TrueCloudLab/lego
15
0
Fork 4
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity
lego/docs/content/dns/zz_gen_selfhostde.md
Ludovic Fernandez 20c8d6c413
Add DNS provider for SelfHost.(de|eu) (#2278) 
Co-authored-by: Dominik Menke <git@dmke.org>
2024-09-20 13:46:38 +02:00

3.3 KiB
Raw Blame History

title date draft slug dnsprovider
SelfHost.(de|eu) 2019-03-03T16:39:46+01:00 false selfhostde
since code url
v4.19.0 selfhostde https://www.selfhost.de

Configuration for SelfHost.(de|eu).

  • Code: selfhostde
  • Since: v4.19.0

Here is an example bash command using the SelfHost.(de|eu) provider:

SELFHOSTDE_USERNAME=xxx \
SELFHOSTDE_PASSWORD=yyy \
SELFHOSTDE_RECORDS_MAPPING=my.example.com:123 \
lego --email you@example.com --dns selfhostde --domains my.example.org run

Credentials

Environment Variable Name Description
SELFHOSTDE_PASSWORD Password
SELFHOSTDE_RECORDS_MAPPING Record IDs mapping with domains (ex: example.com:123:456,example.org:789,foo.example.com:147)
SELFHOSTDE_USERNAME Username

The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information [here]({{% ref "dns#configuration-and-credentials" %}}).

Additional Configuration

Environment Variable Name Description
SELFHOSTDE_HTTP_TIMEOUT API request timeout
SELFHOSTDE_POLLING_INTERVAL Time between DNS propagation check
SELFHOSTDE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation
SELFHOSTDE_TTL The TTL of the TXT record used for the DNS challenge

The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information [here]({{% ref "dns#configuration-and-credentials" %}}).

SelfHost.de doesn't have an API to create or delete TXT records, there is only an "unofficial" and undocumented endpoint to update an existing TXT record.

So, before using lego to request a certificate for a given domain or wildcard (such as my.example.org or *.my.example.org), you must create:

  • one TXT record named _acme-challenge.my.example.org if you are not using wildcard for this domain.
  • two TXT records named _acme-challenge.my.example.org if you are using wildcard for this domain.

After that you must edit the TXT record(s) to get the ID(s).

You then must prepare the SELFHOSTDE_RECORDS_MAPPING environment variable with the following format:

<domain_A>:<record_id_A1>:<record_id_A2>,<domain_B>:<record_id_B1>:<record_id_B2>,<domain_C>:<record_id_C1>:<record_id_C2>

where each group of domain + record ID(s) is separated with a comma (,), and the domain and record ID(s) are separated with a colon (:).

For example, if you want to create or renew a certificate for my.example.org, *.my.example.org, and other.example.org, you would need:

  • two separate records for _acme-challenge.my.example.org
  • and another separate record for _acme-challenge.other.example.org

The resulting environment variable would then be: SELFHOSTDE_RECORDS_MAPPING=my.example.com:123:456,other.example.com:789