8 render: function (stats
) {
9 let wikiUrl
= 'https://github.com/acmesh-official/acme.sh/wiki/';
10 var wikiInstructionUrl
= wikiUrl
+ 'dnsapi';
13 m
= new form
.Map("acme", _("ACME certificates"),
14 _("This configures ACME (Letsencrypt) automatic certificate installation. " +
15 "Simply fill out this to have the router configured with Letsencrypt-issued " +
16 "certificates for the web interface. " +
17 "Note that the domain names in the certificate must already be configured to " +
18 "point at the router's public IP address. " +
19 "Once configured, issuing certificates can take a while. " +
20 "Check the logs for progress and any errors.") + '<br/>' +
21 _("Cert files are stored in") + ' <em>/etc/ssl/acme<em>'
24 s
= m
.section(form
.TypedSection
, "acme", _("ACME global config"));
27 o
= s
.option(form
.Value
, "account_email", _("Account email"),
28 _("Email address to associate with account key."))
30 o
.datatype
= "minlength(1)";
32 o
= s
.option(form
.Flag
, "debug", _("Enable debug logging"));
35 s
= m
.section(form
.GridSection
, "cert", _("Certificate config"))
38 s
.nodescriptions
= true;
40 o
= s
.tab("general", _("General Settings"));
41 o
= s
.tab('challenge_webroot', _('Webroot Challenge Validation'));
42 o
= s
.tab('challenge_dns', _('DNS Challenge Validation'));
43 o
= s
.tab("advanced", _('Advanced Settings'));
45 o
= s
.taboption('general', form
.Flag
, "enabled", _("Enabled"));
48 o
= s
.taboption('general', form
.DynamicList
, "domains", _("Domain names"),
49 _("Domain names to include in the certificate. " +
50 "The first name will be the subject name, subsequent names will be alt names. " +
51 "Note that all domain names must point at the router in the global DNS."));
52 o
.datatype
= "list(string)";
54 o
= s
.taboption('general', form
.ListValue
, 'validation_method', _('Validation method'),
55 _("Standalone mode will use the built-in webserver of acme.sh to issue a certificate. " +
56 "Webroot mode will use an existing webserver to issue a certificate. " +
57 "DNS mode will allow you to use the DNS API of your DNS provider to issue a certificate."));
58 o
.value("standalone", _("Standalone"));
59 o
.value("webroot", _("Webroot"));
60 o
.value("dns", _("DNS"));
61 o
.default = 'webroot';
63 o
= s
.taboption('challenge_webroot', form
.Value
, 'webroot', _('Webroot directory'),
64 _("Webserver root directory. Set this to the webserver " +
65 "document root to run Acme in webroot mode. The web " +
66 "server must be accessible from the internet on port 80.") + '<br/>' +
67 _("Default") + " <em>/var/run/acme/challenge/</em>"
70 o
.depends("validation_method", "webroot");
73 o
= s
.taboption('challenge_dns', form
.ListValue
, 'dns', _('DNS API'),
74 _("To use DNS mode to issue certificates, set this to the name of a DNS API supported by acme.sh. " +
75 "See https://github.com/acmesh-official/acme.sh/wiki/dnsapi for the list of available APIs. " +
76 "In DNS mode, the domain name does not have to resolve to the router IP. " +
77 "DNS mode is also the only mode that supports wildcard certificates. " +
78 "Using this mode requires the acme-dnsapi package to be installed."));
79 o
.depends("validation_method", "dns");
80 // List of supported DNS API. Names are same as file names in acme.sh for easier search.
81 // May be outdated but not changed too often.
83 o
.value('dns_acmedns', 'ACME DNS API github.com/joohoi/acme-dns');
84 o
.value('dns_acmeproxy', 'ACME Proxy github.com/mdbraber/acmeproxy');
85 o
.value('dns_1984hosting', '1984.is');
86 o
.value('dns_active24', 'Active24.com');
87 o
.value('dns_ad', 'Alwaysdata.com');
88 o
.value('dns_ali', 'Alibaba Cloud Aliyun.com');
89 o
.value('dns_anx', 'Anexia.com');
90 o
.value('dns_arvan', 'ArvanCloud.ir');
91 o
.value('dns_aurora', 'AuroraDNS.eu');
92 o
.value('dns_autodns', 'autoDNS (InternetX)');
93 o
.value('dns_aws', 'Amazon AWS Route53');
94 o
.value('dns_azion', 'Azion.com');
95 o
.value('dns_azure', 'Azure');
96 o
.value('dns_bunny', 'Bunny.net');
97 o
.value('dns_cf', 'CloudFlare.com');
98 o
.value('dns_clouddns', 'CloudDNS vshosting.cz');
99 o
.value('dns_cloudns', 'ClouDNS.net');
100 o
.value('dns_cn', 'Core-Networks.de');
101 o
.value('dns_conoha', 'ConoHa.io');
102 o
.value('dns_constellix', 'constellix.com');
103 o
.value('dns_cpanel', 'CPanel');
104 o
.value('dns_curanet', 'curanet.dk scannet.dk wannafind.dk dandomain.dk');
105 o
.value('dns_cyon', 'cayon.ch');
106 o
.value('dns_da', 'DirectAdmin Panel');
107 o
.value('dns_ddnss', 'DDNSS.de');
108 o
.value('dns_desec', 'deSEC.io');
109 o
.value('dns_df', 'DynDnsFree.de');
110 o
.value('dns_dgon', 'DigitalOcean.com');
111 o
.value('dns_dnshome', 'dnsHome.de');
112 o
.value('dns_dnsimple', 'DNSimple.com');
113 o
.value('dns_dnsservices', 'dns.services');
114 o
.value('dns_doapi', 'Domain-Offensive do.de');
115 o
.value('dns_domeneshop', 'DomeneShop.no');
116 o
.value('dns_dp', 'DNSPod.cn');
117 o
.value('dns_dpi', 'DNSPod.com');
118 o
.value('dns_dreamhost', 'DreamHost.com');
119 o
.value('dns_duckdns', 'DuckDNS.org');
120 o
.value('dns_durabledns', 'DurableDNS.com');
121 o
.value('dns_dyn', 'Dyn.com');
122 o
.value('dns_dynu', 'Dynu.com');
123 o
.value('dns_dynv6', 'DynV6.com');
124 o
.value('dns_easydns', 'EasyDNS.net');
125 o
.value('dns_edgedns', 'Akamai Edge DNS');
126 o
.value('dns_euserv', 'euserv.eu');
127 o
.value('dns_exoscale', 'Exoscale.com');
128 o
.value('dns_fornex', 'fornex.com');
129 o
.value('dns_freedns', 'FreeDNS.afraid.org');
130 o
.value('dns_gandi_livedns', 'LiveDNS.Gandi.net');
131 // o.value('dns_gcloud', 'Google Cloud gcloud client');
132 o
.value('dns_gcore', 'Gcore.com');
133 o
.value('dns_gd', 'GoDaddy.com');
134 o
.value('dns_geoscaling', 'Geoscaling.com');
135 o
.value('dns_googledomains', 'Google Domains');
136 o
.value('dns_he', 'he.net');
137 o
.value('dns_hetzner', 'Hetzner.com');
138 o
.value('dns_hexonet', 'Hexonet.net');
139 o
.value('dns_hostingde', 'Hosting.de');
140 o
.value('dns_huaweicloud', 'MyHuaweiCloud.com');
141 o
.value('dns_infoblox', 'Infoblox');
142 o
.value('dns_infomaniak', 'InfoManiak.com');
143 o
.value('dns_internetbs', 'InternetBS.net');
144 o
.value('dns_inwx', 'inwx.de');
145 o
.value('dns_ionos', 'IONOS.com');
146 o
.value('dns_ipv64', 'ipv64.net');
147 o
.value('dns_ispconfig', 'ISPConfig Server');
148 o
.value('dns_jd', 'JDCloud.com');
149 o
.value('dns_joker', 'Joker.com');
150 o
.value('dns_kappernet', 'kapper.net');
151 o
.value('dns_kas', 'kasserver.com');
152 o
.value('dns_kinghost', 'KingHost.net');
153 o
.value('dns_la', 'dns.la');
154 o
.value('dns_leaseweb', 'leaseweb.com');
155 // o.value('dns_lexicon', 'Lexicon client');
156 o
.value('dns_linode_v4', 'Linode.com');
157 o
.value('dns_loopia', 'Loopia.se');
158 o
.value('dns_lua', 'LuaDNS.com');
159 // o.value('dns_maradns', 'MaraDNS Server zone file');
160 o
.value('dns_me', 'DNSMadeEasy.com');
161 // o.value('dns_miab', 'Mail-in-a-Box Server API');
162 o
.value('dns_misaka', 'misaka.io');
163 o
.value('dns_mydevil', 'MyDevil.net');
164 o
.value('dns_mydnsjp', 'MyDNS.JP');
165 o
.value('dns_mythic_beasts', 'Mythic-Beasts.com');
166 o
.value('dns_namecheap', 'NameCheap.com');
167 o
.value('dns_namecom', 'Name.com');
168 o
.value('dns_namesilo', 'NameSilo.com');
169 o
.value('dns_nanelo', 'Nanelo.com');
170 o
.value('dns_nederhost', 'NederHost.nl');
171 o
.value('dns_neodigit', 'Neodigit.net');
172 o
.value('dns_netcup', 'netcup.eu netcup.de');
173 o
.value('dns_netlify', 'Netlify.com');
174 o
.value('dns_nic', 'nic.ru');
175 o
.value('dns_njalla', 'Njalla njal.la');
176 o
.value('dns_nm', 'NameMaster.de');
177 // o.value('dns_nsd', 'NSD Server zone file');
178 o
.value('dns_nsone', 'NS1 nsone.net');
179 o
.value('dns_nsupdate', 'nsupdate (RFC2136) Server');
180 o
.value('dns_nw', 'Nexcess.net');
181 o
.value('dns_oci', 'Oracle Cloud Infrastructure (OCI)');
182 o
.value('dns_one', 'one.com');
183 o
.value('dns_online', 'online.net');
184 o
.value('dns_openprovider', 'OpenProvider.com');
185 // o.value('dns_openstack', 'OpenStack Client');
186 o
.value('dns_opnsense', 'OPNsense Bind API');
187 o
.value('dns_ovh', 'OVH ovh.com ovhcloud.com kimsufi.com soyoustart.com');
188 o
.value('dns_pdns', 'PowerDNS Server');
189 o
.value('dns_pleskxml', 'plesk.com XML API');
190 o
.value('dns_pointhq', 'PointDNS pointhq.com');
191 o
.value('dns_porkbun', 'Porkbun.com');
192 o
.value('dns_rackcorp', 'RackCorp.com');
193 o
.value('dns_rackspace', 'RackSpace rackspacecloud.com');
194 o
.value('dns_rage4', 'rage4.com');
195 o
.value('dns_rcode0', 'Rcode0 rcodezero.at');
196 o
.value('dns_regru', 'Reg.ru');
197 o
.value('dns_scaleway', 'Scaleway.com');
198 o
.value('dns_schlundtech', 'Schlundtech.de');
199 o
.value('dns_selectel', 'Selectel.ru');
200 o
.value('dns_selfhost', 'selfhost.de');
201 o
.value('dns_servercow', 'servercow.de');
202 o
.value('dns_simply', 'Simply.com');
203 o
.value('dns_tele3', 'tele3.cz');
204 o
.value('dns_transip', 'transip.nl');
205 o
.value('dns_udr', 'ud-reselling.com');
206 o
.value('dns_ultra', 'UltraDNS.com');
207 o
.value('dns_variomedia', 'variomedia.de');
208 o
.value('dns_veesp', 'veesp.com');
209 o
.value('dns_vercel', 'Vercel.com');
210 o
.value('dns_vscale', 'vscale.io');
211 o
.value('dns_vultr', 'vultr.com');
212 o
.value('dns_websupport', 'websupport.sk');
213 o
.value('dns_world4you', 'World4You.com');
214 o
.value('dns_yandex', 'Yandex DNS dns.yandex.ru');
215 o
.value('dns_yc', 'Yandex Cloud cloud.yandex.net');
216 o
.value('dns_zilore', 'zilore.com');
217 o
.value('dns_zone', 'Zone.ee');
218 o
.value('dns_zonomi', 'Zonomi.com');
220 o
.onchange
= L
.bind(_handleCheckService
, o
, s
);
222 o
= s
.taboption('challenge_dns', form
.DummyValue
, '_wiki_url', _('See instructions'), '');
224 o
.default = '<a id="wikiInstructionUrl" href="%s" target="_blank" rel="noreferrer">Acme Wiki DNS API</a>'
225 .format(wikiInstructionUrl
);
226 o
.depends('validation_method', 'dns');
229 _addDnsProviderField(s
, 'dns_1984hosting', 'One984HOSTING_Username', '1984.is Username', '');
230 _addDnsProviderField(s
, 'dns_1984hosting', 'One984HOSTING_Password', '1984.is Password', '');
232 _addDnsProviderField(s
, 'dns_acmedns', 'ACMEDNS_BASE_URL', 'ACMEDNS URL', '');
233 _addDnsProviderField(s
, 'dns_acmedns', 'ACMEDNS_USERNAME', 'ACMEDNS User', '');
234 _addDnsProviderField(s
, 'dns_acmedns', 'ACMEDNS_PASSWORD', 'ACMEDNS Password', '');
235 _addDnsProviderField(s
, 'dns_acmedns', 'ACMEDNS_SUBDOMAIN', 'ACMEDNS Subdomain', '');
237 _addDnsProviderField(s
, 'dns_ali', 'Ali_Key', 'Ali Key', '');
238 _addDnsProviderField(s
, 'dns_ali', 'Ali_Secret', 'Ali Secret', '');
240 _addDnsProviderField(s
, 'dns_aws', 'AWS_ACCESS_KEY_ID', 'AWS access key id', '');
241 _addDnsProviderField(s
, 'dns_aws', 'AWS_SECRET_ACCESS_KEY', 'AWS secret access key', '');
243 _addDnsProviderField(s
, 'dns_azure', 'AZUREDNS_SUBSCRIPTIONID', 'Azure Subscription ID', '');
244 _addDnsProviderField(s
, 'dns_azure', 'AZUREDNS_TENANTID', 'Azure Tenant ID', '');
245 _addDnsProviderField(s
, 'dns_azure', 'AZUREDNS_APPID', 'Azure App ID', '');
246 _addDnsProviderField(s
, 'dns_azure', 'AZUREDNS_CLIENTSECRET', 'Azure Client Secret', '');
248 _addDnsProviderField(s
, 'dns_bunny', 'BUNNY_API_KEY', 'Bunny API Key', '');
250 _addDnsProviderField(s
, 'dns_cf', 'CF_Key', 'CF Key', '');
251 _addDnsProviderField(s
, 'dns_cf', 'CF_Email', 'CF Email', '');
252 _addDnsProviderField(s
, 'dns_cf', 'CF_Token', 'CF Token', '');
253 _addDnsProviderField(s
, 'dns_cf', 'CF_Account_ID', 'CF Account ID', '');
254 _addDnsProviderField(s
, 'dns_cf', 'CF_Zone_ID', 'CF Zone ID', '');
256 _addDnsProviderField(s
, 'dns_ddnss', 'DDNSS_Token', 'DDNSS.de Token', '');
258 _addDnsProviderField(s
, 'dns_desec', 'DEDYN_TOKEN', 'deSEC.io Token', '');
260 _addDnsProviderField(s
, 'dns_duckdns', 'DuckDNS_Token', 'DuckDNS Token',
261 _('Open <a href="https://www.duckdns.org/">DuckDNS</a> and copy a token here')
264 _addDnsProviderField(s
, 'dns_dynv6', 'DYNV6_TOKEN', 'DynV6 Token', '');
266 _addDnsProviderField(s
, 'dns_dnsimple', 'DNSimple_OAUTH_TOKEN', 'DNSimple OAuth TOKEN', '');
268 _addDnsProviderField(s
, 'dns_dgon', 'DO_API_KEY', 'Digital Ocean API Key', '');
270 _addDnsProviderField(s
, 'dns_dreamhost', 'DH_API_KEY', 'DreamHost.com API Key', '');
272 _addDnsProviderField(s
, 'dns_df', 'DF_user', 'DynDnsFree.de Username', '');
273 _addDnsProviderField(s
