Table of Contents
- 76. Use Schlundtech
- 77. Use your one.com credentials as you would login into the control panel.
- 78. Use AcmeProxy DNS API
- 79. Use internetbs.net API
- 80. Use durabledns.com API
- 81. Use reg.ru API
- 82. Use Vultr DNS API to automatically issue cert
- 83. Use jdcloud.com DNS API to automatically issue cert
- 84. Use hexonet.com DNS API to automatically issue a cert
- 85. Use Domeneshop DNS API to automatically issue a cert
- 86. Use OPNsense embedded API to automatically issue cert
- 87. Use the RcodeZero API to automatically issue cert
- 88. Use MailinaBox
- 89. Use nic.ru DNS
- 90. Use Leaseweb.com domain API to automatically issue cert
- 91. Use variomedia.de domain API to automatically issue cert
- 92. Use Plesk XML API to automatically issue cert
- 93. Use PDNS Manager API
- 94. Use Misaka.io domain API
- 95. Use easyDNS.net API to automatically issue a cert
- 96. Use CloudDNS API to automatically issue a cert
- 97. Use dynv6 API to automatically issue a cert
- 98. Use All-Inkl.com domain API to automatically issue cert
- 99. Use Constellix domain API
- 100. Use Namemaster domain API
- 101. Use HostingUkraine domain API
- 102. Use ArvanCloud domain API
- 103. Use Joker.com domain API
- 104. Use 1984Hosting domain API
- 105. Use Aruba domain API
- 106. Use TransIP domain API:
- 107. Use dyndnsfree.de API
- 108. Use Njalla API
- 109. Use Vercel API
- 110. Use Hetzner DNS API
- 111. Use kapper.net DNS API
- 112. -------
- 113. Use Shellrent API
- 114. Use OpenStack domain API
- 115. Use Netlify API
- 116. Use Akamai Edge DNS API
- 117. Use WEDOS DNS API
- 118. Use Websupport DNS API
- 119. Use infomaniak.com API
- 120. Use bookmyname.com API
- 121. Use anexia.com CloudDNS API
- 122. Use Synology DSM Synology DNS Server API
- 123. Use HuaweiCloud API
- 124. Use Simply.com API
- 125. Use World4You API
- 126. Use Scaleway API
- 127. LS
- 128. Use RackCorp API
- 129. Using the IONOS domain API
- 130. Using the Porkbun API
- 131. Using the Aurora API
- 132. Using the Azion DNS API
- 133. Using Oracle Cloud Infrastructure DNS
- 134. Utilisation de l'API DNS Hostline Hébergement VPS
- 135. Use Veesp domain API
- 136. Use cPanel DNS systems
- 137. Use ISPMan domain API
- 138. Use dnsHome.de DNS API
- 139. Use mythic-beasts.com DNS API
- 140. Use s-dns.de API
- 141. Using the united-domains reselling DNS API
- 142. Using the curanet DNS API
- 143. Use ArtFiles.de DNS API
- 144. Use Geoscaling.com DNS2
- 145. Use fornex.com API
- 146. Use DNS.Services API
- 147. Use Nodion DNS API
- 148. Use dns.la API
- 149. Use Yandex Cloud DNS API
- 150. Use Bunny DNS API to automatically issue cert
- 151. Use Selfhost DNS API
- 152. Use rage4 DNS API
- 153. Use GCore DNS API
- 154. Use dynadot DNS API
- 155. Use IPv64 DNS API
- 156. Use Nanelo DNS API
- 157. Use Google Domains DNS API
- 158. Use DNSExit API to automatically issue cert
- 159. Use Lima-City API to automatically issue cert
- 160. Use TencentCloud (DNSPod) API
- 161. Use Samba AD DC
- 162. Use West.cn API
- 163. Use Hosttech API
- 164. Use Alviy.com domain API to automatically issue cert
- 165. Use Timeweb Cloud DNS API
- 166. Use myLoc.de / webtropia.com DNS API
- 167. Use Yandex 360 for Business DNS API
- a. Set up OAuth application:
- b. Obtain Yandex 360 Organization ID:
- c. Set up environment variables:
- d. Issue/renew certificate:
- Important notes:
- 168. Use HE DDNS DNS API
- 169. Using the IONOS Cloud DNS API
- 170. Using the Omg.lol DNS API
- 171. Use Power-Mailinabox
- 172. Use Technitium DNS Server API
- 173. Use ZoneEdit DNS API
- Use custom API
- Use lexicon DNS API
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
- 76. Use Schlundtech
- 77. Use your one.com credentials as you would login into the control panel.
- 78. Use AcmeProxy DNS API
- 79. Use internetbs.net API
- 80. Use durabledns.com API
- 81. Use reg.ru API
- 82. Use Vultr DNS API to automatically issue cert
- 83. Use jdcloud.com DNS API to automatically issue cert
- 84. Use hexonet.net DNS API to automatically issue a cert
- 85. Use Domeneshop DNS API to automatically issue a cert
- 86. Use OPNsense embedded API to automatically issue cert
- 87. Use the RcodeZero API to automatically issue cert
- 88. Use MailinaBox
- 89. Use nic.ru DNS
- 90. Use Leaseweb.com domain API to automatically issue cert
- 91. Use variomedia.de domain API to automatically issue cert
- 92. Use Plesk XML API to automatically issue cert
- 93. Use PDNS Manager API
- 94. Use Misaka.io domain API
- 95. Use easyDNS.net API to automatically issue a cert
- 96. Use CloudDNS API to automatically issue a cert
- 97. Use dynv6 API to automatically issue a cert
- 98. Use All-Inkl.com domain API to automatically issue cert
- 99. Use Constellix domain API
- 100. Use Namemaster domain API
- 101. Use HostingUkraine domain API
- 102. Use ArvanCloud domain API
- 103. Use Joker.com domain API
- 104. Use 1984Hosting domain API
- 105. Use Aruba domain API
- 106. Use TransIP domain API:
- 107. Use dyndnsfree.de API
- 108. Use Njalla API
- 109. Use Vercel API
- 110. Use Hetzner DNS API
- 111. Use kapper.net DNS API
- 112. -------
- 113. Use Shellrent API
- 114. Use OpenStack domain API
- 115. Use Netlify API
- 116. Use Akamai Edge DNS API
- 117. Use WEDOS DNS API
- 118. Use Websupport DNS API
- 119. Use infomaniak.com API
- 120. Use bookmyname.com API
- 121. Use anexia.com CloudDNS API
- 122. Use Synology DSM Synology DNS Server API
- 123. Use HuaweiCloud API
- 124. Use Simply.com API
- 125. Use World4You API
- 126. Use Scaleway API
- 128. Use RackCorp API
- 129. Using the IONOS domain API
- 130. Using the Porkbun API
- 131. Using the Aurora API
- 132. Using the Azion DNS API
- 133. Using Oracle Cloud Infrastructure DNS
- 134. Utilisation de l'API DNS Hostline Hébergement VPS
- 135. Use Veesp domain API
- 136. Use cPanel DNS systems
- 137. Use ISPMan domain API
- 138. Use dnsHome.de DNS API
- 139. Use mythic-beasts.com DNS API
- 140. Use s-dns.de API
- 141. Using the united-domains reselling DNS API
- 142. Using the curanet DNS API
- 143. Use ArtFiles.de DNS API
- 144. Use Geoscaling.com DNS2
- 145. Use fornex.com API
- 146. Use DNS.Services API
- 147. Use Nodion DNS API
- 148. Use dns.la API
- 149. Use Yandex Cloud DNS API
- 150. Use Bunny DNS API to automatically issue cert
- 151. Use Selfhost DNS API
- 152. Use rage4 DNS API
- 153. Use GCore DNS API
- 154. Use dynadot DNS API
- 155. Use IPv64 DNS API
- 156. Use Nanelo DNS API
- 157. Use Google Domains DNS API
- 158. Use DNSExit API
- 159. Use Lima-City (Trafficplex)
- 160. Use TencentCloud (DNSPod) API
- 161. Use Samba AD DC API
- 162. Use West.cn API
- 163. Use hosttech API
- 164. Use Alviy API
- 165. Use Timeweb Cloud DNS API
- 166. Use myLoc.de / webtropia.com DNS API
- 167. Use Yandex 360 for Business DNS API
- 168. Use HE DNS DDNS API
- 169. Using the IONOS Cloud DNS API
- 170. Use omg.lol API
- 171. Use Power-MailinaBox
- 172. Use Technitium DNS Server API
- 173. Use ZoneEdit DNS API
- Use custom API
- Use lexicon DNS API
76. Use Schlundtech
Schlundtech offers a xml api with your standard login credentials, set them like so:
export SCHLUNDTECH_USER="yourusername"
export SCHLUNDTECH_PASSWORD="password"
Then you can issue your certificates with:
