diff --git a/Dockerfile b/Dockerfile index a54dfac..de166f0 100755 --- a/Dockerfile +++ b/Dockerfile @@ -108,6 +108,7 @@ RUN \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ certbot-dns-google \ + certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-inwx \ certbot-dns-ionos \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 49b5d59..3967848 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -108,6 +108,7 @@ RUN \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ certbot-dns-google \ + certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-inwx \ certbot-dns-ionos \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index a0b5052..f9e3d79 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -108,6 +108,7 @@ RUN \ certbot-dns-dnsmadeeasy \ certbot-dns-domeneshop \ certbot-dns-google \ + certbot-dns-he \ certbot-dns-hetzner \ certbot-dns-inwx \ certbot-dns-ionos \ diff --git a/readme-vars.yml b/readme-vars.yml index 9054d24..46c2e42 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -51,7 +51,7 @@ opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only)" } - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." } - - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `ionos`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } + - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `he`, `hetzner`, `inwx`, `ionos`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud`, `transip` and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." } - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." } - { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" } - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." } @@ -155,6 +155,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "05.10.21:", desc: "Added support for Hurricane Electric (HE) DNS validation." } - { date: "01.10.21:", desc: "Check if the cert uses the old LE root cert, revoke and regenerate if necessary. [Here's more info](https://twitter.com/letsencrypt/status/1443621997288767491) on LE root cert expiration" } - { date: "19.09.21:", desc: "Add an optional header to opt out of Google FLoC in `ssl.conf`." } - { date: "17.09.21:", desc: "Mark `SUBDOMAINS` var as optional." } diff --git a/root/defaults/dns-conf/he.ini b/root/defaults/dns-conf/he.ini new file mode 100644 index 0000000..416d5bc --- /dev/null +++ b/root/defaults/dns-conf/he.ini @@ -0,0 +1,4 @@ +# Instructions: https://github.com/TSaaristo/certbot-dns-he#example-usage +# Replace with your values +certbot_dns_he:dns_he_user = Me +certbot_dns_he:dns_he_pass = my HE password diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index 19e347a..1466957 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -236,6 +236,9 @@ if [ "$VALIDATION" = "dns" ]; then elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" + elif [[ "$DNSPLUGIN" =~ ^(he)$ ]]; then + if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi + PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|hetzner|inwx|ionos|netcup|njalla|transip|vultr)$ ]]; then if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"