Letsencrypt: Added support for plesk dns provider (#3694)

* Added support for plesk dns provider * Remove quotes from image names in letsencrypt build.yaml * Added docs for plesk dns provider --------- Co-authored-by: Jan Čermák <[email protected]>
home-assistant · Aug 8, 2024 · bd1e8a2 · bd1e8a2
1 parent 292fb9b
commit bd1e8a2
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 2 deletions.
diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.0.27
+
+- Add Plesk DNS challenge support
+
 ## 5.0.26
 
 - Add noris network DNS challenge support

diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md
@@ -148,6 +148,9 @@ porkbun_secret: ''
 dreamhost_api_baseurl: ''
 dreamhost_api_key: ''
 domainoffensive_token: ''
+plesk_username: ''
+plesk_password: ''
+plesk_api_url: ''
 ```
 </details>
 
@@ -954,6 +957,33 @@ You can define the `propagation_seconds` explicitly. Otherwise, it will use the
 </details>
 
 
+<details>
+  <summary>Plesk Hosting DNS challenge</summary>
+
+  ```yaml
+  email: [email protected]
+  domains:
+    - your.domain.tld
+  certfile: fullchain.pem
+  keyfile: privkey.pem
+  challenge: dns
+  dns:
+    provider: dns-plesk
+    plesk_username: your-username
+    plesk_password: your-password
+    plesk_api_url: https://plesk.example.com
+    propagation_seconds: 120
+  ```
+
+The `plesk_username` and `plesk_password` are the same as those you use on the login page of your admin panel.
+
+The `plesk_api_url` is the base URL of your Plesk admin panel.
+
+You can define the `propagation_seconds` explicitly. Otherwise, it will use a custom default value (currently set to `120` seconds). If the provided value is less than `120`, then the value is forced to a minimum of `120` seconds.
+
+</details>
+
+
 ## Certificate files
 
 The certificate files will be available within the "ssl" share after successful request of the certificates.
@@ -983,6 +1013,7 @@ dns-linode
 dns-luadns
 dns-njalla
 dns-noris
+dns-plesk
 dns-nsone
 dns-ovh
 dns-rfc2136

diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile
@@ -30,6 +30,7 @@ ARG \
     CERTBOT_NJALLA_VERSION \
     CERTBOT_GANDI_VERSION \
     CERTBOT_DNS_DOMAINOFFENSIVE_VERSION \
+    CERTBOT_DNS_PLESK_VERSION \
     ACME_VERSION
 
 RUN \
@@ -85,6 +86,7 @@ RUN \
         certbot-dns-easydns==${CERTBOT_DNS_EASYDNS_VERSION} \
         certbot-dns-domainoffensive==${CERTBOT_DNS_DOMAINOFFENSIVE_VERSION} \
         certbot-dns-websupport==${CERTBOT_DNS_WEBSUPPORT_VERSION} \
+        certbot-dns-plesk==${CERTBOT_DNS_PLESK_VERSION} \
         acme==${ACME_VERSION} \
     && apk del .build-dependencies
 

diff --git a/letsencrypt/build.yaml b/letsencrypt/build.yaml
@@ -35,4 +35,5 @@ args:
   CERTBOT_NJALLA_VERSION: 1.0.0
   CERTBOT_DNS_DREAMHOST_VERSION: 1.0
   CERTBOT_DNS_DOMAINOFFENSIVE_VERSION: 2.0.0
+  CERTBOT_DNS_PLESK_VERSION: 0.3.0
   ACME_VERSION: 2.7.4
diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml
@@ -1,5 +1,5 @@
 ---
-version: 5.0.26
+version: 5.0.27
 slug: letsencrypt
 name: Let's Encrypt
 description: Manage certificate from Let's Encrypt
@@ -75,6 +75,9 @@ schema:
     joker_username: str?
     joker_password: str?
     joker_domain: str?
+    plesk_username: str?
+    plesk_password: str?
+    plesk_api_url: str?
     namecheap_username: str?
     namecheap_api_key: str?
     netcup_api_key: str?
@@ -96,7 +99,7 @@ schema:
       dns-hetzner|dns-infomaniak|dns-joker|dns-linode|dns-luadns|dns-njalla|dns-nsone|\
       dns-porkbun|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|\
       dns-namecheap|dns-netcup|dns-gandi|dns-transip|dns-inwx|dns-dreamhost|\
-      dns-he|dns-easydns|dns-domainoffensive|dns-websupport|dns-noris)?"
+      dns-he|dns-easydns|dns-domainoffensive|dns-websupport|dns-noris|dns-plesk)?"
     rfc2136_algorithm: str?
     rfc2136_name: str?
     rfc2136_port: str?

diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
@@ -23,6 +23,9 @@ echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \
       "dns_joker_username = $(bashio::config 'dns.joker_username')\n" \
       "dns_joker_password = $(bashio::config 'dns.joker_password')\n" \
       "dns_joker_domain = $(bashio::config 'dns.joker_domain')\n" \
+      "dns_plesk_username = $(bashio::config 'dns.plesk_username')\n" \
+      "dns_plesk_password = $(bashio::config 'dns.plesk_password')\n" \
+      "dns_plesk_api_url = $(bashio::config 'dns.plesk_api_url')\n" \
       "dns_linode_key = $(bashio::config 'dns.linode_key')\n" \
       "dns_linode_version = $(bashio::config 'dns.linode_version')\n" \
       "dns_luadns_email = $(bashio::config 'dns.luadns_email')\n" \

diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
@@ -146,6 +146,17 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-joker" ]; then
     bashio::config.require 'dns.joker_password'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
 
+# Plesk
+elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-plesk" ]; then
+    bashio::config.require 'dns.plesk_username'
+    bashio::config.require 'dns.plesk_password'
+    bashio::config.require 'dns.plesk_api_url'
+    if (( PROPAGATION_SECONDS < 120 )); then
+        bashio::log.info "Increasing DNS propagation limit for Plesk to at least 120 seconds."
+        PROPAGATION_SECONDS=120
+    fi
+    PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
+
 # Njalla
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-njalla" ]; then
     bashio::config.require 'dns.njalla_token'