDefaultInt(EnvTTL, rimuhosting.DefaultTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
HTTPClient: &http.Client{
@@ -52,8 +44,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *rimuhosting.Client
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for RimuHosting.
@@ -76,48 +67,19 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("rimuhosting: the configuration of the DNS provider is nil")
}
- if config.APIKey == "" {
- return nil, errors.New("rimuhosting: incomplete credentials, missing API key")
+ provider, err := rimuhosting.NewDNSProviderConfig(config, "")
+ if err != nil {
+ return nil, fmt.Errorf("rimuhosting: %w", err)
}
- client := rimuhosting.NewClient(config.APIKey)
- client.BaseURL = rimuhosting.DefaultRimuHostingBaseURL
-
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- return &DNSProvider{config: config, client: client}, nil
-}
-
-// Timeout returns the timeout and interval to use when checking for DNS propagation.
-// Adjusting here to cope with spikes in propagation times.
-func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
+ return &DNSProvider{prv: provider}, nil
}
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- ctx := context.Background()
-
- records, err := d.client.FindTXTRecords(ctx, dns01.UnFqdn(info.EffectiveFQDN))
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
- return fmt.Errorf("rimuhosting: failed to find record(s) for %s: %w", domain, err)
- }
-
- actions := []rimuhosting.ActionParameter{
- rimuhosting.NewAddRecordAction(dns01.UnFqdn(info.EffectiveFQDN), info.Value, d.config.TTL),
- }
-
- for _, record := range records {
- actions = append(actions, rimuhosting.NewAddRecordAction(record.Name, record.Content, d.config.TTL))
- }
-
- _, err = d.client.DoActions(ctx, actions...)
- if err != nil {
- return fmt.Errorf("rimuhosting: failed to add record(s) for %s: %w", domain, err)
+ return fmt.Errorf("rimuhosting: %w", err)
}
return nil
@@ -125,14 +87,16 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- action := rimuhosting.NewDeleteRecordAction(dns01.UnFqdn(info.EffectiveFQDN), info.Value)
-
- _, err := d.client.DoActions(context.Background(), action)
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
- return fmt.Errorf("rimuhosting: failed to delete record for %s: %w", domain, err)
+ return fmt.Errorf("rimuhosting: %w", err)
}
return nil
}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
+}
diff --git a/providers/dns/rimuhosting/rimuhosting.toml b/providers/dns/rimuhosting/rimuhosting.toml
index 0a4f983e2..c1994e2cc 100644
--- a/providers/dns/rimuhosting/rimuhosting.toml
+++ b/providers/dns/rimuhosting/rimuhosting.toml
@@ -6,7 +6,7 @@ Since = "v0.3.5"
Example = '''
RIMUHOSTING_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns rimuhosting -d '*.example.com' -d example.com run
+lego --dns rimuhosting -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/rimuhosting/rimuhosting_test.go b/providers/dns/rimuhosting/rimuhosting_test.go
index cbdacedc4..878ec14da 100644
--- a/providers/dns/rimuhosting/rimuhosting_test.go
+++ b/providers/dns/rimuhosting/rimuhosting_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -45,7 +46,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -83,7 +84,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -97,6 +98,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -110,6 +112,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/route53/route53.go b/providers/dns/route53/route53.go
index db578eb00..b41c95dac 100644
--- a/providers/dns/route53/route53.go
+++ b/providers/dns/route53/route53.go
@@ -17,6 +17,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/route53"
awstypes "github.com/aws/aws-sdk-go-v2/service/route53/types"
"github.com/aws/aws-sdk-go-v2/service/sts"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
@@ -154,6 +155,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
realValue := `"` + info.Value + `"`
var found bool
+
for _, record := range records {
if ptr.Deref(record.Value) == realValue {
found = true
@@ -199,6 +201,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var nonLegoRecords []awstypes.ResourceRecord
+
for _, record := range existingRecords {
if ptr.Deref(record.Value) != `"`+info.Value+`"` {
nonLegoRecords = append(nonLegoRecords, record)
@@ -249,18 +252,22 @@ func (d *DNSProvider) changeRecord(ctx context.Context, action awstypes.ChangeAc
changeID := resp.ChangeInfo.Id
if d.config.WaitForRecordSetsChanged {
- return wait.For("route53", d.config.PropagationTimeout, d.config.PollingInterval, func() (bool, error) {
- resp, err := d.client.GetChange(ctx, &route53.GetChangeInput{Id: changeID})
- if err != nil {
- return false, fmt.Errorf("failed to query change status: %w", err)
- }
+ return wait.Retry(ctx,
+ func() error {
+ resp, err := d.client.GetChange(ctx, &route53.GetChangeInput{Id: changeID})
+ if err != nil {
+ return fmt.Errorf("failed to query change status: %w", err)
+ }
- if resp.ChangeInfo.Status == awstypes.ChangeStatusInsync {
- return true, nil
- }
+ if resp.ChangeInfo.Status != awstypes.ChangeStatusInsync {
+ return fmt.Errorf("unable to retrieve change: ID=%s, status=%s", ptr.Deref(changeID), resp.ChangeInfo.Status)
+ }
- return false, fmt.Errorf("unable to retrieve change: ID=%s", ptr.Deref(changeID))
- })
+ return nil
+ },
+ backoff.WithBackOff(backoff.NewConstantBackOff(d.config.PollingInterval)),
+ backoff.WithMaxElapsedTime(d.config.PropagationTimeout),
+ )
}
return nil
@@ -307,12 +314,14 @@ func (d *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string,
reqParams := &route53.ListHostedZonesByNameInput{
DNSName: aws.String(dns01.UnFqdn(authZone)),
}
+
resp, err := d.client.ListHostedZonesByName(ctx, reqParams)
if err != nil {
return "", err
}
var hostedZoneID string
+
for _, hostedZone := range resp.HostedZones {
// .Name has a trailing dot
if ptr.Deref(hostedZone.Name) == authZone && d.config.PrivateZone == hostedZone.Config.PrivateZone {
@@ -348,6 +357,7 @@ func createAWSConfig(ctx context.Context, config *Config) (aws.Config, error) {
retryCount := min(attempt, 7)
delay := (1 << uint(retryCount)) * (rand.Intn(50) + 200)
+
return time.Duration(delay) * time.Millisecond, nil
})
})
diff --git a/providers/dns/route53/route53.toml b/providers/dns/route53/route53.toml
index 9e3b049a6..607d9ef31 100644
--- a/providers/dns/route53/route53.toml
+++ b/providers/dns/route53/route53.toml
@@ -9,7 +9,7 @@ AWS_ACCESS_KEY_ID=your_key_id \
AWS_SECRET_ACCESS_KEY=your_secret_access_key \
AWS_REGION=aws-region \
AWS_HOSTED_ZONE_ID=your_hosted_zone_id \
-lego --email you@example.com --dns route53 -d '*.example.com' -d example.com run
+lego --dns route53 -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/route53/route53_test.go b/providers/dns/route53/route53_test.go
index 6079bb4e6..41ed824bc 100644
--- a/providers/dns/route53/route53_test.go
+++ b/providers/dns/route53/route53_test.go
@@ -34,6 +34,7 @@ var envTest = tester.NewEnvTest(
func Test_loadCredentials_FromEnv(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
_ = os.Setenv(EnvAccessKeyID, "123")
@@ -60,6 +61,7 @@ func Test_loadCredentials_FromEnv(t *testing.T) {
func Test_loadRegion_FromEnv(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
_ = os.Setenv(EnvRegion, "foo")
@@ -72,6 +74,7 @@ func Test_loadRegion_FromEnv(t *testing.T) {
func Test_getHostedZoneID_FromEnv(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
expectedZoneID := "zoneID"
@@ -82,7 +85,7 @@ func Test_getHostedZoneID_FromEnv(t *testing.T) {
require.NoError(t, err)
hostedZoneID, err := provider.getHostedZoneID(t.Context(), "whatever")
- require.NoError(t, err, "HostedZoneID")
+ require.NoError(t, err)
assert.Equal(t, expectedZoneID, hostedZoneID)
}
@@ -128,6 +131,7 @@ func TestNewDefaultConfig(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
envTest.ClearEnv()
+
for key, value := range test.envVars {
_ = os.Setenv(key, value)
}
@@ -141,11 +145,13 @@ func TestNewDefaultConfig(t *testing.T) {
func TestDNSProvider_Present(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
provider := servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
cfg := aws.Config{
+ HTTPClient: server.Client(),
Credentials: credentials.NewStaticCredentialsProvider("abc", "123", " "),
Region: "mock-region",
BaseEndpoint: aws.String(server.URL),
@@ -181,7 +187,7 @@ func TestDNSProvider_Present(t *testing.T) {
keyAuth := "123456d=="
err := provider.Present(domain, "", keyAuth)
- require.NoError(t, err, "Expected Present to return no error")
+ require.NoError(t, err)
}
func Test_createAWSConfig(t *testing.T) {
@@ -270,6 +276,7 @@ func Test_createAWSConfig(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.env)
diff --git a/providers/dns/safedns/internal/client.go b/providers/dns/safedns/internal/client.go
index 3e6f99919..628618032 100644
--- a/providers/dns/safedns/internal/client.go
+++ b/providers/dns/safedns/internal/client.go
@@ -19,7 +19,7 @@ const defaultBaseURL = "https://api.ukfast.io/safedns/v1"
const authorizationHeader = "Authorization"
-// Client the UKFast SafeDNS client.
+// Client the ANS SafeDNS client.
type Client struct {
authToken string
@@ -48,6 +48,7 @@ func (c *Client) AddRecord(ctx context.Context, zone string, record Record) (*Ad
}
respData := &AddRecordResponse{}
+
err = c.do(req, respData)
if err != nil {
return nil, fmt.Errorf("add record: %w", err)
@@ -132,6 +133,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/safedns/internal/client_test.go b/providers/dns/safedns/internal/client_test.go
index f984d2d8f..161a9f078 100644
--- a/providers/dns/safedns/internal/client_test.go
+++ b/providers/dns/safedns/internal/client_test.go
@@ -17,6 +17,7 @@ func mockBuilder() *servermock.Builder[*Client] {
func(server *httptest.Server) (*Client, error) {
client := NewClient("secret")
client.baseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
return client, nil
},
diff --git a/providers/dns/safedns/safedns.go b/providers/dns/safedns/safedns.go
index 5066db59f..154cfc5ee 100644
--- a/providers/dns/safedns/safedns.go
+++ b/providers/dns/safedns/safedns.go
@@ -1,4 +1,4 @@
-// Package safedns implements a DNS provider for solving the DNS-01 challenge using UKFast SafeDNS.
+// Package safedns implements a DNS provider for solving the DNS-01 challenge using ANS SafeDNS.
package safedns
import (
@@ -12,7 +12,9 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/safedns/internal"
+ "github.com/miekg/dns"
)
// Environment variables.
@@ -73,7 +75,7 @@ func NewDNSProvider() (*DNSProvider, error) {
return NewDNSProviderConfig(config)
}
-// NewDNSProviderConfig return a DNSProvider instance configured for UKFast SafeDNS.
+// NewDNSProviderConfig return a DNSProvider instance configured for ANS SafeDNS.
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("safedns: supplied configuration was nil")
@@ -89,6 +91,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -106,7 +110,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
- zone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(info.EffectiveFQDN))
+ zone, err := dns01.FindZoneByFqdn(dns.Fqdn(info.EffectiveFQDN))
if err != nil {
return fmt.Errorf("safedns: could not find zone for domain %q: %w", domain, err)
}
@@ -142,6 +146,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("safedns: unknown record ID for '%s'", info.EffectiveFQDN)
}
diff --git a/providers/dns/safedns/safedns.toml b/providers/dns/safedns/safedns.toml
index dcc7bc90e..f387f2535 100644
--- a/providers/dns/safedns/safedns.toml
+++ b/providers/dns/safedns/safedns.toml
@@ -1,12 +1,12 @@
-Name = "UKFast SafeDNS"
+Name = "ANS SafeDNS"
Description = ''''''
-URL = "https://www.ukfast.co.uk/dns-hosting.html"
+URL = "https://www.ans.co.uk/"
Code = "safedns"
Since = "v4.6.0"
Example = '''
SAFEDNS_AUTH_TOKEN=xxxxxx \
-lego --email you@example.com --dns safedns -d '*.example.com' -d example.com run
+lego --dns safedns -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/safedns/safedns_test.go b/providers/dns/safedns/safedns_test.go
index dcb374718..ce7568056 100644
--- a/providers/dns/safedns/safedns_test.go
+++ b/providers/dns/safedns/safedns_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -95,6 +96,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -108,6 +110,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/sakuracloud/sakuracloud.go b/providers/dns/sakuracloud/sakuracloud.go
index f12248d42..1adbe3a88 100644
--- a/providers/dns/sakuracloud/sakuracloud.go
+++ b/providers/dns/sakuracloud/sakuracloud.go
@@ -2,6 +2,7 @@
package sakuracloud
import (
+ "context"
"errors"
"fmt"
"net/http"
@@ -11,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
client "github.com/sacloud/api-client-go"
"github.com/sacloud/iaas-api-go"
@@ -100,7 +102,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
Options: &client.Options{
AccessToken: config.Token,
AccessTokenSecret: config.Secret,
- HttpClient: config.HTTPClient,
+ HttpClient: clientdebug.Wrap(config.HTTPClient),
UserAgent: fmt.Sprintf("%s %s", iaas.DefaultUserAgent, useragent.Get()),
},
}
@@ -115,7 +117,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
- err := d.addTXTRecord(info.EffectiveFQDN, info.Value, d.config.TTL)
+ err := d.addTXTRecord(context.Background(), info.EffectiveFQDN, info.Value, d.config.TTL)
if err != nil {
return fmt.Errorf("sakuracloud: %w", err)
}
@@ -127,7 +129,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
- err := d.cleanupTXTRecord(info.EffectiveFQDN, info.Value)
+ err := d.cleanupTXTRecord(context.Background(), info.EffectiveFQDN, info.Value)
if err != nil {
return fmt.Errorf("sakuracloud: %w", err)
}
@@ -169,6 +171,7 @@ func newCaller(opts *api.CallerOptions) iaas.APICaller {
if strings.HasSuffix(opts.APIRootURL, "/") {
opts.APIRootURL = strings.TrimRight(opts.APIRootURL, "/")
}
+
iaas.SakuraCloudAPIRoot = opts.APIRootURL
}
diff --git a/providers/dns/sakuracloud/sakuracloud.toml b/providers/dns/sakuracloud/sakuracloud.toml
index f754e0c89..a197cd27c 100644
--- a/providers/dns/sakuracloud/sakuracloud.toml
+++ b/providers/dns/sakuracloud/sakuracloud.toml
@@ -7,7 +7,7 @@ Since = "v1.1.0"
Example = '''
SAKURACLOUD_ACCESS_TOKEN=xxxxx \
SAKURACLOUD_ACCESS_TOKEN_SECRET=yyyyy \
-lego --email you@example.com --dns sakuracloud -d '*.example.com' -d example.com run
+lego --dns sakuracloud -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/sakuracloud/sakuracloud_test.go b/providers/dns/sakuracloud/sakuracloud_test.go
index 93cf20ea1..789a27544 100644
--- a/providers/dns/sakuracloud/sakuracloud_test.go
+++ b/providers/dns/sakuracloud/sakuracloud_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -129,6 +130,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -142,6 +144,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/sakuracloud/wrapper.go b/providers/dns/sakuracloud/wrapper.go
index 0898ccd3b..ff0b78e09 100644
--- a/providers/dns/sakuracloud/wrapper.go
+++ b/providers/dns/sakuracloud/wrapper.go
@@ -14,11 +14,11 @@ import (
// see: https://github.com/go-acme/lego/pull/850
var mu sync.Mutex
-func (d *DNSProvider) addTXTRecord(fqdn, value string, ttl int) error {
+func (d *DNSProvider) addTXTRecord(ctx context.Context, fqdn, value string, ttl int) error {
mu.Lock()
defer mu.Unlock()
- zone, err := d.getHostedZone(fqdn)
+ zone, err := d.getHostedZone(ctx, fqdn)
if err != nil {
return err
}
@@ -35,7 +35,7 @@ func (d *DNSProvider) addTXTRecord(fqdn, value string, ttl int) error {
TTL: ttl,
})
- _, err = d.client.UpdateSettings(context.Background(), zone.ID, &iaas.DNSUpdateSettingsRequest{
+ _, err = d.client.UpdateSettings(ctx, zone.ID, &iaas.DNSUpdateSettingsRequest{
Records: records,
SettingsHash: zone.SettingsHash,
})
@@ -46,11 +46,11 @@ func (d *DNSProvider) addTXTRecord(fqdn, value string, ttl int) error {
return nil
}
-func (d *DNSProvider) cleanupTXTRecord(fqdn, value string) error {
+func (d *DNSProvider) cleanupTXTRecord(ctx context.Context, fqdn, value string) error {
mu.Lock()
defer mu.Unlock()
- zone, err := d.getHostedZone(fqdn)
+ zone, err := d.getHostedZone(ctx, fqdn)
if err != nil {
return err
}
@@ -61,6 +61,7 @@ func (d *DNSProvider) cleanupTXTRecord(fqdn, value string) error {
}
var updRecords iaas.DNSRecords
+
for _, r := range zone.Records {
if !(r.Name == subDomain && r.Type == "TXT" && r.RData == value) { //nolint:staticcheck // Clearer without De Morgan's law.
updRecords = append(updRecords, r)
@@ -71,7 +72,8 @@ func (d *DNSProvider) cleanupTXTRecord(fqdn, value string) error {
Records: updRecords,
SettingsHash: zone.SettingsHash,
}
- _, err = d.client.UpdateSettings(context.Background(), zone.ID, settings)
+
+ _, err = d.client.UpdateSettings(ctx, zone.ID, settings)
if err != nil {
return fmt.Errorf("API call failed: %w", err)
}
@@ -79,7 +81,7 @@ func (d *DNSProvider) cleanupTXTRecord(fqdn, value string) error {
return nil
}
-func (d *DNSProvider) getHostedZone(domain string) (*iaas.DNS, error) {
+func (d *DNSProvider) getHostedZone(ctx context.Context, domain string) (*iaas.DNS, error) {
authZone, err := dns01.FindZoneByFqdn(domain)
if err != nil {
return nil, fmt.Errorf("could not find zone: %w", err)
@@ -93,7 +95,7 @@ func (d *DNSProvider) getHostedZone(domain string) (*iaas.DNS, error) {
},
}
- res, err := d.client.Find(context.Background(), conditions)
+ res, err := d.client.Find(ctx, conditions)
if err != nil {
if iaas.IsNotFoundError(err) {
return nil, fmt.Errorf("zone %s not found on SakuraCloud DNS: %w", zoneName, err)
diff --git a/providers/dns/sakuracloud/wrapper_test.go b/providers/dns/sakuracloud/wrapper_test.go
index 15eb19618..7432c67a6 100644
--- a/providers/dns/sakuracloud/wrapper_test.go
+++ b/providers/dns/sakuracloud/wrapper_test.go
@@ -44,6 +44,7 @@ func createDummyZone(t *testing.T, caller iaas.APICaller) {
if zone.Name == "example.com" {
err = dnsOp.Delete(ctx, zone.ID)
require.NoError(t, err)
+
break
}
}
@@ -64,10 +65,12 @@ func TestDNSProvider_addAndCleanupRecords(t *testing.T) {
require.NoError(t, err)
t.Run("addTXTRecord", func(t *testing.T) {
- err = p.addTXTRecord("test.example.com.", "dummyValue", 10)
+ ctx := t.Context()
+
+ err = p.addTXTRecord(ctx, "test.example.com.", "dummyValue", 10)
require.NoError(t, err)
- updZone, e := p.getHostedZone("test.example.com.")
+ updZone, e := p.getHostedZone(ctx, "test.example.com.")
require.NoError(t, e)
require.NotNil(t, updZone)
@@ -75,10 +78,12 @@ func TestDNSProvider_addAndCleanupRecords(t *testing.T) {
})
t.Run("cleanupTXTRecord", func(t *testing.T) {
- err = p.cleanupTXTRecord("test.example.com.", "dummyValue")
+ ctx := t.Context()
+
+ err = p.cleanupTXTRecord(ctx, "test.example.com.", "dummyValue")
require.NoError(t, err)
- updZone, e := p.getHostedZone("test.example.com.")
+ updZone, e := p.getHostedZone(ctx, "test.example.com.")
require.NoError(t, e)
require.NotNil(t, updZone)
@@ -92,6 +97,7 @@ func TestDNSProvider_concurrentAddAndCleanupRecords(t *testing.T) {
dummyRecordCount := 10
var providers []*DNSProvider
+
for range dummyRecordCount {
config := NewDefaultConfig()
config.Token = "token3"
@@ -108,9 +114,11 @@ func TestDNSProvider_concurrentAddAndCleanupRecords(t *testing.T) {
t.Run("addTXTRecord", func(t *testing.T) {
wg.Add(len(providers))
+ ctx := t.Context()
+
for i, p := range providers {
go func(j int, client *DNSProvider) {
- err := client.addTXTRecord(fmt.Sprintf("test%d.example.com.", j), "dummyValue", 10)
+ err := client.addTXTRecord(ctx, fmt.Sprintf("test%d.example.com.", j), "dummyValue", 10)
require.NoError(t, err)
wg.Done()
}(i, p)
@@ -118,7 +126,7 @@ func TestDNSProvider_concurrentAddAndCleanupRecords(t *testing.T) {
wg.Wait()
- updZone, err := providers[0].getHostedZone("example.com.")
+ updZone, err := providers[0].getHostedZone(ctx, "example.com.")
require.NoError(t, err)
require.NotNil(t, updZone)
@@ -128,9 +136,11 @@ func TestDNSProvider_concurrentAddAndCleanupRecords(t *testing.T) {
t.Run("cleanupTXTRecord", func(t *testing.T) {
wg.Add(len(providers))
+ ctx := t.Context()
+
for i, p := range providers {
go func(i int, client *DNSProvider) {
- err := client.cleanupTXTRecord(fmt.Sprintf("test%d.example.com.", i), "dummyValue")
+ err := client.cleanupTXTRecord(ctx, fmt.Sprintf("test%d.example.com.", i), "dummyValue")
require.NoError(t, err)
wg.Done()
}(i, p)
@@ -138,7 +148,7 @@ func TestDNSProvider_concurrentAddAndCleanupRecords(t *testing.T) {
wg.Wait()
- updZone, err := providers[0].getHostedZone("example.com.")
+ updZone, err := providers[0].getHostedZone(ctx, "example.com.")
require.NoError(t, err)
require.NotNil(t, updZone)
diff --git a/providers/dns/scaleway/scaleway.go b/providers/dns/scaleway/scaleway.go
index 5976e77a2..9d08f93b9 100644
--- a/providers/dns/scaleway/scaleway.go
+++ b/providers/dns/scaleway/scaleway.go
@@ -5,6 +5,7 @@ package scaleway
import (
"errors"
"fmt"
+ "net/http"
"strconv"
"strings"
"time"
@@ -12,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
scwdomain "github.com/scaleway/scaleway-sdk-go/api/domain/v2beta1"
"github.com/scaleway/scaleway-sdk-go/scw"
@@ -32,6 +34,7 @@ const (
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
const (
@@ -47,12 +50,14 @@ var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- ProjectID string
- Token string // TODO(ldez) rename to SecretKey in the next major.
- AccessKey string
+ ProjectID string
+ Token string // TODO(ldez) rename to SecretKey in the next major.
+ AccessKey string
+
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
+ HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
@@ -62,6 +67,9 @@ func NewDefaultConfig() *Config {
TTL: env.GetOneWithFallback(EnvTTL, minTTL, strconv.Atoi, altEnvName(EnvTTL)),
PropagationTimeout: env.GetOneWithFallback(EnvPropagationTimeout, defaultPropagationTimeout, env.ParseSecond, altEnvName(EnvPropagationTimeout)),
PollingInterval: env.GetOneWithFallback(EnvPollingInterval, defaultPollingInterval, env.ParseSecond, altEnvName(EnvPollingInterval)),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
}
}
@@ -107,6 +115,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
scw.WithUserAgent(useragent.Get()),
}
+ if config.HTTPClient != nil {
+ configuration = append(configuration, scw.WithHTTPClient(clientdebug.Wrap(config.HTTPClient)))
+ }
+
if config.ProjectID != "" {
configuration = append(configuration, scw.WithDefaultProjectID(config.ProjectID))
}
diff --git a/providers/dns/scaleway/scaleway.toml b/providers/dns/scaleway/scaleway.toml
index 21839e061..8b556e8b1 100644
--- a/providers/dns/scaleway/scaleway.toml
+++ b/providers/dns/scaleway/scaleway.toml
@@ -6,7 +6,7 @@ Since = "v3.4.0"
Example = '''
SCW_SECRET_KEY=xxxxxxx-xxxxx-xxxx-xxx-xxxxxx \
-lego --email you@example.com --dns scaleway -d '*.example.com' -d example.com run
+lego --dns scaleway -d '*.example.com' -d example.com run
'''
[Configuration]
@@ -18,6 +18,7 @@ lego --email you@example.com --dns scaleway -d '*.example.com' -d example.com ru
SCW_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
SCW_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
SCW_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)"
+ SCW_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
[Links]
API = "https://developers.scaleway.com/en/products/domain/dns/api/"
diff --git a/providers/dns/scaleway/scaleway_test.go b/providers/dns/scaleway/scaleway_test.go
index bf950e84e..b683d751a 100644
--- a/providers/dns/scaleway/scaleway_test.go
+++ b/providers/dns/scaleway/scaleway_test.go
@@ -41,6 +41,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -105,6 +106,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -118,6 +120,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/selectel/selectel.go b/providers/dns/selectel/selectel.go
index c5da2215f..63ddd81ac 100644
--- a/providers/dns/selectel/selectel.go
+++ b/providers/dns/selectel/selectel.go
@@ -4,11 +4,9 @@
package selectel
import (
- "context"
"errors"
"fmt"
"net/http"
- "net/url"
"time"
"github.com/go-acme/lego/v4/challenge"
@@ -30,25 +28,16 @@ const (
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
-const minTTL = 60
-
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- BaseURL string
- Token string
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = selectel.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
- BaseURL: env.GetOrDefaultString(EnvBaseURL, selectel.DefaultSelectelBaseURL),
- TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
+ BaseURL: env.GetOrDefaultString(EnvBaseURL, ""),
+ TTL: env.GetOrDefaultInt(EnvTTL, selectel.MinTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
HTTPClient: &http.Client{
@@ -59,8 +48,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *selectel.Client
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for Selectel Domains API.
@@ -83,53 +71,17 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("selectel: the configuration of the DNS provider is nil")
}
- if config.Token == "" {
- return nil, errors.New("selectel: credentials missing")
- }
-
- if config.TTL < minTTL {
- return nil, fmt.Errorf("selectel: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
- }
-
- client := selectel.NewClient(config.Token)
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- var err error
- client.BaseURL, err = url.Parse(config.BaseURL)
+ provider, err := selectel.NewDNSProviderConfig(config)
if err != nil {
return nil, fmt.Errorf("selectel: %w", err)
}
- return &DNSProvider{config: config, client: client}, nil
+ return &DNSProvider{prv: provider}, nil
}
-// Timeout returns the Timeout and interval to use when checking for DNS propagation.
-// Adjusting here to cope with spikes in propagation times.
-func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
-}
-
-// Present creates a TXT record to fulfill DNS-01 challenge.
+// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- ctx := context.Background()
-
- // TODO(ldez) replace domain by FQDN to follow CNAME.
