Automating changes of TXT records in DNS

[end]

Adding another "me too" here. With everything else that ZoneEdit does so well, was somewhat disappointed to discover no simple API to get it working with Let's Encrypt certs.

 

[sandy]

It is planned but not ETA at present

regards.

 

[mirceadamian]

Just adding as well a "me too" need here.

 

[mirceadamian]

Just adding as well a "me too" need here.

@sandy neal any chance we can ask the developers again when this will be done? It does not look to me a lot of work.

 

[sandy]

sorry. still no ETA.

regards.

 

[schwie]

Thanks for updating us, Sandy. I too am interested in seeing cerbot renewals work with ZoneEdit's API.

 

[Blueslow]

Just adding as well a "me too" need here.

 

[dornquast]

Hi,

This project automates cert generation / renewal when zone edit is your provider. Argh, I'm not allowed to post a URL *sigh* .. Google this:

jeansergegagnon/zoneedit_letsencrypt

 

[glittle7]

Another "Me too". This seems to have been on the wishlist for 4 years now?

 

[Brad C.]

We've added a DYN endpoint for creating TXT records which can be used to validate letsencrypt certificates. The credentials to use are the same as for DYN updates. An example of the parameters that need to be passed:

https://dynamic.zoneedit.com/txt-create.php?host=_acme-challenge.example.com&rdata=depE1VF_xshMm1IVY1Y56Kk9Zb_7jA2VFkP65WuNgu8W

 

[ewagner1]

Thank you Brad. It works great. Is there also an endpoint to delete the txt record? The process is to add then after the process is complete, to delete the txt record.

 

[Blueslow]

I'm planning to use the acme.sh. Acme.sh have several dns methods for different sites. is any one of those methods capable to send the information according tho the format examplified by Brad C. above?

 

[d6p2b]

Thanks for the txt-create.php endpoint. Can I add myself as a "me too" for a delete txt endpoint?

 

[Blueslow]

I have created script for acme.sh that utilize the endpoint described by Brad C. above. It can also be used with the pfsense acme package. For obvoius reason there is no delete txt endpoint. You can find the script plugin here: https://github.com/blueslow/sslcertzoneedit

 

[CarloG]

Is there still no way to delete the txt via an endpoint?

 

[Brad C.]

We've added a DYN endpoint for deleting TXT records. The credentials to use are the same as for DYN updates. An example of the parameters that need to be passed:

https://dynamic.zoneedit.com/txt-de...=depE1VF_xshMm1IVY1Y56Kk9Zb_7jA2VFkP65WuNgu8W

 

[m.v.]

Great!

There is still a little issue though.
My (wildcard) domain certificate requires two _acme-challenge TXT records to be created in the DNS.
No problem with that, just wait 5 minutes between the "txt-create" requests, because any faster will end in an ERROR 702 "Minimum 300 seconds between requests" issued by Zoneedit.
Then two requests to delete the TXT records will follow, as the records are no longer needed after verification.
Again there must 5 minutes between the last "txt-create" request and the first "txt-delete" request and between the first and second "txt-delete" requests.
And that is where the problem appears.
Meanwhile the certificate client (Crypt-LE version 0.38 for Let's Encrypt) is tired of waiting and issues a "Domain verification results for <domain-name> error. JWS has an invalid anti-replay nonce: <a random code>".

So here is the question: would it be possible to shorten the minimum time between requests, to say 60 or 120 seconds?

Of course I could try to skip and store the "txt-delete" requests and execute these after the certificate is created, but would be a less neat solution.

 

[sandy]

hi M.V.

this is currently under review..

regards.