lego/providers/dns/namecheap/namecheap.go

264 lines
7.1 KiB
Go
Raw Normal View History

// Package namecheap implements a DNS provider for solving the DNS-01 challenge using namecheap DNS.
2019-03-11 16:56:48 +00:00
package namecheap
import (
"errors"
"fmt"
"io/ioutil"
"net/http"
"strconv"
"strings"
"time"
2020-09-02 01:20:01 +00:00
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/platform/config/env"
"golang.org/x/net/publicsuffix"
)
// Notes about namecheap's tool API:
// 1. Using the API requires registration. Once registered, use your account
// name and API key to access the API.
// 2. There is no API to add or modify a single DNS record. Instead you must
// read the entire list of records, make modifications, and then write the
// entire updated list of records. (Yuck.)
// 3. Namecheap's DNS updates can be slow to propagate. I've seen them take
// as long as an hour.
// 4. Namecheap requires you to whitelist the IP address from which you call
// its APIs. It also requires all API calls to include the whitelisted IP
// address as a form or query string value. This code uses a namecheap
// service to query the client's IP address.
const (
defaultBaseURL = "https://api.namecheap.com/xml.response"
sandboxBaseURL = "https://api.sandbox.namecheap.com/xml.response"
2016-03-19 16:53:16 +00:00
getIPURL = "https://dynamicdns.park-your-domain.com/getip"
)
// Environment variables names.
const (
envNamespace = "NAMECHEAP_"
EnvAPIUser = envNamespace + "API_USER"
EnvAPIKey = envNamespace + "API_KEY"
EnvSandbox = envNamespace + "SANDBOX"
EnvDebug = envNamespace + "DEBUG"
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
)
2020-05-08 17:35:25 +00:00
// A challenge represents all the data needed to specify a dns-01 challenge to lets-encrypt.
type challenge struct {
domain string
key string
keyFqdn string
keyValue string
tld string
sld string
host string
}
2020-05-08 17:35:25 +00:00
// Config is used to configure the creation of the DNSProvider.
type Config struct {
Debug bool
BaseURL string
APIUser string
APIKey string
ClientIP string
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
HTTPClient *http.Client
}
2020-05-08 17:35:25 +00:00
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
baseURL := defaultBaseURL
if env.GetOrDefaultBool(EnvSandbox, false) {
baseURL = sandboxBaseURL
}
return &Config{
BaseURL: baseURL,
Debug: env.GetOrDefaultBool(EnvDebug, false),
TTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 60*time.Minute),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 15*time.Second),
HTTPClient: &http.Client{
Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 60*time.Second),
},
}
}
2020-05-08 17:35:25 +00:00
// DNSProvider implements the challenge.Provider interface.
type DNSProvider struct {
config *Config
}
// NewDNSProvider returns a DNSProvider instance configured for namecheap.
// Credentials must be passed in the environment variables:
// NAMECHEAP_API_USER and NAMECHEAP_API_KEY.
func NewDNSProvider() (*DNSProvider, error) {
values, err := env.Get(EnvAPIUser, EnvAPIKey)
if err != nil {
2020-02-27 18:14:46 +00:00
return nil, fmt.Errorf("namecheap: %w", err)
}
config := NewDefaultConfig()
config.APIUser = values[EnvAPIUser]
config.APIKey = values[EnvAPIKey]
return NewDNSProviderConfig(config)
}
2019-08-20 16:40:41 +00:00
// NewDNSProviderConfig return a DNSProvider instance configured for Namecheap.
