Skip to content

Commit 7a9aa3a

Browse files
0xJacky0xJacky
committed
chore: update lego configurations
1 parent 7f3f23d commit 7a9aa3a

File tree

5 files changed

+42
-4
lines changed

5 files changed

+42
-4
lines changed

internal/cert/config/designate.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ Public cloud providers with support for Designate:
6363
[Configuration.Additional]
6464
OS_PROJECT_ID = "Project ID"
6565
OS_TENANT_NAME = "Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID)"
66+
DESIGNATE_ZONE_NAME = "The zone name to use in the OpenStack Project to manage TXT records."
6667
DESIGNATE_POLLING_INTERVAL = "Time between DNS propagation check"
6768
DESIGNATE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
6869
DESIGNATE_TTL = "The TTL of the TXT record used for the DNS challenge"

internal/cert/config/dode.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,4 +20,4 @@ lego --email [email protected] --dns dode --domains my.example.org run
2020
DODE_SEQUENCE_INTERVAL = "Time between sequential requests"
2121

2222
[Links]
23-
API = "https://www.do.de/wiki/LetsEncrypt_-_Entwickler"
23+
API = "https://www.do.de/wiki/freie-ssl-tls-zertifikate-ueber-acme/"

internal/cert/config/godaddy.toml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,15 @@ GODADDY_API_SECRET=yyyyyyyy \
1010
lego --email [email protected] --dns godaddy --domains my.example.org run
1111
'''
1212

13+
Additional = '''
14+
GoDaddy has recently (2024-04) updated the account requirements to access parts of their production Domains API:
15+
16+
- Availability API: Limited to accounts with 50 or more domains.
17+
- Management and DNS APIs: Limited to accounts with 10 or more domains and/or an active Discount Domain Club plan.
18+
19+
https://community.letsencrypt.org/t/getting-unauthorized-url-error-while-trying-to-get-cert-for-subdomains/217329/12
20+
'''
21+
1322
[Configuration]
1423
[Configuration.Credentials]
1524
GODADDY_API_KEY = "API key"

internal/cert/config/ovh.toml

Lines changed: 30 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,20 @@ Code = "ovh"
55
Since = "v0.4.0"
66

77
Example = '''
8+
# Application Key authentication:
9+
810
OVH_APPLICATION_KEY=1234567898765432 \
911
OVH_APPLICATION_SECRET=b9841238feb177a84330febba8a832089 \
1012
OVH_CONSUMER_KEY=256vfsd347245sdfg \
1113
OVH_ENDPOINT=ovh-eu \
1214
lego --email [email protected] --dns ovh --domains my.example.org run
15+
16+
# Or OAuth2:
17+
18+
OVH_CLIENT_ID=yyy \
19+
OVH_CLIENT_SECRET=xxx \
20+
OVH_ENDPOINT=ovh-eu \
21+
lego --email [email protected] --dns ovh --domains my.example.org run
1322
'''
1423

1524
Additional = '''
@@ -33,14 +42,32 @@ When requesting the consumer key, the following configuration can be used to def
3342
]
3443
}
3544
```
45+
46+
## OAuth2 Client Credentials
47+
48+
Another method for authentication is by using OAuth2 client credentials.
49+
50+
An IAM policy and service account can be created by following the [OVH guide](https://help.ovhcloud.com/csm/en-manage-service-account?id=kb_article_view&sysparm_article=KB0059343).
51+
52+
Following IAM policies need to be authorized for the affected domain:
53+
54+
* dnsZone:apiovh:record/create
55+
* dnsZone:apiovh:record/delete
56+
* dnsZone:apiovh:refresh
57+
58+
## Important Note
59+
60+
Both authentication methods cannot be used at the same time.
3661
'''
3762

3863
[Configuration]
3964
[Configuration.Credentials]
4065
OVH_ENDPOINT = "Endpoint URL (ovh-eu or ovh-ca)"
41-
OVH_APPLICATION_KEY = "Application key"
42-
OVH_APPLICATION_SECRET = "Application secret"
43-
OVH_CONSUMER_KEY = "Consumer key"
66+
OVH_APPLICATION_KEY = "Application key (Application Key authentication)"
67+
OVH_APPLICATION_SECRET = "Application secret (Application Key authentication)"
68+
OVH_CONSUMER_KEY = "Consumer key (Application Key authentication)"
69+
OVH_CLIENT_ID = "Client ID (OAuth2)"
70+
OVH_CLIENT_SECRET = "Client secret (OAuth2)"
4471
[Configuration.Additional]
4572
OVH_POLLING_INTERVAL = "Time between DNS propagation check"
4673
OVH_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"

internal/cert/config/route53.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,7 @@ Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with
131131
AWS_SDK_LOAD_CONFIG = "Managed by the AWS client. Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported)"
132132
AWS_ASSUME_ROLE_ARN = "Managed by the AWS Role ARN (`AWS_ASSUME_ROLE_ARN_FILE` is not supported)"
133133
AWS_EXTERNAL_ID = "Managed by STS AssumeRole API operation (`AWS_EXTERNAL_ID_FILE` is not supported)"
134+
AWS_WAIT_FOR_RECORD_SETS_CHANGED = "Wait for changes to be INSYNC (it can be unstable)"
134135
[Configuration.Additional]
135136
AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
136137
AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"

0 commit comments

Comments
 (0)