./acme.sh --issue --dns dns_schlundtech -d example.com -d *.example.com
The SCHLUNDTECH_USER
and SCHLUNDTECH_PASSWORD
settings will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
77. Use your one.com credentials as you would login into the control panel.
export ONECOM_User="<username>"
export ONECOM_Password="youremail@example.com"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_one -d example.com -d *.example.com
Note:
It's no longer possible to add TXT Records with the Name _acme-challenge
to the base Domain.
To override the fallback value, you must use a CNAME and proxy it.
For example:
CNAME _acme-challenge.yourdomain.com => proxy_acme-challenge.yourdomain.com
The TXT Records have to be created on proxy_acme-challenge.yourdomain.com
.
Since the default CNAME TTL is 3600 seconds, it is recommended to leave the CNAME record.
But if you would like to use the build-in SSL (for your Web-Site etc.) from one.com, you have to delete the Record.
You can set ONECOM_KeepCnameProxy
to keep the CNAME record.
export ONECOM_KeepCnameProxy=1
By default the CNAME record will be removed.
The ONECOM_User
,ONECOM_Password
and ONECOM_KeepCnameProxy
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
78. Use AcmeProxy DNS API
Acmeproxy can be used to as a single host in your network to request certificates through a DNS API. Clients can connect with one single host (the acmeproxy) so you don't need to store your DNS API credentials on every single host that wants to request a certificate.
export ACMEPROXY_ENDPOINT="https://acmeproxy.yourhost.com:9096"
export ACMEPROXY_USERNAME="username"
export ACMEPROXY_PASSWORD="password"
Then you can issue your certificates with:
./acme.sh --issue --dns dns_acmeproxy -d example.com -d *.example.com
The ACMEPROXY_ENDPOINT
, ACMEPROXY_USERNAME
and ACMEPROXY_PASSWORD
settings will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
79. Use internetbs.net API
Create an API token in your internetbs.net account.
Set your API token:
export INTERNETBS_API_KEY="..."
export INTERNETBS_API_PASSWORD="..."
To issue a certificate run:
./acme.sh --issue --dns dns_internetbs -d example.com -d *.example.com
The INTERNETBS_API_KEY
and INTERNETBS_API_PASSWORD
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
80. Use durabledns.com API
Create an API token in your durabledns.com account.
Set your API token:
export DD_API_User="..."
export DD_API_Key="..."
To issue a certificate run:
./acme.sh --issue --dns dns_durabledns -d example.com -d '*.example.com'
The DD_API_User
and DD_API_Key
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
81. Use reg.ru API
Set your API credentials:
export REGRU_API_Username='test'
export REGRU_API_Password='test'
To issue a certificate run:
./acme.sh --issue --dns dns_regru -d 'example.com' -d '*.example.com'
The REGRU_API_Username
and REGRU_API_Password
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
RU:
Установите свои учетные данные API:
В Настройки API для авторизации устанавливаем пароль в настройках "Альтернативный пароль", и добавляем IP в "Диапазоны IP-адресов" для избежание ошибки
response='{
"charset" : "utf-8",
"error_code" : "ACCESS_DENIED_FROM_IP",
"error_params" : {
"command_name" : "service/get_list"
},
"error_text" : "Access to API from this IP denied",
"messagestore" : null,
"result" : "error"
}'
Диапазоны IP-адресов
acme-v02.api.letsencrypt.org - 172.65.32.248
для получения SSL и api.reg.ru - 194.58.116.30
для тхт записи _acme-challenge
Для авторизатции в API выполните:
export REGRU_API_Username='водим свой логин для входа на REG.RU'
export REGRU_API_Password='водим пароль каторый настроили в настройках API для авторизации'
Для получения сертификата выполните:
./acme.sh --issue --dns dns_regru -d example.com -d *.example.com
Настройки для авторизации REGRU_API_Username
и REGRU_API_Password
будут сохранены в ~/.acme.sh/account.conf
и будут использоваться повторно при необходимости из конфига acme.
Если вы обнаружите какие-либо ошибки в API reg.ru, сообщите об этом здесь
82. Use Vultr DNS API to automatically issue cert
You'll need an API key for your Vultr account which you can find under the Account settings. And you'll want to ensure the API key is allowed for any IPs you might be using acme.sh with.
Vultr supports creating sub-accounts with limited permissions, and it's a good idea to create a sub-account with only the 'Manage DNS' permission and use an API key from that sub-account.
export VULTR_API_KEY="<Your API key>"
To issue a cert:
./acme.sh --issue --dns dns_vultr -d example.com -d *.example.com
The VULTR_API_KEY
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
83. Use jdcloud.com DNS API to automatically issue cert
支持京东云 jdcloud.com 的免费dns服务. 请先登陆控制台获取 api key id 和 api key secret:
https://uc.jdcloud.com/account/accesskey
export JD_ACCESS_KEY_ID="<key id>"
export JD_ACCESS_KEY_SECRET="<secret>"
然后生成证书:
./acme.sh --issue --dns dns_jd -d example.com -d *.example.com
JD_ACCESS_KEY_ID
和 JD_ACCESS_KEY_SECRET
会自动保存在这里 ~/.acme.sh/account.conf
, 下次再生成证书时, 可以自动重用.
高级选项:
- 默认使用的是
cn-north-1
区域. 目前不需要改动, 如果需要改的话, 再生成证书之前执行:
export JD_REGION="cn-north-1" # 这里写你要改的区域
有 bug 的话可以报到这里: https://github.com/acmesh-official/acme.sh/issues/2388
84. Use hexonet.com DNS API to automatically issue a cert
Login to hexonet.net. Create a role user in your Account -> Settings -> ShareAccess
Set the Access Control like bellow:
QueryDNSZoneRRList(dnszone=*):ALLOW
UpdateDNSZone():ALLOW
Remember the role id and role password.
export Hexonet_Login="user!role"
export Hexonet_Password="<role password>"
For example:
My username is neilpang
, my role id is: testid
. So I use the following format:
export Hexonet_Login='neilpang!testid'
To issue a cert:
./acme.sh --issue --dns dns_hexonet -d example.com -d *.example.com
The Hexonet_Login
and Hexonet_Password
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
85. Use Domeneshop DNS API to automatically issue a cert
You'll have to get a Domeneshop API key and secret (https://api.domeneshop.no/docs/).
export DOMENESHOP_Token="<token>"
export DOMENESHOP_Secret="<secret>"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_domeneshop -d example.com -d *.example.com
The DOMENESHOP_Token
and DOMENESHOP_Secret
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
86. Use OPNsense embedded API to automatically issue cert
First you need to login to your OPNsense account and create an API Key for a user with access to the Bind service.
https://docs.opnsense.org/development/api.html
export OPNs_Host="opnsense.example.com"
export OPNs_Port="443"
export OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA"
export OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv"
export OPNs_Api_Insecure=0
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_opnsense -d example.com -d *.example.com
The OPNs_Host
, OPNs_Port
, OPNs_Key
, OPNs_Token
and OPNs_Api_Insecure
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
87. Use the RcodeZero API to automatically issue cert
First you need to login to your RcodeZero account, enable the REST API and generate an ACME API token. Only the ACME API token will work wih acme.sh. It has limited access and could only be used to add/remove challenges to the zones.
https://my.rcodezero.at/ → Settings → API
export RCODE0_API_TOKEN="acme_1232342342343OEH1G1gDcKNMsN7mx9EZgSU6AX79u5KRSxWnC"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_rcode0 -d example.com -d *.example.com
The RCODE0_API_TOKEN
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
The RcodeZero API driver supports two addtional environment variables
export RCODE0_URL="https://my.rcodezero.at"
Use a different RcodeZero API Endpoint (e.g. the RcodeZero Testsystem)
export RCODE0_TTL=60
Use a different TTL for the generated records
Report any bugs or issues here
88. Use MailinaBox
Use the Mail-In-a-Box (MIAB) Custom DNS REST API interface to MIAB DNS. You only need to set your MIAB login credentials and the fully qualified domain name of the MIAB Server. Suggest single quote over double quote to ensure characters are not interpreted by the shell - important for passwords.
export MIAB_Username='your_MIAB_admin_username'
export MIAB_Password='your_MIAB_admin_password'
export MIAB_Server='FQDN_of_your_MIAB_Server'
To issue a cert:
./acme.sh --issue --dns dns_miab -d example.com -d *.example.com
The MIAB_Username
, MIAB_Password
and MIAB_Server
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
89. Use nic.ru DNS
You need to login to nic.ru account and register your application here.
You need to define the following environment variables befor issuing a cert:
NIC_Username
- login for sitenic.ru
in form000000/NIC-D
NIC_Password
- password for sitenic.ru
. It may be administrative or technical password. DetailsNIC_ClientID
- your application identifier (details)NIC_ClientSecret
- your application secretNIC_Token
is base64 encoded string<client_id>:<client_secret>
. This variable is deprecated. It is used for backward compatibility. If NIC_ClientID and NIC_ClientSecret are not defined, then they are calculated using old NIC_Token variable.
export NIC_Username='000000/NIC-D'
export NIC_Password='xxxxxxxx'
export NIC_ClientID='xxxxxxxx'
export NIC_ClientSecret='xxxxxxxx'
To issue a cert:
./acme.sh --issue --dns dns_nic -d domain.com -d *.domain.com
The NIC_Username
, NIC_Password
, NIC_ClientID
and NIC_ClientSecret
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
Docs:
- https://www.nic.ru/help/upload/file/API_DNS-hosting-en.pdf
- https://www.nic.ru/help/oauth-server_5809.html
90. Use Leaseweb.com domain API to automatically issue cert
First you need to login to your Leaseweb account to get your API Key.
export LSW_Key="<key>"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_leaseweb -d example.com -d *.example.com
The LSW_Key
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
91. Use variomedia.de domain API to automatically issue cert
First you need to obtain your API Key from variomedia's customer support.
export VARIOMEDIA_API_TOKEN="<token>"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_variomedia -d example.com -d *.example.com
The VARIOMEDIA_API_TOKEN
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
92. Use Plesk XML API to automatically issue cert
Before using the module, you must set your Plesk username and password, and the address of your Plesk XML API (sometimes called a URI, URL or web link).
The URI usually looks similar to this:
https://address-of-my-plesk-server.net:8443/enterprise/control/agent.php
All commands are CASE SENSITIVE:
export pleskxml_uri="address of my Plesk server's API"
export pleskxml_user="my plesk username"
export pleskxml_pass="my plesk password"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_pleskxml -d example.com -d *.example.com
The pleskxml_uri
, pleskxml_user
and pleskxml_pass
will be saved in ~/.acme.sh/account.conf
and reused when needed.
Report any bugs or issues here
93. Use PDNS Manager API
PDNS Manager is a web frontend for Power DNS.
This script uses PDNS Manager API and its Update via GET request method. So only single record update possible and no wildcards, for now.
export PDNS_MANAGER_URL="https://mypdnsmanagerurl.nx"
export PDNS_MANAGER_RECORDID="<record id>"
export PDNS_MANAGER_PASSWORD="<record password>"
- Add your domain to PDNS Manager.
- Create a password for your record.
Then issue a new certificate:
./acme.sh --issue --dns dns_pdnsmanager -d example.com -d *.example.com
94. Use Misaka.io domain API
Get your API token at https://console.misaka.io/settings
export Misaka_Key="<key>"
To issue a cert:
./acme.sh --issue --dns dns_misaka -d example.com -d *.example.com
95. Use easyDNS.net API to automatically issue a cert
You need to sign up for API access here.
Or select 'User' -> 'Security' from the top menu and select 'signup' in the 'easyDNS REST API' section after logging in to your account.
API Docs: https://sandbox.rest.easydns.net:3001/
Note that initially you are only granted API access to a sandbox environment, not your live DNS settings.
export EASYDNS_Token="xxxxxxxxxxxxxxx.xxxxxxxx"
export EASYDNS_Key="apixxxxxxxxxxxxxx.xxxxxxxx"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_easydns -d example.com -d *.example.com
The EASYDNS_Token
and EASYDNS_Key
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
96. Use CloudDNS API to automatically issue a cert
Docs: https://github.com/vshosting/clouddns
export CLOUDDNS_EMAIL="email@example.com"
export CLOUDDNS_PASSWORD="xxxxxxxx"
export CLOUDDNS_CLIENT_ID="xxxxxxxxxxxxxxxxxxxx"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_clouddns -d example.com -d *.example.com
The CLOUDDNS_EMAIL
, CLOUDDNS_PASSWORD
and CLOUDDNS_CLIENT_ID
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
97. Use dynv6 API to automatically issue a cert
This uses the HTTP REST API.
For this you will need a HTTP Token, which you can generate from the dynv6 website.
Use it with export DYNV6_TOKEN="value"
.
Alternatively you can use the dynv6 SSH API to issue the certificate.
You will need a ssh key to authenticate.
You can specify your own key with export KEY="path/to/keyfile"
or if no key is specified one will be created for you which you will have to add here.
In both cases the path to the keyfile will be saved for reuse.
If both a SSH Key and a HTTP Token are specified the REST API will be used.
To issue a cert use:
./acme.sh --issue --dns dns_dynv6 -d example.dynv6.net -d *.example.dynv6.net
Report any bugs or issues here
98. Use All-Inkl.com domain API to automatically issue cert
You need your login credentials for All-Inkl (https://kas.all-inkl.com).
export KAS_Login="<ACCOUNTID>"
export KAS_Authdata="<PLAINTEXTPASSWORD>"
export KAS_Authtype="plain"
Now you are able to issue a cert:
./acme.sh --issue --dns dns_kas -d example.com -d *.example.com
The KAS_Login
, KAS_Authtype
and KAS_Authdata
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
99. Use Constellix domain API
Get your API credentials at https://manage.constellix.com/users
export CONSTELLIX_Key="XXX"
export CONSTELLIX_Secret="XXX"
To issue a cert:
./acme.sh --issue --dns dns_constellix -d example.com -d *.example.com
The CONSTELLIX_Key
and CONSTELLIX_Secret
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
100. Use Namemaster domain API
Get your API credentials at https://namemaster.de DNS/API
export NM_user="XXX"
export NM_sha256="XXX"
To issue a cert:
./acme.sh --issue --dns dns_nm -d example.com -d *.example.com
The NM_user
and NM_sha256
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
101. Use HostingUkraine domain API
How get your API credentials: https://api.adm.tools/osnovnie-polozheniya/dostup-k-api/
# Your login:
HostingUkraine_Login="XXX"
# Your api token:
HostingUkraine_Token="XXX"
To issue a cert:
./acme.sh --issue --dns dns_hostingukraine -d example.com -d *.example.com
The HostingUkraine_Login
and HostingUkraine_Token
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
102. Use ArvanCloud domain API
Get your API token at https://npanel.arvancloud.ir/profile/api-keys
export Arvan_Token="<token>"
To issue a cert:
./acme.sh --issue --dns dns_arvan -d example.com -d *.example.com
The Arvan_Token
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
103. Use Joker.com domain API
You must activate Dynamic DNS in Joker.com DNS configuration first. Username and password below refer to Dynamic DNS authentication, not your Joker.com login credentials. See https://joker.com/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html.
NOTE: This script does not support wildcard certificates, because Joker.com API does not support adding two TXT records with the same subdomain. Adding the second record will overwrite the first one. See https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html:
... this request will replace all TXT records for the specified label by the provided content...
Report any bugs or issues here
export JOKER_USERNAME="xxxx"
export JOKER_PASSWORD="xxxx"
To issue a cert:
./acme.sh --issue --dns dns_joker -d example.com -d *.example.com
The JOKER_USERNAME
and JOKER_PASSWORD
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
104. Use 1984Hosting domain API
https://1984.hosting/ does not provide an API to update DNS records
(other than IPv4 and IPv6 dynamic DNS addresses). The acme.sh
plugin therefore
retrieves and updates domain TXT records by logging into the 1984Hosting
website to read the HTML and posting updates as HTTP. The plugin needs to
know your username and password for the 1984Hosting website.
export One984HOSTING_Username="<your_username>"
export One984HOSTING_Password="<your_password>"
You need only provide this the first time you run the acme.sh
client with 1984Hosting
validation and then again whenever you change your password at the 1984Hosting site.
The acme.sh
1984Hosting plugin does not store your username or password,
but rather saves an authentication token returned by 1984Hosting
in ~/.acme.sh/account.conf
and reuses it when needed.
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_1984hosting -d example.com -d *.example.com
Report any bugs or issues here
105. Use Aruba domain API
Get your API token following instruction here at https://admin.arubabusiness.it/DashBoard/WebApiGuide.aspx
export ARUBA_TK="<API Token>"
export ARUBA_AK="<Username>"
export ARUBA_AS="<Password>"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_aruba -d example.com -d *.example.com
Report any bugs or issues here
106. Use TransIP domain API:
First you need to login to your TransIP account to get your private key.
export TRANSIP_Username="MyUserName"
export TRANSIP_Key_File="private_key"
Note: TransIP is rather slow, so adding a --dnssleep
of 300 might be advised.
Note 2: if the DNS fails with something like
Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
== Info: SSL certificate problem: unable to get local issuer certificate
Then maybe the root CA of TransIP is NOT in your cacerts. You can check this manually with
curl -vvI https://api.transip.nl
Currently, the root CA of TransIP is COMODO_RSA_Certification_Authority.crt you can add this trusted root CA with
--ca-bundle COMODO_RSA_Certification_Authority.crt
This script will create a new access token with a default lifetime of 30 minutes.
Note that these tokens are by default IP-whitelisted and will not work if your IP is not whitelisted in the Transip control panel.
If you cannot work with IP whitelisting, then make sure you create a key with Only allow whitelisted IP's
unchecked and set the environment variable as follows:
export TRANSIP_Token_Global_Key="true"
To issue a cert:
./acme.sh --issue --dns dns_transip --dnssleep 300 -d example.com -d *.example.com
Report any bugs or issues here
107. Use dyndnsfree.de API
export DF_user="XXX"
export DF_password="XXX"
To issue a cert:
./acme.sh --issue --dns dns_df -d example.com -d *.example.com
The df_user
and df_password
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
108. Use Njalla API
export NJALLA_Token="<token>"
To issue a cert:
./acme.sh --issue --dns dns_njalla -d example.com -d *.example.com
Report any bugs or issues here
109. Use Vercel API
Obtain an account token from https://vercel.com/account/tokens.
export VERCEL_TOKEN="<token>"
To issue a cert:
./acme.sh --issue --dns dns_vercel -d example.com -d *.example.com
110. Use Hetzner DNS API
First you need to create/obtain API tokens on your Hetzner DNS console.
export HETZNER_Token="<token>"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_hetzner -d example.com -d *.example.com
The HETZNER_Token
settings will be saved in [acme.sh-config-home-path]/account.conf
and will be reused when needed.
The domain(s) zone_id(s) will be saved in CERT_HOME/[domain]/[domain].conf
in order to avoid multiple get_zone_id
requests two months later.
If you're not already using the new "gases" name servers (hydrogen, oxygen and helium) don't forget to change the domain's whois ns section to them and wait about 24-48 Hours. See Hetzner wiki.
Report any bugs or issues here
111. Use kapper.net DNS API
Contact kapper.net support via support@kapper.net to get your kapper.net DNS Panel API Key and Secret.
For initialization call following in commandline
export KAPPERNETDNS_Key="yourKAPPERNETapikey"
export KAPPERNETDNS_Secret="yourKAPPERNETapisecret"
You can start the acme.sh with following parameters for testing
./acme.sh --issue --dns dns_kappernet -d example.com -d *.example.com
Please replace example.com
with the name of the domain you wish to create a certificate for.
After the test you can replace your kapper.net
DNS Panel API Key and Secret, it is stored in ~/.acme.sh/account.conf
.
Report any bugs or issues here
112. -------
113. Use Shellrent API
Shellrent API offers one method to automatically issue certs.
First you need to login to your Shellrent account to get your API key. In order to use the token, you need to authorize your IP to have access to it. More Info on https://api.shellrent.com and https://guide.shellrent.com
export SH_Username="usrXXXX"
export SH_Token="<token>"
Alternatively, if the certificate only covers a single zone, you can speed up the process by specify the SH_Domain_ID directly:
export SH_Username="usrXXXX"
export SH_Token="<token>"
export SH_Domain_ID="xxxxxxxxxxxxx"
Let's issue a cert now:
./acme.sh --issue --dns dns_shellrent -d example.com -d *.example.com
The SH_Username and SH_Token and SH_Domain_ID will be saved in ~/.acme.sh/account.conf and will be reused when needed.
Report any bugs or issues here
114. Use OpenStack domain API
This provider supports OpenStack Designate for creating DNS records.
This provider requires the OpenStack Client (python-openstackclient) and Designate client (python-designateclient) be installed and available in your path.
It also requires you use Keystone V3 credentials, which can be either password or application credentials provided as environment variables. Any other authentication method will not save your credentials for renewal.
You will most likely want to source your OpenStack RC file to set your environment variables:
. openrc.sh
or manually like:
export OS_AUTH_URL="https://keystone.example.com:5000/"
export OS_USERNAME="<username>"
export OS_PASSWORD="<password>"
export OS_PROJECT_NAME="<project name>"
export OS_PROJECT_DOMAIN_NAME="Default"
export OS_USER_DOMAIN_NAME="Default"
To issue a cert:
./acme.sh --issue --dns dns_openstack -d example.com -d *.example.com
Your OpenStack credentials will be saved to ~/.acme.sh/account.conf
and reused on renewal.
Report any bugs or issues here
115. Use Netlify API
Generate a Personal Access Token at https://app.netlify.com/user/applications
Set your token for use with:
export NETLIFY_ACCESS_TOKEN='<token>'
Issue a cert with:
./acme.sh --issue --dns dns_netlify -d example.com -d *.example.com
Report any bugs or issues here
116. Use Akamai Edge DNS API
This provider supports the Akamai Edge DNS API for creating DNS records.
This provider requires Akamai Open Edgegrid Credentials with EdgeDNS API access authorization. To create and establish your Akamai OPEN CREDENTIALS, see the authorization and credentials sections of the Akamai Developer Get Started guide.
The Akamai Open Edgegrid credentials must be specified as environment variables as follows:
export AKAMAI_CLIENT_TOKEN="<akamai edgegrid client token>"
export AKAMAI_ACCESS_TOKEN="<akamai edgegrid access token>"
export AKAMAI_CLIENT_SECRET="<akamai edgegrid client secret>"
export AKAMAI_HOST="<akamai edgegrid api host>"
To issue a cert:
./acme.sh --issue --dns dns_edgedns -d example.com -d *.example.com
Your Akamai Edgegrid credentials will be saved to ~/.acme.sh/account.conf
and reused on renewal.
Report any bugs or issues here
117. Use WEDOS DNS API
WEDOS DNS provider from the Czech Republic. DNS API implementation for WEDOS require your WEDOS's account to allow WAPI interface. You have to login to WEDOS administration, in setting allow WAPI interface (in days when this manual were written it was for free completely). Configure WAPI interface to XML interface and register the IP addresses (IPv4 and IPv6) of the server where you plan to use acme.sh. That is from the manual side.
By doing this setting you should have WEDOS web account username and configured WAPI password.
This must be configured to your acme.sh account in the first execution of acme.sh script.
To save it to ~/.acme.sh/account.conf
(and for subsequent acme.sh executions) just execute following before first execution of acme.sh script.
export WEDOS_Username="<your user name to login to wedos web account>"
export WEDOS_Wapipass="<your WAPI passwords you setup using wedos web pages>"
Then you can issue a certificates:
./acme.sh --issue --dns dns_wedos -d example.com -d *.examle.com
Report any bugs or issues here.
But before reporting run the acme.sh with --debug 2
switch and append full acme.sh output to the issue report.
118. Use Websupport DNS API
Obtain an api key and secret from https://admin.websupport.sk/en/auth/apiKey
export WS_ApiKey="<key>"
export WS_ApiSecret="<secret>"
To issue a cert:
./acme.sh --issue --dns dns_websupport -d example.com -d *.examle.com
Report any bugs or issues here
119. Use infomaniak.com API
Infomaniak hosts a large number of domains and other hosted services. Create a token with Domain scope in the API dashboard at https://manager.infomaniak.com/v3/<account_id>/api/dashboard and export it as an environment variable:
export INFOMANIAK_API_TOKEN="<token>"
./acme.sh --issue --dns dns_infomaniak -d example.com -d *.example.com
Report any bugs or issues here
120. Use bookmyname.com API
Bookmyname hosts domains and has a small API.
Export your login/pass as an environment variable:
export BOOKMYNAME_USERNAME="xxx"
export BOOKMYNAME_PASSWORD="yyy"
./acme.sh --issue --dns dns_bookmyname -d example.com -d *.example.com --dnssleep 600
Report any bugs or issues here
121. Use anexia.com CloudDNS API
For DNS records managed via https://engine.anexia-it.com/clouddns
Export your token as an environment variable:
export ANX_Token='<token>'
./acme.sh --issue --dns dns_anx -d example.com -d *.example.com
Report any bugs or issues here
122. Use Synology DSM Synology DNS Server API
Note that in order the script to be working properly acme.sh should be installed on Synology itself.
To issue a cert:
./acme.sh --issue --dns dns_synology_dsm -d example.com -d *.example.com
You can find more details here
Report any bugs or issues here
123. Use HuaweiCloud API
Export your credentials as an environment variable:
About DomainName
parameters see: https://support.huaweicloud.com/api-iam/iam_01_0006.html
export HUAWEICLOUD_Username="<Your IAM Username>"
export HUAWEICLOUD_Password="<Your Password>"
export HUAWEICLOUD_DomainName="<Your DomainName>"
To issue a cert:
./acme.sh --issue --dns dns_huaweicloud -d example.com -d *.example.com
Report any bugs or issues here
124. Use Simply.com API
Export your credentials, you will find your API key by logging in to your Simply.com account here:
export SIMPLY_AccountName="<Your accountname>"
export SIMPLY_ApiKey="<Your API-key>"
To issue a cert:
./acme.sh --issue --dns dns_simply -d example.com -d *.example.com
125. Use World4You API
Export your credentials as an environment variable:
export WORLD4YOU_USERNAME="<customer-id>"
export WORLD4YOU_PASSWORD="<password>"
To issue a cert:
./acme.sh --issue --dns dns_world4you -d example.com -d *.example.com
Report any bugs or issues here
126. Use Scaleway API
First, you'll need to retrieve your Api Key
export SCALEWAY_API_TOKEN='xxx'
To issue a cert run:
./acme.sh --issue --dns dns_scaleway -d example.com -d *.example.com
Report any bugs or issues here
127. LS
removed
128. Use RackCorp API
Export your credentials as an environment variable:
export RACKCORP_APIUUID="UUIDHERE"
export RACKCORP_APISECRET="SECRETHERE"
To issue a cert:
./acme.sh --issue --dns dns_rackcorp -d example.com -d *.example.com
Report any bugs or issues here
129. Using the IONOS domain API
Read Getting Started to learn how to create an API key. Export your credentials as environment variables:
export IONOS_PREFIX="..."
export IONOS_SECRET="..."
To issue a certificate, execute:
./acme.sh --issue --dns dns_ionos -d example.com -d *.example.com
Report any bugs or issues here
130. Using the Porkbun API
You must first log in to your Porkbun domain management dashboard and enable API access under details for your domain. Read Getting Started to learn how to create an API key. Export your credentials as environment variables:
export PORKBUN_API_KEY="..."
export PORKBUN_SECRET_API_KEY="..."
To issue a certificate, execute:
./acme.sh --issue --dns dns_porkbun -d example.com -d *.example.com
Report any bugs or issues here
131. Using the Aurora API
PCextreme B.V. is a Dutch cloud provider offering cloud services under the family name Aurora. Head over to DNS & Health Checks > Users to get your API credentials. Export your credentials as environment variables:
export AURORA_Key="..."
export AURORA_Secret="..."
To issue a certificate, execute:
./acme.sh --issue --dns dns_aurora -d example.com -d *.example.com
Report any bugs or issues here
132. Using the Azion DNS API
https://www.Azion.com/ is a Edge Computing Platform to build modern applications at edge. This API reflects the Intelligent DNS product. Read this documentation to create a username/password and permissions to use this plugin.
Export your username/password as environment variables:
export AZION_Email="user@example.com"
export AZION_Password="password"
To issue a certificate, execute:
./acme.sh --issue --dns dns_azion -d example.com -d *.example.com
Report any bugs or issues here
133. Using Oracle Cloud Infrastructure DNS
See: https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Oracle-Cloud-Infrastructure-DNS
134. Utilisation de l'API DNS Hostline Hébergement VPS
Créer un token API sur votre compte Hostline Hébergement VPS.
Ajouter les variables API suivantes :
export HOSTLINE_Token="xxx" # (obligatoire)
export HOSTLINE_Url="https://api.hostline.fr" # (optionnel)
export HOSTLINE_Ttl="60" # ttl custom record (optionnel)
Pour générer un certificat exécuter la commande correspondante à votre cas :
./acme.sh --issue --dns dns_hostline -d example.com -d *.example.com
Les variables HOSTLINE_Token
, HOSTLINE_Url
(optionnel) et HOSTLINE_Ttl
(optionnel) doivent être définies dans le fichier /root/.acme.sh/account.conf
.
Si vous rencontrez un problème sur l'API Hostline Hébergement VPS, merci de rapporter votre problème sur le lien suivant: https://github.com/acmesh-official/acme.sh/issues/3675
135. Use Veesp domain API
Veesp offers HTTP REST API to manage vital details of account and services like DNS. Your standard login credentials is needed:
export VEESP_User="username@domain.com"
export VEESP_Password="password"
To issue a cert:
./acme.sh --issue --dns dns_veesp -d example.com -d *.example.com
The VEESP_User
and VEESP_Password
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
136. Use cPanel DNS systems
First you need to log into the cPanel interface and generate an API key for your account (under Security -> Manage API Tokens). Then set your username, api token and hostname:
export cPanel_Username="username"
export cPanel_Apitoken="apitoken"
export cPanel_Hostname="https://hostname:port"
example
export cPanel_Username="myadminuseratnordicway"
export cPanel_Apitoken="CXJ8HRXFNS363RQ71Z51TKM9KTHRFZVE"
export cPanel_Hostname="https://cp04.nordicway.dk:2083"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_cpanel -d example.com -d *.example.com
See https://api.docs.cpanel.net/cpanel/introduction/#cpanel-or-webmail-session-url-1 regarding cPanel ports.
The cPanel_Username
, cPanel_Apitoken
and cPanel_Hostname
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
137. Use ISPMan domain API
!!! IMPORTANT: Make sure the version of ISPMan supports TXT records !!!
The dns_ispman.sh
api Adds & Deletes domain TXT records by authenticating into the ISPMan Customer Control Panel and executing related HTTP POST & GET requests.
The dns_ispman.sh
api requires your <domain>
and <passwd>
for authentication:
export ISPMan_Username="<domain>"
export ISPMan_Password="<passwd>"
The ISPMan_Username
and ISPMan_Password
will be saved in $LE_WORKING_DIR/account.conf
and will be reused for certificate renewals.
Ok, let's issue a cert:
./acme.sh --issue --dns dns_ispman -d example.com -d *.example.com
Report any bugs or issues here
138. Use dnsHome.de DNS API
export DNSHOME_Subdomain=""
export DNSHOME_SubdomainPassword=""
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_dnshome -d subdomain.ddnsdomain.tld
The DNSHOME_Subdomain
and DNSHOME_SubdomainPassword
will be saved in the domain conf and will be reused when needed.
Report any bugs or issues here
139. Use mythic-beasts.com DNS API
First obtain you API key from the control panel.
export MB_AK="<Key>"
export MB_AS="<Secret>"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_mythic_beasts -d example.com -d *.example.com
The credentials will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
140. Use s-dns.de API
First generate your dns zone key. Open your existing nameserver entry, click on [Passwort für dynamic DNS generieren] and save your zone. This generates a new key for your zone.
export SDNS_ZONE_KEY="<Key>"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_sdns -d example.com -d *.example.com
S-dns nameservers use anycast.
It is therefore possible that the server next to your location already provides the new record,
while the CA reaches another one that does not have the TXT record yet.
To avoid such timing errors the --dnssleep
flag can be set to a value of 240 seconds.
./acme.sh --issue --dns dns_sdns -d example.com -d *.example.com --dnssleep 240
Report any bugs or issues here
141. Using the united-domains reselling DNS API
Create an account at ud reselling.
There is no option to use an API key, so you just need to set your credentials as environment variables:
export UDR_USER="..."
export UDR_PASS="..."
To issue a certificate, execute:
./acme.sh --issue --dns dns_udr -d example.com -d *.example.com
The UDR_USER
and UDR_PASS
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
142. Using the curanet DNS API
Login to your curanet account, create a new API Application, and use client_id and secret as shown below
export CURANET_AUTHCLIENTID="..."
export CURANET_AUTHSECRET="..."
To issue a certificate, execute:
./acme.sh --issue --dns dns_curanet -d example.com -d *.example.com
The CURANET_AUTHCLIENTID
and CURANET_AUTHSECRET
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
143. Use ArtFiles.de DNS API
First, verify that API access is already enabled:
- Go to ArtFiles.de's DCP (Domain Control Panel).
- Click Passwords in the left menu.
- To the menu's right, the drop-down menu for Active is either
active
orinactive
. - If Active is already set to
active
, skip this step. Otherwise, enter your desired password into both text boxes, save it somewhere else (e. g. Firefox, KeePass, etc.) & click Apply below. - Copy Username's value, i.e. the one that starts with
api
& then continues with your account number which is something likea12345678
.
Export AF_API_USERNAME
& AF_API_PASSWORD
only once (saved into domain's config file upon 1st successful script run):
export AF_API_USERNAME="api12345678"
export AF_API_PASSWORD="apiPassword"
To issue a certificate, execute:
./acme.sh --issue --dns dns_artfiles -d example.com -d *.example.com
Report any bugs or issues here
144. Use Geoscaling.com DNS2
Create an account at Geoscaling.
Set your credentials as environment variables:
export GEOSCALING_Username="..."
export GEOSCALING_Password="..."
To issue a certificate, execute:
./acme.sh --issue --dns dns_geoscaling -d example.com -d *.example.com
The GEOSCALING_Username
and GEOSCALING_Password
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
145. Use fornex.com API
Get an API key in your fornex.com account page. Then
export FORNEX_API_KEY="<Key>"
To issue a cert, run command:
./acme.sh --issue --dns dns_fornex -d example.com -d *.example.com
Report any bugs or issues here
146. Use DNS.Services API
Use your credentials
export DnsServices_Username="user@example.com"
export DnsServices_Password="<YourPassword>"
To issue a cert, run command:
./acme.sh --issue --dns dns_dnsservices -d example.com -d *.example.com
Report any bugs or issues here
147. Use Nodion DNS API
You are able to create a free account on https://app.nodion.com and add an API key used by acme.sh by visiting the settings page. Please take this token and set it as env variable.
export NODION_API_KEY="<Token>"
To issue a certificate, execute:
acme.sh --issue --dns dns_nodion -d *.example.com
Report any bugs or issues here
148. Use dns.la API
Use your credentials
export LA_Id="<appid>"
export LA_Key="<apikey>"
To issue a cert, run command:
./acme.sh --issue --dns dns_la -d example.com -d *.example.com
Report any bugs or issues here
149. Use Yandex Cloud DNS API
Create a new service account with role dns.editor
and create authorized key for him.
Required parameters:
export YC_Folder_ID="YC Folder ID"
export YC_SA_ID="Service Account ID"
export YC_SA_Key_ID="Service Account IAM Key ID"
# You need use YC_SA_Key_File_PEM_b64 or YC_SA_Key_File_Path
export YC_SA_Key_File_PEM_b64="Base64 content of private.key"
export YC_SA_Key_File_Path="/path/to/private.key"
Optional parameters:
export YC_Zone_ID="DNS Zone ID"
Now you can issue a cert:
./acme.sh --issue --dns dns_yc -d example.com -d *.example.com
Both, YC_Folder_ID
, YC_SA_ID
, YC_SA_Key_ID
, YC_SA_Key_File_PEM_b64
or YC_SA_Key_File_Path
and YC_Zone_ID
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
150. Use Bunny DNS API to automatically issue cert
Find your API key at https://panel.bunny.net/account Then export the key:
export BUNNY_API_KEY="your-api-key-goes-here"
Then you can issue a cert:
./acme.sh --issue --dns dns_bunny -d example.com -d *.example.com
The BUNNY_API_KEY
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
151. Use Selfhost DNS API
- create a new TXT record for a subdomainname with the needed prefix e.g. "_acme-challenge.example.com" (default) or "alias.example.com" (dns alias mode)
- for wildcard subdomains add a second TXT record for the identical subdomainname
- edit the TXT record and note the ID in (...) behind the subdomainname
- export each subdomainname (including the prefix) and the corresponding record IDs in SELFHOSTDNS_MAP like "subdomainname:RID1:RID2"
- at least one RID must be set, up to two are supported for wildcard subdomains
- each entry must be seperated by a space
- export username and password in SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD
Note: For username
you have to use your account / customer number. You can find them in any invoice or on the right top of the selfhost dashboard.