- domainObj, err := d.client.GetDomainByName(ctx, domain)
- if err != nil {
- return fmt.Errorf("selectel: %w", err)
- }
-
- txtRecord := selectel.Record{
- Type: "TXT",
- TTL: d.config.TTL,
- Name: info.EffectiveFQDN,
- Content: info.Value,
- }
- _, err = d.client.AddRecord(ctx, domainObj.ID, txtRecord)
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("selectel: %w", err)
}
@@ -137,35 +89,18 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return nil
}
-// CleanUp removes a TXT record used for DNS-01 challenge.
+// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- recordName := dns01.UnFqdn(info.EffectiveFQDN)
-
- ctx := context.Background()
-
- // TODO(ldez) replace domain by FQDN to follow CNAME.
- domainObj, err := d.client.GetDomainByName(ctx, domain)
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("selectel: %w", err)
}
- records, err := d.client.ListRecords(ctx, domainObj.ID)
- if err != nil {
- return fmt.Errorf("selectel: %w", err)
- }
-
- // Delete records with specific FQDN
- var lastErr error
- for _, record := range records {
- if record.Name == recordName {
- err = d.client.DeleteRecord(ctx, domainObj.ID, record.ID)
- if err != nil {
- lastErr = fmt.Errorf("selectel: %w", err)
- }
- }
- }
-
- return lastErr
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
}
diff --git a/providers/dns/selectel/selectel.toml b/providers/dns/selectel/selectel.toml
index f9add7ea9..087c97b5b 100644
--- a/providers/dns/selectel/selectel.toml
+++ b/providers/dns/selectel/selectel.toml
@@ -6,7 +6,7 @@ Since = "v1.2.0"
Example = '''
SELECTEL_API_TOKEN=xxxxx \
-lego --email you@example.com --dns selectel -d '*.example.com' -d example.com run
+lego --dns selectel -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/selectel/selectel_test.go b/providers/dns/selectel/selectel_test.go
index 0e2de2dbe..a456f1358 100644
--- a/providers/dns/selectel/selectel_test.go
+++ b/providers/dns/selectel/selectel_test.go
@@ -6,6 +6,7 @@ import (
"time"
"github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/providers/dns/internal/selectel"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
@@ -36,6 +37,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -45,8 +47,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- assert.NotNil(t, p.config)
- assert.NotNil(t, p.client)
+ assert.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -76,7 +77,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
desc: "bad TTL value",
token: "123",
ttl: 59,
- expected: fmt.Sprintf("selectel: invalid TTL, TTL (59) must be greater than %d", minTTL),
+ expected: fmt.Sprintf("selectel: invalid TTL, TTL (59) must be greater than %d", selectel.MinTTL),
},
}
@@ -91,8 +92,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- assert.NotNil(t, p.config)
- assert.NotNil(t, p.client)
+ assert.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -106,6 +106,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -119,6 +120,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/selectelv2/selectelv2.go b/providers/dns/selectelv2/selectelv2.go
index ca0a9107d..1fcb48583 100644
--- a/providers/dns/selectelv2/selectelv2.go
+++ b/providers/dns/selectelv2/selectelv2.go
@@ -11,7 +11,9 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ "github.com/miekg/dns"
selectelapi "github.com/selectel/domains-go/pkg/v2"
"github.com/selectel/go-selvpcclient/v4/selvpcclient"
"golang.org/x/net/idna"
@@ -20,11 +22,14 @@ import (
const (
envNamespace = "SELECTELV2_"
- EnvBaseURL = envNamespace + "BASE_URL"
- EnvUsernameOS = envNamespace + "USERNAME"
- EnvPasswordOS = envNamespace + "PASSWORD"
- EnvAccount = envNamespace + "ACCOUNT_ID"
- EnvProjectID = envNamespace + "PROJECT_ID"
+ EnvBaseURL = envNamespace + "BASE_URL"
+ EnvUsernameOS = envNamespace + "USERNAME"
+ EnvPasswordOS = envNamespace + "PASSWORD"
+ EnvDomainName = envNamespace + "ACCOUNT_ID"
+ EnvProjectID = envNamespace + "PROJECT_ID"
+ EnvAuthRegion = envNamespace + "AUTH_REGION"
+ EnvAuthURL = envNamespace + "AUTH_URL"
+ EnvUserDomainName = envNamespace + "USER_DOMAIN_NAME"
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@@ -33,7 +38,12 @@ const (
)
const (
- defaultBaseURL = "https://api.selectel.ru/domains/v2"
+ defaultBaseURL = "https://api.selectel.ru/domains/v2"
+ defaultAuthRegion = "ru-1"
+ defaultAuthURL = "https://cloud.api.selcloud.ru/identity/v3/"
+)
+
+const (
defaultTTL = 60
defaultPropagationTimeout = 120 * time.Second
defaultPollingInterval = 5 * time.Second
@@ -46,11 +56,15 @@ var errNotFound = errors.New("rrset not found")
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- BaseURL string
- Username string
- Password string
- Account string
- ProjectID string
+ BaseURL string
+ Username string
+ Password string
+ DomainName string
+ ProjectID string
+ AuthURL string
+ AuthRegion string
+ UserDomainName string
+
TTL int
PropagationTimeout time.Duration
PollingInterval time.Duration
@@ -60,7 +74,10 @@ type Config struct {
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
- BaseURL: env.GetOrDefaultString(EnvBaseURL, defaultBaseURL),
+ BaseURL: env.GetOrDefaultString(EnvBaseURL, defaultBaseURL),
+ AuthRegion: env.GetOrDefaultString(EnvAuthRegion, defaultAuthRegion),
+ AuthURL: env.GetOrDefaultString(EnvAuthURL, defaultAuthURL),
+
TTL: env.GetOrDefaultInt(EnvTTL, defaultTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, defaultPropagationTimeout),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, defaultPollingInterval),
@@ -77,7 +94,7 @@ type DNSProvider struct {
// NewDNSProvider returns a DNSProvider instance configured for Selectel Domains APIv2.
func NewDNSProvider() (*DNSProvider, error) {
- values, err := env.Get(EnvUsernameOS, EnvPasswordOS, EnvAccount, EnvProjectID)
+ values, err := env.Get(EnvUsernameOS, EnvPasswordOS, EnvDomainName, EnvProjectID)
if err != nil {
return nil, fmt.Errorf("selectelv2: %w", err)
}
@@ -85,8 +102,9 @@ func NewDNSProvider() (*DNSProvider, error) {
config := NewDefaultConfig()
config.Username = values[EnvUsernameOS]
config.Password = values[EnvPasswordOS]
- config.Account = values[EnvAccount]
+ config.DomainName = values[EnvDomainName]
config.ProjectID = values[EnvProjectID]
+ config.UserDomainName = env.GetOrDefaultString(EnvUserDomainName, "")
return NewDNSProviderConfig(config)
}
@@ -105,8 +123,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("selectelv2: missing password")
}
- if config.Account == "" {
- return nil, errors.New("selectelv2: missing account")
+ if config.DomainName == "" {
+ return nil, errors.New("selectelv2: missing account ID")
}
if config.ProjectID == "" {
@@ -117,7 +135,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
useragent.SetHeader(headers)
return &DNSProvider{
- baseClient: selectelapi.NewClient(config.BaseURL, config.HTTPClient, headers),
+ baseClient: selectelapi.NewClient(config.BaseURL, clientdebug.Wrap(config.HTTPClient), headers),
config: config,
}, nil
}
@@ -132,7 +150,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
func (d *DNSProvider) Present(domain, _, keyAuth string) error {
ctx := context.Background()
- client, err := d.authorize()
+ client, err := d.authorize(ctx)
if err != nil {
return fmt.Errorf("selectelv2: authorize: %w", err)
}
@@ -179,7 +197,7 @@ func (d *DNSProvider) Present(domain, _, keyAuth string) error {
func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
ctx := context.Background()
- client, err := d.authorize()
+ client, err := d.authorize(ctx)
if err != nil {
return fmt.Errorf("selectelv2: authorize: %w", err)
}
@@ -220,8 +238,8 @@ func (d *DNSProvider) CleanUp(domain, _, keyAuth string) error {
return nil
}
-func (d *DNSProvider) authorize() (*clientWrapper, error) {
- token, err := obtainOpenstackToken(d.config)
+func (d *DNSProvider) authorize(ctx context.Context) (*clientWrapper, error) {
+ token, err := obtainOpenstackToken(ctx, d.config)
if err != nil {
return nil, err
}
@@ -234,12 +252,16 @@ func (d *DNSProvider) authorize() (*clientWrapper, error) {
}, nil
}
-func obtainOpenstackToken(config *Config) (string, error) {
+func obtainOpenstackToken(ctx context.Context, config *Config) (string, error) {
vpcClient, err := selvpcclient.NewClient(&selvpcclient.ClientOptions{
+ Context: ctx,
+ DomainName: config.DomainName,
+ AuthURL: config.AuthURL,
+ AuthRegion: config.AuthRegion,
Username: config.Username,
Password: config.Password,
- UserDomainName: config.Account,
ProjectID: config.ProjectID,
+ UserDomainName: config.UserDomainName,
})
if err != nil {
return "", fmt.Errorf("new VPC client: %w", err)
@@ -266,7 +288,7 @@ func (w *clientWrapper) getZone(ctx context.Context, name string) (*selectelapi.
}
for _, zone := range zones.GetItems() {
- if zone.Name == dns01.ToFqdn(unicodeName) {
+ if zone.Name == dns.Fqdn(unicodeName) {
return zone, nil
}
}
@@ -275,10 +297,10 @@ func (w *clientWrapper) getZone(ctx context.Context, name string) (*selectelapi.
return nil, fmt.Errorf("zone '%s' for challenge has not been found", name)
}
- // -1 can not be returned since if no dots present we exit above
- i := strings.Index(name, ".")
+ // after is always defined since if no dots present we exit above.
+ _, after, _ := strings.Cut(name, ".")
- return w.getZone(ctx, name[i+1:])
+ return w.getZone(ctx, after)
}
func (w *clientWrapper) getRRset(ctx context.Context, name, zoneID string) (*selectelapi.RRSet, error) {
@@ -295,7 +317,7 @@ func (w *clientWrapper) getRRset(ctx context.Context, name, zoneID string) (*sel
}
for _, rrset := range resp.GetItems() {
- if rrset.Name == dns01.ToFqdn(unicodeName) {
+ if rrset.Name == dns.Fqdn(unicodeName) {
return rrset, nil
}
}
diff --git a/providers/dns/selectelv2/selectelv2.toml b/providers/dns/selectelv2/selectelv2.toml
index 4993cb0f8..480c7756e 100644
--- a/providers/dns/selectelv2/selectelv2.toml
+++ b/providers/dns/selectelv2/selectelv2.toml
@@ -9,7 +9,7 @@ SELECTELV2_USERNAME=trex \
SELECTELV2_PASSWORD=xxxxx \
SELECTELV2_ACCOUNT_ID=1234567 \
SELECTELV2_PROJECT_ID=111a11111aaa11aa1a11aaa11111aa1a \
-lego --email you@example.com --dns selectelv2 -d '*.example.com' -d example.com run
+lego --dns selectelv2 -d '*.example.com' -d example.com run
'''
[Configuration]
@@ -20,6 +20,9 @@ lego --email you@example.com --dns selectelv2 -d '*.example.com' -d example.com
SELECTELV2_PROJECT_ID = "Cloud project ID (UUID)"
[Configuration.Additional]
SELECTELV2_BASE_URL = "API endpoint URL"
+ SELECTELV2_AUTH_REGION = "Location for auth endpoint like ResellAPI or Keystone (default: 'ru-1')"
+ SELECTELV2_AUTH_URL = "Identity endpoint (defaul: 'https://cloud.api.selcloud.ru/identity/v3/')"
+ SELECTELV2_USER_DOMAIN_NAME = "To specify the domain name (account ID) where the user is located. (default: SELECTELV2_ACCOUNT_ID)"
SELECTELV2_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 5)"
SELECTELV2_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
SELECTELV2_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 60)"
diff --git a/providers/dns/selectelv2/selectelv2_test.go b/providers/dns/selectelv2/selectelv2_test.go
index 4859b9932..2627fa023 100644
--- a/providers/dns/selectelv2/selectelv2_test.go
+++ b/providers/dns/selectelv2/selectelv2_test.go
@@ -11,7 +11,15 @@ import (
const envDomain = envNamespace + "DOMAIN"
-var envTest = tester.NewEnvTest(EnvUsernameOS, EnvPasswordOS, EnvAccount, EnvProjectID).
+var envTest = tester.NewEnvTest(
+ EnvUsernameOS,
+ EnvPasswordOS,
+ EnvDomainName,
+ EnvUserDomainName,
+ EnvProjectID,
+ EnvAuthRegion,
+ EnvAuthURL,
+).
WithDomain(envDomain)
func TestNewDNSProvider(t *testing.T) {
@@ -25,7 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
envVars: map[string]string{
EnvUsernameOS: "someName",
EnvPasswordOS: "qwerty",
- EnvAccount: "1",
+ EnvDomainName: "1",
EnvProjectID: "111a11111aaa11aa1a11aaa11111aa1a",
},
},
@@ -33,7 +41,7 @@ func TestNewDNSProvider(t *testing.T) {
desc: "missing username",
envVars: map[string]string{
EnvPasswordOS: "qwerty",
- EnvAccount: "1",
+ EnvDomainName: "1",
EnvProjectID: "111a11111aaa11aa1a11aaa11111aa1a",
},
expected: "selectelv2: some credentials information are missing: SELECTELV2_USERNAME",
@@ -42,7 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
desc: "missing password",
envVars: map[string]string{
EnvUsernameOS: "someName",
- EnvAccount: "1",
+ EnvDomainName: "1",
EnvProjectID: "111a11111aaa11aa1a11aaa11111aa1a",
},
expected: "selectelv2: some credentials information are missing: SELECTELV2_PASSWORD",
@@ -61,7 +69,7 @@ func TestNewDNSProvider(t *testing.T) {
envVars: map[string]string{
EnvUsernameOS: "someName",
EnvPasswordOS: "qwerty",
- EnvAccount: "1",
+ EnvDomainName: "1",
},
expected: "selectelv2: some credentials information are missing: SELECTELV2_PROJECT_ID",
},
@@ -70,6 +78,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -123,7 +132,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
username: "user",
password: "secret",
projectID: "111a11111aaa11aa1a11aaa11111aa1a",
- expected: "selectelv2: missing account",
+ expected: "selectelv2: missing account ID",
},
{
desc: "missing projectID",
@@ -139,7 +148,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
config := NewDefaultConfig()
config.Username = test.username
config.Password = test.password
- config.Account = test.account
+ config.DomainName = test.account
config.ProjectID = test.projectID
p, err := NewDNSProviderConfig(config)
@@ -162,6 +171,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -175,6 +185,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/selfhostde/mapping.go b/providers/dns/selfhostde/mapping.go
index 0984419ef..fe11ceda1 100644
--- a/providers/dns/selfhostde/mapping.go
+++ b/providers/dns/selfhostde/mapping.go
@@ -88,8 +88,10 @@ func parseLine(line string) (string, *Seq, error) {
name, rawIDs := line[:idx], line[idx+1:]
- var ids []string
- var count int
+ var (
+ ids []string
+ count int
+ )
for {
idx, err = safeIndex(rawIDs, recordSep)
diff --git a/providers/dns/selfhostde/selfhostde.go b/providers/dns/selfhostde/selfhostde.go
index 0fea9f1d0..035cd5363 100644
--- a/providers/dns/selfhostde/selfhostde.go
+++ b/providers/dns/selfhostde/selfhostde.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/selfhostde/internal"
)
@@ -132,6 +133,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -173,6 +176,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("selfhostde: unknown record ID for %q", dns01.UnFqdn(info.EffectiveFQDN))
}
@@ -182,5 +186,9 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("selfhostde: emptied DNS TXT record (id=%s): %w", recordID, err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/selfhostde/selfhostde.toml b/providers/dns/selfhostde/selfhostde.toml
index 619f2cae8..bd22c6c41 100644
--- a/providers/dns/selfhostde/selfhostde.toml
+++ b/providers/dns/selfhostde/selfhostde.toml
@@ -8,7 +8,7 @@ Example = '''
SELFHOSTDE_USERNAME=xxx \
SELFHOSTDE_PASSWORD=yyy \
SELFHOSTDE_RECORDS_MAPPING=my.example.com:123 \
-lego --email you@example.com --dns selfhostde -d '*.example.com' -d example.com run
+lego --dns selfhostde -d '*.example.com' -d example.com run
'''
Additional = """
diff --git a/providers/dns/selfhostde/selfhostde_test.go b/providers/dns/selfhostde/selfhostde_test.go
index 1161049b0..7c12195fa 100644
--- a/providers/dns/selfhostde/selfhostde_test.go
+++ b/providers/dns/selfhostde/selfhostde_test.go
@@ -71,6 +71,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -185,6 +186,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -198,6 +200,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/servercow/internal/client.go b/providers/dns/servercow/internal/client.go
index 3695b0979..e15237201 100644
--- a/providers/dns/servercow/internal/client.go
+++ b/providers/dns/servercow/internal/client.go
@@ -47,6 +47,7 @@ func (c *Client) GetRecords(ctx context.Context, domain string) ([]Record, error
}
var records []Record
+
err = c.do(req, &records)
if err != nil {
return nil, err
@@ -65,6 +66,7 @@ func (c *Client) CreateUpdateRecord(ctx context.Context, domain string, data Rec
}
var msg Message
+
err = c.do(req, &msg)
if err != nil {
return nil, err
@@ -87,6 +89,7 @@ func (c *Client) DeleteRecord(ctx context.Context, domain string, data Record) (
}
var msg Message
+
err = c.do(req, &msg)
if err != nil {
return nil, err
@@ -168,6 +171,7 @@ func unmarshal(raw []byte, v any) error {
}
var apiErr Message
+
errU := json.Unmarshal(raw, &apiErr)
if errU != nil {
return fmt.Errorf("unmarshaling %T error: %w: %s", v, err, string(raw))
diff --git a/providers/dns/servercow/internal/client_test.go b/providers/dns/servercow/internal/client_test.go
index 2092bf907..3733ccad1 100644
--- a/providers/dns/servercow/internal/client_test.go
+++ b/providers/dns/servercow/internal/client_test.go
@@ -29,10 +29,10 @@ func mockBuilder() *servermock.Builder[*Client] {
func TestClient_GetRecords(t *testing.T) {
client := mockBuilder().
- Route("GET /lego.wtf", servermock.ResponseFromFixture("records-01.json")).
+ Route("GET /example.com", servermock.ResponseFromFixture("records-01.json")).
Build(t)
- records, err := client.GetRecords(t.Context(), "lego.wtf")
+ records, err := client.GetRecords(t.Context(), "example.com")
require.NoError(t, err)
recordsJSON, err := json.Marshal(records)
@@ -46,10 +46,10 @@ func TestClient_GetRecords(t *testing.T) {
func TestClient_GetRecords_error(t *testing.T) {
client := mockBuilder().
- Route("GET /lego.wtf", servermock.JSONEncode(Message{ErrorMsg: "authentication failed"})).
+ Route("GET /example.com", servermock.JSONEncode(Message{ErrorMsg: "authentication failed"})).
Build(t)
- records, err := client.GetRecords(t.Context(), "lego.wtf")
+ records, err := client.GetRecords(t.Context(), "example.com")
require.Error(t, err)
assert.Nil(t, records)
@@ -57,7 +57,7 @@ func TestClient_GetRecords_error(t *testing.T) {
func TestClient_CreateUpdateRecord(t *testing.T) {
client := mockBuilder().
- Route("POST /lego.wtf",
+ Route("POST /example.com",
servermock.JSONEncode(Message{Message: "ok"}),
servermock.CheckRequestJSONBody(`{"name":"_acme-challenge.www","type":"TXT","ttl":30,"content":["aaa","bbb"]}`)).
Build(t)
@@ -69,7 +69,7 @@ func TestClient_CreateUpdateRecord(t *testing.T) {
Content: Value{"aaa", "bbb"},
}
- msg, err := client.CreateUpdateRecord(t.Context(), "lego.wtf", record)
+ msg, err := client.CreateUpdateRecord(t.Context(), "example.com", record)
require.NoError(t, err)
expected := &Message{Message: "ok"}
@@ -78,7 +78,7 @@ func TestClient_CreateUpdateRecord(t *testing.T) {
func TestClient_CreateUpdateRecord_error(t *testing.T) {
client := mockBuilder().
- Route("POST /lego.wtf",
+ Route("POST /example.com",
servermock.JSONEncode(Message{ErrorMsg: "parameter type must be cname, txt, tlsa, caa, a or aaaa"})).
Build(t)
@@ -86,7 +86,7 @@ func TestClient_CreateUpdateRecord_error(t *testing.T) {
Name: "_acme-challenge.www",
}
- msg, err := client.CreateUpdateRecord(t.Context(), "lego.wtf", record)
+ msg, err := client.CreateUpdateRecord(t.Context(), "example.com", record)
require.Error(t, err)
assert.Nil(t, msg)
@@ -94,7 +94,7 @@ func TestClient_CreateUpdateRecord_error(t *testing.T) {
func TestClient_DeleteRecord(t *testing.T) {
client := mockBuilder().
- Route("DELETE /lego.wtf",
+ Route("DELETE /example.com",
servermock.JSONEncode(Message{Message: "ok"}),
servermock.CheckRequestJSONBody(`{"name":"_acme-challenge.www","type":"TXT"}`)).
Build(t)
@@ -104,7 +104,7 @@ func TestClient_DeleteRecord(t *testing.T) {
Type: "TXT",
}
- msg, err := client.DeleteRecord(t.Context(), "lego.wtf", record)
+ msg, err := client.DeleteRecord(t.Context(), "example.com", record)
require.NoError(t, err)
expected := &Message{Message: "ok"}
@@ -113,7 +113,7 @@ func TestClient_DeleteRecord(t *testing.T) {
func TestClient_DeleteRecord_error(t *testing.T) {
client := mockBuilder().
- Route("DELETE /lego.wtf",
+ Route("DELETE /example.com",
servermock.JSONEncode(Message{ErrorMsg: "parameter type must be cname, txt, tlsa, caa, a or aaaa"})).
Build(t)
@@ -121,7 +121,7 @@ func TestClient_DeleteRecord_error(t *testing.T) {
Name: "_acme-challenge.www",
}
- msg, err := client.DeleteRecord(t.Context(), "lego.wtf", record)
+ msg, err := client.DeleteRecord(t.Context(), "example.com", record)
require.Error(t, err)
assert.Nil(t, msg)
diff --git a/providers/dns/servercow/internal/types.go b/providers/dns/servercow/internal/types.go
index 5a8fb6ff8..9a951e806 100644
--- a/providers/dns/servercow/internal/types.go
+++ b/providers/dns/servercow/internal/types.go
@@ -43,6 +43,7 @@ func (v *Value) UnmarshalJSON(b []byte) error {
}
*v = append(*v, s)
+
return nil
}
diff --git a/providers/dns/servercow/servercow.go b/providers/dns/servercow/servercow.go
index 56f89f900..557c6b1ec 100644
--- a/providers/dns/servercow/servercow.go
+++ b/providers/dns/servercow/servercow.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/servercow/internal"
)
@@ -85,6 +86,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -137,6 +140,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("servercow: failed to update TXT records: %w", err)
}
+
return nil
}
@@ -191,6 +195,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("servercow: failed to delete TXT records: %w", err)
}
+
return nil
}
diff --git a/providers/dns/servercow/servercow.toml b/providers/dns/servercow/servercow.toml
index 655257b84..5cbacbb88 100644
--- a/providers/dns/servercow/servercow.toml
+++ b/providers/dns/servercow/servercow.toml
@@ -7,7 +7,7 @@ Since = "v3.4.0"
Example = '''
SERVERCOW_USERNAME=xxxxxxxx \
SERVERCOW_PASSWORD=xxxxxxxx \
-lego --email you@example.com --dns servercow -d '*.example.com' -d example.com run
+lego --dns servercow -d '*.example.com' -d example.com run
'''
[Configuration]
@@ -21,4 +21,4 @@ lego --email you@example.com --dns servercow -d '*.example.com' -d example.com r
SERVERCOW_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
[Links]
- API = "https://cp.servercow.de/client/plugin/support_manager/knowledgebase/view/34/dns-api-v1/7/"
+ API = "https://wiki.servercow.de/en/domains/dns_api/api-syntax/"
diff --git a/providers/dns/servercow/servercow_test.go b/providers/dns/servercow/servercow_test.go
index 1c3facad9..f2328fe1a 100644
--- a/providers/dns/servercow/servercow_test.go
+++ b/providers/dns/servercow/servercow_test.go
@@ -57,6 +57,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -129,6 +130,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -142,6 +144,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/shellrent/internal/client.go b/providers/dns/shellrent/internal/client.go
index 8ec02bfc0..a70ff5452 100644
--- a/providers/dns/shellrent/internal/client.go
+++ b/providers/dns/shellrent/internal/client.go
@@ -114,6 +114,7 @@ func (c *Client) GetDomainDetails(ctx context.Context, domainID int) (*DomainDet
if result.Code != 0 {
return nil, result.Base
}
+
return result.Data, nil
}
@@ -137,6 +138,7 @@ func (c *Client) CreateRecord(ctx context.Context, domainID int, record Record)
if result.Code != 0 {
return 0, result.Base
}
+
return result.Data.ID.Value(), nil
}
@@ -219,6 +221,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var response Base
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/shellrent/internal/types.go b/providers/dns/shellrent/internal/types.go
index a27b06347..6bdd82330 100644
--- a/providers/dns/shellrent/internal/types.go
+++ b/providers/dns/shellrent/internal/types.go
@@ -7,6 +7,7 @@ import (
type Response[T any] struct {
Base
+
Data T `json:"data"`
}
@@ -57,6 +58,7 @@ func (m *IntOrString) UnmarshalJSON(data []byte) error {
raw := string(data)
if data[0] == '"' {
var err error
+
raw, err = strconv.Unquote(string(data))
if err != nil {
return err
diff --git a/providers/dns/shellrent/shellrent.go b/providers/dns/shellrent/shellrent.go
index 488509a84..0cd33e19a 100644
--- a/providers/dns/shellrent/shellrent.go
+++ b/providers/dns/shellrent/shellrent.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/shellrent/internal"
)
@@ -103,6 +104,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -159,6 +162,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
key, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("shellrent: unknown request key for '%s' '%s'", info.EffectiveFQDN, token)
}
@@ -168,6 +172,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("shellrent: delete record: %w", err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/shellrent/shellrent.toml b/providers/dns/shellrent/shellrent.toml
index 48a5b9ad9..05b6517fc 100644
--- a/providers/dns/shellrent/shellrent.toml
+++ b/providers/dns/shellrent/shellrent.toml
@@ -7,7 +7,7 @@ Since = "v4.16.0"
Example = '''
SHELLRENT_USERNAME=xxxx \
SHELLRENT_TOKEN=yyyy \
-lego --email you@example.com --dns shellrent -d '*.example.com' -d example.com run
+lego --dns shellrent -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/shellrent/shellrent_test.go b/providers/dns/shellrent/shellrent_test.go
index e5d529917..8c4e3f6bf 100644
--- a/providers/dns/shellrent/shellrent_test.go
+++ b/providers/dns/shellrent/shellrent_test.go
@@ -47,6 +47,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -117,6 +118,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -130,6 +132,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/simply/internal/client.go b/providers/dns/simply/internal/client.go
index 74f5fe671..0c0655463 100644
--- a/providers/dns/simply/internal/client.go
+++ b/providers/dns/simply/internal/client.go
@@ -16,7 +16,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/internal/errutils"
)
-const defaultBaseURL = "https://api.simply.com/1/"
+const defaultBaseURL = "https://api.simply.com/2/"
// Client is a Simply.com API client.
type Client struct {
@@ -60,6 +60,7 @@ func (c *Client) GetRecords(ctx context.Context, zoneName string) ([]Record, err
}
result := &apiResponse[[]Record, json.RawMessage]{}
+
err = c.do(req, result)
if err != nil {
return nil, err
@@ -78,6 +79,7 @@ func (c *Client) AddRecord(ctx context.Context, zoneName string, record Record)
}
result := &apiResponse[json.RawMessage, recordHeader]{}
+
err = c.do(req, result)
if err != nil {
return 0, err
@@ -111,10 +113,12 @@ func (c *Client) DeleteRecord(ctx context.Context, zoneName string, id int64) er
}
func (c *Client) createEndpoint(zoneName, uri string) *url.URL {
- return c.baseURL.JoinPath(c.accountName, c.apiKey, "my", "products", zoneName, "dns", "records", strings.TrimSuffix(uri, "/"))
+ return c.baseURL.JoinPath("my", "products", zoneName, "dns", "records", strings.TrimSuffix(uri, "/"))
}
func (c *Client) do(req *http.Request, result Response) error {
+ req.SetBasicAuth(c.accountName, c.apiKey)
+
resp, err := c.HTTPClient.Do(req)
if err != nil {
return errutils.NewHTTPDoError(req, err)
diff --git a/providers/dns/simply/internal/client_test.go b/providers/dns/simply/internal/client_test.go
index 83aa714bf..b0bdac6b3 100644
--- a/providers/dns/simply/internal/client_test.go
+++ b/providers/dns/simply/internal/client_test.go
@@ -24,12 +24,13 @@ func mockBuilder() *servermock.Builder[*Client] {
return client, nil
},
- servermock.CheckHeader().WithJSONHeaders())
+ servermock.CheckHeader().WithJSONHeaders().
+ WithBasicAuth("accountname", "apikey"))
}
func TestClient_GetRecords(t *testing.T) {
client := mockBuilder().
- Route("GET /accountname/apikey/my/products/azone01/dns/records",
+ Route("GET /my/products/azone01/dns/records",
servermock.ResponseFromFixture("get_records.json")).
Build(t)
@@ -76,7 +77,7 @@ func TestClient_GetRecords(t *testing.T) {
func TestClient_GetRecords_error(t *testing.T) {
client := mockBuilder().
- Route("GET /accountname/apikey/my/products/azone01/dns/records",
+ Route("GET /my/products/azone01/dns/records",
servermock.ResponseFromFixture("bad_auth_error.json").
WithStatusCode(http.StatusBadRequest)).
Build(t)
@@ -89,7 +90,7 @@ func TestClient_GetRecords_error(t *testing.T) {
func TestClient_AddRecord(t *testing.T) {
client := mockBuilder().
- Route("POST /accountname/apikey/my/products/azone01/dns/records",
+ Route("POST /my/products/azone01/dns/records",
servermock.ResponseFromFixture("add_record.json")).
Build(t)
@@ -109,7 +110,7 @@ func TestClient_AddRecord(t *testing.T) {
func TestClient_AddRecord_error(t *testing.T) {
client := mockBuilder().
- Route("POST /accountname/apikey/my/products/azone01/dns/records",
+ Route("POST /my/products/azone01/dns/records",
servermock.ResponseFromFixture("bad_zone_error.json").
WithStatusCode(http.StatusNotFound)).
Build(t)
@@ -130,7 +131,7 @@ func TestClient_AddRecord_error(t *testing.T) {
func TestClient_EditRecord(t *testing.T) {
client := mockBuilder().
- Route("PUT /accountname/apikey/my/products/azone01/dns/records/123456789",
+ Route("PUT /my/products/azone01/dns/records/123456789",
servermock.ResponseFromFixture("success.json")).
Build(t)
@@ -148,7 +149,7 @@ func TestClient_EditRecord(t *testing.T) {
func TestClient_EditRecord_error(t *testing.T) {
client := mockBuilder().
- Route("PUT /accountname/apikey/my/products/azone01/dns/records/123456789",
+ Route("PUT /my/products/azone01/dns/records/123456789",
servermock.ResponseFromFixture("invalid_record_id.json").
WithStatusCode(http.StatusNotFound)).
Build(t)
@@ -167,7 +168,7 @@ func TestClient_EditRecord_error(t *testing.T) {
func TestClient_DeleteRecord(t *testing.T) {
client := mockBuilder().
- Route("DELETE /accountname/apikey/my/products/azone01/dns/records/123456789",
+ Route("DELETE /my/products/azone01/dns/records/123456789",
servermock.ResponseFromFixture("success.json")).
Build(t)
@@ -177,7 +178,7 @@ func TestClient_DeleteRecord(t *testing.T) {
func TestClient_DeleteRecord_error(t *testing.T) {
client := mockBuilder().
- Route("DELETE /accountname/apikey/my/products/azone01/dns/records/123456789",
+ Route("DELETE /my/products/azone01/dns/records/123456789",
servermock.ResponseFromFixture("invalid_record_id.json").
WithStatusCode(http.StatusNotFound)).
Build(t)
diff --git a/providers/dns/simply/simply.go b/providers/dns/simply/simply.go
index d2bfb1874..fc3afd310 100644
--- a/providers/dns/simply/simply.go
+++ b/providers/dns/simply/simply.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/simply/internal"
)
@@ -99,6 +100,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -162,6 +165,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("simply: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
diff --git a/providers/dns/simply/simply.toml b/providers/dns/simply/simply.toml
index 2814fd955..a838e245a 100644
--- a/providers/dns/simply/simply.toml
+++ b/providers/dns/simply/simply.toml
@@ -7,7 +7,7 @@ Since = "v4.4.0"
Example = '''
SIMPLY_ACCOUNT_NAME=xxxxxx \
SIMPLY_API_KEY=yyyyyy \
-lego --email you@example.com --dns simply -d '*.example.com' -d example.com run
+lego --dns simply -d '*.example.com' -d example.com run
'''
[Configuration]
@@ -22,3 +22,4 @@ lego --email you@example.com --dns simply -d '*.example.com' -d example.com run
[Links]
API = "https://www.simply.com/en/docs/api/"
+ Spec = "https://generator.swagger.io/?url=https://api.simply.com/2/openapi.json#/"
diff --git a/providers/dns/simply/simply_test.go b/providers/dns/simply/simply_test.go
index ace8e0b72..e6de60d43 100644
--- a/providers/dns/simply/simply_test.go
+++ b/providers/dns/simply/simply_test.go
@@ -53,6 +53,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -121,6 +122,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -134,6 +136,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/sonic/internal/client.go b/providers/dns/sonic/internal/client.go
index 3007a8248..cf8f7f067 100644
--- a/providers/dns/sonic/internal/client.go
+++ b/providers/dns/sonic/internal/client.go
@@ -83,6 +83,7 @@ func (c *Client) SetRecord(ctx context.Context, hostname, value string, ttl int)
}
r := APIResponse{}
+
err = json.Unmarshal(raw, &r)
if err != nil {
return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/sonic/sonic.go b/providers/dns/sonic/sonic.go
index 80f5ea295..5bda2b533 100644
--- a/providers/dns/sonic/sonic.go
+++ b/providers/dns/sonic/sonic.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/sonic/internal"
)
@@ -91,6 +92,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{client: client, config: config}, nil
}
diff --git a/providers/dns/sonic/sonic.toml b/providers/dns/sonic/sonic.toml
index 921fe4988..cb501e923 100644
--- a/providers/dns/sonic/sonic.toml
+++ b/providers/dns/sonic/sonic.toml
@@ -7,7 +7,7 @@ Since = "v4.4.0"
Example = '''
SONIC_USER_ID=12345 \
SONIC_API_KEY=4d6fbf2f9ab0fa11697470918d37625851fc0c51 \
-lego --email you@example.com --dns sonic -d '*.example.com' -d example.com run
+lego --dns sonic -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/sonic/sonic_test.go b/providers/dns/sonic/sonic_test.go
index f9087f8e3..7dc7fc586 100644
--- a/providers/dns/sonic/sonic_test.go
+++ b/providers/dns/sonic/sonic_test.go
@@ -49,6 +49,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -119,6 +120,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -132,6 +134,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/spaceship/internal/client.go b/providers/dns/spaceship/internal/client.go
index f739e01ba..e690fa467 100644
--- a/providers/dns/spaceship/internal/client.go
+++ b/providers/dns/spaceship/internal/client.go
@@ -114,6 +114,7 @@ func (c *Client) GetRecords(ctx context.Context, domain string) ([]Record, error
}
var result GetRecordsResponse
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -150,6 +151,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/spaceship/spaceship.go b/providers/dns/spaceship/spaceship.go
index 9e8f0158e..e34c584c5 100644
--- a/providers/dns/spaceship/spaceship.go
+++ b/providers/dns/spaceship/spaceship.go
@@ -10,6 +10,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/spaceship/internal"
)
@@ -84,6 +85,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/spaceship/spaceship.toml b/providers/dns/spaceship/spaceship.toml
index 645abd171..e9abcd408 100644
--- a/providers/dns/spaceship/spaceship.toml
+++ b/providers/dns/spaceship/spaceship.toml
@@ -7,7 +7,7 @@ Since = "v4.22.0"
Example = '''
SPACESHIP_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
SPACESHIP_API_SECRET="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns spaceship -d '*.example.com' -d example.com run
+lego --dns spaceship -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/spaceship/spaceship_test.go b/providers/dns/spaceship/spaceship_test.go
index ba60cfa5e..d4eb37d88 100644
--- a/providers/dns/spaceship/spaceship_test.go
+++ b/providers/dns/spaceship/spaceship_test.go
@@ -50,6 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -122,6 +123,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -135,6 +137,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/stackpath/internal/client.go b/providers/dns/stackpath/internal/client.go
index bd11bf235..8a40a4093 100644
--- a/providers/dns/stackpath/internal/client.go
+++ b/providers/dns/stackpath/internal/client.go
@@ -25,13 +25,13 @@ type Client struct {
}
// NewClient creates a new Client.
-func NewClient(ctx context.Context, stackID, clientID, clientSecret string) *Client {
+func NewClient(stackID string, hc *http.Client) *Client {
baseURL, _ := url.Parse(defaultBaseURL)
return &Client{
baseURL: baseURL,
stackID: stackID,
- httpClient: createOAuthClient(ctx, clientID, clientSecret),
+ httpClient: hc,
}
}
@@ -55,6 +55,7 @@ func (c *Client) GetZones(ctx context.Context, domain string) (*Zone, error) {
req.URL.RawQuery = query.Encode()
var zones Zones
+
err = c.do(req, &zones)
if err != nil {
return nil, err
@@ -82,6 +83,7 @@ func (c *Client) GetZoneRecords(ctx context.Context, name string, zone *Zone) ([
req.URL.RawQuery = query.Encode()
var records Records
+
err = c.do(req, &records)
if err != nil {
return nil, err
@@ -177,6 +179,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
errResp := &ErrorResponse{}
+
err := json.Unmarshal(raw, errResp)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/stackpath/internal/client_test.go b/providers/dns/stackpath/internal/client_test.go
index 5195aa973..baac84397 100644
--- a/providers/dns/stackpath/internal/client_test.go
+++ b/providers/dns/stackpath/internal/client_test.go
@@ -1,7 +1,6 @@
package internal
import (
- "context"
"net/http"
"net/http/httptest"
"net/url"
@@ -15,8 +14,8 @@ import (
func mockBuilder() *servermock.Builder[*Client] {
return servermock.NewBuilder[*Client](
func(server *httptest.Server) (*Client, error) {
- client := NewClient(context.Background(), "STACK_ID", "CLIENT_ID", "CLIENT_SECRET")
- client.httpClient = server.Client()
+ client := NewClient("STACK_ID", server.Client())
+
client.baseURL, _ = url.Parse(server.URL + "/")
return client, nil
diff --git a/providers/dns/stackpath/internal/identity.go b/providers/dns/stackpath/internal/identity.go
index 5c6e6ab17..fa3e9df07 100644
--- a/providers/dns/stackpath/internal/identity.go
+++ b/providers/dns/stackpath/internal/identity.go
@@ -9,7 +9,7 @@ import (
const defaultAuthURL = "https://gateway.stackpath.com/identity/v1/oauth2/token"
-func createOAuthClient(ctx context.Context, clientID, clientSecret string) *http.Client {
+func CreateOAuthClient(ctx context.Context, clientID, clientSecret string) *http.Client {
config := &clientcredentials.Config{
TokenURL: defaultAuthURL,
ClientID: clientID,
diff --git a/providers/dns/stackpath/stackpath.go b/providers/dns/stackpath/stackpath.go
index 6d12ce875..2e193b8a9 100644
--- a/providers/dns/stackpath/stackpath.go
+++ b/providers/dns/stackpath/stackpath.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/stackpath/internal"
)
@@ -86,9 +87,14 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("stackpath: stack id missing")
}
- client := internal.NewClient(context.Background(), config.StackID, config.ClientID, config.ClientSecret)
-
- return &DNSProvider{config: config, client: client}, nil
+ return &DNSProvider{
+ config: config,
+ client: internal.NewClient(config.StackID,
+ clientdebug.Wrap(
+ internal.CreateOAuthClient(context.Background(), config.ClientID, config.ClientSecret),
+ ),
+ ),
+ }, nil
}
// Present creates a TXT record to fulfill the dns-01 challenge.
diff --git a/providers/dns/stackpath/stackpath.toml b/providers/dns/stackpath/stackpath.toml
index cc14cdfba..b50e7035f 100644
--- a/providers/dns/stackpath/stackpath.toml
+++ b/providers/dns/stackpath/stackpath.toml
@@ -8,7 +8,7 @@ Example = '''
STACKPATH_CLIENT_ID=xxxxx \
STACKPATH_CLIENT_SECRET=yyyyy \
STACKPATH_STACK_ID=zzzzz \
-lego --email you@example.com --dns stackpath -d '*.example.com' -d example.com run
+lego --dns stackpath -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/stackpath/stackpath_test.go b/providers/dns/stackpath/stackpath_test.go
index f8b83140f..a4b959222 100644
--- a/providers/dns/stackpath/stackpath_test.go
+++ b/providers/dns/stackpath/stackpath_test.go
@@ -72,6 +72,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -137,6 +138,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -150,6 +152,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/syse/internal/client.go b/providers/dns/syse/internal/client.go
new file mode 100644
index 000000000..8cb801469
--- /dev/null
+++ b/providers/dns/syse/internal/client.go
@@ -0,0 +1,131 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+const defaultBaseURL = "https://www.syse.no/api"
+
+// Client the Syse API client.
+type Client struct {
+ credentials map[string]string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(credentials map[string]string) (*Client, error) {
+ if len(credentials) == 0 {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ credentials: credentials,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) CreateRecord(ctx context.Context, zone string, record Record) (*Record, error) {
+ endpoint := c.BaseURL.JoinPath("dns", zone)
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, record)
+ if err != nil {
+ return nil, err
+ }
+
+ req.SetBasicAuth(zone, c.credentials[zone])
+
+ result := new(Record)
+
+ err = c.do(req, result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result, nil
+}
+
+func (c *Client) DeleteRecord(ctx context.Context, zone, recordID string) error {
+ endpoint := c.BaseURL.JoinPath("dns", zone, recordID)
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ req.SetBasicAuth(zone, c.credentials[zone])
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ raw, _ := io.ReadAll(resp.Body)
+
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
diff --git a/providers/dns/syse/internal/client_test.go b/providers/dns/syse/internal/client_test.go
new file mode 100644
index 000000000..88416aa88
--- /dev/null
+++ b/providers/dns/syse/internal/client_test.go
@@ -0,0 +1,102 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient(map[string]string{
+ "example.com": "secret",
+ })
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestClient_CreateRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/example.com",
+ servermock.ResponseFromFixture("create_record.json"),
+ servermock.CheckRequestJSONBodyFromFixture("create_record-request.json")).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Prefix: "_acme-challenge",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ Active: true,
+ TTL: 120,
+ }
+
+ result, err := client.CreateRecord(t.Context(), "example.com", record)
+ require.NoError(t, err)
+
+ expected := &Record{
+ ID: "1234",
+ Type: "TXT",
+ Prefix: "_acme-challenge",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ Active: true,
+ TTL: 120,
+ }
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_CreateRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /dns/example.com",
+ servermock.RawStringResponse(http.StatusText(http.StatusUnauthorized)).
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ record := Record{
+ Type: "TXT",
+ Prefix: "_acme-challenge",
+ Content: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ Active: true,
+ TTL: 120,
+ }
+
+ _, err := client.CreateRecord(t.Context(), "example.com", record)
+ require.EqualError(t, err, "unexpected status code: [status code: 401] body: Unauthorized")
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /dns/example.com/1234",
+ servermock.Noop()).
+ Build(t)
+
+ err := client.DeleteRecord(t.Context(), "example.com", "1234")
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /dns/example.com/1234",
+ servermock.RawStringResponse(http.StatusText(http.StatusUnauthorized)).
+ WithStatusCode(http.StatusUnauthorized)).
+ Build(t)
+
+ err := client.DeleteRecord(t.Context(), "example.com", "1234")
+ require.EqualError(t, err, "unexpected status code: [status code: 401] body: Unauthorized")
+}
diff --git a/providers/dns/syse/internal/fixtures/create_record-request.json b/providers/dns/syse/internal/fixtures/create_record-request.json
new file mode 100644
index 000000000..549a0f60f
--- /dev/null
+++ b/providers/dns/syse/internal/fixtures/create_record-request.json
@@ -0,0 +1,7 @@
+{
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "active": true,
+ "ttl": 120,
+ "prefix": "_acme-challenge",
+ "type": "TXT"
+}
diff --git a/providers/dns/syse/internal/fixtures/create_record.json b/providers/dns/syse/internal/fixtures/create_record.json
new file mode 100644
index 000000000..b598779c6
--- /dev/null
+++ b/providers/dns/syse/internal/fixtures/create_record.json
@@ -0,0 +1,8 @@
+{
+ "id": "1234",
+ "content": "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ "active": true,
+ "ttl": 120,
+ "prefix": "_acme-challenge",
+ "type": "TXT"
+}
diff --git a/providers/dns/syse/internal/types.go b/providers/dns/syse/internal/types.go
new file mode 100644
index 000000000..4b90205e1
--- /dev/null
+++ b/providers/dns/syse/internal/types.go
@@ -0,0 +1,11 @@
+package internal
+
+type Record struct {
+ ID string `json:"id,omitempty"`
+ Type string `json:"type,omitempty"`
+ Prefix string `json:"prefix,omitempty"`
+ Content string `json:"content,omitempty"`
+ Priority int `json:"prio,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Active bool `json:"active,omitempty"`
+}
diff --git a/providers/dns/syse/syse.go b/providers/dns/syse/syse.go
new file mode 100644
index 000000000..29633280c
--- /dev/null
+++ b/providers/dns/syse/syse.go
@@ -0,0 +1,186 @@
+// Package syse implements a DNS provider for solving the DNS-01 challenge using Syse.
+package syse
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/syse/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "SYSE_"
+
+ EnvCredentials = envNamespace + "CREDENTIALS"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ Credentials map[string]string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 1200*time.Second),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordIDs map[string]string
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Syse.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvCredentials)
+ if err != nil {
+ return nil, fmt.Errorf("syse: %w", err)
+ }
+
+ config := NewDefaultConfig()
+
+ credentials, err := env.ParsePairs(values[EnvCredentials])
+ if err != nil {
+ return nil, fmt.Errorf("syse: credentials: %w", err)
+ }
+
+ config.Credentials = credentials
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Syse.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("syse: the configuration of the DNS provider is nil")
+ }
+
+ if len(config.Credentials) == 0 {
+ return nil, errors.New("syse: missing credentials")
+ }
+
+ for domain, password := range config.Credentials {
+ if domain == "" {
+ return nil, fmt.Errorf(`syse: missing domain: "%s:%s"`, domain, password)
+ }
+
+ if password == "" {
+ return nil, fmt.Errorf(`syse: missing password: "%s:%s"`, domain, password)
+ }
+ }
+
+ client, err := internal.NewClient(config.Credentials)
+ if err != nil {
+ return nil, fmt.Errorf("syse: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]string),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("syse: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("syse: %w", err)
+ }
+
+ record := internal.Record{
+ Type: "TXT",
+ Prefix: subDomain,
+ Content: info.Value,
+ TTL: d.config.TTL,
+ Active: true,
+ }
+
+ newRecord, err := d.client.CreateRecord(context.Background(), dns01.UnFqdn(authZone), record)
+ if err != nil {
+ return fmt.Errorf("syse: create record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.recordIDs[token] = newRecord.ID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("syse: could not find zone for domain %q: %w", domain, err)
+ }
+
+ // gets the record's unique ID from when we created it
+ d.recordIDsMu.Lock()
+ recordID, ok := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("syse: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ err = d.client.DeleteRecord(context.Background(), dns01.UnFqdn(authZone), recordID)
+ if err != nil {
+ return fmt.Errorf("syse: delete record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/syse/syse.toml b/providers/dns/syse/syse.toml
new file mode 100644
index 000000000..b5b1fdf47
--- /dev/null
+++ b/providers/dns/syse/syse.toml
@@ -0,0 +1,25 @@
+Name = "Syse"
+Description = ''''''
+URL = "https://www.syse.no/"
+Code = "syse"
+Since = "v4.30.0"
+
+Example = '''
+SYSE_CREDENTIALS=example.com:password \
+lego --dns syse -d '*.example.com' -d example.com run
+
+SYSE_CREDENTIALS=example.org:password1,example.com:password2 \
+lego --dns syse -d '*.example.org' -d example.org -d '*.example.com' -d example.com
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ SYSE_CREDENTIALS = "Comma-separated list of `zone:password` credential pairs"
+ [Configuration.Additional]
+ SYSE_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
+ SYSE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 1200)"
+ SYSE_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ SYSE_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://www.syse.no/api/dns"
diff --git a/providers/dns/syse/syse_test.go b/providers/dns/syse/syse_test.go
new file mode 100644
index 000000000..a4472aa7c
--- /dev/null
+++ b/providers/dns/syse/syse_test.go
@@ -0,0 +1,220 @@
+package syse
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvCredentials).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvCredentials: "example.org:123",
+ },
+ },
+ {
+ desc: "success multiple domains",
+ envVars: map[string]string{
+ EnvCredentials: "example.org:123,example.com:456,example.net:789",
+ },
+ },
+ {
+ desc: "invalid credentials",
+ envVars: map[string]string{
+ EnvCredentials: ",",
+ },
+ expected: `syse: credentials: incorrect pair: `,
+ },
+ {
+ desc: "missing password",
+ envVars: map[string]string{
+ EnvCredentials: "example.org:",
+ },
+ expected: `syse: missing password: "example.org:"`,
+ },
+ {
+ desc: "missing domain",
+ envVars: map[string]string{
+ EnvCredentials: ":123",
+ },
+ expected: `syse: missing domain: ":123"`,
+ },
+ {
+ desc: "invalid credentials, partial",
+ envVars: map[string]string{
+ EnvCredentials: "example.org:123,example.net",
+ },
+ expected: "syse: credentials: incorrect pair: example.net",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{
+ EnvCredentials: "",
+ },
+ expected: "syse: some credentials information are missing: SYSE_CREDENTIALS",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ creds map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ creds: map[string]string{"example.org": "123"},
+ },
+ {
+ desc: "success multiple domains",
+ creds: map[string]string{
+ "example.org": "123",
+ "example.com": "456",
+ "example.net": "789",
+ },
+ },
+ {
+ desc: "missing credentials",
+ expected: "syse: missing credentials",
+ },
+ {
+ desc: "missing domain",
+ creds: map[string]string{"": "123"},
+ expected: `syse: missing domain: ":123"`,
+ },
+ {
+ desc: "missing password",
+ creds: map[string]string{"example.org": ""},
+ expected: `syse: missing password: "example.org:"`,
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.Credentials = test.creds
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.Credentials = map[string]string{
+ "example.org": "secret",
+ }
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("/", servermock.DumpRequest()).
+ Route("POST /dns/example.com",
+ servermock.ResponseFromInternal("create_record.json"),
+ servermock.CheckRequestJSONBodyFromInternal("create_record-request.json")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /dns/example.com/1234",
+ servermock.Noop()).
+ Build(t)
+
+ provider.recordIDs["abc"] = "1234"
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/technitium/internal/client.go b/providers/dns/technitium/internal/client.go
index a68008d34..965638b1d 100644
--- a/providers/dns/technitium/internal/client.go
+++ b/providers/dns/technitium/internal/client.go
@@ -125,6 +125,7 @@ func (c *Client) newFormRequest(ctx context.Context, endpoint *url.URL, payload
if payload != nil {
var err error
+
values, err = querystring.Values(payload)
if err != nil {
return nil, fmt.Errorf("failed to create request body: %w", err)
@@ -149,6 +150,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIResponse[any]
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/technitium/technitium.go b/providers/dns/technitium/technitium.go
index b2cf2d701..fc60c09ad 100644
--- a/providers/dns/technitium/technitium.go
+++ b/providers/dns/technitium/technitium.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/technitium/internal"
)
@@ -87,6 +88,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/technitium/technitium.toml b/providers/dns/technitium/technitium.toml
index 13b40c304..ac1fc6466 100644
--- a/providers/dns/technitium/technitium.toml
+++ b/providers/dns/technitium/technitium.toml
@@ -7,7 +7,7 @@ Since = "v4.20.0"
Example = '''
TECHNITIUM_SERVER_BASE_URL="https://localhost:5380" \
TECHNITIUM_API_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns technitium -d '*.example.com' -d example.com run
+lego --dns technitium -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/technitium/technitium_test.go b/providers/dns/technitium/technitium_test.go
index da50b6fe6..4eee530fd 100644
--- a/providers/dns/technitium/technitium_test.go
+++ b/providers/dns/technitium/technitium_test.go
@@ -50,6 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -122,6 +123,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -135,6 +137,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/tencentcloud/tencentcloud.toml b/providers/dns/tencentcloud/tencentcloud.toml
index 75a950a49..50f4ee9d5 100644
--- a/providers/dns/tencentcloud/tencentcloud.toml
+++ b/providers/dns/tencentcloud/tencentcloud.toml
@@ -1,13 +1,13 @@
Name = "Tencent Cloud DNS"
Description = ''''''
-URL = "https://cloud.tencent.com/product/cns"
+URL = "https://cloud.tencent.com/product/dns"
Code = "tencentcloud"
Since = "v4.6.0"
Example = '''
TENCENTCLOUD_SECRET_ID=abcdefghijklmnopqrstuvwx \
TENCENTCLOUD_SECRET_KEY=your-secret-key \
-lego --email you@example.com --dns tencentcloud -d '*.example.com' -d example.com run
+lego --dns tencentcloud -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/tencentcloud/tencentcloud_test.go b/providers/dns/tencentcloud/tencentcloud_test.go
index c5a2fd974..ce6358174 100644
--- a/providers/dns/tencentcloud/tencentcloud_test.go
+++ b/providers/dns/tencentcloud/tencentcloud_test.go
@@ -55,6 +55,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -127,6 +128,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -140,6 +142,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/tencentcloud/wrapper.go b/providers/dns/tencentcloud/wrapper.go
index 6fdb7f899..6a66bc1c6 100644
--- a/providers/dns/tencentcloud/wrapper.go
+++ b/providers/dns/tencentcloud/wrapper.go
@@ -38,6 +38,7 @@ func (d *DNSProvider) getHostedZone(ctx context.Context, domain string) (*dnspod
}
var hostedZone *dnspod.DomainListItem
+
for _, zone := range domains {
unfqdn := dns01.UnFqdn(authZone)
if *zone.Name == unfqdn || *zone.Punycode == unfqdn {
@@ -73,6 +74,7 @@ func (d *DNSProvider) findTxtRecords(ctx context.Context, zone *dnspod.DomainLis
return nil, nil
}
}
+
return nil, err
}
diff --git a/providers/dns/timewebcloud/internal/client.go b/providers/dns/timewebcloud/internal/client.go
index b3030861e..ec3c8703d 100644
--- a/providers/dns/timewebcloud/internal/client.go
+++ b/providers/dns/timewebcloud/internal/client.go
@@ -49,6 +49,7 @@ func (c *Client) CreateRecord(ctx context.Context, zone string, record DNSRecord
}
respData := &CreateRecordResponse{}
+
err = c.do(req, respData)
if err != nil {
return nil, err
@@ -127,6 +128,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var response ErrorResponse
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/timewebcloud/internal/types.go b/providers/dns/timewebcloud/internal/types.go
index 81da4df5c..80cdb2c70 100644
--- a/providers/dns/timewebcloud/internal/types.go
+++ b/providers/dns/timewebcloud/internal/types.go
@@ -3,9 +3,11 @@ package internal
import "fmt"
type DNSRecord struct {
- ID int `json:"id,omitempty"`
- Type string `json:"type,omitempty"`
- Value string `json:"value,omitempty"`
+ ID int `json:"id,omitempty"`
+ Type string `json:"type,omitempty"`
+ Value string `json:"value,omitempty"`
+
+ // SubDomain is the full name of a subdomain (not only the subdomain label).