, 'dns_df', 'DF_password', 'DynDnsFree.de Password', '');
275 _addDnsProviderField(s
, 'dns_gandi_livedns', 'GANDI_LIVEDNS_KEY', 'Gandi LiveDNS Key', '');
277 _addDnsProviderField(s
, 'dns_gcore', 'GCORE_Key', 'GCore Key', '');
279 _addDnsProviderField(s
, 'dns_gd', 'GD_Key', 'GoDaddy.com Key', '');
280 _addDnsProviderField(s
, 'dns_gd', 'GD_Secret', 'GoDaddy.com Secret', '');
282 _addDnsProviderField(s
, 'dns_geoscaling', 'GEOSCALING_Username', 'Geoscaling.com Username',
283 _('This is usually NOT an email address')
285 _addDnsProviderField(s
, 'dns_geoscaling', 'GEOSCALING_Password', 'Geoscaling.com Password', '');
287 _addDnsProviderField(s
, 'dns_googledomains', 'GOOGLEDOMAINS_ACCESS_TOKEN', 'Google Domains Access Token', '');
288 _addDnsProviderField(s
, 'dns_googledomains', 'GOOGLEDOMAINS_ZONE', 'Google Domains Zone', '');
290 _addDnsProviderField(s
, 'dns_he', 'HE_Username', 'dns.he.net Username', '');
291 _addDnsProviderField(s
, 'dns_he', 'HE_Password', 'dns.he.net Password', '');
293 _addDnsProviderField(s
, 'dns_hetzner', 'HETZNER_Token', 'Hetzner Token', '');
295 _addDnsProviderField(s
, 'dns_he', 'dns_hexonet', 'Hexonet.net Login', 'username!roleId');
296 _addDnsProviderField(s
, 'dns_he', 'dns_hexonet', 'Hexonet.net Password', '');
298 _addDnsProviderField(s
, 'dns_huaweicloud', 'HUAWEICLOUD_Username', 'MyHuaweiCloud.com Username', '');
299 _addDnsProviderField(s
, 'dns_huaweicloud', 'HUAWEICLOUD_Password', 'MyHuaweiCloud.com Password', '');
300 _addDnsProviderField(s
, 'dns_huaweicloud', 'HUAWEICLOUD_DomainName', 'MyHuaweiCloud.com Domain Name', '');
302 _addDnsProviderField(s
, 'dns_infomaniak', 'INFOMANIAK_API_TOKEN', 'InfoManiak Token', '');
304 _addDnsProviderField(s
, 'dns_ipv64', 'IPv64_Token', 'ipv64.net Token', '');
306 _addDnsProviderField(s
, 'dns_jd', 'JD_ACCESS_KEY_ID', 'JDCloud.com Access Key ID', '');
307 _addDnsProviderField(s
, 'dns_jd', 'JD_ACCESS_KEY_SECRET', 'JDCloud.com Access Key Secret', '');
308 _addDnsProviderField(s
, 'dns_jd', 'JD_REGION', 'JDCloud.com Region', 'cn-north-1');
310 _addDnsProviderField(s
, 'dns_joker', 'JOKER_USERNAME', 'Joker.com User', '');
311 _addDnsProviderField(s
, 'dns_joker', 'JOKER_PASSWORD', 'Joker.com Password', '');
313 _addDnsProviderField(s
, 'dns_freedns', 'FREEDNS_User', 'FreeDNS User', '');
314 _addDnsProviderField(s
, 'dns_freedns', 'FREEDNS_Password', 'FreeDNS Password', '');
316 _addDnsProviderField(s
, 'dns_la', 'LA_Id', 'dns.la Id', '');
317 _addDnsProviderField(s
, 'dns_la', 'LA_Key', 'dns.la Key', '');
319 _addDnsProviderField(s
, 'dns_linodev4', 'LINODE_V4_API_KEY', 'Linode API Key', '');
321 _addDnsProviderField(s
, 'dns_loopia', 'LOOPIA_User', 'Loopia User', '');
322 _addDnsProviderField(s
, 'dns_loopia', 'LOOPIA_Password', 'Loopia Password', '');
324 _addDnsProviderField(s
, 'dns_lua', 'LUA_Email', 'luadns.com email', '');
325 _addDnsProviderField(s
, 'dns_lua', 'LUA_Key', 'luadns.com Key', '');
327 _addDnsProviderField(s
, 'dns_mydnsjp', 'MYDNSJP_MasterID', 'MyDNS.jp MasterID', '');
