Print

[PJSalt]

Yeah, I also don't like having to store the login credentials of the account in a file like that. A system with an API key would be much better.

Even better would be if we could also limit what the API key can do and assign rights to it. For example: only create/edit/remove TXT records. So that when somebody unauthorized gets a hold of the API key that they can't do too much damage by for example changing A/AAAA records and such.

[PJSalt]

Any updates on this? Now that Let's Encrypt has officially launched their v2 API with wildcard support (which only works with the dns-01 challenge method by the way), it would be nice if dns.he.net had an API as well.

[TemiD]

+1 for Let's Encrypt and API integration. Cloudflare supported the api, but I moved to he.net for the ipv6 cert course. I use a wildcard for my network and manually renewing certs is going to bite.

[beneckema]

+1 i like to use an scripted dns-01 challange, so it would be great to use the API like the "dynamic" A and AAAA Records

[mkbloke]

+1 for an API supporting TXT records to make Let's Encrypt easy.

Ian

[wrtpoona]

+1 for an TXT RR API, any update on this?

[FostWare]

+1 for API that doesn't require removing 2FA

[Vazhnov]

As I see on title page:

We're looking into implementing:

• Expanding our DDNS service to support TXT records
• …

Updated 11.28.2018

But still no news…

[matth1187]

 I would've used it if it was available however, someone paranoid convinced me it may be a good idea to keep acme challenges on a separate provider of your main, assuming he, domain. in case your API key /pass gets compromised.

i found luadns.com to be noobishly easy to use and is default supported provider by most acme programs (is mentioned on LE website as a provider easily integrated, free). in addition to API it has a slick gui. create a zone like acme.domain.com. point some ns records from he to there. Then use cname in he. _acme-challenge.www.domain.com-> luadns, www.acme.domain.com. now can be automated and no messing with port 80. HTH!

[jvandenbroek]

Was looking for this and found out that it's now actually possible to set DDNS for a TXT record. Just needed some trial and error to get it working:

Code: [Select]

curl -k https://dyn.dns.he.net/nic/update -d "hostname=_acme-challenge.mydomain.com" -d "password=mypassword" -d "txt=somevalue"

[Com DAC]

found that ddns is now possible for txt records (YAY). The things I'm unable to figure out now is how to update the records if you have two of the same txt records? For example if you have a Let's Encrypt certificate for *.domain.ext and domain.ext then you need two txt entries _acme-challenge.domain.ext and _acme-challenge.domain.ext. I can do this manually but when I setup the entries to be dynamic I'm only able to update the last one I updated with a password. Does anyone know if there is a trick for this situation or if this part isn't implemented yet?

[matthiaspfaller]

found that ddns is now possible for txt records (YAY). The things I'm unable to figure out now is how to update the records if you have two of the same txt records? For example if you have a Let's Encrypt certificate for *.domain.ext and domain.ext then you need two txt entries _acme-challenge.domain.ext and _acme-challenge.domain.ext. I can do this manually but when I setup the entries to be dynamic I'm only able to update the last one I updated with a password. Does anyone know if there is a trick for this situation or if this part isn't implemented yet?

While the new feature is neat, it just doesn't help us. In order for this to be really use full, we would need to be able to create new ddns txt records without the web interface. But its a very nice fist step.

regards, Matthias

[tjeske]

I know that a dedicated API call would be nice. But I am sure some mediocre programmer is able to code some python module for that