SubDomain string `json:"subdomain,omitempty"`
}
diff --git a/providers/dns/timewebcloud/timewebcloud.go b/providers/dns/timewebcloud/timewebcloud.go
index a2ab0dd65..a599566e3 100644
--- a/providers/dns/timewebcloud/timewebcloud.go
+++ b/providers/dns/timewebcloud/timewebcloud.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/timewebcloud/internal"
)
@@ -81,7 +82,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("timewebcloud: authentication token is missing")
}
- client := internal.NewClient(internal.OAuthStaticAccessToken(config.HTTPClient, config.AuthToken))
+ client := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.AuthToken),
+ ),
+ )
return &DNSProvider{
config: config,
@@ -105,15 +110,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("timewebcloud: could not find zone for domain %q: %w", domain, err)
}
- subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
- if err != nil {
- return fmt.Errorf("timewebcloud: %w", err)
- }
-
record := internal.DNSRecord{
Type: "TXT",
Value: info.Value,
- SubDomain: subDomain,
+ SubDomain: dns01.UnFqdn(info.EffectiveFQDN),
}
response, err := d.client.CreateRecord(context.Background(), authZone, record)
@@ -140,6 +140,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("timewebcloud: unknown record ID for '%s'", info.EffectiveFQDN)
}
diff --git a/providers/dns/timewebcloud/timewebcloud.toml b/providers/dns/timewebcloud/timewebcloud.toml
index 8c20b37b9..c8bde636a 100644
--- a/providers/dns/timewebcloud/timewebcloud.toml
+++ b/providers/dns/timewebcloud/timewebcloud.toml
@@ -6,7 +6,7 @@ Since = "v4.20.0"
Example = '''
TIMEWEBCLOUD_AUTH_TOKEN=xxxxxx \
-lego --email you@example.com --dns timewebcloud -d '*.example.com' -d example.com run
+lego --dns timewebcloud -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/timewebcloud/timewebcloud_test.go b/providers/dns/timewebcloud/timewebcloud_test.go
index cd3e2e26f..26e107578 100644
--- a/providers/dns/timewebcloud/timewebcloud_test.go
+++ b/providers/dns/timewebcloud/timewebcloud_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -97,6 +98,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -110,6 +112,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/todaynic/internal/client.go b/providers/dns/todaynic/internal/client.go
new file mode 100644
index 000000000..2c537f4a7
--- /dev/null
+++ b/providers/dns/todaynic/internal/client.go
@@ -0,0 +1,141 @@
+package internal
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+ querystring "github.com/google/go-querystring/query"
+)
+
+const defaultBaseURL = "https://todapi.now.cn:2443"
+
+// Client the TodayNIC API client.
+type Client struct {
+ authUserID string
+ apiKey string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(authUserID, apiKey string) (*Client, error) {
+ if authUserID == "" || apiKey == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ authUserID: authUserID,
+ apiKey: apiKey,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) AddRecord(ctx context.Context, record Record) (int, error) {
+ endpoint := c.BaseURL.JoinPath("api", "dns", "add-domain-record.json")
+
+ query, err := querystring.Values(record)
+ if err != nil {
+ return 0, err
+ }
+
+ req, err := c.newRequest(ctx, endpoint, query)
+ if err != nil {
+ return 0, err
+ }
+
+ var result APIResponse
+
+ err = c.do(req, &result)
+ if err != nil {
+ return 0, err
+ }
+
+ return result.ID, nil
+}
+
+func (c *Client) DeleteRecord(ctx context.Context, recordID int) error {
+ endpoint := c.BaseURL.JoinPath("api", "dns", "delete-domain-record.json")
+
+ query := endpoint.Query()
+ query.Set("Id", strconv.Itoa(recordID))
+
+ req, err := c.newRequest(ctx, endpoint, query)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, nil)
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func (c *Client) newRequest(ctx context.Context, endpoint *url.URL, query url.Values) (*http.Request, error) {
+ query.Set("auth-userid", c.authUserID)
+ query.Set("api-key", c.apiKey)
+
+ endpoint.RawQuery = query.Encode()
+
+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint.String(), nil)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/todaynic/internal/client_test.go b/providers/dns/todaynic/internal/client_test.go
new file mode 100644
index 000000000..71ee7f8b7
--- /dev/null
+++ b/providers/dns/todaynic/internal/client_test.go
@@ -0,0 +1,94 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("user123", "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestClient_AddRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/dns/add-domain-record.json",
+ servermock.ResponseFromFixture("add_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("Domain", "example.com").
+ With("Host", "_acme-challenge").
+ With("Type", "TXT").
+ With("Value", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ With("Ttl", "600").
+ With("auth-userid", "user123").
+ With("api-key", "secret"),
+ ).
+ Build(t)
+
+ record := Record{
+ Domain: "example.com",
+ Host: "_acme-challenge",
+ Type: "TXT",
+ Value: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: "600",
+ }
+
+ recordID, err := client.AddRecord(t.Context(), record)
+ require.NoError(t, err)
+
+ assert.Equal(t, 11554102, recordID)
+}
+
+func TestClient_AddRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/dns/add-domain-record.json",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusNotFound),
+ ).
+ Build(t)
+
+ record := Record{
+ Domain: "example.com",
+ Host: "_acme-challenge",
+ Type: "TXT",
+ Value: "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY",
+ TTL: "600",
+ }
+
+ _, err := client.AddRecord(t.Context(), record)
+ require.EqualError(t, err, "host.repeat (2d5876b2-f272-43e9-acc1-4c6a3d3683b1)")
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("GET /api/dns/delete-domain-record.json",
+ servermock.ResponseFromFixture("add_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("Id", "123").
+ With("auth-userid", "user123").
+ With("api-key", "secret"),
+ ).
+ Build(t)
+
+ err := client.DeleteRecord(t.Context(), 123)
+ require.NoError(t, err)
+}
diff --git a/providers/dns/todaynic/internal/fixtures/add_record.json b/providers/dns/todaynic/internal/fixtures/add_record.json
new file mode 100644
index 000000000..27f34d71c
--- /dev/null
+++ b/providers/dns/todaynic/internal/fixtures/add_record.json
@@ -0,0 +1,4 @@
+{
+ "RequestId": "f60ea4d9-67ef-49fa-bbae-06178a6e7293",
+ "Id": 11554102
+}
diff --git a/providers/dns/todaynic/internal/fixtures/error.json b/providers/dns/todaynic/internal/fixtures/error.json
new file mode 100644
index 000000000..3ea9c9310
--- /dev/null
+++ b/providers/dns/todaynic/internal/fixtures/error.json
@@ -0,0 +1,4 @@
+{
+ "RequestId": "2d5876b2-f272-43e9-acc1-4c6a3d3683b1",
+ "error": "host.repeat"
+}
diff --git a/providers/dns/todaynic/internal/types.go b/providers/dns/todaynic/internal/types.go
new file mode 100644
index 000000000..0a15c7da8
--- /dev/null
+++ b/providers/dns/todaynic/internal/types.go
@@ -0,0 +1,26 @@
+package internal
+
+import "fmt"
+
+type APIError struct {
+ RequestID string `json:"RequestId"`
+ Message string `json:"error"`
+}
+
+func (a *APIError) Error() string {
+ return fmt.Sprintf("%s (%s)", a.Message, a.RequestID)
+}
+
+type Record struct {
+ Domain string `url:"Domain,omitempty"`
+ Host string `url:"Host,omitempty"`
+ Type string `url:"Type,omitempty"`
+ Value string `url:"Value,omitempty"`
+ Mx string `url:"Mx,omitempty"`
+ TTL string `url:"Ttl,omitempty"`
+}
+
+type APIResponse struct {
+ RequestID string `json:"RequestId"`
+ ID int `json:"Id"`
+}
diff --git a/providers/dns/todaynic/todaynic.go b/providers/dns/todaynic/todaynic.go
new file mode 100644
index 000000000..3a3734033
--- /dev/null
+++ b/providers/dns/todaynic/todaynic.go
@@ -0,0 +1,164 @@
+// Package todaynic implements a DNS provider for solving the DNS-01 challenge using TodayNIC.
+package todaynic
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "strconv"
+ "sync"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/todaynic/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "TODAYNIC_"
+
+ EnvAuthUserID = envNamespace + "AUTH_USER_ID"
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ AuthUserID string
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, 600),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+
+ recordIDs map[string]int
+ recordIDsMu sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for TodayNIC.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAuthUserID, EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("todaynic: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.AuthUserID = values[EnvAuthUserID]
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for TodayNIC.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("todaynic: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.AuthUserID, config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("todaynic: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ recordIDs: make(map[string]int),
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("todaynic: could not find zone for domain %q: %w", domain, err)
+ }
+
+ subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ if err != nil {
+ return fmt.Errorf("todaynic: %w", err)
+ }
+
+ record := internal.Record{
+ Domain: dns01.UnFqdn(authZone),
+ Host: subDomain,
+ Type: "TXT",
+ Value: info.Value,
+ TTL: strconv.Itoa(d.config.TTL),
+ }
+
+ recordID, err := d.client.AddRecord(context.Background(), record)
+ if err != nil {
+ return fmt.Errorf("todaynic: add record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ d.recordIDs[token] = recordID
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ d.recordIDsMu.Lock()
+ recordID, ok := d.recordIDs[token]
+ d.recordIDsMu.Unlock()
+
+ if !ok {
+ return fmt.Errorf("todaynic: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
+ }
+
+ err := d.client.DeleteRecord(context.Background(), recordID)
+ if err != nil {
+ return fmt.Errorf("todaynic: delete record: %w", err)
+ }
+
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/todaynic/todaynic.toml b/providers/dns/todaynic/todaynic.toml
new file mode 100644
index 000000000..16d55ccc0
--- /dev/null
+++ b/providers/dns/todaynic/todaynic.toml
@@ -0,0 +1,25 @@
+Name = "TodayNIC/时代互联"
+Description = ''''''
+URL = "https://www.todaynic.com/"
+Code = "todaynic"
+Since = "v4.32.0"
+
+Example = '''
+TODAYNIC_AUTH_USER_ID="xxx" \
+TODAYNIC_API_KEY="yyy" \
+lego --dns todaynic -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ TODAYNIC_AUTH_USER_ID = "account ID"
+ TODAYNIC_API_KEY = "API key"
+ [Configuration.Additional]
+ TODAYNIC_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ TODAYNIC_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ TODAYNIC_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 600)"
+ TODAYNIC_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://www.todaynic.com/partner/mode_Http_Api_detail.php"
+ apipost = "https://docs.apipost.net/docs/detail/49dcef10a876000?target_id=0"
diff --git a/providers/dns/todaynic/todaynic_test.go b/providers/dns/todaynic/todaynic_test.go
new file mode 100644
index 000000000..c73bf6cc5
--- /dev/null
+++ b/providers/dns/todaynic/todaynic_test.go
@@ -0,0 +1,207 @@
+package todaynic
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAuthUserID, EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAuthUserID: "user123",
+ EnvAPIKey: "secret",
+ },
+ },
+ {
+ desc: "missing user ID",
+ envVars: map[string]string{
+ EnvAuthUserID: "",
+ EnvAPIKey: "secret",
+ },
+ expected: "todaynic: some credentials information are missing: TODAYNIC_AUTH_USER_ID",
+ },
+ {
+ desc: "missing API key",
+ envVars: map[string]string{
+ EnvAuthUserID: "user123",
+ EnvAPIKey: "",
+ },
+ expected: "todaynic: some credentials information are missing: TODAYNIC_API_KEY",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "todaynic: some credentials information are missing: TODAYNIC_AUTH_USER_ID,TODAYNIC_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ authUserID string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ authUserID: "user123",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing user ID",
+ apiKey: "secret",
+ expected: "todaynic: credentials missing",
+ },
+ {
+ desc: "missing API key",
+ authUserID: "user123",
+ expected: "todaynic: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "todaynic: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.AuthUserID = test.authUserID
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.AuthUserID = "user123"
+ config.APIKey = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders(),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /api/dns/add-domain-record.json",
+ servermock.ResponseFromInternal("add_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("Domain", "example.com").
+ With("Host", "_acme-challenge").
+ With("Type", "TXT").
+ With("Value", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY").
+ With("Ttl", "600").
+ With("auth-userid", "user123").
+ With("api-key", "secret"),
+ ).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("GET /api/dns/delete-domain-record.json",
+ servermock.ResponseFromInternal("add_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("Id", "123").
+ With("auth-userid", "user123").
+ With("api-key", "secret"),
+ ).
+ Build(t)
+
+ provider.recordIDs["abc"] = 123
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/transip/transip.go b/providers/dns/transip/transip.go
index 779704a21..bc2913aa4 100644
--- a/providers/dns/transip/transip.go
+++ b/providers/dns/transip/transip.go
@@ -4,6 +4,7 @@ package transip
import (
"errors"
"fmt"
+ "net/http"
"time"
"github.com/go-acme/lego/v4/challenge"
@@ -23,6 +24,7 @@ const (
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
@@ -34,6 +36,7 @@ type Config struct {
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int64
+ HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
@@ -42,6 +45,9 @@ func NewDefaultConfig() *Config {
TTL: int64(env.GetOrDefaultInt(EnvTTL, 10)),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 10*time.Minute),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
}
}
@@ -73,10 +79,19 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("transip: the configuration of the DNS provider is nil")
}
- client, err := gotransip.NewClient(gotransip.ClientConfiguration{
+ cfg := gotransip.ClientConfiguration{
AccountName: config.AccountName,
PrivateKeyPath: config.PrivateKeyPath,
- })
+ }
+
+ if config.HTTPClient != nil {
+ cfg.HTTPClient = config.HTTPClient
+ } else {
+ // Uses an explicit default HTTP client because the desec.NewDefaultClientOptions uses the http.DefaultClient.
+ cfg.HTTPClient = &http.Client{Timeout: 30 * time.Second}
+ }
+
+ client, err := gotransip.NewClient(cfg)
if err != nil {
return nil, fmt.Errorf("transip: %w", err)
}
@@ -153,6 +168,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err = d.repository.RemoveDNSEntry(domainName, entry); err != nil {
return fmt.Errorf("transip: couldn't get Record ID in CleanUp: %w", err)
}
+
return nil
}
}
diff --git a/providers/dns/transip/transip.toml b/providers/dns/transip/transip.toml
index 0625f819b..bf7d58ee3 100644
--- a/providers/dns/transip/transip.toml
+++ b/providers/dns/transip/transip.toml
@@ -7,7 +7,7 @@ Since = "v2.0.0"
Example = '''
TRANSIP_ACCOUNT_NAME = "Account name" \
TRANSIP_PRIVATE_KEY_PATH = "transip.key" \
-lego --email you@example.com --dns transip -d '*.example.com' -d example.com run
+lego --dns transip -d '*.example.com' -d example.com run
'''
[Configuration]
@@ -18,6 +18,7 @@ lego --email you@example.com --dns transip -d '*.example.com' -d example.com run
TRANSIP_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
TRANSIP_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 600)"
TRANSIP_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 10)"
+ TRANSIP_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
[Links]
API = "https://api.transip.eu/rest/docs.html"
diff --git a/providers/dns/transip/transip_test.go b/providers/dns/transip/transip_test.go
index b42753680..3c6e86657 100644
--- a/providers/dns/transip/transip_test.go
+++ b/providers/dns/transip/transip_test.go
@@ -58,6 +58,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -79,6 +80,7 @@ func TestNewDNSProvider(t *testing.T) {
// Therefore, we test if the error type is the same.
t.Run("could not open private key path", func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(map[string]string{
@@ -156,6 +158,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -169,6 +172,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/ultradns/ultradns.go b/providers/dns/ultradns/ultradns.go
index 0515cbaae..da76c56f4 100644
--- a/providers/dns/ultradns/ultradns.go
+++ b/providers/dns/ultradns/ultradns.go
@@ -4,6 +4,7 @@ package ultradns
import (
"errors"
"fmt"
+ "net/http"
"time"
"github.com/go-acme/lego/v4/challenge"
@@ -121,7 +122,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
RecordType: "TXT",
}
- res, _, _ := recordService.Read(rrSetKeyData)
+ resp, _, _ := recordService.Read(rrSetKeyData)
rrSetData := &rrset.RRSet{
OwnerName: info.EffectiveFQDN,
@@ -130,11 +131,12 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
RData: []string{info.Value},
}
- if res != nil && res.StatusCode == 200 {
+ if resp != nil && resp.StatusCode == http.StatusOK {
_, err = recordService.Update(rrSetKeyData, rrSetData)
} else {
_, err = recordService.Create(rrSetKeyData, rrSetData)
}
+
if err != nil {
return fmt.Errorf("ultradns: %w", err)
}
diff --git a/providers/dns/ultradns/ultradns.toml b/providers/dns/ultradns/ultradns.toml
index a403a3dcf..4c3dbbe72 100644
--- a/providers/dns/ultradns/ultradns.toml
+++ b/providers/dns/ultradns/ultradns.toml
@@ -7,7 +7,7 @@ Since = "v4.10.0"
Example = '''
ULTRADNS_USERNAME=username \
ULTRADNS_PASSWORD=password \
-lego --email you@example.com --dns ultradns -d '*.example.com' -d example.com run
+lego --dns ultradns -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/ultradns/ultradns_test.go b/providers/dns/ultradns/ultradns_test.go
index eefa63ec3..464bc51cd 100644
--- a/providers/dns/ultradns/ultradns_test.go
+++ b/providers/dns/ultradns/ultradns_test.go
@@ -177,6 +177,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/uniteddomains/uniteddomains.go b/providers/dns/uniteddomains/uniteddomains.go
new file mode 100644
index 000000000..683cab1fe
--- /dev/null
+++ b/providers/dns/uniteddomains/uniteddomains.go
@@ -0,0 +1,105 @@
+// Package uniteddomains implements a DNS provider for solving the DNS-01 challenge using United-Domains.
+package uniteddomains
+
+import (
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/ionos"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "UNITEDDOMAINS_"
+
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+const defaultBaseURL = "https://dnsapi.united-domains.de/dns"
+
+const minTTL = 300
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config = ionos.Config
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 15*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ prv challenge.ProviderTimeout
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for United-Domains.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("uniteddomains: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for United-Domains.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("uniteddomains: the configuration of the DNS provider is nil")
+ }
+
+ provider, err := ionos.NewDNSProviderConfig(config, defaultBaseURL)
+ if err != nil {
+ return nil, fmt.Errorf("uniteddomains: %w", err)
+ }
+
+ return &DNSProvider{prv: provider}, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ err := d.prv.Present(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("uniteddomains: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ err := d.prv.CleanUp(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("uniteddomains: %w", err)
+ }
+
+ return nil
+}
diff --git a/providers/dns/uniteddomains/uniteddomains.toml b/providers/dns/uniteddomains/uniteddomains.toml
new file mode 100644
index 000000000..fe8b9e574
--- /dev/null
+++ b/providers/dns/uniteddomains/uniteddomains.toml
@@ -0,0 +1,22 @@
+Name = "United-Domains"
+Description = ''''''
+URL = "https://www.united-domains.de/"
+Code = "uniteddomains"
+Since = "v4.29.0"
+
+Example = '''
+UNITEDDOMAINS_API_KEY=xxxxxxxx \
+lego --dns uniteddomains -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ UNITEDDOMAINS_API_KEY = "API key `.` https://www.united-domains.de/help/faq-article/getting-started-with-the-united-domains-dns-api/"
+ [Configuration.Additional]
+ UNITEDDOMAINS_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ UNITEDDOMAINS_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 900)"
+ UNITEDDOMAINS_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 300)"
+ UNITEDDOMAINS_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://www.united-domains.de/dns-apidoc/"
diff --git a/providers/dns/uniteddomains/uniteddomains_test.go b/providers/dns/uniteddomains/uniteddomains_test.go
new file mode 100644
index 000000000..93afb01ab
--- /dev/null
+++ b/providers/dns/uniteddomains/uniteddomains_test.go
@@ -0,0 +1,126 @@
+package uniteddomains
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIKey: "123",
+ },
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{
+ EnvAPIKey: "",
+ },
+ expected: "uniteddomains: some credentials information are missing: UNITEDDOMAINS_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.prv)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ tll int
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "123",
+ tll: minTTL,
+ },
+ {
+ desc: "missing credentials",
+ tll: minTTL,
+ expected: "uniteddomains: credentials missing",
+ },
+ {
+ desc: "invalid TTL",
+ apiKey: "123",
+ tll: 30,
+ expected: "uniteddomains: invalid TTL, TTL (30) must be greater than 300",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIKey = test.apiKey
+ config.TTL = test.tll
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.prv)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/variomedia/internal/client.go b/providers/dns/variomedia/internal/client.go
index 8c2a124cc..0e4ef9518 100644
--- a/providers/dns/variomedia/internal/client.go
+++ b/providers/dns/variomedia/internal/client.go
@@ -52,6 +52,7 @@ func (c *Client) CreateDNSRecord(ctx context.Context, record DNSRecord) (*Create
}
var result CreateDNSRecordResponse
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -71,6 +72,7 @@ func (c *Client) DeleteDNSRecord(ctx context.Context, id string) (*DeleteRecordR
}
var result DeleteRecordResponse
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -90,6 +92,7 @@ func (c *Client) GetJob(ctx context.Context, id string) (*GetJobResponse, error)
}
var result GetJobResponse
+
err = c.do(req, &result)
if err != nil {
return nil, err
@@ -153,6 +156,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var errAPI APIError
+
err := json.Unmarshal(raw, &errAPI)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/variomedia/variomedia.go b/providers/dns/variomedia/variomedia.go
index 548d8bab8..2d12fd975 100644
--- a/providers/dns/variomedia/variomedia.go
+++ b/providers/dns/variomedia/variomedia.go
@@ -10,11 +10,13 @@ import (
"sync"
"time"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/platform/wait"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/variomedia/internal"
)
@@ -91,6 +93,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
@@ -161,6 +165,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("variomedia: unknown record ID for '%s'", info.EffectiveFQDN)
}
@@ -175,18 +180,30 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("variomedia: %w", err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
return nil
}
func (d *DNSProvider) waitJob(ctx context.Context, domain, id string) error {
- return wait.For("variomedia: apply change on "+domain, d.config.PropagationTimeout, d.config.PollingInterval, func() (bool, error) {
- result, err := d.client.GetJob(ctx, id)
- if err != nil {
- return false, err
- }
+ return wait.Retry(ctx,
+ func() error {
+ result, err := d.client.GetJob(ctx, id)
+ if err != nil {
+ return fmt.Errorf("apply change on %s: %w", domain, err)
+ }
- log.Infof("variomedia: [%s] %s: %s %s", domain, result.Data.ID, result.Data.Attributes.JobType, result.Data.Attributes.Status)
+ log.Infof("variomedia: [%s] %s: %s %s", domain, result.Data.ID, result.Data.Attributes.JobType, result.Data.Attributes.Status)
- return result.Data.Attributes.Status == "done", nil
- })
+ if result.Data.Attributes.Status != "done" {
+ return fmt.Errorf("apply change on %s: status: %s", domain, result.Data.Attributes.Status)
+ }
+
+ return nil
+ },
+ backoff.WithBackOff(backoff.NewConstantBackOff(d.config.PollingInterval)),
+ backoff.WithMaxElapsedTime(d.config.PropagationTimeout),
+ )
}
diff --git a/providers/dns/variomedia/variomedia.toml b/providers/dns/variomedia/variomedia.toml
index fe6f2797a..8390d1922 100644
--- a/providers/dns/variomedia/variomedia.toml
+++ b/providers/dns/variomedia/variomedia.toml
@@ -6,7 +6,7 @@ Since = "v4.8.0"
Example = '''
VARIOMEDIA_API_TOKEN=xxxx \
-lego --email you@example.com --dns variomedia -d '*.example.com' -d example.com run
+lego --dns variomedia -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/variomedia/variomedia_test.go b/providers/dns/variomedia/variomedia_test.go
index 305646070..552419fd0 100644
--- a/providers/dns/variomedia/variomedia_test.go
+++ b/providers/dns/variomedia/variomedia_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -91,6 +92,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -104,6 +106,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/vegadns/vegadns.go b/providers/dns/vegadns/vegadns.go
index 824f727eb..9f1f189c3 100644
--- a/providers/dns/vegadns/vegadns.go
+++ b/providers/dns/vegadns/vegadns.go
@@ -2,14 +2,17 @@
package vegadns
import (
+ "context"
"errors"
"fmt"
+ "net/http"
"time"
- vegaClient "github.com/OpenDNS/vegadns2client"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/nrdcg/vegadns"
)
// Environment variables names.
@@ -23,18 +26,21 @@ const (
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
type Config struct {
- BaseURL string
- APIKey string
- APISecret string
+ BaseURL string
+ APIKey string
+ APISecret string
+
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
+ HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
@@ -43,13 +49,16 @@ func NewDefaultConfig() *Config {
TTL: env.GetOrDefaultInt(EnvTTL, 10),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 12*time.Minute),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, time.Minute),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
}
}
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
config *Config
- client vegaClient.VegaDNSClient
+ client *vegadns.Client
}
// NewDNSProvider returns a DNSProvider instance configured for VegaDNS.
