Conversation
Firestorm.ch is a Swiss hosting provider with managed DNS (PowerDNS). This plugin allows customers to automate Let's Encrypt DNS-01 challenges via the Firestorm DNS API.
Co-authored-by: Nicolas Santorelli <nsantorelli@eurodns.com>
* Allow renew time relative to the expiration date
* Add deployment plugin for Windows RDP via OpenSSH
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds new DNS provider integrations and a Windows RDP deploy hook, and extends acme.sh with support for DNS Persist validation plus RFC 9773 ARI-based renewal behavior (with corresponding README/help updates).
Changes:
- Add new DNS API hooks:
dns_firestormanddns_eurodns. - Add a new deploy hook to install/bind certificates for Windows RDP over SSH (
windows_rdp). - Extend
acme.shwithdns-persist-01support, ARI (renewalInfo) support (includingreplaces), and allow negative--daysvalues relative to cert expiry; document the new features in README/help.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| dnsapi/dns_firestorm.sh | New Firestorm DNS API hook (add/rm TXT records). |
| dnsapi/dns_eurodns.sh | New EuroDNS DNS API hook (add/rm TXT records, zone detection, REST helper). |
| deploy/windows_rdp.sh | New deploy hook to push a PFX to Windows over SSH and bind it to the RDP listener. |
| acme.sh | Add dns-persist mode, ARI support (suggestedWindow + replaces), new helpers, renewal scheduling adjustments. |
| README.md | Document DNS persist mode and ARI behavior; renumber sections accordingly. |
| ${_restart_ps} | ||
| PSEOF | ||
| ) | ||
| _debug "Powershell script:${_ps1}" |
Comment on lines
+81
to
+82
| _debug "Building PFX at $_pfx_file" | ||
| _pfx_file="$(_mktemp)" |
Comment on lines
+5715
to
+5720
| _ari_window=$(_math "$_ari_end_t_new" - "$_ari_start_t_new") | ||
| _ari_offset=$(_math "$(_time)" % "$_ari_window") | ||
| Le_NextRenewTime=$(_math "$_ari_start_t_new" + "$_ari_offset") | ||
| Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") | ||
| _info "ARI suggestedWindow: $(__green "$_ari_start_new") to $(__green "$_ari_end_new")" | ||
| _info "Next renewal time picked from ARI window: $(__green "$Le_NextRenewTimeStr")" |
Comment on lines
+5682
to
+5684
| elif [ "$Le_RenewalDays" -lt "0" ]; then | ||
| _enddate_value=$(_enddate "$CERT_PATH") | ||
| if [ "$?" != "0" ] || [ -z "$_enddate_value" ]; then |
|
|
||
| if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then | ||
| # openssl prints "SHA1 Fingerprint=AA:BB:CC:..."; strip prefix and colons. | ||
| ${ACME_OPENSSL_BIN:-openssl} x509 -in "$cert" -noout -fingerprint -"$alg" | sed 's/.*=//; s/://g' |
Comment on lines
+105
to
+109
| export _H1="X-Api-User: $FST_Key" | ||
| export _H2="X-Api-Key: $FST_Secret" | ||
| export _H3="Content-Type: application/json" | ||
|
|
||
| _post "$data" "$FST_Url/$action" "" "POST" |
Comment on lines
+49
to
+52
| EURODNS_API_URL="${EURODNS_API_URL:-$EURODNS_API_DEFAULT}" | ||
| EURODNS_TTL="${EURODNS_TTL:-$(_readaccountconf_mutable EURODNS_TTL)}" | ||
| EURODNS_TTL="${EURODNS_TTL:-$EURODNS_TTL_DEFAULT}" | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sync