chore: update lego configs

0xJacky · 0xJacky · commit 4289d5556295 · 2024-03-25T23:03:42.000+08:00
diff --git a/internal/cert/config/alidns.toml b/internal/cert/config/alidns.toml
@@ -29,5 +29,5 @@ lego --email you@example.com --dns alidns --domains my.example.org run
     ALICLOUD_HTTP_TIMEOUT = "API request timeout"
 
 [Links]
-  API = "https://www.alibabacloud.com/help/doc-detail/42875.htm"
+  API = "https://www.alibabacloud.com/help/en/alibaba-cloud-dns/latest/api-alidns-2015-01-09-dir-parsing-records"
   GoClient = "https://github.com/aliyun/alibaba-cloud-sdk-go"
diff --git a/internal/cert/config/azuredns.toml b/internal/cert/config/azuredns.toml
@@ -27,15 +27,12 @@ lego --domains example.com --email your_example@email.com --dns azuredns run
 ### Using Managed Identity (Azure VM)
 
 AZURE_TENANT_ID=<your service principal tenant ID> \
-AZURE_SUBSCRIPTION_ID=<your target zone subscription ID> \
 AZURE_RESOURCE_GROUP=<your target zone resource group name> \
 lego --domains example.com --email your_example@email.com --dns azuredns run
 
 ### Using Managed Identity (Azure Arc)
 
 AZURE_TENANT_ID=<your service principal tenant ID> \
-AZURE_SUBSCRIPTION_ID=<your target zone subscription ID> \
-AZURE_RESOURCE_GROUP=<your target zone resource group name> \
 IMDS_ENDPOINT=http://localhost:40342 \
 IDENTITY_ENDPOINT=http://localhost:40342/metadata/identity/oauth2/token \
 lego --domains example.com --email your_example@email.com --dns azuredns run
@@ -61,14 +58,30 @@ Link:
 
 ### Environment variables
 
+#### Service Discovery
+
+Lego automatically finds all visible Azure (private) DNS zones using [Azure ResourceGraph query](https://learn.microsoft.com/en-us/azure/governance/resource-graph/).
+This can be limited by specifying environment variable `AZURE_SUBSCRIPTION_ID` and/or `AZURE_RESOURCE_GROUP` which limits the
+DNS zones to only a subscription or to one resourceGroup.
+
+Additionally environment variable `AZURE_SERVICEDISCOVERY_FILTER` can be used to filter DNS zones with an addition Kusto filter eg:
+
+```
+resources
+| where type =~ "microsoft.network/dnszones"
+| ${AZURE_SERVICEDISCOVERY_FILTER}
+| project subscriptionId, resourceGroup, name
+```
+
+
 #### Client secret
 
 The Azure Credentials can be configured using the following environment variables:
 * AZURE_CLIENT_ID = "Client ID"
 * AZURE_CLIENT_SECRET = "Client secret"
 * AZURE_TENANT_ID = "Tenant ID"
 
-This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `env`.
+This authentication method can be specifically used by setting the `AZURE_AUTH_METHOD` environment variable to `env`.
 
 #### Client certificate
 
@@ -77,7 +90,7 @@ The Azure Credentials can be configured using the following environment variable
 * AZURE_CLIENT_CERTIFICATE_PATH = "Client certificate path"
 * AZURE_TENANT_ID = "Tenant ID"
 
-This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `env`.
+This authentication method can be specifically used by setting the `AZURE_AUTH_METHOD` environment variable to `env`.
 
 ### Workload identity
 
@@ -88,12 +101,12 @@ This must be configured in kubernetes workload deployment in one hand and on the
 Here is a summary of the steps to follow to use it :
 * create a `ServiceAccount` resource, add following annotations to reference the targeted Azure AD application registration : `azure.workload.identity/client-id` and `azure.workload.identity/tenant-id`.
 * on the `Deployment` resource you must reference the previous `ServiceAccount` and add the following label : `azure.workload.identity/use: "true"`.
-* create a fedreated credentials of type `Kubernetes accessing Azure resources`, add the cluster issuer URL  and add the namespace and name of your kubernetes service account.
+* create a federated credentials of type `Kubernetes accessing Azure resources`, add the cluster issuer URL  and add the namespace and name of your kubernetes service account.
 