@@ -75,11 +84,21 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("vegadns: the configuration of the DNS provider is nil")
}
- vega := vegaClient.NewVegaDNSClient(config.BaseURL)
- vega.APIKey = config.APIKey
- vega.APISecret = config.APISecret
+ if config.HTTPClient == nil {
+ config.HTTPClient = &http.Client{Timeout: 30 * time.Second}
+ }
- return &DNSProvider{client: vega, config: config}, nil
+ config.HTTPClient = clientdebug.Wrap(config.HTTPClient)
+
+ client, err := vegadns.NewClient(config.BaseURL,
+ vegadns.WithOAuth(config.APIKey, config.APISecret),
+ vegadns.WithHTTPClient(config.HTTPClient),
+ )
+ if err != nil {
+ return nil, fmt.Errorf("vegadns: %w", err)
+ }
+
+ return &DNSProvider{client: client, config: config}, nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
@@ -90,39 +109,71 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- _, domainID, err := d.client.GetAuthZone(info.EffectiveFQDN)
+ domainID, err := d.findDomainID(ctx, info.EffectiveFQDN)
if err != nil {
- return fmt.Errorf("vegadns: can't find Authoritative Zone for %s in Present: %w", info.EffectiveFQDN, err)
+ return fmt.Errorf("vegadns: find domain ID for %s: %w", info.EffectiveFQDN, err)
}
- err = d.client.CreateTXT(domainID, info.EffectiveFQDN, info.Value, d.config.TTL)
+ err = d.client.CreateTXTRecord(ctx, domainID, dns01.UnFqdn(info.EffectiveFQDN), info.Value, d.config.TTL)
if err != nil {
- return fmt.Errorf("vegadns: %w", err)
+ return fmt.Errorf("vegadns: create TXT record: %w", err)
}
+
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
- _, domainID, err := d.client.GetAuthZone(info.EffectiveFQDN)
+ domainID, err := d.findDomainID(ctx, info.EffectiveFQDN)
if err != nil {
- return fmt.Errorf("vegadns: can't find Authoritative Zone for %s in CleanUp: %w", info.EffectiveFQDN, err)
+ return fmt.Errorf("vegadns: find domain ID for %s: %w", info.EffectiveFQDN, err)
}
- txt := dns01.UnFqdn(info.EffectiveFQDN)
-
- recordID, err := d.client.GetRecordID(domainID, txt, "TXT")
+ recordID, err := d.findRecordID(ctx, domainID, dns01.UnFqdn(info.EffectiveFQDN))
if err != nil {
- return fmt.Errorf("vegadns: couldn't get Record ID in CleanUp: %w", err)
+ return fmt.Errorf("vegadns: find record ID for %d: %w", domainID, err)
}
- err = d.client.DeleteRecord(recordID)
+ err = d.client.DeleteRecord(ctx, recordID)
if err != nil {
- return fmt.Errorf("vegadns: %w", err)
+ return fmt.Errorf("vegadns: delete record: %w", err)
}
+
return nil
}
+
+func (d *DNSProvider) findDomainID(ctx context.Context, fqdn string) (int, error) {
+ for host := range dns01.UnFqdnDomainsSeq(fqdn) {
+ id, err := d.client.GetDomainID(ctx, host)
+ if err != nil {
+ continue
+ }
+
+ return id, nil
+ }
+
+ return 0, errors.New("domain not found")
+}
+
+func (d *DNSProvider) findRecordID(ctx context.Context, domainID int, name string) (int, error) {
+ records, err := d.client.GetRecords(ctx, domainID)
+ if err != nil {
+ return 0, fmt.Errorf("get records: %w", err)
+ }
+
+ for _, r := range records {
+ if r.Name == name && r.RecordType == "TXT" {
+ return r.RecordID, nil
+ }
+ }
+
+ return 0, errors.New("record not found")
+}
diff --git a/providers/dns/vegadns/vegadns_test.go b/providers/dns/vegadns/vegadns_test.go
index 48f54faab..edcd2c60d 100644
--- a/providers/dns/vegadns/vegadns_test.go
+++ b/providers/dns/vegadns/vegadns_test.go
@@ -19,6 +19,7 @@ var envTest = tester.NewEnvTest(EnvKey, EnvSecret, EnvURL)
func TestNewDNSProvider_Fail(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
_, err := NewDNSProvider()
@@ -27,6 +28,7 @@ func TestNewDNSProvider_Fail(t *testing.T) {
func TestDNSProvider_TimeoutSuccess(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
provider := mockBuilder().Build(t)
@@ -44,7 +46,7 @@ func TestDNSProvider_Present(t *testing.T) {
expectedError string
}{
{
- desc: "Success",
+ desc: "success",
builder: mockBuilder().
Route("POST /1.0/token",
servermock.ResponseFromFixture("token.json")).
@@ -54,17 +56,17 @@ func TestDNSProvider_Present(t *testing.T) {
WithStatusCode(http.StatusCreated)),
},
{
- desc: "FailToFindZone",
+ desc: "fail to find the zone",
builder: mockBuilder().
Route("POST /1.0/token",
servermock.ResponseFromFixture("token.json")).
Route("GET /1.0/domains",
servermock.Noop().
WithStatusCode(http.StatusNotFound)),
- expectedError: "vegadns: can't find Authoritative Zone for _acme-challenge.example.com. in Present: Unable to find auth zone for fqdn _acme-challenge.example.com",
+ expectedError: "vegadns: find domain ID for _acme-challenge.example.com.: domain not found",
},
{
- desc: "FailToCreateTXT",
+ desc: "fail to create TXT record",
builder: mockBuilder().
Route("POST /1.0/token",
servermock.ResponseFromFixture("token.json")).
@@ -72,13 +74,14 @@ func TestDNSProvider_Present(t *testing.T) {
Route("POST /1.0/records",
servermock.Noop().
WithStatusCode(http.StatusBadRequest)),
- expectedError: "vegadns: Got bad answer from VegaDNS on CreateTXT. Code: 400. Message: ",
+ expectedError: "vegadns: create TXT record: bad answer from VegaDNS (code: 400, message: )",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
provider := test.builder.Build(t)
@@ -100,7 +103,7 @@ func TestDNSProvider_CleanUp(t *testing.T) {
expectedError string
}{
{
- desc: "Success",
+ desc: "success",
builder: mockBuilder().
Route("POST /1.0/token",
servermock.ResponseFromFixture("token.json")).
@@ -112,17 +115,17 @@ func TestDNSProvider_CleanUp(t *testing.T) {
servermock.ResponseFromFixture("record_delete.json")),
},
{
- desc: "FailToFindZone",
+ desc: "fail to find the zone",
builder: mockBuilder().
Route("POST /1.0/token",
servermock.ResponseFromFixture("token.json")).
Route("GET /1.0/domains",
servermock.Noop().
WithStatusCode(http.StatusNotFound)),
- expectedError: "vegadns: can't find Authoritative Zone for _acme-challenge.example.com. in CleanUp: Unable to find auth zone for fqdn _acme-challenge.example.com",
+ expectedError: "vegadns: find domain ID for _acme-challenge.example.com.: domain not found",
},
{
- desc: "FailToGetRecordID",
+ desc: "fail to get record ID",
builder: mockBuilder().
Route("POST /1.0/token",
servermock.ResponseFromFixture("token.json")).
@@ -131,13 +134,14 @@ func TestDNSProvider_CleanUp(t *testing.T) {
servermock.Noop().
WithStatusCode(http.StatusNotFound),
servermock.CheckQueryParameter().With("domain_id", "1")),
- expectedError: "vegadns: couldn't get Record ID in CleanUp: Got bad answer from VegaDNS on GetRecordID. Code: 404. Message: ",
+ expectedError: "vegadns: find record ID for 1: get records: bad answer from VegaDNS (code: 404, message: )",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
provider := test.builder.Build(t)
@@ -167,6 +171,7 @@ func getDomainHandler() http.HandlerFunc {
]
}
`)
+
return
}
diff --git a/providers/dns/vercel/internal/client.go b/providers/dns/vercel/internal/client.go
index d852689ae..930f3543e 100644
--- a/providers/dns/vercel/internal/client.go
+++ b/providers/dns/vercel/internal/client.go
@@ -51,6 +51,7 @@ func (c *Client) CreateRecord(ctx context.Context, zone string, record Record) (
}
respData := &CreateRecordResponse{}
+
err = c.do(req, respData)
if err != nil {
return nil, err
@@ -135,6 +136,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var response APIErrorResponse
+
err := json.Unmarshal(raw, &response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/vercel/vercel.go b/providers/dns/vercel/vercel.go
index 9ba92e21f..965e3de12 100644
--- a/providers/dns/vercel/vercel.go
+++ b/providers/dns/vercel/vercel.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/vercel/internal"
)
@@ -86,7 +87,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("vercel: credentials missing")
}
- client := internal.NewClient(internal.OAuthStaticAccessToken(config.HTTPClient, config.AuthToken), config.TeamID)
+ client := internal.NewClient(
+ clientdebug.Wrap(
+ internal.OAuthStaticAccessToken(config.HTTPClient, config.AuthToken),
+ ),
+ config.TeamID,
+ )
return &DNSProvider{
config: config,
@@ -142,6 +148,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("vercel: unknown record ID for '%s'", info.EffectiveFQDN)
}
diff --git a/providers/dns/vercel/vercel.toml b/providers/dns/vercel/vercel.toml
index 2545b9c48..4700d6d78 100644
--- a/providers/dns/vercel/vercel.toml
+++ b/providers/dns/vercel/vercel.toml
@@ -6,7 +6,7 @@ Since = "v4.7.0"
Example = '''
VERCEL_API_TOKEN=xxxxxx \
-lego --email you@example.com --dns vercel -d '*.example.com' -d example.com run
+lego --dns vercel -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/vercel/vercel_test.go b/providers/dns/vercel/vercel_test.go
index 6c19a4db5..d4cf37904 100644
--- a/providers/dns/vercel/vercel_test.go
+++ b/providers/dns/vercel/vercel_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -95,6 +96,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -108,6 +110,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/versio/internal/client.go b/providers/dns/versio/internal/client.go
index e91913556..6a92cc958 100644
--- a/providers/dns/versio/internal/client.go
+++ b/providers/dns/versio/internal/client.go
@@ -48,6 +48,7 @@ func (c *Client) UpdateDomain(ctx context.Context, domain string, msg *DomainInf
}
respData := &DomainInfoResponse{}
+
err = c.do(req, respData)
if err != nil {
return nil, err
@@ -71,6 +72,7 @@ func (c *Client) GetDomain(ctx context.Context, domain string) (*DomainInfoRespo
}
respData := &DomainInfoResponse{}
+
err = c.do(req, respData)
if err != nil {
return nil, err
@@ -88,6 +90,7 @@ func (c *Client) do(req *http.Request, result any) error {
if resp != nil {
defer func() { _ = resp.Body.Close() }()
}
+
if err != nil {
return errutils.NewHTTPDoError(req, err)
}
@@ -140,6 +143,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
response := &ErrorResponse{}
+
err := json.Unmarshal(raw, response)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/versio/versio.go b/providers/dns/versio/versio.go
index 78ddd9bac..05a7263c4 100644
--- a/providers/dns/versio/versio.go
+++ b/providers/dns/versio/versio.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/versio/internal"
)
@@ -91,9 +92,11 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("versio: the configuration of the DNS provider is nil")
}
+
if config.Username == "" {
return nil, errors.New("versio: the versio username is missing")
}
+
if config.Password == "" {
return nil, errors.New("versio: the versio password is missing")
}
@@ -108,6 +111,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
@@ -155,6 +160,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("versio: %w", err)
}
+
return nil
}
@@ -182,6 +188,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// loop through the existing entries and remove the specific record
msg := &internal.DomainInfo{}
+
for _, e := range domains.DomainInfo.DNSRecords {
if e.Name != info.EffectiveFQDN {
msg.DNSRecords = append(msg.DNSRecords, e)
@@ -192,5 +199,6 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("versio: %w", err)
}
+
return nil
}
diff --git a/providers/dns/versio/versio.toml b/providers/dns/versio/versio.toml
index 33f7125c8..733947095 100644
--- a/providers/dns/versio/versio.toml
+++ b/providers/dns/versio/versio.toml
@@ -7,7 +7,7 @@ Since = "v2.7.0"
Example = '''
VERSIO_USERNAME= \
VERSIO_PASSWORD= \
-lego --email you@example.com --dns versio -d '*.example.com' -d example.com run
+lego --dns versio -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/versio/versio_test.go b/providers/dns/versio/versio_test.go
index ea1ccc221..563e70d05 100644
--- a/providers/dns/versio/versio_test.go
+++ b/providers/dns/versio/versio_test.go
@@ -54,6 +54,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -161,6 +162,7 @@ func TestDNSProvider_Present(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
provider := test.builder.Build(t)
@@ -204,6 +206,7 @@ func TestDNSProvider_CleanUp(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
provider := test.builder.Build(t)
@@ -224,6 +227,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -237,6 +241,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -252,6 +257,13 @@ func mockBuilder() *servermock.Builder[*DNSProvider] {
EnvEndpoint: server.URL,
})
- return NewDNSProvider()
+ provider, err := NewDNSProvider()
+ if err != nil {
+ return nil, err
+ }
+
+ provider.client.HTTPClient = server.Client()
+
+ return provider, nil
})
}
diff --git a/providers/dns/vinyldns/vinyldns.go b/providers/dns/vinyldns/vinyldns.go
index 9e36ccc51..65a024513 100644
--- a/providers/dns/vinyldns/vinyldns.go
+++ b/providers/dns/vinyldns/vinyldns.go
@@ -2,14 +2,17 @@
package vinyldns
import (
+ "context"
"errors"
"fmt"
+ "net/http"
"strconv"
"time"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/internal/useragent"
"github.com/vinyldns/go-vinyldns/vinyldns"
)
@@ -26,6 +29,7 @@ const (
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
@@ -40,6 +44,7 @@ type Config struct {
TTL int
PropagationTimeout time.Duration
PollingInterval time.Duration
+ HTTPClient *http.Client
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
@@ -48,6 +53,9 @@ func NewDefaultConfig() *Config {
TTL: env.GetOrDefaultInt(EnvTTL, 30),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 4*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
}
}
@@ -96,13 +104,22 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
UserAgent: useragent.Get(),
})
- client.HTTPClient.Timeout = 30 * time.Second
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ } else {
+ // For compatibility, it should be removed in v5.
+ client.HTTPClient.Timeout = 30 * time.Second
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
return &DNSProvider{client: client, config: config}, nil
}
// Present creates a TXT record to fulfill the dns-01 challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
existingRecord, err := d.getRecordSet(info.EffectiveFQDN)
@@ -115,7 +132,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
record := vinyldns.Record{Text: value}
if existingRecord == nil || existingRecord.ID == "" {
- err = d.createRecordSet(info.EffectiveFQDN, []vinyldns.Record{record})
+ err = d.createRecordSet(ctx, info.EffectiveFQDN, []vinyldns.Record{record})
if err != nil {
return fmt.Errorf("vinyldns: %w", err)
}
@@ -132,7 +149,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
records := existingRecord.Records
records = append(records, record)
- err = d.updateRecordSet(existingRecord, records)
+ err = d.updateRecordSet(ctx, existingRecord, records)
if err != nil {
return fmt.Errorf("vinyldns: %w", err)
}
@@ -142,6 +159,8 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+
info := dns01.GetChallengeInfo(domain, keyAuth)
existingRecord, err := d.getRecordSet(info.EffectiveFQDN)
@@ -156,6 +175,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
value := d.formatValue(info.Value)
var records []vinyldns.Record
+
for _, i := range existingRecord.Records {
if i.Text != value {
records = append(records, i)
@@ -163,7 +183,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
if len(records) == 0 {
- err = d.deleteRecordSet(existingRecord)
+ err = d.deleteRecordSet(ctx, existingRecord)
if err != nil {
return fmt.Errorf("vinyldns: %w", err)
}
@@ -171,7 +191,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return nil
}
- err = d.updateRecordSet(existingRecord, records)
+ err = d.updateRecordSet(ctx, existingRecord, records)
if err != nil {
return fmt.Errorf("vinyldns: %w", err)
}
diff --git a/providers/dns/vinyldns/vinyldns.toml b/providers/dns/vinyldns/vinyldns.toml
index 8c9f1b3a6..d6dd5810e 100644
--- a/providers/dns/vinyldns/vinyldns.toml
+++ b/providers/dns/vinyldns/vinyldns.toml
@@ -8,7 +8,7 @@ Example = '''
VINYLDNS_ACCESS_KEY=xxxxxx \
VINYLDNS_SECRET_KEY=yyyyy \
VINYLDNS_HOST=https://api.vinyldns.example.org:9443 \
-lego --email you@example.com --dns vinyldns -d '*.example.com' -d example.com run
+lego --dns vinyldns -d '*.example.com' -d example.com run
'''
Additional = '''
@@ -26,6 +26,7 @@ Users are required to have DELETE ACL level or zone admin permissions on the Vin
VINYLDNS_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 4)"
VINYLDNS_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 120)"
VINYLDNS_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 30)"
+ VINYLDNS_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
[Links]
API = "https://www.vinyldns.io/api/"
diff --git a/providers/dns/vinyldns/vinyldns_test.go b/providers/dns/vinyldns/vinyldns_test.go
index 6f5b9b328..7dfe2c13f 100644
--- a/providers/dns/vinyldns/vinyldns_test.go
+++ b/providers/dns/vinyldns/vinyldns_test.go
@@ -78,6 +78,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -162,6 +163,7 @@ func mockBuilder() *servermock.Builder[*DNSProvider] {
config.AccessKey = "foo"
config.SecretKey = "bar"
config.Host = server.URL
+ config.HTTPClient = server.Client()
return NewDNSProviderConfig(config)
})
@@ -245,6 +247,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -258,6 +261,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/vinyldns/wrapper.go b/providers/dns/vinyldns/wrapper.go
index f17b3de31..e7b59a82b 100644
--- a/providers/dns/vinyldns/wrapper.go
+++ b/providers/dns/vinyldns/wrapper.go
@@ -1,8 +1,10 @@
package vinyldns
import (
+ "context"
"fmt"
+ "github.com/cenkalti/backoff/v5"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/wait"
"github.com/vinyldns/go-vinyldns/vinyldns"
@@ -25,6 +27,7 @@ func (d *DNSProvider) getRecordSet(fqdn string) (*vinyldns.RecordSet, error) {
}
var recordSets []vinyldns.RecordSet
+
for _, i := range allRecordSets {
if i.Type == "TXT" {
recordSets = append(recordSets, i)
@@ -41,7 +44,7 @@ func (d *DNSProvider) getRecordSet(fqdn string) (*vinyldns.RecordSet, error) {
}
}
-func (d *DNSProvider) createRecordSet(fqdn string, records []vinyldns.Record) error {
+func (d *DNSProvider) createRecordSet(ctx context.Context, fqdn string, records []vinyldns.Record) error {
zoneName, hostName, err := splitDomain(fqdn)
if err != nil {
return err
@@ -65,10 +68,10 @@ func (d *DNSProvider) createRecordSet(fqdn string, records []vinyldns.Record) er
return err
}
- return d.waitForChanges("CreateRS", resp)
+ return d.waitForChanges(ctx, "CreateRS", resp)
}
-func (d *DNSProvider) updateRecordSet(recordSet *vinyldns.RecordSet, newRecords []vinyldns.Record) error {
+func (d *DNSProvider) updateRecordSet(ctx context.Context, recordSet *vinyldns.RecordSet, newRecords []vinyldns.Record) error {
operation := "delete"
if len(recordSet.Records) < len(newRecords) {
operation = "add"
@@ -82,33 +85,35 @@ func (d *DNSProvider) updateRecordSet(recordSet *vinyldns.RecordSet, newRecords
return err
}
- return d.waitForChanges("UpdateRS - "+operation, resp)
+ return d.waitForChanges(ctx, "UpdateRS - "+operation, resp)
}
-func (d *DNSProvider) deleteRecordSet(existingRecord *vinyldns.RecordSet) error {
+func (d *DNSProvider) deleteRecordSet(ctx context.Context, existingRecord *vinyldns.RecordSet) error {
resp, err := d.client.RecordSetDelete(existingRecord.ZoneID, existingRecord.ID)
if err != nil {
return err
}
- return d.waitForChanges("DeleteRS", resp)
+ return d.waitForChanges(ctx, "DeleteRS", resp)
}
-func (d *DNSProvider) waitForChanges(operation string, resp *vinyldns.RecordSetUpdateResponse) error {
- return wait.For("vinyldns", d.config.PropagationTimeout, d.config.PollingInterval,
- func() (bool, error) {
+func (d *DNSProvider) waitForChanges(ctx context.Context, operation string, resp *vinyldns.RecordSetUpdateResponse) error {
+ return wait.Retry(ctx,
+ func() error {
change, err := d.client.RecordSetChange(resp.Zone.ID, resp.RecordSet.ID, resp.ChangeID)
if err != nil {
- return false, fmt.Errorf("failed to query change status: %w", err)
+ return fmt.Errorf("failed to query change status: %w", err)
}
- if change.Status == "Complete" {
- return true, nil
+ if change.Status != "Complete" {
+ return fmt.Errorf("waiting operation: %s, zoneID: %s, recordsetID: %s, changeID: %s",
+ operation, resp.Zone.ID, resp.RecordSet.ID, resp.ChangeID)
}
- return false, fmt.Errorf("waiting operation: %s, zoneID: %s, recordsetID: %s, changeID: %s",
- operation, resp.Zone.ID, resp.RecordSet.ID, resp.ChangeID)
+ return nil
},
+ backoff.WithBackOff(backoff.NewConstantBackOff(d.config.PollingInterval)),
+ backoff.WithMaxElapsedTime(d.config.PropagationTimeout),
)
}
diff --git a/providers/dns/virtualname/virtualname.go b/providers/dns/virtualname/virtualname.go
new file mode 100644
index 000000000..34637d280
--- /dev/null
+++ b/providers/dns/virtualname/virtualname.go
@@ -0,0 +1,103 @@
+// Package virtualname implements a DNS provider for solving the DNS-01 challenge using Virtualname DNS.
+package virtualname
+
+import (
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/tecnocratica"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "VIRTUALNAME_"
+
+ EnvToken = envNamespace + "TOKEN"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+const defaultBaseURL = "https://api.virtualname.net/v1"
+
+var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config = tecnocratica.Config
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 5*time.Minute),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 10*time.Second),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ prv challenge.ProviderTimeout
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Virtualname.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvToken)
+ if err != nil {
+ return nil, fmt.Errorf("virtualname: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.Token = values[EnvToken]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Virtualname.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("virtualname: the configuration of the DNS provider is nil")
+ }
+
+ provider, err := tecnocratica.NewDNSProviderConfig(config, defaultBaseURL)
+ if err != nil {
+ return nil, fmt.Errorf("virtualname: %w", err)
+ }
+
+ return &DNSProvider{prv: provider}, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ err := d.prv.Present(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("virtualname: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ err := d.prv.CleanUp(domain, token, keyAuth)
+ if err != nil {
+ return fmt.Errorf("virtualname: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
+}
diff --git a/providers/dns/virtualname/virtualname.toml b/providers/dns/virtualname/virtualname.toml
new file mode 100644
index 000000000..881f09797
--- /dev/null
+++ b/providers/dns/virtualname/virtualname.toml
@@ -0,0 +1,22 @@
+Name = "Virtualname"
+Description = ''''''
+URL = "https://www.virtualname.es/"
+Code = "virtualname"
+Since = "v4.30.0"
+
+Example = '''
+VIRTUALNAME_TOKEN=xxxxxx \
+lego --dns virtualname -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ VIRTUALNAME_TOKEN = "API token"
+ [Configuration.Additional]
+ VIRTUALNAME_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 10)"
+ VIRTUALNAME_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 300)"
+ VIRTUALNAME_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ VIRTUALNAME_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://developers.virtualname.net/#dns"
diff --git a/providers/dns/virtualname/virtualname_test.go b/providers/dns/virtualname/virtualname_test.go
new file mode 100644
index 000000000..da5867e86
--- /dev/null
+++ b/providers/dns/virtualname/virtualname_test.go
@@ -0,0 +1,116 @@
+package virtualname
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvToken).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvToken: "secret",
+ },
+ },
+ {
+ desc: "missing credentials: token",
+ envVars: map[string]string{
+ EnvToken: "",
+ },
+ expected: "virtualname: some credentials information are missing: VIRTUALNAME_TOKEN",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.prv)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ token string
+ expected string
+ }{
+ {
+ desc: "success",
+ token: "secret",
+ },
+ {
+ desc: "missing token",
+ expected: "virtualname: missing credentials",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.Token = test.token
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.prv)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/vkcloud/internal/client.go b/providers/dns/vkcloud/internal/client.go
index 5ced88d2d..2b03518db 100644
--- a/providers/dns/vkcloud/internal/client.go
+++ b/providers/dns/vkcloud/internal/client.go
@@ -46,6 +46,7 @@ func (c *Client) ListZones() ([]DNSZone, error) {
endpoint := c.baseURL.JoinPath("/")
var zones []DNSZone
+
opts := &gophercloud.RequestOpts{JSONResponse: &zones}
err := c.request(http.MethodGet, endpoint, opts)
@@ -60,6 +61,7 @@ func (c *Client) ListTXTRecords(zoneUUID string) ([]DNSTXTRecord, error) {
endpoint := c.baseURL.JoinPath(zoneUUID, "txt", "/")
var records []DNSTXTRecord
+
opts := &gophercloud.RequestOpts{JSONResponse: &records}
err := c.request(http.MethodGet, endpoint, opts)
diff --git a/providers/dns/vkcloud/vkcloud.go b/providers/dns/vkcloud/vkcloud.go
index 2aea7838c..ffacdbe52 100644
--- a/providers/dns/vkcloud/vkcloud.go
+++ b/providers/dns/vkcloud/vkcloud.go
@@ -135,6 +135,7 @@ func (d *DNSProvider) Present(domain, _, keyAuth string) error {
}
var zoneUUID string
+
for _, zone := range zones {
if zone.Zone == authZone {
zoneUUID = zone.UUID
diff --git a/providers/dns/vkcloud/vkcloud.toml b/providers/dns/vkcloud/vkcloud.toml
index 366039694..04f57fea3 100644
--- a/providers/dns/vkcloud/vkcloud.toml
+++ b/providers/dns/vkcloud/vkcloud.toml
@@ -8,7 +8,7 @@ Example = '''
VK_CLOUD_PROJECT_ID="" \
VK_CLOUD_USERNAME="" \
VK_CLOUD_PASSWORD="" \
-lego --email you@example.com --dns vkcloud -d '*.example.com' -d example.com run
+lego --dns vkcloud -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/vkcloud/vkcloud_test.go b/providers/dns/vkcloud/vkcloud_test.go
index edc32363a..e7883b486 100644
--- a/providers/dns/vkcloud/vkcloud_test.go
+++ b/providers/dns/vkcloud/vkcloud_test.go
@@ -60,6 +60,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -188,6 +189,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -201,6 +203,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/volcengine/volcengine.go b/providers/dns/volcengine/volcengine.go
index a271e0f26..765d38adb 100644
--- a/providers/dns/volcengine/volcengine.go
+++ b/providers/dns/volcengine/volcengine.go
@@ -159,6 +159,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
d.recordIDsMu.Lock()
recordID, ok := d.recordIDs[token]
d.recordIDsMu.Unlock()
+
if !ok {
return fmt.Errorf("volcengine: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
}
@@ -170,6 +171,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
return fmt.Errorf("volcengine: delete record: %w", err)
}
+ d.recordIDsMu.Lock()
+ delete(d.recordIDs, token)
+ d.recordIDsMu.Unlock()
+
return nil
}
diff --git a/providers/dns/volcengine/volcengine.toml b/providers/dns/volcengine/volcengine.toml
index cb7c219f7..ceedcb18a 100644
--- a/providers/dns/volcengine/volcengine.toml
+++ b/providers/dns/volcengine/volcengine.toml
@@ -7,7 +7,7 @@ Since = "v4.19.0"
Example = '''
VOLC_ACCESSKEY=xxx \
VOLC_SECRETKEY=yyy \
-lego --email you@example.com --dns volcengine -d '*.example.com' -d example.com run
+lego --dns volcengine -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/volcengine/volcengine_test.go b/providers/dns/volcengine/volcengine_test.go
index 5e9167612..0f79ed83a 100644
--- a/providers/dns/volcengine/volcengine_test.go
+++ b/providers/dns/volcengine/volcengine_test.go
@@ -55,6 +55,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -125,6 +126,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -138,6 +140,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/vscale/vscale.go b/providers/dns/vscale/vscale.go
index 6c51ae5ca..a159db307 100644
--- a/providers/dns/vscale/vscale.go
+++ b/providers/dns/vscale/vscale.go
@@ -4,11 +4,9 @@
package vscale
import (
- "context"
"errors"
"fmt"
"net/http"
- "net/url"
"time"
"github.com/go-acme/lego/v4/challenge"
@@ -30,25 +28,18 @@ const (
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
-const minTTL = 60
+const defaultBaseURL = "https://api.vscale.io/v1/domains"
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- BaseURL string
- Token string
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = selectel.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
- BaseURL: env.GetOrDefaultString(EnvBaseURL, selectel.DefaultVScaleBaseURL),
- TTL: env.GetOrDefaultInt(EnvTTL, minTTL),
+ BaseURL: env.GetOrDefaultString(EnvBaseURL, defaultBaseURL),
+ TTL: env.GetOrDefaultInt(EnvTTL, selectel.MinTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 120*time.Second),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
HTTPClient: &http.Client{
@@ -59,8 +50,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *selectel.Client
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for Vscale Domains API.
@@ -83,53 +73,21 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("vscale: the configuration of the DNS provider is nil")
}
- if config.Token == "" {
- return nil, errors.New("vscale: credentials missing")
+ if config.BaseURL == "" {
+ config.BaseURL = defaultBaseURL
}
- if config.TTL < minTTL {
- return nil, fmt.Errorf("vscale: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
- }
-
- client := selectel.NewClient(config.Token)
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- var err error
- client.BaseURL, err = url.Parse(config.BaseURL)
+ provider, err := selectel.NewDNSProviderConfig(config)
if err != nil {
return nil, fmt.Errorf("vscale: %w", err)
}
- return &DNSProvider{config: config, client: client}, nil
+ return &DNSProvider{prv: provider}, nil
}
-// Timeout returns the Timeout and interval to use when checking for DNS propagation.
-// Adjusting here to cope with spikes in propagation times.
-func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
-}
-
-// Present creates a TXT record to fulfill DNS-01 challenge.
+// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- ctx := context.Background()
-
- // TODO(ldez) replace domain by FQDN to follow CNAME.
- domainObj, err := d.client.GetDomainByName(ctx, domain)
- if err != nil {
- return fmt.Errorf("vscale: %w", err)
- }
-
- txtRecord := selectel.Record{
- Type: "TXT",
- TTL: d.config.TTL,
- Name: info.EffectiveFQDN,
- Content: info.Value,
- }
- _, err = d.client.AddRecord(ctx, domainObj.ID, txtRecord)
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("vscale: %w", err)
}
@@ -137,35 +95,18 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return nil
}
-// CleanUp removes a TXT record used for DNS-01 challenge.
+// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- recordName := dns01.UnFqdn(info.EffectiveFQDN)
-
- ctx := context.Background()
-
- // TODO(ldez) replace domain by FQDN to follow CNAME.
- domainObj, err := d.client.GetDomainByName(ctx, domain)
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("vscale: %w", err)
}
- records, err := d.client.ListRecords(ctx, domainObj.ID)
- if err != nil {
- return fmt.Errorf("vscale: %w", err)
- }
-
- // Delete records with specific FQDN
- var lastErr error
- for _, record := range records {
- if record.Name == recordName {
- err = d.client.DeleteRecord(ctx, domainObj.ID, record.ID)
- if err != nil {
- lastErr = fmt.Errorf("vscale: %w", err)
- }
- }
- }
-
- return lastErr
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
}
diff --git a/providers/dns/vscale/vscale.toml b/providers/dns/vscale/vscale.toml
index 78b6c99e5..f7dc0d943 100644
--- a/providers/dns/vscale/vscale.toml
+++ b/providers/dns/vscale/vscale.toml
@@ -6,7 +6,7 @@ Since = "v2.0.0"
Example = '''
VSCALE_API_TOKEN=xxxxx \
-lego --email you@example.com --dns vscale -d '*.example.com' -d example.com run
+lego --dns vscale -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/vscale/vscale_test.go b/providers/dns/vscale/vscale_test.go
index 6a9b25583..9012c7563 100644
--- a/providers/dns/vscale/vscale_test.go
+++ b/providers/dns/vscale/vscale_test.go
@@ -6,6 +6,7 @@ import (
"time"
"github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/providers/dns/internal/selectel"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
@@ -36,6 +37,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -45,8 +47,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- assert.NotNil(t, p.config)
- assert.NotNil(t, p.client)
+ assert.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -76,7 +77,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
desc: "bad TTL value",
token: "123",
ttl: 59,
- expected: fmt.Sprintf("vscale: invalid TTL, TTL (59) must be greater than %d", minTTL),
+ expected: fmt.Sprintf("vscale: invalid TTL, TTL (59) must be greater than %d", selectel.MinTTL),
},
}
@@ -91,8 +92,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- assert.NotNil(t, p.config)
- assert.NotNil(t, p.client)
+ assert.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -106,6 +106,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -119,6 +120,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/vultr/vultr.go b/providers/dns/vultr/vultr.go
index 7672d2054..f97a321c1 100644
--- a/providers/dns/vultr/vultr.go
+++ b/providers/dns/vultr/vultr.go
@@ -13,6 +13,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/vultr/govultr/v3"
"golang.org/x/oauth2"
)
@@ -38,7 +39,7 @@ type Config struct {
PollingInterval time.Duration
TTL int
HTTPClient *http.Client
- HTTPTimeout time.Duration
+ HTTPTimeout time.Duration // TODO(ldez): remove in v5
}
// NewDefaultConfig returns a default configuration for the DNSProvider.
@@ -84,7 +85,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
authClient := OAuthStaticAccessToken(config.HTTPClient, config.APIKey)
authClient.Timeout = config.HTTPTimeout
- client := govultr.NewClient(authClient)
+ client := govultr.NewClient(clientdebug.Wrap(authClient))
return &DNSProvider{client: client, config: config}, nil
}
@@ -106,7 +107,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
return fmt.Errorf("vultr: %w", err)
}
- req := govultr.DomainRecordReq{
+ req := govultr.DomainRecordCreateReq{
Name: subDomain,
Type: "TXT",
Data: `"` + info.Value + `"`,
@@ -135,6 +136,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var allErr []string
+
for _, rec := range records {
err := d.client.DomainRecord.Delete(ctx, zoneDomain, rec.ID)
if err != nil {
@@ -204,6 +206,7 @@ func (d *DNSProvider) findTxtRecords(ctx context.Context, domain, fqdn string) (
listOptions := &govultr.ListOptions{PerPage: 25}
var records []govultr.DomainRecord
+
for {
result, meta, resp, err := d.client.DomainRecord.List(ctx, zoneDomain, listOptions)
if err != nil {
diff --git a/providers/dns/vultr/vultr.toml b/providers/dns/vultr/vultr.toml
index 7d31bd52b..78e878bea 100644
--- a/providers/dns/vultr/vultr.toml
+++ b/providers/dns/vultr/vultr.toml
@@ -6,7 +6,7 @@ Since = "v0.3.1"
Example = '''
VULTR_API_KEY=xxxxx \
-lego --email you@example.com --dns vultr -d '*.example.com' -d example.com run
+lego --dns vultr -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/vultr/vultr_test.go b/providers/dns/vultr/vultr_test.go
index 9be1a19b0..17d962b2a 100644
--- a/providers/dns/vultr/vultr_test.go
+++ b/providers/dns/vultr/vultr_test.go
@@ -45,6 +45,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -164,7 +165,7 @@ func TestDNSProvider_getHostedZone(t *testing.T) {
provider := servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
- client := govultr.NewClient(nil)
+ client := govultr.NewClient(server.Client())
err := client.SetBaseURL(server.URL)
require.NoError(t, err)
@@ -221,6 +222,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -234,6 +236,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/webnames/internal/client.go b/providers/dns/webnames/internal/client.go
index 5b1a8b357..985503d2a 100644
--- a/providers/dns/webnames/internal/client.go
+++ b/providers/dns/webnames/internal/client.go
@@ -83,6 +83,7 @@ func (c *Client) doRequest(ctx context.Context, data url.Values) error {
}
var r APIResponse
+
err = json.Unmarshal(raw, &r)
if err != nil {
return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
diff --git a/providers/dns/webnames/webnames.go b/providers/dns/webnames/webnames.go
index 78905e22c..9c27164e3 100644
--- a/providers/dns/webnames/webnames.go
+++ b/providers/dns/webnames/webnames.go
@@ -6,17 +6,20 @@ import (
"errors"
"fmt"
"net/http"
+ "strings"
"time"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/webnames/internal"
)
// Environment variables names.
const (
- envNamespace = "WEBNAMES_"
+ envNamespace = "WEBNAMESRU_"
+ altEnvNamespace = "WEBNAMES_"
EnvAPIKey = envNamespace + "API_KEY"
@@ -39,10 +42,10 @@ type Config struct {
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
- PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
- PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ PropagationTimeout: env.GetOneWithFallback(EnvPropagationTimeout, dns01.DefaultPropagationTimeout, env.ParseSecond, altEnvName(EnvPropagationTimeout)),
+ PollingInterval: env.GetOneWithFallback(EnvPollingInterval, dns01.DefaultPollingInterval, env.ParseSecond, altEnvName(EnvPollingInterval)),
HTTPClient: &http.Client{
- Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ Timeout: env.GetOneWithFallback(EnvHTTPTimeout, 20*time.Second, env.ParseSecond, altEnvName(EnvHTTPTimeout)),
},
}
}
@@ -54,11 +57,11 @@ type DNSProvider struct {
}
// NewDNSProvider returns a new DNS provider using
-// environment variable WEBNAMES_API_KEY for adding and removing the DNS record.
+// environment variable WEBNAMESRU_API_KEY for adding and removing the DNS record.
func NewDNSProvider() (*DNSProvider, error) {
- values, err := env.Get(EnvAPIKey)
+ values, err := env.GetWithFallback([]string{EnvAPIKey, altEnvName(EnvAPIKey)})
if err != nil {
- return nil, fmt.Errorf("webnames: %w", err)
+ return nil, fmt.Errorf("webnamesru: %w", err)
}
config := NewDefaultConfig()
@@ -70,11 +73,11 @@ func NewDNSProvider() (*DNSProvider, error) {
// NewDNSProviderConfig return a DNSProvider instance configured for Webnames.
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
- return nil, errors.New("webnames: the configuration of the DNS provider is nil")
+ return nil, errors.New("webnamesru: the configuration of the DNS provider is nil")
}
if config.APIKey == "" {
- return nil, errors.New("webnames: credentials missing")
+ return nil, errors.New("webnamesru: credentials missing")
}
client := internal.NewClient(config.APIKey)
@@ -83,6 +86,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
@@ -92,17 +97,17 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
if err != nil {
- return fmt.Errorf("webnames: could not find zone for domain %q: %w", domain, err)
+ return fmt.Errorf("webnamesru: could not find zone for domain %q: %w", domain, err)
}
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
if err != nil {
- return fmt.Errorf("webnames: %w", err)
+ return fmt.Errorf("webnamesru: %w", err)
}
err = d.client.AddTXTRecord(context.Background(), dns01.UnFqdn(authZone), subDomain, info.Value)
if err != nil {
- return fmt.Errorf("webnames: failed to create TXT records [domain: %s, sub domain: %s]: %w",
+ return fmt.Errorf("webnamesru: failed to create TXT records [domain: %s, sub domain: %s]: %w",
dns01.UnFqdn(authZone), subDomain, err)
}
@@ -115,17 +120,17 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
if err != nil {
- return fmt.Errorf("webnames: could not find zone for domain %q: %w", domain, err)
+ return fmt.Errorf("webnamesru: could not find zone for domain %q: %w", domain, err)
}
subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
if err != nil {
- return fmt.Errorf("webnames: %w", err)
+ return fmt.Errorf("webnamesru: %w", err)
}
err = d.client.RemoveTXTRecord(context.Background(), dns01.UnFqdn(authZone), subDomain, info.Value)
if err != nil {
- return fmt.Errorf("webnames: failed to remove TXT records [domain: %s, sub domain: %s]: %w",
+ return fmt.Errorf("webnamesru: failed to remove TXT records [domain: %s, sub domain: %s]: %w",
dns01.UnFqdn(authZone), subDomain, err)
}
@@ -137,3 +142,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval
}
+
+func altEnvName(v string) string {
+ return strings.ReplaceAll(v, envNamespace, altEnvNamespace)
+}
diff --git a/providers/dns/webnames/webnames.toml b/providers/dns/webnames/webnames.toml
index 1962a69eb..b038deaf5 100644
--- a/providers/dns/webnames/webnames.toml
+++ b/providers/dns/webnames/webnames.toml
@@ -1,12 +1,13 @@
-Name = "Webnames"
+Name = "webnames.ru"
Description = ''''''
URL = "https://www.webnames.ru/"
Code = "webnames"
+Aliases = ["webnamesru"]
Since = "v4.15.0"
Example = '''
-WEBNAMES_API_KEY=xxxxxx \
-lego --email you@example.com --dns webnames -d '*.example.com' -d example.com run
+WEBNAMESRU_API_KEY=xxxxxx \
+lego --dns webnamesru -d '*.example.com' -d example.com run
'''
Additional = '''
@@ -19,11 +20,11 @@ The API key can be found: Personal account / My domains and services / Select th
[Configuration]
[Configuration.Credentials]
- WEBNAMES_API_KEY = "Domain API key"
+ WEBNAMESRU_API_KEY = "Domain API key"
[Configuration.Additional]
- WEBNAMES_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
- WEBNAMES_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
- WEBNAMES_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+ WEBNAMESRU_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ WEBNAMESRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ WEBNAMESRU_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
[Links]
API = "https://github.com/regtime-ltd/certbot-dns-webnames"
diff --git a/providers/dns/webnames/webnames_test.go b/providers/dns/webnames/webnames_test.go
index 3ec69501f..072591c68 100644
--- a/providers/dns/webnames/webnames_test.go
+++ b/providers/dns/webnames/webnames_test.go
@@ -29,13 +29,14 @@ func TestNewDNSProvider(t *testing.T) {
envVars: map[string]string{
EnvAPIKey: "",
},
- expected: "webnames: some credentials information are missing: WEBNAMES_API_KEY",
+ expected: "webnamesru: some credentials information are missing: WEBNAMESRU_API_KEY",
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -65,7 +66,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
},
{
desc: "missing credentials",
- expected: "webnames: credentials missing",
+ expected: "webnamesru: credentials missing",
},
}
@@ -93,6 +94,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -106,6 +108,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/webnamesca/internal/client.go b/providers/dns/webnamesca/internal/client.go
new file mode 100644
index 000000000..203ff9eac
--- /dev/null
+++ b/providers/dns/webnamesca/internal/client.go
@@ -0,0 +1,162 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ "github.com/go-acme/lego/v4/providers/dns/internal/useragent"
+)
+
+const defaultBaseURL = "https://www.webnames.ca/_/APICore"
+
+// Client the webnames.ca API client.
+type Client struct {
+ user string
+ key string
+
+ BaseURL *url.URL
+ HTTPClient *http.Client
+}
+
+// NewClient creates a new Client.
+func NewClient(user, key string) (*Client, error) {
+ if user == "" || key == "" {
+ return nil, errors.New("credentials missing")
+ }
+
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ return &Client{
+ user: user,
+ key: key,
+ BaseURL: baseURL,
+ HTTPClient: &http.Client{Timeout: 10 * time.Second},
+ }, nil
+}
+
+func (c *Client) AddTXTRecord(ctx context.Context, domainName, hostName, value string) ([]DNSRecordSet, error) {
+ endpoint := c.BaseURL.JoinPath("domains", domainName, "add-txt-record")
+
+ query := endpoint.Query()
+ query.Set("hostName", hostName)
+ query.Set("txt", value)
+
+ endpoint.RawQuery = query.Encode()
+
+ req, err := newJSONRequest(ctx, http.MethodPost, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var result APIResponse[*DNSInfo]
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Result.DNSRecordSets, nil
+}
+
+func (c *Client) DeleteTXTRecord(ctx context.Context, domainName, hostName, value string) ([]DNSRecordSet, error) {
+ endpoint := c.BaseURL.JoinPath("domains", domainName, "delete-txt-record")
+
+ query := endpoint.Query()
+ query.Set("hostName", hostName)
+ query.Set("txt", value)
+
+ endpoint.RawQuery = query.Encode()
+
+ req, err := newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ var result APIResponse[*DNSInfo]
+
+ err = c.do(req, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return result.Result.DNSRecordSets, nil
+}
+
+func (c *Client) do(req *http.Request, result any) error {
+ useragent.SetHeader(req.Header)
+
+ req.Header.Set("API-User", c.user)
+ req.Header.Set("API-Key", c.key)
+
+ resp, err := c.HTTPClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode/100 != 2 {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+
+ if payload != nil {
+ err := json.NewEncoder(buf).Encode(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ return req, nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var errAPI APIError
+
+ err := json.Unmarshal(raw, &errAPI)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return &errAPI
+}
diff --git a/providers/dns/webnamesca/internal/client_test.go b/providers/dns/webnamesca/internal/client_test.go
new file mode 100644
index 000000000..ad8571ed0
--- /dev/null
+++ b/providers/dns/webnamesca/internal/client_test.go
@@ -0,0 +1,96 @@
+package internal
+
+import (
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func mockBuilder() *servermock.Builder[*Client] {
+ return servermock.NewBuilder[*Client](
+ func(server *httptest.Server) (*Client, error) {
+ client, err := NewClient("user", "secret")
+ if err != nil {
+ return nil, err
+ }
+
+ client.BaseURL, _ = url.Parse(server.URL)
+ client.HTTPClient = server.Client()
+
+ return client, nil
+ },
+ servermock.CheckHeader().
+ With("API-User", "user").
+ With("API-Key", "secret").
+ WithJSONHeaders(),
+ )
+}
+
+func TestClient_AddTXTRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/example.com/add-txt-record",
+ servermock.ResponseFromFixture("add_txt_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("hostName", "foo.example.com").
+ With("txt", "value")).
+ Build(t)
+
+ result, err := client.AddTXTRecord(t.Context(), "example.com", "foo.example.com", "value")
+ require.NoError(t, err)
+
+ expected := []DNSRecordSet{{
+ Hostname: "_acme-challenge.example.com",
+ Type: "TXT",
+ Records: []string{"value"},
+ }}
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_AddTXTRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("POST /domains/example.com/add-txt-record",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ _, err := client.AddTXTRecord(t.Context(), "example.com", "foo.example.com", "value")
+ require.EqualError(t, err, "message: User does not exist., details: string, logiD: 35579, result: {}")
+}
+
+func TestClient_DeleteTXTRecord(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /domains/example.com/delete-txt-record",
+ servermock.ResponseFromFixture("delete_txt_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("hostName", "foo.example.com").
+ With("txt", "value")).
+ Build(t)
+
+ result, err := client.DeleteTXTRecord(t.Context(), "example.com", "foo.example.com", "value")
+ require.NoError(t, err)
+
+ expected := []DNSRecordSet{{
+ Hostname: "_acme-challenge.example.com",
+ Type: "TXT",
+ Records: []string{"value"},
+ }}
+
+ assert.Equal(t, expected, result)
+}
+
+func TestClient_DeleteTXTRecord_error(t *testing.T) {
+ client := mockBuilder().
+ Route("DELETE /domains/example.com/delete-txt-record",
+ servermock.ResponseFromFixture("error.json").
+ WithStatusCode(http.StatusBadRequest)).
+ Build(t)
+
+ _, err := client.DeleteTXTRecord(t.Context(), "example.com", "foo.example.com", "value")
+ require.EqualError(t, err, "message: User does not exist., details: string, logiD: 35579, result: {}")
+}
diff --git a/providers/dns/webnamesca/internal/fixtures/add_txt_record.json b/providers/dns/webnamesca/internal/fixtures/add_txt_record.json
new file mode 100644
index 000000000..9754689a7
--- /dev/null
+++ b/providers/dns/webnamesca/internal/fixtures/add_txt_record.json
@@ -0,0 +1,34 @@
+{
+ "result": {
+ "domainAdvancedDNSConfigID": 3258480,
+ "domainID": 1333334,
+ "dtCreated": "2025-10-30T11:55:23.243",
+ "dtModified": "2025-10-30T11:55:23.177",
+ "timeToLive": 21600,
+ "soAorigin": "hosting.webnames.ca",
+ "soArefresh": 21600,
+ "soAretry": 180,
+ "soAexpire": 1209600,
+ "soAnegcache": 3600,
+ "forwardingURL": null,
+ "gripping": false,
+ "name": null,
+ "dtSubmitted": "2025-10-30T11:55:24.927",
+ "dtRequestedDNSChange": null,
+ "type": "REAL_DOMAIN",
+ "userManaged": false,
+ "effectiveMgmtOption": "AD",
+ "urlForwardRootOnly": false,
+ "enableDNSSEC": false,
+ "dnsRecordSets": [
+ {
+ "hostname": "_acme-challenge.example.com",
+ "type": "TXT",
+ "records": [
+ "value"
+ ]
+ }
+ ]
+ },
+ "logID": 36014
+}
diff --git a/providers/dns/webnamesca/internal/fixtures/delete_txt_record.json b/providers/dns/webnamesca/internal/fixtures/delete_txt_record.json
new file mode 100644
index 000000000..be2279ef6
--- /dev/null
+++ b/providers/dns/webnamesca/internal/fixtures/delete_txt_record.json
@@ -0,0 +1,36 @@
+{
+ "errorMessage": "string",
+ "errorDetails": "string",
+ "logID": 0,
+ "result": {
+ "domainAdvancedDNSConfigID": 0,
+ "domainID": 0,
+ "dtCreated": "2025-10-29T21:22:31.478",
+ "dtModified": "2025-10-29T21:22:31.478",
+ "timeToLive": 0,
+ "soAorigin": "string",
+ "soArefresh": 0,
+ "soAretry": 0,
+ "soAexpire": 0,
+ "soAnegcache": 0,
+ "forwardingURL": "string",
+ "gripping": true,
+ "name": "string",
+ "dtSubmitted": "2025-10-29T21:22:31.478",
+ "dtRequestedDNSChange": "2025-10-29T21:22:31.478",
+ "type": "string",
+ "userManaged": true,
+ "effectiveMgmtOption": "string",
+ "urlForwardRootOnly": true,
+ "enableDNSSEC": true,
+ "dnsRecordSets": [
+ {
+ "hostname": "_acme-challenge.example.com",
+ "type": "TXT",
+ "records": [
+ "value"
+ ]
+ }
+ ]
+ }
+}
diff --git a/providers/dns/webnamesca/internal/fixtures/error.json b/providers/dns/webnamesca/internal/fixtures/error.json
new file mode 100644
index 000000000..3e7548abb
--- /dev/null
+++ b/providers/dns/webnamesca/internal/fixtures/error.json
@@ -0,0 +1,6 @@
+{
+ "errorMessage": "User does not exist.",
+ "errorDetails": "string",
+ "logID": 35579,
+ "result": {}
+}
diff --git a/providers/dns/webnamesca/internal/types.go b/providers/dns/webnamesca/internal/types.go
new file mode 100644
index 000000000..8dc56c33a
--- /dev/null
+++ b/providers/dns/webnamesca/internal/types.go
@@ -0,0 +1,33 @@
+package internal
+
+import (
+ "encoding/json"
+ "fmt"
+)
+
+type APIError struct {
+ ErrorMessage string `json:"errorMessage,omitempty"`
+ ErrorDetails string `json:"errorDetails,omitempty"`
+ LogID int `json:"logID,omitempty"`
+ Result json.RawMessage `json:"result,omitempty"`
+}
+
+func (a *APIError) Error() string {
+ return fmt.Sprintf("message: %s, details: %s, logiD: %d, result: %s", a.ErrorMessage, a.ErrorDetails, a.LogID, a.Result)
+}
+
+type APIResponse[T any] struct {
+ Result T `json:"result,omitempty"`
+ LogID int `json:"logID,omitempty"`
+}
+
+type DNSInfo struct {
+ DomainID int `json:"domainID,omitempty"`
+ DNSRecordSets []DNSRecordSet `json:"dnsRecordSets,omitempty"`
+}
+
+type DNSRecordSet struct {
+ Hostname string `json:"hostname"`
+ Type string `json:"type"`
+ Records []string `json:"records"`
+}
diff --git a/providers/dns/webnamesca/webnamesca.go b/providers/dns/webnamesca/webnamesca.go
new file mode 100644
index 000000000..874c1c48e
--- /dev/null
+++ b/providers/dns/webnamesca/webnamesca.go
@@ -0,0 +1,134 @@
+// Package webnamesca implements a DNS provider for solving the DNS-01 challenge using webnames.ca.
+package webnamesca
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
+ "github.com/go-acme/lego/v4/providers/dns/webnamesca/internal"
+)
+
+// Environment variables names.
+const (
+ envNamespace = "WEBNAMESCA_"
+
+ EnvAPIUser = envNamespace + "API_USER"
+ EnvAPIKey = envNamespace + "API_KEY"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIUser string
+ APIKey string
+
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ TTL int
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for webnames.ca.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIUser, EnvAPIKey)
+ if err != nil {
+ return nil, fmt.Errorf("webnamesca: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIUser = values[EnvAPIUser]
+ config.APIKey = values[EnvAPIKey]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for webnames.ca.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("webnamesca: the configuration of the DNS provider is nil")
+ }
+
+ client, err := internal.NewClient(config.APIUser, config.APIKey)
+ if err != nil {
+ return nil, fmt.Errorf("webnamesca: %w", err)
+ }
+
+ if config.HTTPClient != nil {
+ client.HTTPClient = config.HTTPClient
+ }
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
+ return &DNSProvider{
+ config: config,
+ client: client,
+ }, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("webnamesca: could not find zone for domain %q: %w", domain, err)
+ }
+
+ _, err = d.client.AddTXTRecord(context.Background(), dns01.UnFqdn(authZone), dns01.UnFqdn(info.EffectiveFQDN), info.Value)
+ if err != nil {
+ return fmt.Errorf("webnamesca: add TXT record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("webnamesca: could not find zone for domain %q: %w", domain, err)
+ }
+
+ _, err = d.client.DeleteTXTRecord(context.Background(), dns01.UnFqdn(authZone), dns01.UnFqdn(info.EffectiveFQDN), info.Value)
+ if err != nil {
+ return fmt.Errorf("webnamesca: delete TXT record: %w", err)
+ }
+
+ return nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
diff --git a/providers/dns/webnamesca/webnamesca.toml b/providers/dns/webnamesca/webnamesca.toml
new file mode 100644
index 000000000..ab68a04a0
--- /dev/null
+++ b/providers/dns/webnamesca/webnamesca.toml
@@ -0,0 +1,24 @@
+Name = "webnames.ca"
+Description = ''''''
+URL = "https://www.webnames.ca/"
+Code = "webnamesca"
+Since = "v4.28.0"
+
+Example = '''
+WEBNAMESCA_API_USER="xxx" \
+WEBNAMESCA_API_KEY="yyy" \
+lego --dns webnamesca -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ WEBNAMESCA_API_USER = "API username"
+ WEBNAMESCA_API_KEY = "API key"
+ [Configuration.Additional]
+ WEBNAMESCA_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
+ WEBNAMESCA_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
+ WEBNAMESCA_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
+ WEBNAMESCA_HTTP_TIMEOUT = "API request timeout in seconds (Default: 30)"
+
+[Links]
+ API = "https://www.webnames.ca/_/swagger/index.html"
diff --git a/providers/dns/webnamesca/webnamesca_test.go b/providers/dns/webnamesca/webnamesca_test.go
new file mode 100644
index 000000000..0459ef44e
--- /dev/null
+++ b/providers/dns/webnamesca/webnamesca_test.go
@@ -0,0 +1,199 @@
+package webnamesca
+
+import (
+ "net/http/httptest"
+ "net/url"
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIUser, EnvAPIKey).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIUser: "user",
+ EnvAPIKey: "secret",
+ },
+ },
+ {
+ desc: "missing EnvAPIUser",
+ envVars: map[string]string{
+ EnvAPIUser: "",
+ EnvAPIKey: "secret",
+ },
+ expected: "webnamesca: some credentials information are missing: WEBNAMESCA_API_USER",
+ },
+ {
+ desc: "missing EnvAPIKey",
+ envVars: map[string]string{
+ EnvAPIUser: "user",
+ EnvAPIKey: "",
+ },
+ expected: "webnamesca: some credentials information are missing: WEBNAMESCA_API_KEY",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "webnamesca: some credentials information are missing: WEBNAMESCA_API_USER,WEBNAMESCA_API_KEY",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiUser string
+ apiKey string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiUser: "user",
+ apiKey: "secret",
+ },
+ {
+ desc: "missing apiUser",
+ apiKey: "secret",
+ expected: "webnamesca: credentials missing",
+ },
+ {
+ desc: "missing apiKey",
+ apiUser: "user",
+ expected: "webnamesca: credentials missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "webnamesca: credentials missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIUser = test.apiUser
+ config.APIKey = test.apiKey
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestLivePresent(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.Present(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func TestLiveCleanUp(t *testing.T) {
+ if !envTest.IsLiveTest() {
+ t.Skip("skipping live test")
+ }
+
+ envTest.RestoreEnv()
+
+ provider, err := NewDNSProvider()
+ require.NoError(t, err)
+
+ err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
+ require.NoError(t, err)
+}
+
+func mockBuilder() *servermock.Builder[*DNSProvider] {
+ return servermock.NewBuilder(
+ func(server *httptest.Server) (*DNSProvider, error) {
+ config := NewDefaultConfig()
+ config.APIUser = "user"
+ config.APIKey = "secret"
+ config.HTTPClient = server.Client()
+
+ p, err := NewDNSProviderConfig(config)
+ if err != nil {
+ return nil, err
+ }
+
+ p.client.BaseURL, _ = url.Parse(server.URL)
+
+ return p, nil
+ },
+ servermock.CheckHeader().
+ WithJSONHeaders().
+ With("API-User", "user").
+ With("API-Key", "secret"),
+ )
+}
+
+func TestDNSProvider_Present(t *testing.T) {
+ provider := mockBuilder().
+ Route("POST /domains/example.com/add-txt-record",
+ servermock.ResponseFromInternal("add_txt_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("hostName", "_acme-challenge.example.com").
+ With("txt", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY")).
+ Build(t)
+
+ err := provider.Present("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
+
+func TestDNSProvider_CleanUp(t *testing.T) {
+ provider := mockBuilder().
+ Route("DELETE /domains/example.com/delete-txt-record",
+ servermock.ResponseFromInternal("delete_txt_record.json"),
+ servermock.CheckQueryParameter().Strict().
+ With("hostName", "_acme-challenge.example.com").
+ With("txt", "ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY")).
+ Build(t)
+
+ err := provider.CleanUp("example.com", "abc", "123d==")
+ require.NoError(t, err)
+}
diff --git a/providers/dns/websupport/websupport.go b/providers/dns/websupport/websupport.go
index aa3c93578..4187ba32b 100644
--- a/providers/dns/websupport/websupport.go
+++ b/providers/dns/websupport/websupport.go
@@ -2,13 +2,12 @@
package websupport
import (
- "context"
"errors"
"fmt"
"net/http"
- "strconv"
"time"
+ "github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
"github.com/go-acme/lego/v4/providers/dns/internal/active24"
@@ -30,15 +29,7 @@ const (
)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- APIKey string
- Secret string
-
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = active24.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
@@ -54,8 +45,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *active24.Client
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for Websupport.
@@ -79,81 +69,29 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("websupport: the configuration of the DNS provider is nil")
}
- client, err := active24.NewClient(baseAPIDomain, config.APIKey, config.Secret)
+ provider, err := active24.NewDNSProviderConfig(config, baseAPIDomain)
if err != nil {
return nil, fmt.Errorf("websupport: %w", err)
}
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- return &DNSProvider{
- config: config,
- client: client,
- }, nil
+ return &DNSProvider{prv: provider}, nil
}
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- ctx := context.Background()
-
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
- if err != nil {
- return fmt.Errorf("websupport: could not find zone for domain %q: %w", domain, err)
- }
-
- subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("websupport: %w", err)
}
- serviceID, err := d.findServiceID(ctx, dns01.UnFqdn(authZone))
- if err != nil {
- return fmt.Errorf("websupport: find service ID: %w", err)
- }
-
- record := active24.Record{
- Type: "TXT",
- Name: subDomain,
- Content: info.Value,
- TTL: d.config.TTL,
- }
-
- err = d.client.CreateRecord(ctx, strconv.Itoa(serviceID), record)
- if err != nil {
- return fmt.Errorf("websupport: create record: %w", err)
- }
-
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- ctx := context.Background()
-
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
- return fmt.Errorf("websupport: could not find zone for domain %q: %w", domain, err)
- }
-
- serviceID, err := d.findServiceID(ctx, dns01.UnFqdn(authZone))
- if err != nil {
- return fmt.Errorf("websupport: find service ID: %w", err)
- }
-
- recordID, err := d.findRecordID(ctx, strconv.Itoa(serviceID), info)
- if err != nil {
- return fmt.Errorf("websupport: find record ID: %w", err)
- }
-
- err = d.client.DeleteRecord(ctx, strconv.Itoa(serviceID), strconv.Itoa(recordID))
- if err != nil {
- return fmt.Errorf("websupport: delete record %w", err)
+ return fmt.Errorf("websupport: %w", err)
}
return nil
@@ -162,58 +100,5 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
-}
-
-func (d *DNSProvider) findServiceID(ctx context.Context, domain string) (int, error) {
- services, err := d.client.GetServices(ctx)
- if err != nil {
- return 0, fmt.Errorf("get services: %w", err)
- }
-
- for _, service := range services {
- if service.ServiceName != "domain" {
- continue
- }
-
- if service.Name != domain {
- continue
- }
-
- return service.ID, nil
- }
-
- return 0, fmt.Errorf("service not found for domain: %s", domain)
-}
-
-func (d *DNSProvider) findRecordID(ctx context.Context, serviceID string, info dns01.ChallengeInfo) (int, error) {
- // NOTE(ldez): Despite the API documentation, the filter doesn't seem to work.
- filter := active24.RecordFilter{
- Name: dns01.UnFqdn(info.EffectiveFQDN),
- Type: []string{"TXT"},
- Content: info.Value,
- }
-
- records, err := d.client.GetRecords(ctx, serviceID, filter)
- if err != nil {
- return 0, fmt.Errorf("get records: %w", err)
- }
-
- for _, record := range records {
- if record.Type != "TXT" {
- continue
- }
-
- if record.Name != dns01.UnFqdn(info.EffectiveFQDN) {
- continue
- }
-
- if record.Content != info.Value {
- continue
- }
-
- return record.ID, nil
- }
-
- return 0, errors.New("no record found")
+ return d.prv.Timeout()
}
diff --git a/providers/dns/websupport/websupport.toml b/providers/dns/websupport/websupport.toml
index 1f34b431b..4908f0235 100644
--- a/providers/dns/websupport/websupport.toml
+++ b/providers/dns/websupport/websupport.toml
@@ -7,7 +7,7 @@ Since = "v4.10.0"
Example = '''
WEBSUPPORT_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
WEBSUPPORT_SECRET="yyyyyyyyyyyyyyyyyyyyy" \
-lego --email you@example.com --dns websupport -d '*.example.com' -d example.com run
+lego --dns websupport -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/websupport/websupport_test.go b/providers/dns/websupport/websupport_test.go
index 051fdb837..196c9bab8 100644
--- a/providers/dns/websupport/websupport_test.go
+++ b/providers/dns/websupport/websupport_test.go
@@ -50,6 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -59,8 +60,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -109,8 +109,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -124,6 +123,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -137,6 +137,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/wedos/internal/client.go b/providers/dns/wedos/internal/client.go
index 1f573e397..48c89d189 100644
--- a/providers/dns/wedos/internal/client.go
+++ b/providers/dns/wedos/internal/client.go
@@ -69,6 +69,7 @@ func (c *Client) AddRecord(ctx context.Context, zone string, record DNSRow) erro
}
cmd := commandDNSRowAdd
+
if record.ID == "" {
payload.Name = record.Name
} else {
diff --git a/providers/dns/wedos/internal/token.go b/providers/dns/wedos/internal/token.go
index dd126b442..11e680cb8 100644
--- a/providers/dns/wedos/internal/token.go
+++ b/providers/dns/wedos/internal/token.go
@@ -15,6 +15,7 @@ func authToken(userName, wapiPass string) string {
func sha1string(txt string) string {
h := sha1.New()
_, _ = io.WriteString(h, txt)
+
return hex.EncodeToString(h.Sum(nil))
}
@@ -46,11 +47,13 @@ func utcToCet(utc time.Time) time.Time {
if utcMonth < time.March || utcMonth > time.October {
return utc.Add(time.Hour)
}
+
if utcMonth > time.March && utcMonth < time.October {
return utc.Add(time.Hour * 2)
}
dayOff := 0
+
breaking := time.Date(utc.Year(), utcMonth+1, dayOff, 1, 0, 0, 0, time.UTC)
for breaking.Weekday() != time.Sunday {
dayOff--
@@ -65,6 +68,7 @@ func utcToCet(utc time.Time) time.Time {
if (utcMonth == time.March && utc.Before(breaking)) || (utcMonth == time.October && utc.After(breaking)) {
return utc.Add(time.Hour)
}
+
return utc.Add(time.Hour * 2)
}
diff --git a/providers/dns/wedos/wedos.go b/providers/dns/wedos/wedos.go
index 85187ec46..164fb5f10 100644
--- a/providers/dns/wedos/wedos.go
+++ b/providers/dns/wedos/wedos.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/wedos/internal"
)
@@ -94,6 +95,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{config: config, client: client}, nil
}
diff --git a/providers/dns/wedos/wedos.toml b/providers/dns/wedos/wedos.toml
index 2ed351a2d..89abfc16c 100644
--- a/providers/dns/wedos/wedos.toml
+++ b/providers/dns/wedos/wedos.toml
@@ -7,7 +7,7 @@ Since = "v4.4.0"
Example = '''
WEDOS_USERNAME=xxxxxxxx \
WEDOS_WAPI_PASSWORD=xxxxxxxx \
-lego --email you@example.com --dns wedos -d '*.example.com' -d example.com run
+lego --dns wedos -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/wedos/wedos_test.go b/providers/dns/wedos/wedos_test.go
index 9363002b5..25f70d0fc 100644
--- a/providers/dns/wedos/wedos_test.go
+++ b/providers/dns/wedos/wedos_test.go
@@ -54,6 +54,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -120,6 +121,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -133,6 +135,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/westcn/westcn.go b/providers/dns/westcn/westcn.go
index 37f357b70..1906f9737 100644
--- a/providers/dns/westcn/westcn.go
+++ b/providers/dns/westcn/westcn.go
@@ -2,17 +2,14 @@
package westcn
import (
- "context"
"errors"
"fmt"
"net/http"
- "sync"
"time"
"github.com/go-acme/lego/v4/challenge"
- "github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
- "github.com/go-acme/lego/v4/providers/dns/westcn/internal"
+ "github.com/go-acme/lego/v4/providers/dns/internal/westcn"
)
// Environment variables names.
@@ -28,18 +25,12 @@ const (
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
+const defaultBaseURL = "https://api.west.cn/api/v2"
+
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- Username string
- Password string
-
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = westcn.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
@@ -55,11 +46,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *internal.Client
-
- recordIDs map[string]int
- recordIDsMu sync.Mutex
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for West.cn/西部数码.
@@ -82,88 +69,36 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("westcn: the configuration of the DNS provider is nil")
}
- client, err := internal.NewClient(config.Username, config.Password)
+ provider, err := westcn.NewDNSProviderConfig(config, defaultBaseURL)
if err != nil {
return nil, fmt.Errorf("westcn: %w", err)
}
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- return &DNSProvider{
- config: config,
- client: client,
- recordIDs: make(map[string]int),
- }, nil
+ return &DNSProvider{prv: provider}, nil
}
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
- if err != nil {
- return fmt.Errorf("westcn: could not find zone for domain %q: %w", domain, err)
- }
-
- subDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
return fmt.Errorf("westcn: %w", err)
}
- record := internal.Record{
- Domain: dns01.UnFqdn(authZone),
- Host: subDomain,
- Type: "TXT",
- Value: info.Value,
- TTL: d.config.TTL,
- }
-
- recordID, err := d.client.AddRecord(context.Background(), record)
- if err != nil {
- return fmt.Errorf("westcn: add record: %w", err)
- }
-
- d.recordIDsMu.Lock()
- d.recordIDs[token] = recordID
- d.recordIDsMu.Unlock()
-
return nil
}
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
- return fmt.Errorf("westcn: could not find zone for domain %q: %w", domain, err)
+ return fmt.Errorf("westcn: %w", err)
}
- // gets the record's unique ID
- d.recordIDsMu.Lock()
- recordID, ok := d.recordIDs[token]
- d.recordIDsMu.Unlock()
- if !ok {
- return fmt.Errorf("westcn: unknown record ID for '%s' '%s'", info.EffectiveFQDN, token)
- }
-
- err = d.client.DeleteRecord(context.Background(), dns01.UnFqdn(authZone), recordID)
- if err != nil {
- return fmt.Errorf("westcn: delete record: %w", err)
- }
-
- // deletes record ID from map
- d.recordIDsMu.Lock()
- delete(d.recordIDs, token)
- d.recordIDsMu.Unlock()
-
return nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Adjusting here to cope with spikes in propagation times.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
+ return d.prv.Timeout()
}
diff --git a/providers/dns/westcn/westcn.toml b/providers/dns/westcn/westcn.toml
index acf3a4e49..1b0cb0a7a 100644
--- a/providers/dns/westcn/westcn.toml
+++ b/providers/dns/westcn/westcn.toml
@@ -7,7 +7,7 @@ Since = "v4.21.0"
Example = '''
WESTCN_USERNAME="xxx" \
WESTCN_PASSWORD="yyy" \
-lego --email you@example.com --dns westcn -d '*.example.com' -d example.com run
+lego --dns westcn -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/westcn/westcn_test.go b/providers/dns/westcn/westcn_test.go
index 71632d99f..a546d518e 100644
--- a/providers/dns/westcn/westcn_test.go
+++ b/providers/dns/westcn/westcn_test.go
@@ -50,6 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -59,8 +60,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -107,8 +107,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
- require.NotNil(t, p.client)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -122,6 +121,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -135,6 +135,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/yandex/internal/client.go b/providers/dns/yandex/internal/client.go
index 98480a793..4b0421f49 100644
--- a/providers/dns/yandex/internal/client.go
+++ b/providers/dns/yandex/internal/client.go
@@ -51,6 +51,7 @@ func (c *Client) AddRecord(ctx context.Context, payload Record) (*Record, error)
}
r := AddResponse{}
+
err = c.do(req, &r)
if err != nil {
return nil, err
@@ -68,6 +69,7 @@ func (c *Client) RemoveRecord(ctx context.Context, payload Record) (int, error)
}
r := RemoveResponse{}
+
err = c.do(req, &r)
if err != nil {
return 0, err
@@ -89,6 +91,7 @@ func (c *Client) GetRecords(ctx context.Context, domain string) ([]Record, error
}
r := ListResponse{}
+
err = c.do(req, &r)
if err != nil {
return nil, err
diff --git a/providers/dns/yandex/internal/types.go b/providers/dns/yandex/internal/types.go
index ed1873cef..48a85042c 100644
--- a/providers/dns/yandex/internal/types.go
+++ b/providers/dns/yandex/internal/types.go
@@ -30,18 +30,21 @@ func (r BaseResponse) GetError() string {
type AddResponse struct {
BaseResponse
+
Domain string `json:"domain,omitempty"`
Record *Record `json:"record,omitempty"`
}
type RemoveResponse struct {
BaseResponse
+
Domain string `json:"domain,omitempty"`
RecordID int `json:"record_id,omitempty"`
}
type ListResponse struct {
BaseResponse
+
Domain string `json:"domain,omitempty"`
Records []Record `json:"records,omitempty"`
}
diff --git a/providers/dns/yandex/yandex.go b/providers/dns/yandex/yandex.go
index c51602f67..7ae505ec0 100644
--- a/providers/dns/yandex/yandex.go
+++ b/providers/dns/yandex/yandex.go
@@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/yandex/internal"
"github.com/miekg/dns"
)
@@ -88,6 +89,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{client: client, config: config}, nil
}
@@ -133,6 +136,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var record *internal.Record
+
for _, rcd := range records {
if rcd.Type == "TXT" && rcd.SubDomain == subDomain && rcd.Content == info.Value {
record = &rcd
@@ -153,6 +157,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("yandex: %w", err)
}
+
return nil
}
diff --git a/providers/dns/yandex/yandex.toml b/providers/dns/yandex/yandex.toml
index 78da1444d..a36df069e 100644
--- a/providers/dns/yandex/yandex.toml
+++ b/providers/dns/yandex/yandex.toml
@@ -7,7 +7,7 @@ Since = "v3.7.0"
Example = '''
YANDEX_PDD_TOKEN= \
-lego --email you@example.com --dns yandex -d '*.example.com' -d example.com run
+lego --dns yandex -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/yandex/yandex_test.go b/providers/dns/yandex/yandex_test.go
index 144a24126..8a0a7534a 100644
--- a/providers/dns/yandex/yandex_test.go
+++ b/providers/dns/yandex/yandex_test.go
@@ -33,6 +33,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -95,6 +96,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -108,6 +110,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/yandex360/internal/client.go b/providers/dns/yandex360/internal/client.go
index 9ffececaf..33aeb0daa 100644
--- a/providers/dns/yandex360/internal/client.go
+++ b/providers/dns/yandex360/internal/client.go
@@ -138,6 +138,7 @@ func parseError(req *http.Request, resp *http.Response) error {
raw, _ := io.ReadAll(resp.Body)
var apiErr APIError
+
err := json.Unmarshal(raw, &apiErr)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/yandex360/yandex360.go b/providers/dns/yandex360/yandex360.go
index e2ee7beb2..0f4571750 100644
--- a/providers/dns/yandex360/yandex360.go
+++ b/providers/dns/yandex360/yandex360.go
@@ -13,7 +13,9 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/yandex360/internal"
+ "github.com/miekg/dns"
)
// Environment variables names.
@@ -97,6 +99,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
client: client,
config: config,
@@ -108,7 +112,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
- authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(info.EffectiveFQDN))
+ authZone, err := dns01.FindZoneByFqdn(dns.Fqdn(info.EffectiveFQDN))
if err != nil {
return fmt.Errorf("yandex360: could not find zone for domain %q: %w", domain, err)
}
@@ -143,7 +147,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
info := dns01.GetChallengeInfo(domain, keyAuth)
- authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(info.EffectiveFQDN))
+ authZone, err := dns01.FindZoneByFqdn(dns.Fqdn(info.EffectiveFQDN))
if err != nil {
return fmt.Errorf("yandex360: could not find zone for domain %q: %w", domain, err)
}
diff --git a/providers/dns/yandex360/yandex360.toml b/providers/dns/yandex360/yandex360.toml
index 69ea02a28..444b1cc38 100644
--- a/providers/dns/yandex360/yandex360.toml
+++ b/providers/dns/yandex360/yandex360.toml
@@ -8,7 +8,7 @@ Since = "v4.14.0"
Example = '''
YANDEX360_OAUTH_TOKEN= \
YANDEX360_ORG_ID= \
-lego --email you@example.com --dns yandex360 -d '*.example.com' -d example.com run
+lego --dns yandex360 -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/yandex360/yandex360_test.go b/providers/dns/yandex360/yandex360_test.go
index 545c90985..c1d37ad12 100644
--- a/providers/dns/yandex360/yandex360_test.go
+++ b/providers/dns/yandex360/yandex360_test.go
@@ -43,6 +43,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -109,6 +110,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -122,6 +124,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/yandexcloud/yandexcloud.go b/providers/dns/yandexcloud/yandexcloud.go
index 346b6d952..f9c64def1 100644
--- a/providers/dns/yandexcloud/yandexcloud.go
+++ b/providers/dns/yandexcloud/yandexcloud.go
@@ -229,6 +229,7 @@ func (d *DNSProvider) upsertRecordSetData(ctx context.Context, zoneID, name, val
}
var deletions []*ycdnsproto.RecordSet
+
if exist != nil {
record.SetData(append(record.GetData(), exist.GetData()...))
deletions = append(deletions, exist)
@@ -307,6 +308,7 @@ func decodeCredentials(accountB64 string) (credentials.Credentials, error) {
}
key := &iamkey.Key{}
+
err = json.Unmarshal(account, key)
if err != nil {
return nil, err
diff --git a/providers/dns/yandexcloud/yandexcloud.toml b/providers/dns/yandexcloud/yandexcloud.toml
index a4bf3ebbb..d4b40bb1d 100644
--- a/providers/dns/yandexcloud/yandexcloud.toml
+++ b/providers/dns/yandexcloud/yandexcloud.toml
@@ -7,7 +7,7 @@ Since = "v4.9.0"
Example = '''
YANDEX_CLOUD_IAM_TOKEN= \
YANDEX_CLOUD_FOLDER_ID= \
-lego --email you@example.com --dns yandexcloud -d '*.example.com' -d example.com run
+lego --dns yandexcloud -d '*.example.com' -d example.com run
# ---
@@ -20,7 +20,7 @@ YANDEX_CLOUD_IAM_TOKEN=$(echo '{ \
"private_key": "-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----" \
}' | base64) \
YANDEX_CLOUD_FOLDER_ID= \
-lego --email you@example.com --dns yandexcloud -d '*.example.com' -d example.com run
+lego --dns yandexcloud -d '*.example.com' -d example.com run
'''
Additional = '''
diff --git a/providers/dns/yandexcloud/yandexcloud_test.go b/providers/dns/yandexcloud/yandexcloud_test.go
index 48f75d134..52dad574d 100644
--- a/providers/dns/yandexcloud/yandexcloud_test.go
+++ b/providers/dns/yandexcloud/yandexcloud_test.go
@@ -71,6 +71,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -143,6 +144,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -156,6 +158,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/zoneedit/internal/client.go b/providers/dns/zoneedit/internal/client.go
index e97f4beb9..c8b99e173 100644
--- a/providers/dns/zoneedit/internal/client.go
+++ b/providers/dns/zoneedit/internal/client.go
@@ -98,6 +98,7 @@ func (c *Client) do(req *http.Request) error {
}
var apiErr APIError
+
err = xml.Unmarshal(raw, &apiErr)
if err != nil {
return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
diff --git a/providers/dns/zoneedit/zoneedit.go b/providers/dns/zoneedit/zoneedit.go
index 875b84233..c815f975a 100644
--- a/providers/dns/zoneedit/zoneedit.go
+++ b/providers/dns/zoneedit/zoneedit.go
@@ -9,6 +9,7 @@ import (
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/zoneedit/internal"
)
@@ -80,6 +81,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
client.HTTPClient = config.HTTPClient
}
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
return &DNSProvider{
config: config,
client: client,
diff --git a/providers/dns/zoneedit/zoneedit.toml b/providers/dns/zoneedit/zoneedit.toml
index d3c547c23..cdc53b33a 100644
--- a/providers/dns/zoneedit/zoneedit.toml
+++ b/providers/dns/zoneedit/zoneedit.toml
@@ -7,7 +7,7 @@ Since = "v4.25.0"
Example = '''
ZONEEDIT_USER="xxxxxxxxxxxxxxxxxxxxx" \
ZONEEDIT_AUTH_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
-lego --email you@example.com --dns zoneedit -d '*.example.com' -d example.com run
+lego --dns zoneedit -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/zoneedit/zoneedit_test.go b/providers/dns/zoneedit/zoneedit_test.go
index 2a9b1754d..0b251fddf 100644
--- a/providers/dns/zoneedit/zoneedit_test.go
+++ b/providers/dns/zoneedit/zoneedit_test.go
@@ -50,6 +50,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -122,6 +123,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -135,6 +137,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/zoneee/zoneee.go b/providers/dns/zoneee/zoneee.go
index 7dbbc4314..5c34ea1c9 100644
--- a/providers/dns/zoneee/zoneee.go
+++ b/providers/dns/zoneee/zoneee.go
@@ -12,6 +12,7 @@ import (
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/internal/clientdebug"
"github.com/go-acme/lego/v4/providers/dns/zoneee/internal"
)
@@ -69,6 +70,7 @@ func NewDNSProvider() (*DNSProvider, error) {
}
rawEndpoint := env.GetOrDefaultString(EnvEndpoint, internal.DefaultEndpoint)
+
endpoint, err := url.Parse(rawEndpoint)
if err != nil {
return nil, fmt.Errorf("zoneee: %w", err)
@@ -105,6 +107,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config.HTTPClient != nil {
client.HTTPClient = config.HTTPClient
}
+
+ client.HTTPClient = clientdebug.Wrap(client.HTTPClient)
+
if config.Endpoint != nil {
client.BaseURL = config.Endpoint
}
@@ -138,6 +143,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("zoneee: %w", err)
}
+
return nil
}
@@ -160,6 +166,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
}
var id string
+
for _, record := range records {
if record.Destination == info.Value {
id = record.ID
diff --git a/providers/dns/zoneee/zoneee.toml b/providers/dns/zoneee/zoneee.toml
index 75ccabbda..ab7133180 100644
--- a/providers/dns/zoneee/zoneee.toml
+++ b/providers/dns/zoneee/zoneee.toml
@@ -7,7 +7,7 @@ Since = "v2.1.0"
Example = '''
ZONEEE_API_USER=xxxxx \
ZONEEE_API_KEY=yyyyy \
-lego --email you@example.com --dns zoneee -d '*.example.com' -d example.com run
+lego --dns zoneee -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/zoneee/zoneee_test.go b/providers/dns/zoneee/zoneee_test.go
index 6f50cf36e..9ad87c02a 100644
--- a/providers/dns/zoneee/zoneee_test.go
+++ b/providers/dns/zoneee/zoneee_test.go
@@ -77,6 +77,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -247,6 +248,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -260,6 +262,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -273,6 +276,7 @@ func mockBuilder(username, apiKey string) *servermock.Builder[*DNSProvider] {
return servermock.NewBuilder(
func(server *httptest.Server) (*DNSProvider, error) {
config := NewDefaultConfig()
+ config.HTTPClient = server.Client()
config.Endpoint, _ = url.Parse(server.URL)
config.Username = username
config.APIKey = apiKey
@@ -285,6 +289,7 @@ func mockBuilder(username, apiKey string) *servermock.Builder[*DNSProvider] {
func mockHandlerCreateRecord() http.HandlerFunc {
return encodeJSONHandler(func(req *http.Request, rw http.ResponseWriter) (any, error) {
record := internal.TXTRecord{}
+
err := json.NewDecoder(req.Body).Decode(&record)
if err != nil {
return nil, err
@@ -339,6 +344,7 @@ func checkBasicAuth() servermock.LinkFunc {
if username != fakeUsername || apiKey != fakeAPIKey || !ok {
rw.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm=%q`, "Please enter your username and API key."))
http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+
return
}
diff --git a/providers/dns/zonomi/zonomi.go b/providers/dns/zonomi/zonomi.go
index 8c7a2943f..fe54b80fc 100644
--- a/providers/dns/zonomi/zonomi.go
+++ b/providers/dns/zonomi/zonomi.go
@@ -2,7 +2,6 @@
package zonomi
import (
- "context"
"errors"
"fmt"
"net/http"
@@ -26,22 +25,17 @@ const (
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
+const defaultBaseURL = "https://zonomi.com/app/dns/dyndns.jsp"
+
var _ challenge.ProviderTimeout = (*DNSProvider)(nil)
// Config is used to configure the creation of the DNSProvider.
-type Config struct {
- APIKey string
-
- PropagationTimeout time.Duration
- PollingInterval time.Duration
- TTL int
- HTTPClient *http.Client
-}
+type Config = rimuhosting.Config
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
- TTL: env.GetOrDefaultInt(EnvTTL, 3600),
+ TTL: env.GetOrDefaultInt(EnvTTL, rimuhosting.DefaultTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
HTTPClient: &http.Client{
@@ -52,8 +46,7 @@ func NewDefaultConfig() *Config {
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
- config *Config
- client *rimuhosting.Client
+ prv challenge.ProviderTimeout
}
// NewDNSProvider returns a DNSProvider instance configured for Zonomi.
@@ -76,48 +69,19 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
return nil, errors.New("zonomi: the configuration of the DNS provider is nil")
}
- if config.APIKey == "" {
- return nil, errors.New("zonomi: incomplete credentials, missing API key")
+ provider, err := rimuhosting.NewDNSProviderConfig(config, defaultBaseURL)
+ if err != nil {
+ return nil, fmt.Errorf("zonomi: %w", err)
}
- client := rimuhosting.NewClient(config.APIKey)
- client.BaseURL = rimuhosting.DefaultZonomiBaseURL
-
- if config.HTTPClient != nil {
- client.HTTPClient = config.HTTPClient
- }
-
- return &DNSProvider{config: config, client: client}, nil
-}
-
-// Timeout returns the timeout and interval to use when checking for DNS propagation.
-// Adjusting here to cope with spikes in propagation times.
-func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
- return d.config.PropagationTimeout, d.config.PollingInterval
+ return &DNSProvider{prv: provider}, nil
}
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- ctx := context.Background()
-
- records, err := d.client.FindTXTRecords(ctx, dns01.UnFqdn(info.EffectiveFQDN))
+ err := d.prv.Present(domain, token, keyAuth)
if err != nil {
- return fmt.Errorf("zonomi: failed to find record(s) for %s: %w", domain, err)
- }
-
- actions := []rimuhosting.ActionParameter{
- rimuhosting.NewAddRecordAction(dns01.UnFqdn(info.EffectiveFQDN), info.Value, d.config.TTL),
- }
-
- for _, record := range records {
- actions = append(actions, rimuhosting.NewAddRecordAction(record.Name, record.Content, d.config.TTL))
- }
-
- _, err = d.client.DoActions(ctx, actions...)
- if err != nil {
- return fmt.Errorf("zonomi: failed to add record(s) for %s: %w", domain, err)
+ return fmt.Errorf("zonomi: %w", err)
}
return nil
@@ -125,14 +89,16 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
- info := dns01.GetChallengeInfo(domain, keyAuth)
-
- action := rimuhosting.NewDeleteRecordAction(dns01.UnFqdn(info.EffectiveFQDN), info.Value)
-
- _, err := d.client.DoActions(context.Background(), action)
+ err := d.prv.CleanUp(domain, token, keyAuth)
if err != nil {
- return fmt.Errorf("zonomi: failed to delete record for %s: %w", domain, err)
+ return fmt.Errorf("zonomi: %w", err)
}
return nil
}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.prv.Timeout()
+}
diff --git a/providers/dns/zonomi/zonomi.toml b/providers/dns/zonomi/zonomi.toml
index a5577999a..b91bcaac6 100644
--- a/providers/dns/zonomi/zonomi.toml
+++ b/providers/dns/zonomi/zonomi.toml
@@ -6,7 +6,7 @@ Since = "v3.5.0"
Example = '''
ZONOMI_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns zonomi -d '*.example.com' -d example.com run
+lego --dns zonomi -d '*.example.com' -d example.com run
'''
[Configuration]
diff --git a/providers/dns/zonomi/zonomi_test.go b/providers/dns/zonomi/zonomi_test.go
index fb1b68773..2e13e937e 100644
--- a/providers/dns/zonomi/zonomi_test.go
+++ b/providers/dns/zonomi/zonomi_test.go
@@ -36,6 +36,7 @@ func TestNewDNSProvider(t *testing.T) {
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
defer envTest.RestoreEnv()
+
envTest.ClearEnv()
envTest.Apply(test.envVars)
@@ -45,7 +46,7 @@ func TestNewDNSProvider(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -83,7 +84,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
if test.expected == "" {
require.NoError(t, err)
require.NotNil(t, p)
- require.NotNil(t, p.config)
+ require.NotNil(t, p.prv)
} else {
require.EqualError(t, err, test.expected)
}
@@ -97,6 +98,7 @@ func TestLivePresent(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
@@ -110,6 +112,7 @@ func TestLiveCleanUp(t *testing.T) {
}
envTest.RestoreEnv()
+
provider, err := NewDNSProvider()
require.NoError(t, err)
diff --git a/providers/dns/zz_gen_dns_providers.go b/providers/dns/zz_gen_dns_providers.go
index 59205f7f6..9c4bc9e61 100644
--- a/providers/dns/zz_gen_dns_providers.go
+++ b/providers/dns/zz_gen_dns_providers.go
@@ -6,11 +6,14 @@ import (
"fmt"
"github.com/go-acme/lego/v4/challenge"
- "github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/providers/dns/acmedns"
"github.com/go-acme/lego/v4/providers/dns/active24"
"github.com/go-acme/lego/v4/providers/dns/alidns"
+ "github.com/go-acme/lego/v4/providers/dns/aliesa"
"github.com/go-acme/lego/v4/providers/dns/allinkl"
+ "github.com/go-acme/lego/v4/providers/dns/alwaysdata"
+ "github.com/go-acme/lego/v4/providers/dns/anexia"
+ "github.com/go-acme/lego/v4/providers/dns/artfiles"
"github.com/go-acme/lego/v4/providers/dns/arvancloud"
"github.com/go-acme/lego/v4/providers/dns/auroradns"
"github.com/go-acme/lego/v4/providers/dns/autodns"
@@ -19,8 +22,11 @@ import (
"github.com/go-acme/lego/v4/providers/dns/azure"
"github.com/go-acme/lego/v4/providers/dns/azuredns"
"github.com/go-acme/lego/v4/providers/dns/baiducloud"
+ "github.com/go-acme/lego/v4/providers/dns/beget"
+ "github.com/go-acme/lego/v4/providers/dns/binarylane"
"github.com/go-acme/lego/v4/providers/dns/bindman"
"github.com/go-acme/lego/v4/providers/dns/bluecat"
+ "github.com/go-acme/lego/v4/providers/dns/bluecatv2"
"github.com/go-acme/lego/v4/providers/dns/bookmyname"
"github.com/go-acme/lego/v4/providers/dns/brandit"
"github.com/go-acme/lego/v4/providers/dns/bunny"
@@ -31,16 +37,20 @@ import (
"github.com/go-acme/lego/v4/providers/dns/cloudns"
"github.com/go-acme/lego/v4/providers/dns/cloudru"
"github.com/go-acme/lego/v4/providers/dns/cloudxns"
+ "github.com/go-acme/lego/v4/providers/dns/com35"
"github.com/go-acme/lego/v4/providers/dns/conoha"
"github.com/go-acme/lego/v4/providers/dns/conohav3"
"github.com/go-acme/lego/v4/providers/dns/constellix"
"github.com/go-acme/lego/v4/providers/dns/corenetworks"
"github.com/go-acme/lego/v4/providers/dns/cpanel"
+ "github.com/go-acme/lego/v4/providers/dns/czechia"
+ "github.com/go-acme/lego/v4/providers/dns/ddnss"
"github.com/go-acme/lego/v4/providers/dns/derak"
"github.com/go-acme/lego/v4/providers/dns/desec"
"github.com/go-acme/lego/v4/providers/dns/designate"
"github.com/go-acme/lego/v4/providers/dns/digitalocean"
"github.com/go-acme/lego/v4/providers/dns/directadmin"
+ "github.com/go-acme/lego/v4/providers/dns/dnsexit"
"github.com/go-acme/lego/v4/providers/dns/dnshomede"
"github.com/go-acme/lego/v4/providers/dns/dnsimple"
"github.com/go-acme/lego/v4/providers/dns/dnsmadeeasy"
@@ -53,9 +63,13 @@ import (
"github.com/go-acme/lego/v4/providers/dns/dyndnsfree"
"github.com/go-acme/lego/v4/providers/dns/dynu"
"github.com/go-acme/lego/v4/providers/dns/easydns"
+ "github.com/go-acme/lego/v4/providers/dns/edgecenter"
"github.com/go-acme/lego/v4/providers/dns/edgedns"
+ "github.com/go-acme/lego/v4/providers/dns/edgeone"
"github.com/go-acme/lego/v4/providers/dns/efficientip"
"github.com/go-acme/lego/v4/providers/dns/epik"
+ "github.com/go-acme/lego/v4/providers/dns/eurodns"
+ "github.com/go-acme/lego/v4/providers/dns/excedo"
"github.com/go-acme/lego/v4/providers/dns/exec"
"github.com/go-acme/lego/v4/providers/dns/exoscale"
"github.com/go-acme/lego/v4/providers/dns/f5xc"
@@ -64,11 +78,15 @@ import (
"github.com/go-acme/lego/v4/providers/dns/gandiv5"
"github.com/go-acme/lego/v4/providers/dns/gcloud"
"github.com/go-acme/lego/v4/providers/dns/gcore"
+ "github.com/go-acme/lego/v4/providers/dns/gigahostno"
"github.com/go-acme/lego/v4/providers/dns/glesys"
"github.com/go-acme/lego/v4/providers/dns/godaddy"
"github.com/go-acme/lego/v4/providers/dns/googledomains"
+ "github.com/go-acme/lego/v4/providers/dns/gravity"
"github.com/go-acme/lego/v4/providers/dns/hetzner"
"github.com/go-acme/lego/v4/providers/dns/hostingde"
+ "github.com/go-acme/lego/v4/providers/dns/hostinger"
+ "github.com/go-acme/lego/v4/providers/dns/hostingnl"
"github.com/go-acme/lego/v4/providers/dns/hosttech"
"github.com/go-acme/lego/v4/providers/dns/httpnet"
"github.com/go-acme/lego/v4/providers/dns/httpreq"
@@ -83,9 +101,15 @@ import (
"github.com/go-acme/lego/v4/providers/dns/internetbs"
"github.com/go-acme/lego/v4/providers/dns/inwx"
"github.com/go-acme/lego/v4/providers/dns/ionos"
+ "github.com/go-acme/lego/v4/providers/dns/ionoscloud"
"github.com/go-acme/lego/v4/providers/dns/ipv64"
+ "github.com/go-acme/lego/v4/providers/dns/ispconfig"
+ "github.com/go-acme/lego/v4/providers/dns/ispconfigddns"
"github.com/go-acme/lego/v4/providers/dns/iwantmyname"
+ "github.com/go-acme/lego/v4/providers/dns/jdcloud"
"github.com/go-acme/lego/v4/providers/dns/joker"
+ "github.com/go-acme/lego/v4/providers/dns/keyhelp"
+ "github.com/go-acme/lego/v4/providers/dns/leaseweb"
"github.com/go-acme/lego/v4/providers/dns/liara"
"github.com/go-acme/lego/v4/providers/dns/lightsail"
"github.com/go-acme/lego/v4/providers/dns/limacity"
@@ -95,6 +119,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/luadns"
"github.com/go-acme/lego/v4/providers/dns/mailinabox"
"github.com/go-acme/lego/v4/providers/dns/manageengine"
+ "github.com/go-acme/lego/v4/providers/dns/manual"
"github.com/go-acme/lego/v4/providers/dns/metaname"
"github.com/go-acme/lego/v4/providers/dns/metaregistrar"
"github.com/go-acme/lego/v4/providers/dns/mijnhost"
@@ -105,7 +130,9 @@ import (
"github.com/go-acme/lego/v4/providers/dns/namecheap"
"github.com/go-acme/lego/v4/providers/dns/namedotcom"
"github.com/go-acme/lego/v4/providers/dns/namesilo"
+ "github.com/go-acme/lego/v4/providers/dns/namesurfer"
"github.com/go-acme/lego/v4/providers/dns/nearlyfreespeech"
+ "github.com/go-acme/lego/v4/providers/dns/neodigit"
"github.com/go-acme/lego/v4/providers/dns/netcup"
"github.com/go-acme/lego/v4/providers/dns/netlify"
"github.com/go-acme/lego/v4/providers/dns/nicmanager"
@@ -114,6 +141,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/njalla"
"github.com/go-acme/lego/v4/providers/dns/nodion"
"github.com/go-acme/lego/v4/providers/dns/ns1"
+ "github.com/go-acme/lego/v4/providers/dns/octenium"
"github.com/go-acme/lego/v4/providers/dns/oraclecloud"
"github.com/go-acme/lego/v4/providers/dns/otc"
"github.com/go-acme/lego/v4/providers/dns/ovh"
@@ -140,21 +168,26 @@ import (
"github.com/go-acme/lego/v4/providers/dns/sonic"
"github.com/go-acme/lego/v4/providers/dns/spaceship"
"github.com/go-acme/lego/v4/providers/dns/stackpath"
+ "github.com/go-acme/lego/v4/providers/dns/syse"
"github.com/go-acme/lego/v4/providers/dns/technitium"
"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
"github.com/go-acme/lego/v4/providers/dns/timewebcloud"
+ "github.com/go-acme/lego/v4/providers/dns/todaynic"
"github.com/go-acme/lego/v4/providers/dns/transip"
"github.com/go-acme/lego/v4/providers/dns/ultradns"
+ "github.com/go-acme/lego/v4/providers/dns/uniteddomains"
"github.com/go-acme/lego/v4/providers/dns/variomedia"
"github.com/go-acme/lego/v4/providers/dns/vegadns"
"github.com/go-acme/lego/v4/providers/dns/vercel"
"github.com/go-acme/lego/v4/providers/dns/versio"
"github.com/go-acme/lego/v4/providers/dns/vinyldns"
+ "github.com/go-acme/lego/v4/providers/dns/virtualname"
"github.com/go-acme/lego/v4/providers/dns/vkcloud"
"github.com/go-acme/lego/v4/providers/dns/volcengine"
"github.com/go-acme/lego/v4/providers/dns/vscale"
"github.com/go-acme/lego/v4/providers/dns/vultr"
"github.com/go-acme/lego/v4/providers/dns/webnames"
+ "github.com/go-acme/lego/v4/providers/dns/webnamesca"
"github.com/go-acme/lego/v4/providers/dns/websupport"
"github.com/go-acme/lego/v4/providers/dns/wedos"
"github.com/go-acme/lego/v4/providers/dns/westcn"
@@ -169,16 +202,22 @@ import (
// NewDNSChallengeProviderByName Factory for DNS providers.
func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
switch name {
- case "manual":
- return dns01.NewDNSProviderManual()
case "acme-dns", "acmedns":
return acmedns.NewDNSProvider()
case "active24":
return active24.NewDNSProvider()
case "alidns":
return alidns.NewDNSProvider()
+ case "aliesa":
+ return aliesa.NewDNSProvider()
case "allinkl":
return allinkl.NewDNSProvider()
+ case "alwaysdata":
+ return alwaysdata.NewDNSProvider()
+ case "anexia":
+ return anexia.NewDNSProvider()
+ case "artfiles":
+ return artfiles.NewDNSProvider()
case "arvancloud":
return arvancloud.NewDNSProvider()
case "auroradns":
@@ -195,10 +234,16 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return azuredns.NewDNSProvider()
case "baiducloud":
return baiducloud.NewDNSProvider()
+ case "beget":
+ return beget.NewDNSProvider()
+ case "binarylane":
+ return binarylane.NewDNSProvider()
case "bindman":
return bindman.NewDNSProvider()
case "bluecat":
return bluecat.NewDNSProvider()
+ case "bluecatv2":
+ return bluecatv2.NewDNSProvider()
case "bookmyname":
return bookmyname.NewDNSProvider()
case "brandit":
@@ -219,6 +264,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return cloudru.NewDNSProvider()
case "cloudxns":
return cloudxns.NewDNSProvider()
+ case "com35":
+ return com35.NewDNSProvider()
case "conoha":
return conoha.NewDNSProvider()
case "conohav3":
@@ -229,6 +276,10 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return corenetworks.NewDNSProvider()
case "cpanel":
return cpanel.NewDNSProvider()
+ case "czechia":
+ return czechia.NewDNSProvider()
+ case "ddnss":
+ return ddnss.NewDNSProvider()
case "derak":
return derak.NewDNSProvider()
case "desec":
@@ -239,6 +290,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return digitalocean.NewDNSProvider()
case "directadmin":
return directadmin.NewDNSProvider()
+ case "dnsexit":
+ return dnsexit.NewDNSProvider()
case "dnshomede":
return dnshomede.NewDNSProvider()
case "dnsimple":
@@ -263,12 +316,20 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return dynu.NewDNSProvider()
case "easydns":
return easydns.NewDNSProvider()
+ case "edgecenter":
+ return edgecenter.NewDNSProvider()
case "edgedns", "fastdns":
return edgedns.NewDNSProvider()
+ case "edgeone":
+ return edgeone.NewDNSProvider()
case "efficientip":
return efficientip.NewDNSProvider()
case "epik":
return epik.NewDNSProvider()
+ case "eurodns":
+ return eurodns.NewDNSProvider()
+ case "excedo":
+ return excedo.NewDNSProvider()
case "exec":
return exec.NewDNSProvider()
case "exoscale":
@@ -285,16 +346,24 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return gcloud.NewDNSProvider()
case "gcore":
return gcore.NewDNSProvider()
+ case "gigahostno":
+ return gigahostno.NewDNSProvider()
case "glesys":
return glesys.NewDNSProvider()
case "godaddy":
return godaddy.NewDNSProvider()
case "googledomains":
return googledomains.NewDNSProvider()
+ case "gravity":
+ return gravity.NewDNSProvider()
case "hetzner":
return hetzner.NewDNSProvider()
case "hostingde":
return hostingde.NewDNSProvider()
+ case "hostinger":
+ return hostinger.NewDNSProvider()
+ case "hostingnl":
+ return hostingnl.NewDNSProvider()
case "hosttech":
return hosttech.NewDNSProvider()
case "httpnet":
@@ -323,12 +392,24 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return inwx.NewDNSProvider()
case "ionos":
return ionos.NewDNSProvider()
+ case "ionoscloud":
+ return ionoscloud.NewDNSProvider()
case "ipv64":
return ipv64.NewDNSProvider()
+ case "ispconfig":
+ return ispconfig.NewDNSProvider()
+ case "ispconfigddns":
+ return ispconfigddns.NewDNSProvider()
case "iwantmyname":
return iwantmyname.NewDNSProvider()
+ case "jdcloud":
+ return jdcloud.NewDNSProvider()
case "joker":
return joker.NewDNSProvider()
+ case "keyhelp":
+ return keyhelp.NewDNSProvider()
+ case "leaseweb":
+ return leaseweb.NewDNSProvider()
case "liara":
return liara.NewDNSProvider()
case "lightsail":
@@ -347,6 +428,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return mailinabox.NewDNSProvider()
case "manageengine":
return manageengine.NewDNSProvider()
+ case "manual":
+ return manual.NewDNSProvider()
case "metaname":
return metaname.NewDNSProvider()
case "metaregistrar":
@@ -367,8 +450,12 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return namedotcom.NewDNSProvider()
case "namesilo":
return namesilo.NewDNSProvider()
+ case "namesurfer":
+ return namesurfer.NewDNSProvider()
case "nearlyfreespeech":
return nearlyfreespeech.NewDNSProvider()
+ case "neodigit":
+ return neodigit.NewDNSProvider()
case "netcup":
return netcup.NewDNSProvider()
case "netlify":
@@ -385,6 +472,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return nodion.NewDNSProvider()
case "ns1":
return ns1.NewDNSProvider()
+ case "octenium":
+ return octenium.NewDNSProvider()
case "oraclecloud":
return oraclecloud.NewDNSProvider()
case "otc":
@@ -437,16 +526,22 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return spaceship.NewDNSProvider()
case "stackpath":
return stackpath.NewDNSProvider()
+ case "syse":
+ return syse.NewDNSProvider()
case "technitium":
return technitium.NewDNSProvider()
case "tencentcloud":
return tencentcloud.NewDNSProvider()
case "timewebcloud":
return timewebcloud.NewDNSProvider()
+ case "todaynic":
+ return todaynic.NewDNSProvider()
case "transip":
return transip.NewDNSProvider()
case "ultradns":
return ultradns.NewDNSProvider()
+ case "uniteddomains":
+ return uniteddomains.NewDNSProvider()
case "variomedia":
return variomedia.NewDNSProvider()
case "vegadns":
@@ -457,6 +552,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return versio.NewDNSProvider()
case "vinyldns":
return vinyldns.NewDNSProvider()
+ case "virtualname":
+ return virtualname.NewDNSProvider()
case "vkcloud":
return vkcloud.NewDNSProvider()
case "volcengine":
@@ -465,8 +562,10 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return vscale.NewDNSProvider()
case "vultr":
return vultr.NewDNSProvider()
- case "webnames":
+ case "webnames", "webnamesru":
return webnames.NewDNSProvider()
+ case "webnamesca":
+ return webnamesca.NewDNSProvider()
case "websupport":
return websupport.NewDNSProvider()
case "wedos":
diff --git a/providers/http/memcached/memcached.go b/providers/http/memcached/memcached.go
index b26def2c4..376ae8c16 100644
--- a/providers/http/memcached/memcached.go
+++ b/providers/http/memcached/memcached.go
@@ -33,12 +33,14 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
var errs []error
challengePath := path.Join("/", http01.ChallengePath(token))
+
for _, host := range w.hosts {
mc, err := memcache.New(host)
if err != nil {
errs = append(errs, err)
continue
}
+
_ = mc.Add(&memcache.Item{
Key: challengePath,
Value: []byte(keyAuth),
diff --git a/providers/http/memcached/memcached_test.go b/providers/http/memcached/memcached_test.go
index fb450f988..5862efbc6 100644
--- a/providers/http/memcached/memcached_test.go
+++ b/providers/http/memcached/memcached_test.go
@@ -25,6 +25,7 @@ func loadMemcachedHosts() []string {
if memcachedHostsStr != "" {
return strings.Split(memcachedHostsStr, ",")
}
+
return nil
}
@@ -38,6 +39,7 @@ func TestNewMemcachedProviderValid(t *testing.T) {
if len(memcachedHosts) == 0 {
t.Skip("Skipping memcached tests")
}
+
_, err := NewMemcachedProvider(memcachedHosts)
require.NoError(t, err)
}
@@ -46,6 +48,7 @@ func TestMemcachedPresentSingleHost(t *testing.T) {
if len(memcachedHosts) == 0 {
t.Skip("Skipping memcached tests")
}
+
p, err := NewMemcachedProvider(memcachedHosts[0:1])
require.NoError(t, err)
@@ -64,6 +67,7 @@ func TestMemcachedPresentMultiHost(t *testing.T) {
if len(memcachedHosts) <= 1 {
t.Skip("Skipping memcached multi-host tests")
}
+
p, err := NewMemcachedProvider(memcachedHosts)
require.NoError(t, err)
@@ -71,6 +75,7 @@ func TestMemcachedPresentMultiHost(t *testing.T) {
err = p.Present(domain, token, keyAuth)
require.NoError(t, err)
+
for _, host := range memcachedHosts {
mc, err := memcache.New(host)
require.NoError(t, err)
@@ -84,6 +89,7 @@ func TestMemcachedPresentPartialFailureMultiHost(t *testing.T) {
if len(memcachedHosts) == 0 {
t.Skip("Skipping memcached tests")
}
+
hosts := append(memcachedHosts, "5.5.5.5:11211")
p, err := NewMemcachedProvider(hosts)
require.NoError(t, err)
@@ -92,6 +98,7 @@ func TestMemcachedPresentPartialFailureMultiHost(t *testing.T) {
err = p.Present(domain, token, keyAuth)
require.NoError(t, err)
+
for _, host := range memcachedHosts {
mc, err := memcache.New(host)
require.NoError(t, err)
@@ -105,6 +112,7 @@ func TestMemcachedCleanup(t *testing.T) {
if len(memcachedHosts) == 0 {
t.Skip("Skipping memcached tests")
}
+
p, err := NewMemcachedProvider(memcachedHosts)
require.NoError(t, err)
require.NoError(t, p.CleanUp(domain, token, keyAuth))
diff --git a/providers/http/s3/s3.go b/providers/http/s3/s3.go
index 07e1eed63..e277deeea 100644
--- a/providers/http/s3/s3.go
+++ b/providers/http/s3/s3.go
@@ -57,6 +57,7 @@ func (s *HTTPProvider) Present(domain, token, keyAuth string) error {
if err != nil {
return fmt.Errorf("s3: failed to upload token to s3: %w", err)
}
+
return nil
}
diff --git a/providers/http/webroot/webroot.go b/providers/http/webroot/webroot.go
index c5b49caee..c94c4579c 100644
--- a/providers/http/webroot/webroot.go
+++ b/providers/http/webroot/webroot.go
@@ -29,6 +29,7 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
var err error
challengeFilePath := filepath.Join(w.path, http01.ChallengePath(token))
+
err = os.MkdirAll(filepath.Dir(challengeFilePath), 0o755)
if err != nil {
return fmt.Errorf("could not create required directories in webroot for HTTP challenge: %w", err)
diff --git a/providers/http/webroot/webroot_test.go b/providers/http/webroot/webroot_test.go
index 124b324a3..4c55e2b90 100644
--- a/providers/http/webroot/webroot_test.go
+++ b/providers/http/webroot/webroot_test.go
@@ -29,6 +29,7 @@ func TestHTTPProvider(t *testing.T) {
}
var data []byte
+
data, err = os.ReadFile(challengeFilePath)
require.NoError(t, err)
diff --git a/registration/registar.go b/registration/registar.go
index 15c28bad6..5d3ea250b 100644
--- a/registration/registar.go
+++ b/registration/registar.go
@@ -15,7 +15,7 @@ const mailTo = "mailto:"
// of which the client needs to keep track itself.
// WARNING: will be removed in the future (acme.ExtendedAccount), https://github.com/go-acme/lego/issues/855.
type Resource struct {
- Body acme.Account `json:"body,omitempty"`
+ Body acme.Account `json:"body"`
URI string `json:"uri,omitempty"`
}
@@ -160,6 +160,7 @@ func (r *Registrar) ResolveAccountByKey() (*Resource, error) {
log.Infof("acme: Trying to resolve account by key")
accMsg := acme.Account{OnlyReturnExisting: true}
+
account, err := r.core.Accounts.New(accMsg)
if err != nil {
return nil, err
diff --git a/registration/registar_test.go b/registration/registar_test.go
index 45fe33e82..43df1d648 100644
--- a/registration/registar_test.go
+++ b/registration/registar_test.go
@@ -3,29 +3,28 @@ package registration
import (
"crypto/rand"
"crypto/rsa"
+ "fmt"
"net/http"
"testing"
"github.com/go-acme/lego/v4/acme"
"github.com/go-acme/lego/v4/acme/api"
"github.com/go-acme/lego/v4/platform/tester"
+ "github.com/go-acme/lego/v4/platform/tester/servermock"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestRegistrar_ResolveAccountByKey(t *testing.T) {
- mux, apiURL := tester.SetupFakeAPI(t)
+ server := tester.MockACMEServer().
+ Route("/account",
+ http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+ rw.Header().Set("Location",
+ fmt.Sprintf("http://%s/account", req.Context().Value(http.LocalAddrContextKey)))
- mux.HandleFunc("/account", func(w http.ResponseWriter, _ *http.Request) {
- w.Header().Set("Location", apiURL+"/account")
- err := tester.WriteJSONResponse(w, acme.Account{
- Status: "valid",
- })
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- })
+ servermock.JSONEncode(acme.Account{Status: "valid"}).ServeHTTP(rw, req)
+ })).
+ BuildHTTPS(t)
key, err := rsa.GenerateKey(rand.Reader, 1024)
require.NoError(t, err, "Could not generate test key")
@@ -36,7 +35,7 @@ func TestRegistrar_ResolveAccountByKey(t *testing.T) {
privatekey: key,
}
- core, err := api.New(http.DefaultClient, "lego-test", apiURL+"/dir", "", key)
+ core, err := api.New(server.Client(), "lego-test", server.URL+"/dir", "", key)
require.NoError(t, err)
registrar := NewRegistrar(core, user)