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config == nil {
return nil, errors.New("namecheap: the configuration of the DNS provider is nil")
}
if config.APIUser == "" || config.APIKey == "" {
2020-02-27 18:14:46 +00:00
return nil, errors.New("namecheap: credentials missing")
}
2021-03-04 19:16:59 +00:00
if config.ClientIP == "" {
clientIP, err := getClientIP(config.HTTPClient, config.Debug)
if err != nil {
2020-02-27 18:14:46 +00:00
return nil, fmt.Errorf("namecheap: %w", err)
}
config.ClientIP = clientIP
}
return &DNSProvider{config: config}, nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
// Namecheap can sometimes take a long time to complete an update, so wait up to 60 minutes for the update to propagate.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval
}
// Present installs a TXT record for the DNS challenge.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
ch, err := newChallenge(domain, keyAuth)
if err != nil {
2020-02-27 18:14:46 +00:00
return fmt.Errorf("namecheap: %w", err)
}
2018-10-09 16:16:05 +00:00
records, err := d.getHosts(ch.sld, ch.tld)
if err != nil {
2020-02-27 18:14:46 +00:00
return fmt.Errorf("namecheap: %w", err)
}
2018-10-09 16:16:05 +00:00
record := Record{
Name: ch.key,
Type: "TXT",
Address: ch.keyValue,
MXPref: "10",
TTL: strconv.Itoa(d.config.TTL),
}
records = append(records, record)
if d.config.Debug {
2018-10-09 16:16:05 +00:00
for _, h := range records {
log.Printf("%-5.5s %-30.30s %-6s %-70.70s", h.Type, h.Name, h.TTL, h.Address)
}
}
2018-10-09 16:16:05 +00:00
err = d.setHosts(ch.sld, ch.tld, records)
if err != nil {
2020-02-27 18:14:46 +00:00
return fmt.Errorf("namecheap: %w", err)
}
return nil
}
// CleanUp removes a TXT record used for a previous DNS challenge.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
ch, err := newChallenge(domain, keyAuth)
if err != nil {
2020-02-27 18:14:46 +00:00
return fmt.Errorf("namecheap: %w", err)
}
2018-10-09 16:16:05 +00:00
records, err := d.getHosts(ch.sld, ch.tld)
if err != nil {
2020-02-27 18:14:46 +00:00
return fmt.Errorf("namecheap: %w", err)
}
2018-10-09 16:16:05 +00:00
// Find the challenge TXT record and remove it if found.
var found bool
2019-01-24 20:40:44 +00:00
var newRecords []Record
for _, h := range records {
2018-10-09 16:16:05 +00:00
if h.Name == ch.key && h.Type == "TXT" {
found = true
2019-01-24 20:40:44 +00:00
} else {
newRecords = append(newRecords, h)
2018-10-09 16:16:05 +00:00
}
}
if !found {
return nil
}
2019-01-24 20:40:44 +00:00
err = d.setHosts(ch.sld, ch.tld, newRecords)
if err != nil {
2020-02-27 18:14:46 +00:00
return fmt.Errorf("namecheap: %w", err)
}
return nil
}
// getClientIP returns the client's public IP address.
// It uses namecheap's IP discovery service to perform the lookup.
func getClientIP(client *http.Client, debug bool) (addr string, err error) {
resp, err := client.Get(getIPURL)
if err != nil {
return "", err
}
defer resp.Body.Close()
clientIP, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", err
}
if debug {
log.Println("Client IP:", string(clientIP))
}
return string(clientIP), nil
}
// newChallenge builds a challenge record from a domain name and a challenge authentication key.
func newChallenge(domain, keyAuth string) (*challenge, error) {
domain = dns01.UnFqdn(domain)
tld, _ := publicsuffix.PublicSuffix(domain)
if tld == domain {
2018-05-30 17:53:04 +00:00
return nil, fmt.Errorf("invalid domain name %q", domain)
}
parts := strings.Split(domain, ".")
longest := len(parts) - strings.Count(tld, ".") - 1
sld := parts[longest-1]
var host string
if longest >= 1 {
host = strings.Join(parts[:longest-1], ".")
}
fqdn, value := dns01.GetRecord(domain, keyAuth)
return &challenge{
domain: domain,
key: "_acme-challenge." + host,
2018-10-09 16:16:05 +00:00
keyFqdn: fqdn,
keyValue: value,
tld: tld,
sld: sld,
host: host,
}, nil
}