 Link :
 - [Azure AD Workload identity](https://azure.github.io/azure-workload-identity/docs/topics/service-account-labels-and-annotations.html)
 
-This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `wli`.
+This authentication method can be specifically used by setting the `AZURE_AUTH_METHOD` environment variable to `wli`.
 
 ### Azure Managed Identity
 
@@ -128,9 +141,9 @@ az role assignment create \
 ```
 
 A timeout wrapper is configured for this authentication method.
-The duraction can be configured by setting the `AZURE_AUTH_MSI_TIMEOUT`.
+The duration can be configured by setting the `AZURE_AUTH_MSI_TIMEOUT`.
 The default timeout is 2 seconds.
-This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `msi`.
+This authentication method can be specifically used by setting the `AZURE_AUTH_METHOD` environment variable to `msi`.
 
 #### Azure Managed Identity (with Azure Arc)
 
@@ -144,17 +157,17 @@ you may need to set the environment variables:
 * `IDENTITY_ENDPOINT=http://localhost:40342/metadata/identity/oauth2/token`
 
 A timeout wrapper is configured for this authentication method.
-The duraction can be configured by setting the `AZURE_AUTH_MSI_TIMEOUT`.
+The duration can be configured by setting the `AZURE_AUTH_MSI_TIMEOUT`.
 The default timeout is 2 seconds.
-This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `msi`.
+This authentication method can be specifically used by setting the `AZURE_AUTH_METHOD` environment variable to `msi`.
 
 ### Azure CLI
 
 The Azure CLI is a command-line tool provided by Microsoft to interact with Azure resources.
 It provides an easy way to authenticate by simply running `az login` command.
 The generated token will be cached by default in the `~/.azure` folder.
 
-This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `cli`.
+This authentication method can be specifically used by setting the `AZURE_AUTH_METHOD` environment variable to `cli`.
 
 ### Open ID Connect
 
@@ -169,10 +182,11 @@ It can be enabled by setting the `AZURE_AUTH_METHOD` environment variable to `oi
     AZURE_CLIENT_SECRET = "Client secret"
     AZURE_TENANT_ID = "Tenant ID"
     AZURE_CLIENT_CERTIFICATE_PATH = "Client certificate path"
-    AZURE_SUBSCRIPTION_ID = "DNS zone subscription ID"
-    AZURE_RESOURCE_GROUP = "DNS zone resource group"
   [Configuration.Additional]
     AZURE_ENVIRONMENT = "Azure environment, one of: public, usgovernment, and china"
+    AZURE_SUBSCRIPTION_ID = "DNS zone subscription ID"
+    AZURE_RESOURCE_GROUP = "DNS zone resource group"
+    AZURE_SERVICEDISCOVERY_FILTER = "Advanced ServiceDiscovery filter using Kusto query condition"
     AZURE_PRIVATE_ZONE = "Set to true to use Azure Private DNS Zones and not public"
     AZURE_ZONE_NAME = "Zone name to use inside Azure DNS service to add the TXT record in"
     AZURE_AUTH_METHOD = "Specify which authentication method to use"
diff --git a/internal/cert/config/cpanel.toml b/internal/cert/config/cpanel.toml
@@ -0,0 +1,39 @@
+Name = "CPanel/WHM"
+Description = ''''''
+URL = "https://cpanel.net/"
+Code = "cpanel"
+Since = "v4.16.0"
+
+Example = '''
+### CPANEL (default)
+
+CPANEL_USERNAME = "yyyy"
+CPANEL_TOKEN = "xxxx"
+CPANEL_BASE_URL = "https://example.com:2083" \
+lego --email you@example.com --dns cpanel --domains my.example.org run
+
+## WHM
+
+CPANEL_MODE = whm
+CPANEL_USERNAME = "yyyy"
+CPANEL_TOKEN = "xxxx"
+CPANEL_BASE_URL = "https://example.com:2087" \
+lego --email you@example.com --dns cpanel --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    CPANEL_USERNAME = "username"
+    CPANEL_TOKEN = "API token"
+    CPANEL_BASE_URL = "API server URL"
+  [Configuration.Additional]
+    CPANEL_MODE = "use cpanel API or WHM API (Default: cpanel)"
+    CPANEL_POLLING_INTERVAL = "Time between DNS propagation check"
+    CPANEL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    CPANEL_TTL = "The TTL of the TXT record used for the DNS challenge"
+    CPANEL_HTTP_TIMEOUT = "API request timeout"
+    CPANEL_REGION = "The region"
+
+[Links]
+  API_CPANEL = "https://api.docs.cpanel.net/cpanel/introduction/"
+  API_WHM = "https://api.docs.cpanel.net/whm/introduction/"
diff --git a/internal/cert/config/gcloud.toml b/internal/cert/config/gcloud.toml
@@ -21,6 +21,7 @@ GCE_PROJECT="gc-project-id" GCE_SERVICE_ACCOUNT_FILE="/path/to/svc/account/file.
     GCE_SERVICE_ACCOUNT = "Account"
   [Configuration.Additional]
     GCE_ALLOW_PRIVATE_ZONE = "Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false)"
+    GCE_ZONE_ID = "Allows to skip the automatic detection of the zone"
     GCE_POLLING_INTERVAL = "Time between DNS propagation check"
     GCE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
     GCE_TTL = "The TTL of the TXT record used for the DNS challenge"
diff --git a/internal/cert/config/mailinabox.toml b/internal/cert/config/mailinabox.toml
@@ -0,0 +1,24 @@
+Name = "Mail-in-a-Box"
+Description = ''''''
+URL = "https://mailinabox.email"
+Code = "mailinabox"
+Since = "v4.16.0"
+
+Example = '''
+MAILINABOX_EMAIL=user@example.com \
+MAILINABOX_PASSWORD=yyyy \
+MAILINABOX_BASE_URL=https://box.example.com \
+lego --email you@example.com --dns mailinabox --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    MAILINABOX_EMAIL = "User email"
+    MAILINABOX_PASSWORD = "User password"
+    MAILINABOX_BASE_URL = "Base API URL (ex: https://box.example.com)"
+  [Configuration.Additional]
+    MAILINABOX_POLLING_INTERVAL = "Time between DNS propagation check"
+    MAILINABOX_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+
+[Links]
+  API = "https://mailinabox.email/api-docs.html"
diff --git a/internal/cert/config/pdns.toml b/internal/cert/config/pdns.toml
@@ -18,18 +18,20 @@ Tested and confirmed to work with PowerDNS authoritative server 3.4.8 and 4.0.1.
 PowerDNS Notes:
 - PowerDNS API does not currently support SSL, therefore you should take care to ensure that traffic between lego and the PowerDNS API is over a trusted network, VPN etc.
 - In order to have the SOA serial automatically increment each time the `_acme-challenge` record is added/modified via the API, set `SOA-EDIT-API` to `INCEPTION-INCREMENT` for the zone in the `domainmetadata` table
+- Some PowerDNS servers doesn't have root API endpoints enabled and API version autodetection will not work. In that case version number can be defined using `PDNS_API_VERSION`.
 '''
 
 [Configuration]
   [Configuration.Credentials]
     PDNS_API_KEY = "API key"
     PDNS_API_URL = "API URL"
   [Configuration.Additional]
+    PDNS_SERVER_NAME = "Name of the server in the URL, 'localhost' by default"
+    PDNS_API_VERSION = "Skip API version autodetection and use the provided version number."
     PDNS_POLLING_INTERVAL = "Time between DNS propagation check"
     PDNS_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
     PDNS_TTL = "The TTL of the TXT record used for the DNS challenge"
     PDNS_HTTP_TIMEOUT = "API request timeout"
-    PDNS_SERVER_NAME = "Name of the server in the URL, 'localhost' by default"
 
 [Links]
   API = "https://doc.powerdns.com/md/httpapi/README/"
diff --git a/internal/cert/config/route53.toml b/internal/cert/config/route53.toml
@@ -9,7 +9,7 @@ AWS_ACCESS_KEY_ID=your_key_id \
 AWS_SECRET_ACCESS_KEY=your_secret_access_key \
 AWS_REGION=aws-region \
 AWS_HOSTED_ZONE_ID=your_hosted_zone_id \
- --domains example.com --email your_example@email.com --dns route53 --accept-tos=true run
+lego --domains example.com --email your_example@email.com --dns route53 --accept-tos=true run
 '''
 
 Additional = '''
diff --git a/internal/cert/config/scaleway.toml b/internal/cert/config/scaleway.toml
@@ -5,18 +5,19 @@ Code = "scaleway"
 Since = "v3.4.0"
 
 Example = '''
-SCALEWAY_API_TOKEN=xxxxxxx-xxxxx-xxxx-xxx-xxxxxx \
+SCW_SECRET_KEY=xxxxxxx-xxxxx-xxxx-xxx-xxxxxx \
 lego --email you@example.com --dns scaleway --domains my.example.org run
 '''
 
 [Configuration]
   [Configuration.Credentials]
-    SCALEWAY_API_TOKEN = "API token"
-    SCALEWAY_PROJECT_ID = "Project to use (optional)"
+    SCW_SECRET_KEY = "Secret key"
+    SCW_PROJECT_ID = "Project to use (optional)"
   [Configuration.Additional]
-    SCALEWAY_POLLING_INTERVAL = "Time between DNS propagation check"
-    SCALEWAY_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
-    SCALEWAY_TTL = "The TTL of the TXT record used for the DNS challenge"
+    SCW_ACCESS_KEY = "Access key"
+    SCW_POLLING_INTERVAL = "Time between DNS propagation check"
+    SCW_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    SCW_TTL = "The TTL of the TXT record used for the DNS challenge"
 
 [Links]
   API = "https://developers.scaleway.com/en/products/domain/dns/api/"
diff --git a/internal/cert/config/shellrent.toml b/internal/cert/config/shellrent.toml
@@ -0,0 +1,24 @@
+Name = "Shellrent"
+Description = ''''''
+URL = "https://www.shellrent.com/"
+Code = "shellrent"
+Since = "v4.16.0"
+
+Example = '''
+SHELLRENT_USERNAME=xxxx \
+SHELLRENT_TOKEN=yyyy \
+lego --email you@example.com --dns shellrent --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    SHELLRENT_USERNAME = "Username"
+    SHELLRENT_TOKEN = "Token"
+  [Configuration.Additional]
+    SHELLRENT_POLLING_INTERVAL = "Time between DNS propagation check"
+    SHELLRENT_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    SHELLRENT_TTL = "The TTL of the TXT record used for the DNS challenge"
+    SHELLRENT_HTTP_TIMEOUT = "API request timeout"
+
+[Links]
+  API = "https://api.shellrent.com/section/api2"
diff --git a/internal/cert/config/webnames.toml b/internal/cert/config/webnames.toml
@@ -0,0 +1,30 @@
+Name = "Webnames"
+Description = ''''''
+URL = "https://www.webnames.ru/"
+Code = "webnames"
+Since = "v4.15.0"
+
+Example = '''
+WEBNAMES_API_KEY=xxxxxx \
+lego --email you@example.com --dns webnames --domains my.example.org run
+'''
+
+Additional = '''
+## API Key
+
+To obtain the key, you need to change the DNS server to `*.nameself.com`: Personal account / My domains and services / Select the required domain / DNS servers
+
+The API key can be found: Personal account / My domains and services / Select the required domain / Zone management / acme.sh or certbot settings
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    WEBNAMES_API_KEY = "Domain API key"
+  [Configuration.Additional]
+    WEBNAMES_POLLING_INTERVAL = "Time between DNS propagation check"
+    WEBNAMES_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    WEBNAMES_TTL = "The TTL of the TXT record used for the DNS challenge"
+    WEBNAMES_HTTP_TIMEOUT = "API request timeout"
+
+[Links]
+  API = "https://github.com/regtime-ltd/certbot-dns-webnames"