export SELFHOSTDNS_USERNAME="myname"
export SELFHOSTDNS_PASSWORD="mypass"
export SELFHOSTDNS_MAP="_acme-challenge.example.com:12345:98765 alias.example.com:11111"
acme.sh --issue --dns dns_selfhost -d example.com -d *.example.com
Report any bugs or issues here
152. Use rage4 DNS API
Use your credentials
export RAGE4_TOKEN="example-token"
export RAGE4_USERNAME="example@user.local"
To issue a cert, run command:
./acme.sh --issue --dns dns_rage4 -d example.com -d *.example.com
Report any bugs or issues here
153. Use GCore DNS API
Login to your GCore account and create an API Key.
export GCORE_Key='<your_gcore_api_key>'
To issue a cert, run command:
./acme.sh --issue --dns dns_gcore -d example.com -d *.example.com
Report any bugs or issues here
154. Use dynadot DNS API
PENDING Pull Request: https://github.com/acmesh-official/acme.sh/pull/4510
Please read the comments in dnsapi/dns_dynadot.sh
to understand the issues and limitations with dynadot's api before reporting any bugs and for more information on the options below
Login to to your dynadot account and create an api token
DYNADOTAPI_Token="your_api_token"
Optional settings:
DYNADOT_ADD_DNS_SLEEP=1800
DYNADOT_REMOVE_DNS_SLEEP=1800
DYNADOTAPI_SKIP_REMOVE=SKIP
DYNADOTAPI_API_RETRIES=5
DYNADOTAPI_RETRY_SLEEP=30
- The
--dnssleep
command line argument specifies the amount of sleep before requesting validation of records. When adding two text records, that sleep only occurs after both records have been added. The sleep settings above affect each dynadot operation. DYNADOT_ADD_DNS_SLEEP
is the number of seconds to sleep after adding a TXT record (for wildcard domains this will happen twice before validation). Recommended to set this at 1800 or higher if adding multiple records is required for your request or when making back to back requests.DYNADOTAPI_SKIP_REMOVE=SKIP
will skip removing TXT records. This is useful to save wait time when making multiple calls, however, TXT records will need to be manually removed after the process completes.DYNADOT_REMOVE_DNS_SLEEP
is the number of seconds to sleep after removing a TXT record. Recommended to set this at 1800 or higher if adding multiple records is required for your request or when making back to back requests. This is not required when usingDYNADOTAPI_SKIP_REMOVE=SKIP
DYNADOTAPI_API_RETRIES
number of times to attempt a DYNADOT api call.DYNADOTAPI_RETRY_SLEEP
sleep time between DYNADOT api calls (only applied if a call fails and DYNADOTAPI_API_RETRIES is set great than 1)
Report any bugs or issues here
155. Use IPv64 DNS API
Login to your IPV64 Account and copy your API Key.
export IPv64_Token="your_ipv64_api_key"
To issue a cert, run command:
./acme.sh --issue --dns dns_ipv64 -d example.com -d *.example.com
Report any bugs or issues here
156. Use Nanelo DNS API
Login to your https://nanelo.com Account, navigate to Settings > API Keys and generate a new API Key. Copy it and set it like the following:
export NANELO_TOKEN="<your_nanelo_api_key>"
To issue a cert, run the following command:
./acme.sh --issue --dns dns_nanelo -d example.com -d *.example.com
Report any bugs or issues here
157. Use Google Domains DNS API
Visit https://domains.google.com/registrar/ and click "Manage" on the domain. Then, in the Security settings, generate an access token for the ACME DNS API. Save this access token as it is only displayed once.
export GOOGLEDOMAINS_ACCESS_TOKEN="<generated-access-token>"
To issue a cert, run the following:
./acme.sh --issue --dns dns_googledomains -d example.com -d *.example.com
The script tries to infer the zone registered with Google Domains by matching the domain against the Google Domains API. To manually specify the zone, do the following prior to running the issuing command:
export GOOGLEDOMAINS_ZONE="google-domains-zone"
Report any bugs or issues here
158. Use DNSExit API to automatically issue cert
You'll need an API key for your DNSExit account which you can find under your Account Profile. You will also need your account login (username and password).
export DNSEXIT_API_KEY="<Your API key>"
export DNSEXIT_AUTH_USER="<Your username>"
export DNSEXIT_AUTH_PASS="<Your password>"
To issue a cert, run the following:
./acme.sh --issue --dns dns_dnsexit -d example.com -d *.example.com
The login variables will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here.
159. Use Lima-City API to automatically issue cert
You'll need an API key for your Lima-City account which you can find under Account Section in your User control panel. The API key must have following roles: dns.admin, domains.reader
export LIMACITY_APIKEY="<Your API key>"
To issue a cert, run the following:
./acme.sh --issue --dns dns_limacity -d example.com -d *.example.com
The login variables will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here.
160. Use TencentCloud (DNSPod) API
Please visit https://console.cloud.tencent.com/cam/capi to obtain the API key.
export Tencent_SecretId="<Your SecretId>"
export Tencent_SecretKey="<Your SecretKey>"
To issue a cert, run the following:
./acme.sh --issue --dns dns_tencent -d example.com -d *.example.com
The login variables will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Docs:
- https://cloud.tencent.com/document/product/302/105900
Report any bugs or issues here
161. Use Samba AD DC
This API requires you to have samba-tool
available, you don't need the full samba installation on a remote machine (if the machine you use to generate the certificate isn't the same as the Samba AD DC). On Debian, you can get it with the samba-common-bin
package.
Then you need to provide the host, username and password of an administrator to change the DNS settings:
export SAMBA_HOST=dc1.example.com
export SAMBA_USER=Administrator
export SAMBA_PASS=MyAdminP@ssword
Then you can issue your certificates with:
./acme.sh --issue --dns dns_samba -d example.com -d *.example.com
Or even in 1 line:
SAMBA_HOST=dc1.example.com SAMBA_USER=Administrator SAMBA_PASS=MyAdminP@ssword ./acme.sh --issue --dns dns_samba -d example.com -d *.example.com
The SAMBA_HOST
, SAMBA_USER
and SAMBA_PASS
settings will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
162. Use West.cn API
Please visit https://www.west.cn/manager/API/APIconfig.asp to obtain the Plaint API key.
<Your Encryption APIKey> = md5(<Your Plaint APIKey>)
export WEST_Username="<Your Username>"
export WEST_Key="<Your Encryption APIKey>"
To issue a cert, run the following:
./acme.sh --issue --dns dns_west_cn -d example.com -d *.example.com
The login variables will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
163. Use Hosttech API
Create an DNS API token in hosttech portal (DNS editor).
Set your API key:
export Hosttech_Key='xxx'
To issue a certificate run:
./acme.sh --issue --dns dns_hosttech -d example.com -d *.example.com
Report any bugs or issues here
164. Use Alviy.com domain API to automatically issue cert
First you need to register to your account to get your API Key and Secret.
https://cloud.alviy.com/profile/
API token is creating automatically.
export Alviy_token="<token>"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_alviy -d example.com -d *.example.com
The Alviy_token
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
165. Use Timeweb Cloud DNS API
To begin, acquire a Timeweb Cloud API JWT token. You can obtain one via the Timeweb Cloud control panel.
Next, provide the JWT token to the script using one of two methods:
- As the "TW_Token" variable. For example:
export TW_Token='eyJhbG...zUxMiIs'
- As a "TW_Token" entry in acme.sh account configuration file (located at ~/.acme.sh/account.conf by default). For example,
TW_Token='eyJhbG...zUxMiIs'
Finally, сonsider the following command as an example of how to issue a certificate using the ACME DNS-01 challenge:
./acme.sh --issue --dns dns_timeweb -d example.com,*.example.com,foo.bar.example.com
Report any bugs or issues here.
166. Use myLoc.de / webtropia.com DNS API
First, you need a domain hosted at myLoc.de or webtropia.com. A Webtropia also allows to use the myloc.de API. You need to register a token via the myLoc.de website or the Webtropia.com website.
