Skip to content

DNS-01 Challenge Support #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

DNS-01 Challenge Support #41

wants to merge 6 commits into from

Conversation

@kmcbride3
Copy link

@kmcbride3 kmcbride3 commented Jul 20, 2025

This pull request introduces a significant enhancement to the w2c-letsencrypt-esxi by adding support for DNS-01 challenges. Included with it are improved configuration options, a modular approach to supporting DNS providers via dnsapi/dns_api.sh, and an initial integration with Cloudflare's DNS API through dnsapi/dns_cloudflare.sh. These changes enhance flexibility, particularly for environments where HTTP-01 challenges are not feasible, and improve the overall usability of the project.

Enhancements to ACME Challenge Support:

  • Added support for DNS-01 challenges, enabling wildcard certificates and operation in environments where the server is not publicly accessible. This includes new logic in acme_tiny.py for handling DNS-01 challenges and interacting with DNS APIs.

Cloudflare DNS API Integration:

  • Introduced dnsapi/dns_cloudflare.sh, a new script for managing DNS records via Cloudflare's API. This script supports adding and removing TXT records for DNS-01 challenges and includes robust error handling and logging.

Improvements to Configuration:

  • Updated the README.md to provide detailed instructions for configuring both HTTP-01 and DNS-01 challenges, including examples for using Cloudflare or manual DNS record management.
  • Added a new renew.cfg.example file to serve as a template for customizing renewal settings.

Build Script Updates:

  • Modified build/create_vib.sh ensures the new dnsapi/dns_api.sh script and any available DNS provider handler scripts are included in the VIB package.

kmcbride3 added 6 commits July 20, 2025 15:11
@kmcbride3
feat: add support for DNS-01 challenge handling in renewal script & `…
3e5887b 
…acme_tiny.py`
@kmcbride3
Add modular DNS-01 API framework and providers (cloudflare, manual)
59bf018 
- Add `dnsapi/dns_api.sh`: Core DNS API framework for DNS-01 challenge automation, providing a standardized interface and utilities for DNS provider plugins.
- Add `dnsapi/dns_cloudflare.sh`: Cloudflare DNS API provider supporting automated DNS-01 challenge record management via API token or global key.
- Add `dnsapi/dns_manual.sh`: Manual DNS provider for interactive, non-automated DNS-01 challenge setup and cleanup.

These scripts enable modular, extensible DNS-01 challenge support for ACME certificate issuance.
@kmcbride3
feat: enhance renewal script for DNS-01 challenge support and firewal…
238b5c4 
…l management, provide example `renew.cfg` file
@kmcbride3
feat: update create_vib.sh to include DNS-01 challenge scripts
57d5cda
@kmcbride3
feat: update README.md to include prerequisites and configuration for…
69b963c 
… DNS-01 challenges
@kmcbride3
Restore missing default values for DIRECTORY_URL, KEY, CSR, and…
2be30f1 
… `CRT`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kmcbride3