Add DNS-01 challenge providers for ACME SSL#236
Merged
Conversation
- add libdns providers for DigitalOcean, Hetzner, and Linode - add CLI flags for each provider configuration - add tests for new provider configurations - update README with new provider documentation - update CLAUDE.md with provider addition guide note: Vultr not included due to API incompatibility with libdns v1.1.x
- add libdns providers for GoDaddy, Namecheap, and Scaleway - add CLI flags for each provider configuration - add tests for new provider configurations
- add libdns providers for Porkbun, DNSimple, and DuckDNS - add CLI flags for each provider configuration - add tests for new provider configurations
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds support for 9 new DNS-01 challenge providers for ACME SSL certificate acquisition, bringing the total from 3 to 12 providers. These lightweight providers enable DNS-based certificate validation through the libdns ecosystem.
Key changes:
- Added 9 new DNS provider implementations (DigitalOcean, Hetzner, Linode, GoDaddy, Namecheap, Scaleway, Porkbun, DNSimple, DuckDNS)
- Extended configuration options with provider-specific credentials
- Added comprehensive test coverage for all new providers
Reviewed changes
Copilot reviewed 5 out of 487 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| go.mod | Added 9 new libdns provider dependencies and their transitive dependencies |
| app/main.go | Added imports, configuration structs, and initialization logic for all 9 DNS providers |
| app/main_test.go | Added test cases for each new DNS provider to verify configuration |
| README.md | Updated DNS provider documentation with new providers and standardized format |
| CLAUDE.md | Added developer documentation for adding DNS-01 challenge providers |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - **Gandi**: `--ssl.dns.type=gandi --ssl.dns.gandi.bearer-token=TOKEN` | ||
| - **DigitalOcean**: `--ssl.dns.type=digitalocean --ssl.dns.digitalocean.api-token=TOKEN` | ||
| - **Hetzner**: `--ssl.dns.type=hetzner --ssl.dns.hetzner.api-token=TOKEN` | ||
| - **Linode**: `--ssl.dns.type=linode --ssl.dns.linode.api-token=TOKEN` |
There was a problem hiding this comment.
The documentation only lists 3 of the 9 new DNS providers. The remaining 6 providers (GoDaddy, Namecheap, Scaleway, Porkbun, DNSimple, DuckDNS) should also be documented here with their configuration examples.
Suggested change
| - **Linode**: `--ssl.dns.type=linode --ssl.dns.linode.api-token=TOKEN` | |
| - **Linode**: `--ssl.dns.type=linode --ssl.dns.linode.api-token=TOKEN` | |
| - **GoDaddy**: `--ssl.dns.type=godaddy --ssl.dns.godaddy.api-key=API_KEY --ssl.dns.godaddy.api-secret=API_SECRET` | |
| - **Namecheap**: `--ssl.dns.type=namecheap --ssl.dns.namecheap.api-user=USER --ssl.dns.namecheap.api-key=API_KEY` | |
| - **Scaleway**: `--ssl.dns.type=scaleway --ssl.dns.scaleway.access-key=ACCESS_KEY --ssl.dns.scaleway.secret-key=SECRET_KEY --ssl.dns.scaleway.project-id=PROJECT_ID` | |
| - **Porkbun**: `--ssl.dns.type=porkbun --ssl.dns.porkbun.api-key=API_KEY --ssl.dns.porkbun.secret-key=SECRET_KEY` | |
| - **DNSimple**: `--ssl.dns.type=dnsimple --ssl.dns.dnsimple.api-token=API_TOKEN --ssl.dns.dnsimple.account-id=ACCOUNT_ID` | |
| - **DuckDNS**: `--ssl.dns.type=duckdns --ssl.dns.duckdns.token=TOKEN` |
- increase proxy response header timeout to 30s for external httpbin.org calls - increase http client timeout to 30s in test
- remove external httpbin.org dependency causing flaky tests - use echo.umputun.com which is more reliable
use require.Eventually to poll TCP connection until server is ready, replacing unreliable time.Sleep in TestHttp_health and TestHttp_UpstreamConfig
use separate regErr variable in AfterFunc goroutine to avoid data race with the err return value
- replace interface{} with any
- use range over int instead of traditional for loops
- use slices.Contains instead of manual Contains wrapper
- use strings.SplitSeq, CutPrefix, CutSuffix
- remove unnecessary tt := tt loop captures
- use sync.WaitGroup.Go() where applicable
- update .golangci.yml with intrange and copyloopvar linters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary