diff --git a/dnsapi.md b/dnsapi.md
index b1d0f35..cd66a9c 100644
--- a/dnsapi.md
+++ b/dnsapi.md
@@ -1648,21 +1648,36 @@ export JD_REGION="cn-north-1" # 这里写你要改的区域
 
 ## 84. Use hexonet.com DNS API to automatically issue a cert
 
-You'll need username and password.
+Create a role user in your Account -> Settings -> ShareAccess
 
+Set the Access Control like bellow:
+```
+QueryDNSZoneRRList(dnszone=*):ALLOW
+UpdateDNSZone():ALLOW
+```
+
+Remember the role id and role password.
 
 ```sh
-export Hexonet_Username="xxxxxxxxxx"
-export Hexonet_Password="xxxxxxxxxx"
+export Hexonet_Login='username!roleId'
+export Hexonet_Password="role password"
 ```
 
+For example:
+My user name is `neilpang`, my role id is: `testid`. So I use the following format:
+
+```sh
+export Hexonet_Login='neilpang!testid'
+```
+
+
 To issue a cert:
 
 ```sh
 acme.sh --issue --dns dns_hexonet  -d example.com -d www.example.com
 ```
 
-The `Hexonet_Username` and `Hexonet_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
+The `Hexonet_Login` and `Hexonet_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 
 If you find any bugs, please report here: