diff --git a/README.md b/README.md
index 85e3e3f782..82351057a3 100644
--- a/README.md
+++ b/README.md
@@ -78,159 +78,159 @@ Detailed documentation is available [here](https://go-acme.github.io/lego/dns).
| ClouDNS |
| CloudXNS (Deprecated) |
+ Combell |
ConoHa |
Constellix |
- Core-Networks |
+ | Core-Networks |
CPanel/WHM |
Derak Cloud |
deSEC.io |
- Designate DNSaaS for Openstack |
+ | Designate DNSaaS for Openstack |
Digital Ocean |
DirectAdmin |
DNS Made Easy |
- dnsHome.de |
+ | dnsHome.de |
DNSimple |
DNSPod (deprecated) |
Domain Offensive (do.de) |
- Domeneshop |
+ | Domeneshop |
DreamHost |
Duck DNS |
Dyn |
- Dynu |
+ | Dynu |
EasyDNS |
Efficient IP |
Epik |
- Exoscale |
+ | Exoscale |
External program |
freemyip.com |
G-Core |
- Gandi |
+ | Gandi |
Gandi Live DNS (v5) |
Glesys |
Go Daddy |
- Google Cloud |
+ | Google Cloud |
Google Domains |
Hetzner |
Hosting.de |
- Hosttech |
+ | Hosttech |
HTTP request |
http.net |
Huawei Cloud |
- Hurricane Electric DNS |
+ | Hurricane Electric DNS |
HyperOne |
IBM Cloud (SoftLayer) |
IIJ DNS Platform Service |
- Infoblox |
+ | Infoblox |
Infomaniak |
Internet Initiative Japan |
Internet.bs |
- INWX |
+ | INWX |
Ionos |
IPv64 |
iwantmyname |
- Joker |
+ | Joker |
Joohoi's ACME-DNS |
Liara |
Lima-City |
- Linode (v4) |
+ | Linode (v4) |
Liquid Web |
Loopia |
LuaDNS |
- Mail-in-a-Box |
+ | Mail-in-a-Box |
Manual |
Metaname |
mijn.host |
- Mittwald |
+ | Mittwald |
MyDNS.jp |
MythicBeasts |
Name.com |
- Namecheap |
+ | Namecheap |
Namesilo |
NearlyFreeSpeech.NET |
Netcup |
- Netlify |
+ | Netlify |
Nicmanager |
NIFCloud |
Njalla |
- Nodion |
+ | Nodion |
NS1 |
Open Telekom Cloud |
Oracle Cloud |
- OVH |
+ | OVH |
plesk.com |
Porkbun |
PowerDNS |
- Rackspace |
+ | Rackspace |
RcodeZero |
reg.ru |
Regfish |
- RFC2136 |
+ | RFC2136 |
RimuHosting |
Sakura Cloud |
Scaleway |
- Selectel |
+ | Selectel |
Selectel v2 |
SelfHost.(de|eu) |
Servercow |
- Shellrent |
+ | Shellrent |
Simply.com |
Sonic |
Stackpath |
- Tencent Cloud DNS |
+ | Tencent Cloud DNS |
Timeweb Cloud |
TransIP |
UKFast SafeDNS |
- Ultradns |
+ | Ultradns |
Variomedia |
VegaDNS |
Vercel |
- Versio.[nl|eu|uk] |
+ | Versio.[nl|eu|uk] |
VinylDNS |
VK Cloud |
Volcano Engine/火山引擎 |
- Vscale |
+ | Vscale |
Vultr |
Webnames |
Websupport |
- WEDOS |
+ | WEDOS |
Yandex 360 |
Yandex Cloud |
Yandex PDD |
- Zone.ee |
+ | Zone.ee |
Zonomi |
|
|
- |
diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go
index 936a99ec4b..d101a0582d 100644
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@@ -32,6 +32,7 @@ func allDNSCodes() string {
"cloudns",
"cloudru",
"cloudxns",
+ "combell",
"conoha",
"constellix",
"corenetworks",
@@ -582,6 +583,27 @@ func displayDNSHelp(w io.Writer, name string) error {
ew.writeln()
ew.writeln(`More information: https://go-acme.github.io/lego/dns/cloudxns`)
+ case "combell":
+ // generated from: providers/dns/combell/combell.toml
+ ew.writeln(`Configuration for Combell.`)
+ ew.writeln(`Code: 'combell'`)
+ ew.writeln(`Since: 'v4.20.0'`)
+ ew.writeln()
+
+ ew.writeln(`Credentials:`)
+ ew.writeln(` - "COMBELL_API_KEY": The API key`)
+ ew.writeln(` - "COMBELL_API_SECRET": The API secret`)
+ ew.writeln()
+
+ ew.writeln(`Additional Configuration:`)
+ ew.writeln(` - "COMBELL_HTTP_TIMEOUT": API request timeout`)
+ ew.writeln(` - "COMBELL_POLLING_INTERVAL": Time between DNS propagation check`)
+ ew.writeln(` - "COMBELL_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`)
+ ew.writeln(` - "COMBELL_TTL": The TTL of the TXT record used for the DNS challenge`)
+
+ ew.writeln()
+ ew.writeln(`More information: https://go-acme.github.io/lego/dns/combell`)
+
case "conoha":
// generated from: providers/dns/conoha/conoha.toml
ew.writeln(`Configuration for ConoHa.`)
diff --git a/docs/content/dns/zz_gen_combell.md b/docs/content/dns/zz_gen_combell.md
new file mode 100644
index 0000000000..29216be3b1
--- /dev/null
+++ b/docs/content/dns/zz_gen_combell.md
@@ -0,0 +1,69 @@
+---
+title: "Combell"
+date: 2019-03-03T16:39:46+01:00
+draft: false
+slug: combell
+dnsprovider:
+ since: "v4.20.0"
+ code: "combell"
+ url: "https://www.combell.com/"
+---
+
+
+
+
+
+
+Configuration for [Combell](https://www.combell.com/).
+
+
+
+
+- Code: `combell`
+- Since: v4.20.0
+
+
+Here is an example bash command using the Combell provider:
+
+```bash
+COMBELL_API_KEY=xxxxxxxxxxxxxxxxxxxxx \
+COMBELL_API_SECRET=yyyyyyyyyyyyyyyyyyyy \
+lego --email you@example.com --dns combell -d '*.example.com' -d example.com run
+```
+
+
+
+
+## Credentials
+
+| Environment Variable Name | Description |
+|-----------------------|-------------|
+| `COMBELL_API_KEY` | The API key |
+| `COMBELL_API_SECRET` | The API secret |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+## Additional Configuration
+
+| Environment Variable Name | Description |
+|--------------------------------|-------------|
+| `COMBELL_HTTP_TIMEOUT` | API request timeout |
+| `COMBELL_POLLING_INTERVAL` | Time between DNS propagation check |
+| `COMBELL_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
+| `COMBELL_TTL` | The TTL of the TXT record used for the DNS challenge |
+
+The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
+More information [here]({{% ref "dns#configuration-and-credentials" %}}).
+
+
+
+
+## More information
+
+- [API documentation](https://api.combell.com/v2/documentation)
+
+
+
+
diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml
index efbd36bc49..d43cdde4d2 100644
--- a/docs/data/zz_cli_help.toml
+++ b/docs/data/zz_cli_help.toml
@@ -141,7 +141,7 @@ To display the documentation for a specific DNS provider, run:
$ lego dnshelp -c code
Supported DNS providers:
- acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, azuredns, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, conoha, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manual, metaname, mijnhost, mittwald, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, stackpath, tencentcloud, timewebcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, volcengine, vscale, vultr, webnames, websupport, wedos, yandex, yandex360, yandexcloud, zoneee, zonomi
+ acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, azuredns, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudru, cloudxns, combell, conoha, constellix, corenetworks, cpanel, derak, desec, designate, digitalocean, directadmin, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpnet, httpreq, huaweicloud, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, liara, lightsail, limacity, linode, liquidweb, loopia, luadns, mailinabox, manual, metaname, mijnhost, mittwald, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rcodezero, regfish, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, selectelv2, selfhostde, servercow, shellrent, simply, sonic, stackpath, tencentcloud, timewebcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, volcengine, vscale, vultr, webnames, websupport, wedos, yandex, yandex360, yandexcloud, zoneee, zonomi
More information: https://go-acme.github.io/lego/dns
"""
diff --git a/providers/dns/combell/combell.go b/providers/dns/combell/combell.go
new file mode 100644
index 0000000000..f83bbb9786
--- /dev/null
+++ b/providers/dns/combell/combell.go
@@ -0,0 +1,161 @@
+// Package combell implements a DNS provider for solving the DNS-01 challenge using Combell DNS.