As the API does not allow to match domain names to zones yet, the zone has to be set manually if you plan to use subdomains. You can set the zone as well as the token using environment variables:
export MYLOC_token=aabbccddeeffgghhiijjkkllmmnnjjkkllmmnnooppqqrrsstt
export MYLOC_zone=example.com
If MYLOC_zone
is not set, it will be guessed by stripping the _acme-challenge.
prefix from the domains being processed.
This may not match the zone, for example for issueing certificates for sub1.example.com
, the zone probably is example.com
.
Now, use the dns_myloc backend to issue and renew certificates using DNS-01:
./acme.sh --issue --dns dns_myloc -d example.com,*.example.com,foo.bar.example.com
Report any bugs or issues here.
167. Use Yandex 360 for Business DNS API
a. Set up OAuth application:
- Log in as an organization administrator on Yandex.
- Create an OAuth application at Yandex ID.
- Choose "Web services" platform.
- Set Redirect URI to
https://oauth.yandex.ru/verification_code
. - Select the following permissions:
- "Manage DNS records" (directory:manage_dns)
- "Read organization data" (directory:read_organization) (optional if the user exports the YANDEX360_ORG_ID variable manually)
- "Read organization domain data" (directory:read_domains)
- Save the Client ID and Client Secret.
b. Obtain Yandex 360 Organization ID:
This step is optional as the Organization ID can be obtained automatically. However, the user can specify it manually as described below.
- After setting up the OAuth application, visit Yandex 360 for Business Administration.
- In the upper-left corner of the page, select the correct organization from the list if you have multiple organizations.
- In the lower-left corner of the page, find and note the Organization ID.
c. Set up environment variables:
Depending on whether you are using OAuth or a manually obtained access token, export the appropriate variables:
i. Using OAuth (recommended):
Export the following variables:
export YANDEX360_CLIENT_ID="your_client_id"
export YANDEX360_CLIENT_SECRET="your_client_secret"
export YANDEX360_ORG_ID="your_organization_id" # optional if directory:read_organization permission is granted
ii. Manually obtained access token:
-
Obtain an access token manually:
- Go to:
https://oauth.yandex.ru/authorize?response_type=token&client_id=<your_application_id>
- Replace
<your_application_id>
with your OAuth application's Client ID. - Authorize and obtain the token.
- Go to:
-
Export the following variables:
export YANDEX360_ACCESS_TOKEN="your_access_token"
export YANDEX360_ORG_ID="your_organization_id" # optional if directory:read_organization permission is granted
d. Issue/renew certificate:
Use the acme.sh
command with the --dns dns_yandex360
parameter. For example:
./acme.sh --issue --dns dns_yandex360 --dnssleep 600 -d example.com -d *.example.com
When using OAuth you will need to complete a one-time authorization procedure:
- On first run, the script will initiate the device authorization process.
- You'll be prompted to visit a URL and enter a code for authorization.
- After successful authorization, the access token will be obtained automatically.
Important notes:
- The script automatically refreshes the access token when needed. You don't need to manually update the token for subsequent operations if using OAuth.
- If you are using the manual token method, you will need to update
YANDEX360_ACCESS_TOKEN
manually due to the limited token lifespan. - Ensure you include the
--dnssleep
option with a value of at least 600 seconds (10 minutes) to account for the slow DNS record propagation on Yandex 360 DNS. - Whenever possible, use the OAuth method as it provides automatic token refresh and a higher level of security.
- Yandex 360 Organization ID can be obtained automatically if the "Read organization data" (directory:read_organization) permission is granted. If not, you must export
YANDEX360_ORG_ID
variable manually. - You can learn more about the Yandex 360 for Business DNS API access procedure here.
- You can learn more about the OAuth device authorization flow here.
- You can learn more about obtaining debug tokens here.
- Report any bugs or issues here.
168. Use HE DDNS DNS API
This uses the Dynamic DNS API in the Hurricane Electric DNS service (https://dns.he.net/).
- Add new TXT record for
_acme-challenge.example.com
in HE DNS interface, select "Enable entry for dynamic dns" (the content will automatically be like "Acme challenge key", that's fine) - Click the "Generate a DDNS key" button in the DDNS column, click the "Generate a key" button in the form, copy the key and Submit the form
- Set the HE_DDNS_KEY variable:
export HE_DDNS_KEY="the_generated_key"
To issue a certificate run:
./acme.sh --issue --dns dns_he_ddns -d example.com
The HE_DDNS_KEY
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Report any bugs or issues here
169. Using the IONOS Cloud DNS API
For information on how to obtain a token, please read the IONOS Cloud API documentation.
Please note that IONOS Cloud DNS API is different from IONOS Core API
After obtaining token, you need to export it as an environment variable:
export IONOS_TOKEN="..."
Then, you can issue a certificate by executing:
./acme.sh --issue --dns dns_ionos_cloud -d example.com
Please report any bugs or issues here
170. Using the Omg.lol DNS API
- Collect your API Key
- Navigate to https://home.omg.lol/account
- Log in (if not already logged in)
- Scroll all the way to the bottom
- click the clipboard to copy your API key
- Export the following variables:
export OMG_ApiKey="your_api_key" # as collected from your accounts page
export OMG_Address="your_omg.lol_address" # Leading '@' not required
- Use the
acme.sh
command with the--dns dns_omglol
parameter to issue your certificate. For example:
./acme.sh --issue --dns dns_omglol --dnssleep 120 -d address.omg.lol -d *.address.omg.lol
Please report any bugs or issues here
171. Use Power-Mailinabox
Use the Power-Mail-In-a-Box (PMIAB) Custom DNS REST API interface to PMIAB DNS. You only need to set your PMIAB login credentials and the fully qualified domain name of the PMIAB Server. Suggest single quote over double quote to ensure characters are not interpreted by the shell - important for passwords.
export PMIAB_Username='your_PMIAB_admin_username'
export PMIAB_Password='your_PMIAB_admin_password'
export PMIAB_Server='FQDN_of_your_PMIAB_Server'
To issue a cert:
./acme.sh --issue --dns dns_pmiab -d example.com -d *.example.com
The PMIAB_Username
, PMIAB_Password
and PMIAB_Server
will be saved in ~/.acme.sh/account.conf
and will be reused when needed.
Please report any bugs or issues here
172. Use Technitium DNS Server API
If your Domain is hosted on your (own) Technitium DNS Server, then
export Technitium_Server=url.of.your.name.server # like ns1.example.com
export Technitium_Token=API_TOKEN
Then issue a cert:
./acme.sh --issue --dns dns_technitium -d example.com -d *.example.com
Report any bugs or issues here
173. Use ZoneEdit DNS API
This uses ZoneEdit DNS API for zoneedit dns service. It was developed as a separate project sslcertzoneedit with information provided in the Zoneedit forum
Before first execution define the following in sh (or bash):
export ZONEEDIT_ID="your id"
export ZONEEDIT_Token="Your token"
Where ZONEEDIT_ID is your zone edit ID and ZONEEDIT_Token is the same token as for dynamic IP dns update at zoneedit.
Then issue a cert:
./acme.sh --issue --dns dns_zoneedit -d example.com -d *.example.com
Report any bugs or issues here
Use custom API
If your API is not supported yet, you can write your own DNS API.
Let's assume you want to name it myapi
:
- Create a bash script named
~/.acme.sh/dns_myapi.sh
, - In the script you must have a function named
dns_myapi_add()
which will be called by acme.sh to add the DNS records. - Then you can use your API to issue cert like this:
./acme.sh --issue --dns dns_myapi -d example.com -d *.example.com
For more details, please check our sample script: dns_myapi.sh
See: DNS API Dev Guide
Use lexicon DNS API
More APIs coming soon...
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