Hey, I noticed HE implemented updating TXT DNS records with a different API key, and I need a wildcard cert which requires a DNS verification. What I’m wondering is do I have to figure out all the steps explained here…
or can I just implement a POST call to HE servers directly with the API key provided?
so far I have this repo
It’s preferable to have separate repos for the libdns implementation and the caddy config wrapper, because not all users of libdns are Caddy users (some other Go projects may want to use libdns plugins).
The libdns part is usually the tricky part, because that’s where you actually interface with the API of your provider. The caddy-dns part is just making Caddyfile and JSON configuration possible for that libdns plugin.
the problem is HE doesn’t really have an “API” you just fire a single curl command e.g. https://dns.he.net/docs.html
I’m still trying to figure out how to at least trigger their new txt function with curl, so far no luck.
In that case you could use GitHub - caddy-dns/lego-deprecated: (DEPRECATED) DNS modules so Caddy can solve the ACME DNS challenge with over 75 providers which is a wrapper around the DNS providers from lego. Caddy used to use lego, but lego’s API had all kind of limitations that were deal-breakers for Caddy’s usecase so we had to fork and write a new ACME client implementation, and libdns to make it more flexible. Lego DNS providers can only be configured via environment variables, which is pretty awkward, and means only a single set of credentials can be used per DNS provider.
You can probably port the logic from the lego implementation to a libdns one.