+package combell
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/http"
+ "strings"
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge/dns01"
+ "github.com/go-acme/lego/v4/platform/config/env"
+ "github.com/go-acme/lego/v4/providers/dns/combell/internal"
+)
+
+const (
+ minTTL = 60
+ maxTTL = 8640
+)
+
+// Environment variables names.
+const (
+ envNamespace = "COMBELL_"
+
+ EnvAPIKey = envNamespace + "API_KEY"
+ EnvAPISecret = envNamespace + "API_SECRET"
+
+ EnvTTL = envNamespace + "TTL"
+ EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
+ EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
+ EnvHTTPTimeout = envNamespace + "HTTP_TIMEOUT"
+)
+
+// Config is used to configure the creation of the DNSProvider.
+type Config struct {
+ APIKey string
+ APISecret string
+ TTL int
+ PropagationTimeout time.Duration
+ PollingInterval time.Duration
+ HTTPClient *http.Client
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider.
+func NewDefaultConfig() *Config {
+ return &Config{
+ TTL: env.GetOrDefaultInt(EnvTTL, 3600),
+ PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),
+ PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+ HTTPClient: &http.Client{
+ Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
+ },
+ }
+}
+
+// DNSProvider implements the challenge.Provider interface.
+type DNSProvider struct {
+ config *Config
+ client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Combell DNS.
+// Credentials must be passed in the environment variables:
+// COMBELL_API_KEY, COMBELL_API_SECRET.
+func NewDNSProvider() (*DNSProvider, error) {
+ values, err := env.Get(EnvAPIKey, EnvAPISecret)
+ if err != nil {
+ return nil, fmt.Errorf("combell: %w", err)
+ }
+
+ config := NewDefaultConfig()
+ config.APIKey = values[EnvAPIKey]
+ config.APISecret = values[EnvAPISecret]
+
+ return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for Combell DNS.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+ if config == nil {
+ return nil, errors.New("combell: the configuration of the DNS provider is nil")
+ }
+
+ if config.APIKey == "" || config.APISecret == "" {
+ return nil, errors.New("combell: some credentials information are missing")
+ }
+
+ if config.TTL < minTTL {
+ return nil, fmt.Errorf("combell: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
+ }
+
+ if config.TTL > maxTTL {
+ return nil, fmt.Errorf("combell: invalid TTL, TTL (%d) must be lower than %d", config.TTL, maxTTL)
+ }
+
+ client := internal.NewClient(config.APIKey, config.APISecret, config.HTTPClient)
+
+ return &DNSProvider{config: config, client: client}, nil
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+ return d.config.PropagationTimeout, d.config.PollingInterval
+}
+
+// Present creates a TXT record to fulfill the dns-01 challenge.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("combell: could not find zone for domain %q (%s): %w", domain, info.EffectiveFQDN, err)
+ }
+
+ record := internal.Record{
+ Type: "TXT",
+ RecordName: dns01.UnFqdn(strings.TrimSuffix(info.EffectiveFQDN, authZone)),
+ Content: info.Value,
+ TTL: d.config.TTL,
+ }
+
+ err = d.client.CreateRecord(context.Background(), authZone, record)
+ if err != nil {
+ return fmt.Errorf("combell: create record: %w", err)
+ }
+
+ return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+ ctx := context.Background()
+ info := dns01.GetChallengeInfo(domain, keyAuth)
+
+ authZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)
+ if err != nil {
+ return fmt.Errorf("combell: could not find zone for domain %q (%s): %w", domain, info.EffectiveFQDN, err)
+ }
+
+ request := &internal.GetRecordsRequest{
+ Type: "TXT",
+ RecordName: dns01.UnFqdn(strings.TrimSuffix(info.EffectiveFQDN, authZone)),
+ }
+ records, err := d.client.GetRecords(ctx, authZone, request)
+ if err != nil {
+ return fmt.Errorf("combell: get records: %w", err)
+ }
+
+ for _, record := range records {
+ if record.Content == info.Value {
+ err = d.client.DeleteRecord(ctx, authZone, record.ID)
+ if err != nil {
+ return fmt.Errorf("combell: delete record: %w", err)
+ }
+ }
+ }
+
+ return nil
+}
diff --git a/providers/dns/combell/combell.toml b/providers/dns/combell/combell.toml
new file mode 100644
index 0000000000..e780eb2873
--- /dev/null
+++ b/providers/dns/combell/combell.toml
@@ -0,0 +1,24 @@
+Name = "Combell"
+Description = ''''''
+URL = "https://www.combell.com/"
+Code = "combell"
+Since = "v4.20.0"
+
+Example = '''
+COMBELL_API_KEY=xxxxxxxxxxxxxxxxxxxxx \
+COMBELL_API_SECRET=yyyyyyyyyyyyyyyyyyyy \
+lego --email you@example.com --dns combell -d '*.example.com' -d example.com run
+'''
+
+[Configuration]
+ [Configuration.Credentials]
+ COMBELL_API_KEY = "The API key"
+ COMBELL_API_SECRET = "The API secret"
+ [Configuration.Additional]
+ COMBELL_POLLING_INTERVAL = "Time between DNS propagation check"
+ COMBELL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+ COMBELL_TTL = "The TTL of the TXT record used for the DNS challenge"
+ COMBELL_HTTP_TIMEOUT = "API request timeout"
+
+[Links]
+ API = "https://api.combell.com/v2/documentation"
diff --git a/providers/dns/combell/combell_test.go b/providers/dns/combell/combell_test.go
new file mode 100644
index 0000000000..b5ff3cb903
--- /dev/null
+++ b/providers/dns/combell/combell_test.go
@@ -0,0 +1,115 @@
+package combell
+
+import (
+ "testing"
+
+ "github.com/go-acme/lego/v4/platform/tester"
+ "github.com/stretchr/testify/require"
+)
+
+const envDomain = envNamespace + "DOMAIN"
+
+var envTest = tester.NewEnvTest(EnvAPIKey, EnvAPISecret).WithDomain(envDomain)
+
+func TestNewDNSProvider(t *testing.T) {
+ testCases := []struct {
+ desc string
+ envVars map[string]string
+ expected string
+ }{
+ {
+ desc: "success",
+ envVars: map[string]string{
+ EnvAPIKey: "key",
+ EnvAPISecret: "secret",
+ },
+ },
+ {
+ desc: "missing API key",
+ envVars: map[string]string{
+ EnvAPISecret: "secret",
+ },
+ expected: "combell: some credentials information are missing: COMBELL_API_KEY",
+ },
+ {
+ desc: "missing API secret",
+ envVars: map[string]string{
+ EnvAPIKey: "key",
+ },
+ expected: "combell: some credentials information are missing: COMBELL_API_SECRET",
+ },
+ {
+ desc: "missing credentials",
+ envVars: map[string]string{},
+ expected: "combell: some credentials information are missing: COMBELL_API_KEY,COMBELL_API_SECRET",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ defer envTest.RestoreEnv()
+ envTest.ClearEnv()
+
+ envTest.Apply(test.envVars)
+
+ p, err := NewDNSProvider()
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
+
+func TestNewDNSProviderConfig(t *testing.T) {
+ testCases := []struct {
+ desc string
+ apiKey string
+ apiSecret string
+ expected string
+ }{
+ {
+ desc: "success",
+ apiKey: "key",
+ apiSecret: "secret",
+ },
+ {
+ desc: "missing API key",
+ apiSecret: "secret",
+ expected: "combell: some credentials information are missing",
+ },
+ {
+ desc: "missing API secret",
+ apiKey: "key",
+ expected: "combell: some credentials information are missing",
+ },
+ {
+ desc: "missing credentials",
+ expected: "combell: some credentials information are missing",
+ },
+ }
+
+ for _, test := range testCases {
+ t.Run(test.desc, func(t *testing.T) {
+ config := NewDefaultConfig()
+ config.APIKey = test.apiKey
+ config.APISecret = test.apiSecret
+
+ p, err := NewDNSProviderConfig(config)
+
+ if test.expected == "" {
+ require.NoError(t, err)
+ require.NotNil(t, p)
+ require.NotNil(t, p.config)
+ require.NotNil(t, p.client)
+ } else {
+ require.EqualError(t, err, test.expected)
+ }
+ })
+ }
+}
diff --git a/providers/dns/combell/internal/client.go b/providers/dns/combell/internal/client.go
new file mode 100644
index 0000000000..e3a7d918f9
--- /dev/null
+++ b/providers/dns/combell/internal/client.go
@@ -0,0 +1,232 @@
+package internal
+
+import (
+ "bytes"
+ "context"
+ "crypto/hmac"
+ "crypto/md5"
+ "crypto/sha256"
+ "encoding/base64"
+ "encoding/json"
+ "fmt"
+ "io"
+ "log"
+ "net/http"
+ "net/url"
+ "strconv"
+ "strings"
+ "time"
+
+ "github.com/go-acme/lego/v4/providers/dns/internal/errutils"
+ querystring "github.com/google/go-querystring/query"
+ "github.com/hashicorp/go-retryablehttp"
+)
+
+const defaultBaseURL = "https://api.combell.com/v2"
+
+// Client a Combell DNS API client.
+type Client struct {
+ apiKey string
+ apiSecret string
+
+ nonce *Nonce
+
+ httpClient *http.Client
+ baseURL *url.URL
+}
+
+// NewClient creates a new Client.
+func NewClient(apiKey, apiSecret string, httpClient *http.Client) *Client {
+ baseURL, _ := url.Parse(defaultBaseURL)
+
+ retryClient := retryablehttp.NewClient()
+ retryClient.RetryMax = 5
+ if httpClient != nil {
+ retryClient.HTTPClient = httpClient
+ }
+ retryClient.Logger = log.Default()
+
+ return &Client{
+ apiKey: apiKey,
+ apiSecret: apiSecret,
+ httpClient: retryClient.StandardClient(),
+ baseURL: baseURL,
+ nonce: NewNonce(),
+ }
+}
+
+// GetRecords gets the records of a domain.
+// https://api.combell.com/v2/documentation#tag/DNS-records/paths/~1dns~1{domainName}~1records/get
+func (c Client) GetRecords(ctx context.Context, domainName string, request *GetRecordsRequest) ([]Record, error) {
+ endpoint := c.baseURL.JoinPath("dns", domainName, "records")
+
+ if request != nil {
+ values, err := querystring.Values(request)
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint.RawQuery = values.Encode()
+ }
+
+ req, err := c.newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, fmt.Errorf("create request: %w", err)
+ }
+
+ var results []Record
+
+ err = c.do(req, http.StatusOK, &results)
+ if err != nil {
+ return nil, err
+ }
+
+ return results, nil
+}
+
+// CreateRecord creates a record.
+// https://api.combell.com/v2/documentation#tag/DNS-records/paths/~1dns~1{domainName}~1records/post
+func (c Client) CreateRecord(ctx context.Context, domainName string, record Record) error {
+ endpoint := c.baseURL.JoinPath("dns", domainName, "records")
+
+ req, err := c.newJSONRequest(ctx, http.MethodPost, endpoint, record)
+ if err != nil {
+ return fmt.Errorf("create request: %w", err)
+ }
+
+ // TODO(ldez) the "Location" header contains a reference to the created record.
+
+ return c.do(req, http.StatusCreated, nil)
+}
+
+// GetRecord gets a specific record.
+// https://api.combell.com/v2/documentation#tag/DNS-records/paths/~1dns~1{domainName}~1records~1{recordId}/get
+func (c Client) GetRecord(ctx context.Context, domainName, recordID string) (*Record, error) {
+ endpoint := c.baseURL.JoinPath("dns", domainName, "records", recordID)
+
+ req, err := c.newJSONRequest(ctx, http.MethodGet, endpoint, nil)
+ if err != nil {
+ return nil, fmt.Errorf("create request: %w", err)
+ }
+
+ var result Record
+
+ err = c.do(req, http.StatusOK, &result)
+ if err != nil {
+ return nil, err
+ }
+
+ return &result, nil
+}
+
+// DeleteRecord deletes a record.
+// https://api.combell.com/v2/documentation#tag/DNS-records/paths/~1dns~1{domainName}~1records~1{recordId}/delete
+func (c Client) DeleteRecord(ctx context.Context, domainName, recordID string) error {
+ endpoint := c.baseURL.JoinPath("dns", domainName, "records", recordID)
+
+ req, err := c.newJSONRequest(ctx, http.MethodDelete, endpoint, nil)
+ if err != nil {
+ return err
+ }
+
+ return c.do(req, http.StatusNoContent, nil)
+}
+
+func (c Client) do(req *http.Request, expectedStatus int, result any) error {
+ resp, err := c.httpClient.Do(req)
+ if err != nil {
+ return errutils.NewHTTPDoError(req, err)
+ }
+
+ defer func() { _ = resp.Body.Close() }()
+
+ if resp.StatusCode != expectedStatus {
+ return parseError(req, resp)
+ }
+
+ if result == nil {
+ return nil
+ }
+
+ raw, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return errutils.NewReadResponseError(req, resp.StatusCode, err)
+ }
+
+ err = json.Unmarshal(raw, result)
+ if err != nil {
+ return errutils.NewUnmarshalError(req, resp.StatusCode, raw, err)
+ }
+
+ return nil
+}
+
+func (c Client) newJSONRequest(ctx context.Context, method string, endpoint *url.URL, payload any) (*http.Request, error) {
+ buf := new(bytes.Buffer)
+ var body []byte
+
+ if payload != nil {
+ var err error
+ body, err = json.Marshal(payload)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create request JSON body: %w", err)
+ }
+
+ buf = bytes.NewBuffer(body)
+ }
+
+ req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), buf)
+ if err != nil {
+ return nil, fmt.Errorf("unable to create request: %w", err)
+ }
+
+ req.Header.Set("Accept", "application/json")
+
+ if payload != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ sign, err := c.sign(req, body)
+ if err != nil {
+ return nil, fmt.Errorf("request signature: %w", err)
+ }
+
+ req.Header.Set("Authorization", sign)
+
+ return req, nil
+}
+
+func (c Client) sign(req *http.Request, body []byte) (string, error) {
+ unix := time.Now().Unix()
+ nonce := c.nonce.Generate(10)
+
+ var encodedBody string
+ if len(body) > 0 {
+ sum := md5.Sum(body)
+ encodedBody = base64.StdEncoding.EncodeToString(sum[:])
+ }
+
+ h := hmac.New(sha256.New, []byte(c.apiSecret))
+ _, err := h.Write([]byte(
+ c.apiKey + strings.ToLower(req.Method) + url.QueryEscape(strings.ToLower(req.URL.RequestURI())) + strconv.FormatInt(unix, 10) + nonce + encodedBody),
+ )
+ if err != nil {
+ return "", err
+ }
+
+ hSign := base64.StdEncoding.EncodeToString(h.Sum(nil))
+
+ return fmt.Sprintf("hmac %s:%s:%s:%d", c.apiKey, hSign, nonce, unix), nil
+}
+
+func parseError(req *http.Request, resp *http.Response) error {
+ raw, _ := io.ReadAll(resp.Body)
+
+ var response APIError
+ err := json.Unmarshal(raw, &response)
+ if err != nil {
+ return errutils.NewUnexpectedStatusCodeError(req, resp.StatusCode, raw)
+ }
+
+ return fmt.Errorf("[status code %d] %w", resp.StatusCode, response)
+}
diff --git a/providers/dns/combell/internal/client_test.go b/providers/dns/combell/internal/client_test.go
new file mode 100644
index 0000000000..cd5614591c
--- /dev/null
+++ b/providers/dns/combell/internal/client_test.go
@@ -0,0 +1,153 @@
+package internal
+
+import (
+ "context"
+ "fmt"
+ "io"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "os"
+ "path/filepath"
+ "strings"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestClient_GetRecords(t *testing.T) {
+ client, mux := setup(t)
+
+ mux.HandleFunc("/dns/example.com/records", testHandler("./GetRecords.json", http.MethodGet, http.StatusOK))
+
+ records, err := client.GetRecords(context.Background(), "example.com", nil)
+ require.NoError(t, err)
+
+ expected := []Record{
+ {
+ ID: "string",
+ Type: "string",
+ RecordName: "string",
+ Content: "string",
+ TTL: 3600,
+ Priority: 10,
+ Service: "string",
+ Weight: 0,
+ Target: "string",
+ Protocol: "TCP",
+ Port: 0,
+ },
+ }
+ assert.Equal(t, expected, records)
+}
+
+func TestClient_GetRecord(t *testing.T) {
+ client, mux := setup(t)
+
+ mux.HandleFunc("/dns/example.com/records/123", testHandler("./GetRecord.json", http.MethodGet, http.StatusOK))
+
+ record, err := client.GetRecord(context.Background(), "example.com", "123")
+ require.NoError(t, err)
+
+ expected := &Record{
+ ID: "string",
+ Type: "string",
+ RecordName: "string",
+ Content: "string",
+ TTL: 3600,
+ Priority: 10,
+ Service: "string",
+ Weight: 0,
+ Target: "string",
+ Protocol: "TCP",
+ Port: 0,
+ }
+ assert.Equal(t, expected, record)
+}
+
+func TestClient_DeleteRecord(t *testing.T) {
+ client, mux := setup(t)
+
+ mux.HandleFunc("/dns/example.com/records/123", func(rw http.ResponseWriter, req *http.Request) {
+ rw.WriteHeader(http.StatusNoContent)
+ })
+
+ err := client.DeleteRecord(context.Background(), "example.com", "123")
+ require.NoError(t, err)
+}
+
+func TestClient_DeleteRecord_error(t *testing.T) {
+ client, mux := setup(t)
+
+ mux.HandleFunc("/dns/example.com/records/123", testHandler("./error.json", http.MethodDelete, http.StatusUnauthorized))
+
+ err := client.DeleteRecord(context.Background(), "example.com", "123")
+ require.Error(t, err)
+}
+
+func TestClient_sign(t *testing.T) {
+ client := NewClient("my_key", "my_secret", nil)
+
+ endpoint, err := url.Parse("https://localhost/v2/domains")
+ require.NoError(t, err)
+
+ query := endpoint.Query()
+ query.Set("skip", "0")
+ query.Set("take", "10")
+ endpoint.RawQuery = query.Encode()
+
+ req, err := http.NewRequest(http.MethodGet, endpoint.String(), nil)
+ require.NoError(t, err)
+
+ sign, err := client.sign(req, nil)
+ require.NoError(t, err)
+
+ assert.Regexp(t, `hmac my_key:[^:]+:[a-zA-Z]{10}:\d{10}`, sign)
+}
+
+func testHandler(filename string, method string, statusCode int) http.HandlerFunc {
+ return func(rw http.ResponseWriter, req *http.Request) {
+ if req.Method != method {
+ http.Error(rw, fmt.Sprintf("unsupported method: %s", req.Method), http.StatusMethodNotAllowed)
+ return
+ }
+
+ auth := req.Header.Get("Authorization")
+ if !strings.HasPrefix(auth, "hmac key:") {
+ http.Error(rw, "invalid Authorization header", http.StatusUnauthorized)
+ return
+ }
+
+ file, err := os.Open(filepath.Join("fixtures", filename))
+ if err != nil {
+ http.Error(rw, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ defer func() { _ = file.Close() }()
+
+ rw.WriteHeader(statusCode)
+
+ _, err = io.Copy(rw, file)
+ if err != nil {
+ http.Error(rw, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ }
+}
+
+func setup(t *testing.T) (*Client, *http.ServeMux) {
+ t.Helper()
+
+ mux := http.NewServeMux()
+
+ server := httptest.NewServer(mux)
+ t.Cleanup(server.Close)
+
+ client := NewClient("key", "secret", nil)
+ client.httpClient = server.Client()
+ client.baseURL, _ = url.Parse(server.URL)
+
+ return client, mux
+}
diff --git a/providers/dns/combell/internal/fixtures/GetRecord.json b/providers/dns/combell/internal/fixtures/GetRecord.json
new file mode 100644
index 0000000000..901929c51c
--- /dev/null
+++ b/providers/dns/combell/internal/fixtures/GetRecord.json
@@ -0,0 +1,13 @@
+{
+ "id": "string",
+ "type": "string",
+ "record_name": "string",
+ "ttl": 3600,
+ "content": "string",
+ "priority": 10,
+ "service": "string",
+ "weight": 0,
+ "target": "string",
+ "protocol": "TCP",
+ "port": 0
+}
diff --git a/providers/dns/combell/internal/fixtures/GetRecords.json b/providers/dns/combell/internal/fixtures/GetRecords.json
new file mode 100644
index 0000000000..1d8c30529b
--- /dev/null
+++ b/providers/dns/combell/internal/fixtures/GetRecords.json
@@ -0,0 +1,15 @@
+[
+ {
+ "id": "string",
+ "type": "string",
+ "record_name": "string",
+ "ttl": 3600,
+ "content": "string",
+ "priority": 10,
+ "service": "string",
+ "weight": 0,
+ "target": "string",
+ "protocol": "TCP",
+ "port": 0
+ }
+]
diff --git a/providers/dns/combell/internal/fixtures/error.json b/providers/dns/combell/internal/fixtures/error.json
new file mode 100644
index 0000000000..41dad2f467
--- /dev/null
+++ b/providers/dns/combell/internal/fixtures/error.json
@@ -0,0 +1,4 @@
+{
+ "error_code": "auth_authorization_header_invalid_format",
+ "error_text": "The authorization header is in an invalid format."
+}
diff --git a/providers/dns/combell/internal/nonce.go b/providers/dns/combell/internal/nonce.go
new file mode 100644
index 0000000000..7870db382b
--- /dev/null
+++ b/providers/dns/combell/internal/nonce.go
@@ -0,0 +1,43 @@
+package internal
+
+import (
+ "math/rand"
+ "strings"
+ "time"
+)
+
+const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+const (
+ letterIndexBits = 6 // 6 bits to represent a letter index
+ letterIndexMask = 1<= 0; {
+ if remain == 0 {
+ cache, remain = c.src.Int63(), letterIndexMax
+ }
+ if idx := int(cache & letterIndexMask); idx < len(letterBytes) {
+ sb.WriteByte(letterBytes[idx])
+ i--
+ }
+ cache >>= letterIndexBits
+ remain--
+ }
+
+ return sb.String()
+}
diff --git a/providers/dns/combell/internal/nonce_test.go b/providers/dns/combell/internal/nonce_test.go
new file mode 100644
index 0000000000..e5a42827f9
--- /dev/null
+++ b/providers/dns/combell/internal/nonce_test.go
@@ -0,0 +1,40 @@
+package internal
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestNonce_Generate(t *testing.T) {
+ nonce := NewNonce()
+
+ testCases := []struct {
+ desc string
+ length int
+ }{
+ {
+ desc: "one letter",
+ length: 1,
+ },
+ {
+ desc: "10 letters",
+ length: 10,
+ },
+ {
+ desc: "100 letters",
+ length: 100,
+ },
+ }
+
+ for _, test := range testCases {
+ test := test
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ result := nonce.Generate(test.length)
+ assert.Len(t, result, test.length)
+ assert.Regexp(t, `[a-zA-Z]+`, result)
+ })
+ }
+}
diff --git a/providers/dns/combell/internal/types.go b/providers/dns/combell/internal/types.go
new file mode 100644
index 0000000000..bd57deed68
--- /dev/null
+++ b/providers/dns/combell/internal/types.go
@@ -0,0 +1,34 @@
+package internal
+
+import "fmt"
+
+type Record struct {
+ ID string `json:"id"`
+ Type string `json:"type,omitempty"`
+ RecordName string `json:"record_name,omitempty"`
+ Content string `json:"content,omitempty"`
+ TTL int `json:"ttl,omitempty"`
+ Priority int `json:"priority,omitempty"`
+ Service string `json:"service,omitempty"`
+ Weight int `json:"weight,omitempty"`
+ Target string `json:"target,omitempty"`
+ Protocol string `json:"protocol,omitempty"`
+ Port int `json:"port,omitempty"`
+}
+
+type GetRecordsRequest struct {
+ Skip int `url:"skip,omitempty"`
+ Take int `url:"take,omitempty"`
+ Type string `url:"type,omitempty"`
+ RecordName string `url:"record_name,omitempty"`
+ Service string `url:"service,omitempty"`
+}
+
+type APIError struct {
+ ErrorCode string `json:"error_code"`
+ ErrorText string `json:"error_text"`
+}
+
+func (a APIError) Error() string {
+ return fmt.Sprintf("%s: %s", a.ErrorCode, a.ErrorText)
+}
diff --git a/providers/dns/zz_gen_dns_providers.go b/providers/dns/zz_gen_dns_providers.go
index 63f16db94e..dc14b57cc8 100644
--- a/providers/dns/zz_gen_dns_providers.go
+++ b/providers/dns/zz_gen_dns_providers.go
@@ -26,6 +26,7 @@ import (
"github.com/go-acme/lego/v4/providers/dns/cloudns"
"github.com/go-acme/lego/v4/providers/dns/cloudru"
"github.com/go-acme/lego/v4/providers/dns/cloudxns"
+ "github.com/go-acme/lego/v4/providers/dns/combell"
"github.com/go-acme/lego/v4/providers/dns/conoha"
"github.com/go-acme/lego/v4/providers/dns/constellix"
"github.com/go-acme/lego/v4/providers/dns/corenetworks"
@@ -192,6 +193,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
return cloudru.NewDNSProvider()
case "cloudxns":
return cloudxns.NewDNSProvider()
+ case "combell":
+ return combell.NewDNSProvider()
case "conoha":
return conoha.NewDNSProvider()
case "constellix":