328 _addDnsProviderField(s
, 'dns_mydnsjp', 'MYDNSJP_Password', 'MyDNS.jp Password', '');
330 _addDnsProviderField(s
, 'dns_me', 'ME_Key', 'DNSMadeEasy Key', '');
331 _addDnsProviderField(s
, 'dns_me', 'ME_Secret', 'DNSMadeEasy Secret', '');
333 _addDnsProviderField(s
, 'dns_namecom', 'Namecom_Username', 'Name.com Username', '');
334 _addDnsProviderField(s
, 'dns_namecom', 'Namecom_Token', 'Name.com Token', '');
336 _addDnsProviderField(s
, 'dns_namecheap', 'NAMECHEAP_API_KEY', 'NameCheap API Key', '');
337 _addDnsProviderField(s
, 'dns_namecheap', 'NAMECHEAP_USERNAME', 'NameCheap User', '');
338 _addDnsProviderField(s
, 'dns_namecheap', 'NAMECHEAP_SOURCEIP', 'NameCheap Source IP', '');
340 _addDnsProviderField(s
, 'dns_nic', 'NIC_ClientID', 'Nic.ru ClientID', '');
341 _addDnsProviderField(s
, 'dns_nic', 'NIC_ClientSecret', 'Nic.ru ClientSecret', '');
342 _addDnsProviderField(s
, 'dns_nic', 'NIC_Username', 'Nic.ru Username', '');
343 _addDnsProviderField(s
, 'dns_nic', 'NIC_Password', 'Nic.ru Password', '');
345 _addDnsProviderField(s
, 'dns_netlify', 'NETLIFY_ACCESS_TOKEN', 'Netlify Access Token', '');
347 _addDnsProviderField(s
, 'dns_nsone', 'NS1_Key', 'nsone.net Key', '');
349 _addDnsProviderField(s
, 'dns_nsupdate', 'NSUPDATE_SERVER', 'nsupdate server address', '');
350 _addDnsProviderField(s
, 'dns_nsupdate', 'NSUPDATE_SERVER_PORT', 'nsupdate server port', '');
351 _addDnsProviderField(s
, 'dns_nsupdate', 'NSUPDATE_KEY', 'nsupdate key file path', '');
352 _addDnsProviderField(s
, 'dns_nsupdate', 'NSUPDATE_ZONE', 'nsupdate zone', '');
354 _addDnsProviderField(s
, 'dns_nsupdate', 'OCI_CLI_TENANCY', 'OCI Tenancy',
355 _('OCID of tenancy that contains the target DNS zone')
357 _addDnsProviderField(s
, 'dns_nsupdate', 'OCI_CLI_USER', 'OCI User',
358 _('OCID of user with permission to add/remove records from zones')
360 _addDnsProviderField(s
, 'dns_nsupdate', 'OCI_CLI_REGION', 'OCI Region',
361 _('Should point to the tenancy home region')
363 _addDnsProviderField(s
, 'dns_nsupdate', 'OCI_CLI_KEY_FILE', 'OCI Key file',
364 _('Path to private API signing key file in PEM format')
366 _addDnsProviderField(s
, 'dns_nsupdate', 'OCI_CLI_KEY', 'OCI Key',
367 _('The private API signing key in PEM format')
370 _addDnsProviderField(s
, 'dns_ovh', 'OVH_AK', 'OVH Application Key', '');
371 _addDnsProviderField(s
, 'dns_ovh', 'OVH_AS', 'OVH Application Secret', '');
372 _addDnsProviderField(s
, 'dns_ovh', 'OVH_CK', 'OVH Consumer Key', '');
373 _addDnsProviderField(s
, 'dns_ovh', 'OVH_END_POINT', 'OVH Region/Endpoint',
374 'ovh-eu, ovh-us, ovh-ca, kimsufi-eu, kimsufi-ca, soyoustart-eu, soyoustart-ca'
377 _addDnsProviderField(s
, 'dns_pdns', 'PDNS_Url', 'PDNS API URL', '');
378 _addDnsProviderField(s
, 'dns_pdns', 'PDNS_ServerId', 'PDNS Server ID', '');
379 _addDnsProviderField(s
, 'dns_pdns', 'PDNS_Token', 'PDNS Token', '');
380 _addDnsProviderField(s
, 'dns_pdns', 'PDNS_Ttl', 'PDNS Default TTL', '60');
382 _addDnsProviderField(s
, 'dns_porkbun', 'PORKBUN_API_KEY', 'Porkbun API Key', '');
383 _addDnsProviderField(s
, 'dns_porkbun', 'PORKBUN_SECRET_API_KEY', 'Porkbun API Secret', '');
385 _addDnsProviderField(s
, 'dns_rackspace', 'RACKSPACE_Apikey', 'RackSpace API Key', '');
386 _addDnsProviderField(s
, 'dns_rackspace', 'RACKSPACE_Username', 'Porkbun Username', '');
388 _addDnsProviderField(s
, 'dns_regru', 'REGRU_API_Username', 'reg.ru Username', '');
389 _addDnsProviderField(s
, 'dns_regru', 'REGRU_API_Password', 'reg.ru Password', '');
391 _addDnsProviderField(s
, 'dns_selectel', 'SL_Key', 'Selectel API Key', '');
393 _addDnsProviderField(s
, 'dns_selfhost', 'SELFHOSTDNS_USERNAME', 'SelfHost.de Username', '');
394 _addDnsProviderField(s
, 'dns_selfhost', 'SELFHOSTDNS_PASSWORD', 'SelfHost.de Password', '');
395 _addDnsProviderField(s
, 'dns_selfhost', 'SELFHOSTDNS_MAP', 'SelfHost.de Domains map',
396 _('E.g. <code>_acme-challenge.example.com:12345:98765 alias.example.com:11111</code>')
399 _addDnsProviderField(s
, 'dns_simply', 'SIMPLY_AccountName', 'Simply.com account name', '');
400 _addDnsProviderField(s
, 'dns_simply', 'SIMPLY_ApiKey', 'Simply.com API Key', '');
402 _addDnsProviderField(s
, 'dns_tele3', 'TELE3_Key', 'tele3.cz API Key', '');
403 _addDnsProviderField(s
, 'dns_tele3', 'TELE3_Secret', 'tele3.cz API Secret', '');
405 _addDnsProviderField(s
, 'dns_vultr', 'VULTR_API_KEY', 'Vultr API Secret', '');
407 _addDnsProviderField(s
, 'dns_vscale', 'VSCALE_API_KEY', 'vscale.io API Key', '');
409 _addDnsProviderField(s
, 'dns_yandex', 'PDD_Token', 'Yandex DNS API Token', '');
411 _addDnsProviderField(s
, 'dns_yandex', 'PDD_Token', 'Yandex DNS API Token', '');
413 _addDnsProviderField(s
, 'dns_yc', 'YC_Zone_ID', 'Yandex Cloud: DNS Zone ID', '');
414 _addDnsProviderField(s
, 'dns_yc', 'YC_Folder_ID', 'Yandex Cloud: YC Folder ID', '');
415 _addDnsProviderField(s
, 'dns_yc', 'YC_SA_ID', 'Yandex Cloud: Service Account ID', '');
416 _addDnsProviderField(s
, 'dns_yc', 'YC_SA_Key_ID', 'Yandex Cloud: Service Account IAM Key ID', '');
417 _addDnsProviderField(s
, 'dns_yc', 'YC_SA_Key_File_Path', 'Yandex Cloud: Path to private key', '');
418 _addDnsProviderField(s
, 'dns_yc', 'YC_SA_Key_File_PEM_b64', 'Yandex Cloud: PEM of private key',
419 _('Base64 content of private key. Use instead of YC_SA_Key_File_Path')
422 _addDnsProviderField(s
, 'dns_zilore', 'Zilore_Key', 'Zilore API Key', '');
424 _addDnsProviderField(s
, 'dns_zone', 'ZONE_Username', 'Zone.ee Username', '');
425 _addDnsProviderField(s
, 'dns_zone', 'ZONE_Key', 'Zone.ee API Key', '');
427 _addDnsProviderField(s
, 'dns_zonomi', 'ZM_Key', 'Zonomi.com API Key', '');
430 o
= s
.taboption('challenge_dns', form
.DynamicList
, 'credentials', _('DNS API credentials'),
431 _("The credentials for the DNS API mode selected above. " +
432 "See https://github.com/acmesh-official/acme.sh/wiki/dnsapi for the format of credentials required by each API. " +
433 "Add multiple entries here in KEY=VAL shell variable format to supply multiple credential variables."))
434 o
.datatype
= "list(string)";
435 o
.depends("validation_method", "dns");
438 o
= s
.taboption('challenge_dns', form
.Value
, 'calias', _('Challenge Alias'),
439 _("The challenge alias to use for ALL domains. " +
440 "See https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode for the details of this process. " +
441 "LUCI only supports one challenge alias per certificate."));
442 o
.depends("validation_method", "dns");
445 o
= s
.taboption('challenge_dns', form
.Value
, 'dalias', _('Domain Alias'),
446 _("The domain alias to use for ALL domains. " +
447 "See https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode for the details of this process. " +
448 "LUCI only supports one challenge domain per certificate."));
449 o
.depends("validation_method", "dns");
453 o
= s
.taboption('advanced', form
.Flag
, 'use_staging', _('Use staging server'),
455 'Get certificate from the Letsencrypt staging server ' +
456 '(use for testing; the certificate won\'t be valid).'
462 o
= s
.taboption('advanced', form
.ListValue
, 'key_type', _('Key size'),
463 _('Key size (and type) for the generated certificate.')
465 o
.value('rsa2048', _('RSA 2048 bits'));
466 o
.value('rsa3072', _('RSA 3072 bits'));
467 o
.value('rsa4096', _('RSA 4096 bits'));
468 o
.value('ec256', _('ECC 256 bits'));
469 o
.value('ec384', _('ECC 384 bits'));
473 o
.cfgvalue = function(section_id
, set_value
) {
474 var keylength
= uci
.get('acme', section_id
, 'keylength');
476 // migrate the old keylength to a new keytype
478 case '2048': return 'rsa2048';
479 case '3072': return 'rsa3072';
480 case '4096': return 'rsa4096';
481 case 'ec-256': return 'ec256';
482 case 'ec-384': return 'ec384';
483 default: return ''; // bad value
488 o
.write = function(section_id
, value
) {
489 // remove old keylength
490 uci
.unset('acme', section_id
, 'keylength');
491 uci
.set('acme', section_id
, 'key_type', value
);
494 o
= s
.taboption('advanced', form
.Flag
, "use_acme_server",
495 _("Custom ACME CA"), _("Use a custom CA instead of Let's Encrypt."));
496 o
.depends("use_staging", "0");
500 o
= s
.taboption('advanced', form
.Value
, "acme_server", _("ACME server URL"),
501 _("Custom ACME server directory URL."));
502 o
.depends("use_acme_server", "1");
503 o
.placeholder
= "https://api.buypass.com/acme/directory";
507 o
= s
.taboption('advanced', form
.Value
, 'days', _('Days until renewal'));
510 o
.datatype
= 'uinteger';
518 function _addDnsProviderField(s
, provider
, env
, title
, desc
) {
519 let o
= s
.taboption('challenge_dns', form
.Value
, '_' + env
, _(title
),
521 o
.depends('dns', provider
);
523 o
.cfgvalue = function (section_id
, stored_val
) {
524 var creds
= this.map
.data
.get(this.map
.config
, section_id
, 'credentials');
525 return _extractParamValue(creds
, env
);
527 o
.write = function (section_id
, value
) {
528 this.map
.data
.set('acme', section_id
, 'credentials', [env
+ '="' + value
+ '"']);
534 * @param {string[]} paramsKeyVals
535 * @param {string} paramName
538 function _extractParamValue(paramsKeyVals
, paramName
) {
539 if (!paramsKeyVals
) {
542 for (let i
= 0; i
< paramsKeyVals
.length
; i
++) {
543 var paramKeyVal
= paramsKeyVals
[i
];
544 var parts
= paramKeyVal
.split('=');
545 if (parts
.lenght
< 2) {
550 if (name
== paramName
) {
552 return val
.substring(0, val
.length
-1).substring(1);
558 function _handleCheckService(c
, event
, curVal
, newVal
) {
559 document
.getElementById('wikiInstructionUrl').href
= 'https://github.com/acmesh-official/acme.sh/wiki/dnsapi#' + newVal
;