Add desec.io support to letsencrypt (#3157)

letsencrypt/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.0.3
+
+- Add deSEC DNS challenge support
+
 ## 5.0.2
 
 - Fix DirectAdmin DNS challenge support

letsencrypt/DOCS.md

@@ -50,6 +50,7 @@ azure_config: ''
 cloudflare_email: ''
 cloudflare_api_key: ''
 cloudflare_api_token: ''
+desec_token: ''
 digitalocean_token: ''
 directadmin_url: ''
 directadmin_username: ''
@@ -524,6 +525,7 @@ You can in addition find the files via the "samba" addon within the "ssl" share.
 ```txt
 dns-azure
 dns-cloudflare
+dns-desec
 dns-digitalocean
 dns-directadmin
 dns-dnsimple

letsencrypt/Dockerfile

@@ -7,6 +7,7 @@ ARG \
     CRYPTOGRAPHY_VERSION \
     CERTBOT_VERSION \
     CERTBOT_DNS_AZURE_VERSION \
+    CERTBOT_DNS_DESEC_VERSION \
     CERTBOT_DNS_DIRECTADMIN_VERSION \
     CERTBOT_DNS_DUCKDNS_VERSION \
     CERTBOT_DNS_GOOGLE_DOMAINS_VERSION \
@@ -36,6 +37,7 @@ RUN \
         certbot==${CERTBOT_VERSION} \
         certbot-dns-azure==${CERTBOT_DNS_AZURE_VERSION} \
         certbot-dns-cloudflare==${CERTBOT_VERSION} \
+        certbot-dns-desec==${CERTBOT_DNS_DESEC_VERSION} \
         certbot-dns-digitalocean==${CERTBOT_VERSION} \
         certbot-dns-directadmin==${CERTBOT_DNS_DIRECTADMIN_VERSION} \
         certbot-dns-dnsimple==${CERTBOT_VERSION} \

letsencrypt/build.yaml

@@ -11,6 +11,7 @@ codenotary:
 args:
   CRYPTOGRAPHY_VERSION: 41.0.5
   CERTBOT_DNS_AZURE_VERSION: 2.4.0
+  CERTBOT_DNS_DESEC_VERSION: 1.2.1
   CERTBOT_DNS_DIRECTADMIN_VERSION: 1.0.3
   CERTBOT_DNS_DUCKDNS_VERSION: 1.3
   CERTBOT_DNS_HETZNER_VERSION: 2.0.0

letsencrypt/config.yaml

@@ -1,5 +1,5 @@
 ---
-version: 5.0.2
+version: 5.0.3
 slug: letsencrypt
 name: Let's Encrypt
 description: Manage certificate from Let's Encrypt
@@ -42,6 +42,7 @@ schema:
     cloudflare_api_key: str?
     cloudflare_api_token: str?
     cloudflare_email: email?
+    desec_token: str?
     digitalocean_token: str?
     directadmin_password: str?
     directadmin_url: str?
@@ -72,7 +73,7 @@ schema:
     ovh_consumer_key: str?
     ovh_endpoint: str?
     propagation_seconds: int(60,3600)?
-    provider: "list(dns-azure|dns-cloudflare|dns-digitalocean|\
+    provider: "list(dns-azure|dns-cloudflare|dns-desec|dns-digitalocean|\
       dns-directadmin|dns-dnsimple|dns-dnsmadeeasy|dns-duckdns|\
       dns-gehirn|dns-google|dns-google-domains|\
       dns-hetzner|dns-linode|dns-luadns|dns-njalla|dns-nsone|dns-ovh|\

letsencrypt/rootfs/etc/cont-init.d/file-structure.sh

@@ -6,7 +6,8 @@ mkdir -p /data/workdir
 mkdir -p /data/letsencrypt
 
 # Setup Let's encrypt config
-echo -e "dns_digitalocean_token = $(bashio::config 'dns.digitalocean_token')\n" \
+echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \
+      "dns_digitalocean_token = $(bashio::config 'dns.digitalocean_token')\n" \
       "directadmin_url = $(bashio::config 'dns.directadmin_url')\n" \
       "directadmin_username = $(bashio::config 'dns.directadmin_username')\n" \
       "directadmin_password = $(bashio::config 'dns.directadmin_password')\n" \

letsencrypt/rootfs/etc/services.d/lets-encrypt/run

@@ -141,6 +141,10 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-inwx" ]; then
     bashio::config.require 'dns.inwx_shared_secret'
     PROVIDER_ARGUMENTS+=("-v" "--authenticator" "${DNS_PROVIDER}" "--dns-inwx-credentials" "/data/dnsapikey" "--dns-inwx-propagation-seconds" "${PROPAGATION_SECONDS}")
 
+elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-desec" ]; then
+    bashio::config.require 'dns.desec_token'
+    PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
+
 #All others
 else
     PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey")