Support for selfhost

[aifrog]

Welcome

• Yes, I've searched similar issues on GitHub and didn't find any.
• Yes, the DNS provider exposes a public API.
• Yes, I know that the lego maintainers don't have an account in all DNS providers in the world.
• Yes, I'm able to create a pull request and be able to maintain the implementation.
• Yes, I'm able to test an implementation if someone creates a pull request to add the support of this DNS provider.

How do you use lego?

Through Traefik

Link to the DNS provider

https://www.selfhost.de

Link to the API documentation

?

Additional Notes

There is an implementation inside acme.sh: https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_selfhost.sh

traefik/traefik#11096

[ldez]

Hello,

can you contact selfhost to get their API documentation?

I need the API documentation:

• to create a TXT record
• to delete a TXT record

[ldez]

Please don't do that.

The acme.sh script is not an API documentation.

Based on the information I was able to find:

• SelfHost doesn't have a real API to manage records
• The current endpoint used by acme.sh implementation is a hack:
  • you need to create "fake" TXT records manually inside the SelfHost UI
  • You can read the following issue if you don't trust me.

So, can you contact SelfHost to ask them to expose a real API, and provide the documentation of this API.

[aifrog]

Sorry, wasn't aware of this. I will contact selfhost and ask for the API documention. Hope, that they have a good answer. Thx for your help.

[ldez]

I asked you to contact SelfHost because nothing will change unless their users request it.

I created an implementation, with the same constraint as the acme.sh implementation: you will need to create TXT records before using lego.

This will be "complex" to configure but this is how the endpoint works 🤷

SelfHost really needs to expose a real API (and public documentation):

• to create a TXT record (and return at least the ID of this new record)
• to delete a TXT record (based on the record ID)

So please take a few minutes to get in touch with them, you can link this issue if needed.

[aifrog]

I got the following answer. Sorry, its in German. Let me know if I need to translate:

Guten tag,

da wir häufiger in Deutsch kommuniziert haben, hier das notwendigste:

ja solch eine API haben wir, Sie müssen vorher nur einen TXT-Record anlegen. Danach sehen Sie in den Details (Klick auf Ändern) direkt die ID

curl -X POST -F 'username=%USERNAME%' -F 'password=%PASSWORD%' -F 'rid=%RECORDID%' -F 'content=%CONTENT%' https://selfhost.de/cgi-bin/api.pl

bzw. hier die reine Update URL

https://selfhost.de/cgi-bin/api.pl?username=%USERNAME%&password=%PASSWORD%&rid=%RECORDID&content=%CONTENT%

Dies sind die POST & GET Möglichkeit, den Inhalt dieses TXT-Records dann zu ändern.

Beachten Sie: Für diese API ist der Benutzername und das Passwort des Logins, Nicht DynDNS Accounts, notwendig.

[ldez]

ja solch eine API haben wir, Sie müssen vorher nur einen TXT-Record anlegen. Danach sehen Sie in den Details (Klick auf Ändern) direkt die ID

This is not professional for SelfHost to answer that.

The endpoint, because it's just an undocumented endpoint and not a real API, is only to update an existing record.
This endpoint is not what all ACME clients expect.
An ACME client, like lego, expects an API to handle the creation and deletion of records, not to update existing records by using IDs grabbed manually from the UI.

So, could you try to explain that to SelfHost?
Don't hesitate to send them this issue.

In all cases, I created PR #2278 as explained in my previous message, can you try it?

[aifrog]

I will try, however I am traveling right now and it will take some time. I also explained to selfhost and will let you know their feedback. Thx!

[aifrog]

Feedback from Selfhost, did my best - and will test your solution as soon as possible:

Das wurde bisher von allen Stellen so akzteptiert und... ob legal oder illegal (offiziell gilt diese Schnittstelle nur als Beta und wurde nicht veröffentlich, aber eine Kunden agierten anders) so eingebaut wenn es möglich war.

Wenn die sich dagegen streuben, eine API einzubinden, die den _acme-challenge TXT-Record anpassen der für die DNS-Authentifizierung für Let's Encrypt einwandfrei bisher funktionierte, dann tut es uns leid. Aber wir können keine Api mit erstellung udn Löschung einer DNS allein dienen, da dies eine Gefährdung der DNS selbst ist.

Also kurz um: nein. Unsere Lösung hat bisher jeden zufrieden gestellt, hier können wir nichts weiter tun.

[ldez]

What a joke...

Das wurde bisher von allen Stellen so akzteptiert und...
...
Unsere Lösung hat bisher jeden zufrieden gestellt, hier können wir nichts weiter tun.

Their API doesn't satisfy anyone, we just use what we have, because they don't give any other choice.

Aber wir können keine Api mit erstellung udn Löschung einer DNS allein dienen, da dies eine Gefährdung der DNS selbst ist.

lego has around 140 DNS providers, so I think I know very well the API of DNS providers, and all the DNS providers in the world provide an API to add and delete records, there is no threat against the DNS itself.

ob legal oder illegal (offiziell gilt diese Schnittstelle nur als Beta und wurde nicht veröffentlich, aber eine Kunden agierten anders) so eingebaut wenn es möglich war.

It's a shame to say that.

1. Inside the first email, they didn't talk about "beta"/"unpublished" API or any limitation of the endpoint usage.
2. They are trying to put shame on customers to use what they said...

So, SelfHost, if you are reading this issue, please improve your API.

[ldez]

@aifrog I hope you enjoyed my work, please consider donating or asking your company to do so.
This will be appreciated, thank you ❤️

https://github.com/sponsors/ldez