chore(deps): update dns challenges toml

internal/cert/config/azure.toml

@@ -1,4 +1,4 @@
-Name = "Azure"
+Name = "Azure (deprecated)"
 Description = ''''''
 URL = "https://azure.microsoft.com/services/dns/"
 Code = "azure"

internal/cert/config/azuredns.toml

@@ -0,0 +1,186 @@
+Name = "Azure DNS"
+Description = ''''''
+URL = "https://azure.microsoft.com/services/dns/"
+Code = "azuredns"
+Since = "v4.13.0"
+
+Example = '''
+### Using client secret
+
+AZURE_CLIENT_ID=<your service principal client ID> \
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_CLIENT_SECRET=<your service principal client secret> \
+lego --domains example.com --email your_example@email.com --dns azuredns run
+
+### Using client certificate
+
+AZURE_CLIENT_ID=<your service principal client ID> \
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_CLIENT_CERTIFICATE_PATH=<your service principal certificate path> \
+lego --domains example.com --email your_example@email.com --dns azuredns run
+
+### Using Azure CLI
+
+az login \
+lego --domains example.com --email your_example@email.com --dns azuredns run
+
+### Using Managed Identity (Azure VM)
+
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_SUBSCRIPTION_ID=<your target zone subscription ID> \
+AZURE_RESOURCE_GROUP=<your target zone resource group name> \
+lego --domains example.com --email your_example@email.com --dns azuredns run
+
+### Using Managed Identity (Azure Arc)
+
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_SUBSCRIPTION_ID=<your target zone subscription ID> \
+AZURE_RESOURCE_GROUP=<your target zone resource group name> \
+IMDS_ENDPOINT=http://localhost:40342 \
+IDENTITY_ENDPOINT=http://localhost:40342/metadata/identity/oauth2/token \
+lego --domains example.com --email your_example@email.com --dns azuredns run
+
+'''
+
+Additional = '''
+## Description
+
+Several authentication methods can be used to authenticate against Azure DNS API.
+
+### Default Azure Credentials (default option)
+
+Default Azure Credentials automatically detects in the following locations and prioritized in the following order:
+
+1. Environment variables for client secret: `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET`
+2. Environment variables for client certificate: `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_CERTIFICATE_PATH`
+3. Workload identity for resources hosted in Azure environment (see below)
+4. Shared credentials (defaults to `~/.azure` folder), used by Azure CLI
+
+Link:
+- [Azure Authentication](https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication)
+
+### Environment variables
+
+#### Client secret
+
+The Azure Credentials can be configured using the following environment variables:
+* AZURE_CLIENT_ID = "Client ID"
+* AZURE_CLIENT_SECRET = "Client secret"
+* AZURE_TENANT_ID = "Tenant ID"
+
+This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `env`.
+
+#### Client certificate
+
+The Azure Credentials can be configured using the following environment variables:
+* AZURE_CLIENT_ID = "Client ID"
+* AZURE_CLIENT_CERTIFICATE_PATH = "Client certificate path"
+* AZURE_TENANT_ID = "Tenant ID"
+
+This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `env`.
+
+### Workload identity
+
+Workload identity allows workloads running Azure Kubernetes Services (AKS) clusters to authenticate as an Azure AD application identity using federated credentials.
+
+This must be configured in kubernetes workload deployment in one hand and on the Azure AD application registration in the other hand.
+
+Here is a summary of the steps to follow to use it :
+* create a `ServiceAccount` resource, add following annotations to reference the targeted Azure AD application registration : `azure.workload.identity/client-id` and `azure.workload.identity/tenant-id`.
+* on the `Deployment` resource you must reference the previous `ServiceAccount` and add the following label : `azure.workload.identity/use: "true"`.
+* create a fedreated credentials of type `Kubernetes accessing Azure resources`, add the cluster issuer URL  and add the namespace and name of your kubernetes service account.
+
+Link :
+- [Azure AD Workload identity](https://azure.github.io/azure-workload-identity/docs/topics/service-account-labels-and-annotations.html)
+
+This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `wli`.
+
+### Azure Managed Identity
+
+#### Azure Managed Identity (with Azure workload)
+
+The Azure Managed Identity service allows linking Azure AD identities to Azure resources, without needing to manually manage client IDs and secrets.
+
+Workloads with a Managed Identity can manage their own certificates, with permissions on specific domain names set using IAM assignments.
+For this to work, the Managed Identity requires the **Reader** role on the target DNS Zone,
+and the **DNS Zone Contributor** on the relevant `_acme-challenge` TXT records.
+
+For example, to allow a Managed Identity to create a certificate for "fw01.lab.example.com", using Azure CLI:
+
+```bash
+export AZURE_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
+export AZURE_RESOURCE_GROUP="rg1"
+export SERVICE_PRINCIPAL_ID="00000000-0000-0000-0000-000000000000"
+
+export AZURE_DNS_ZONE="lab.example.com"
+export AZ_HOSTNAME="fw01"
+export AZ_RECORD_SET="_acme-challenge.${AZ_HOSTNAME}"
+
+az role assignment create \
+--assignee "${SERVICE_PRINCIPAL_ID}" \
+--role "Reader" \
+--scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${AZURE_RESOURCE_GROUP}/providers/Microsoft.Network/dnszones/${AZURE_DNS_ZONE}"
+
+az role assignment create \
+--assignee "${SERVICE_PRINCIPAL_ID}" \
+--role "DNS Zone Contributor" \
+--scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${AZURE_RESOURCE_GROUP}/providers/Microsoft.Network/dnszones/${AZURE_DNS_ZONE}/TXT/${AZ_RECORD_SET}"
+```
+
+A timeout wrapper is configured for this authentication method.
+The duraction can be configured by setting the `AZURE_AUTH_MSI_TIMEOUT`.
+The default timeout is 2 seconds.
+This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `msi`.
+
+#### Azure Managed Identity (with Azure Arc)
+
+The Azure Arc agent provides the ability to use a Managed Identity on resources hosted outside of Azure
+(such as on-prem virtual machines, or VMs in another cloud provider).
+
+While the upstream `azidentity` SDK will try to automatically identify and use the Azure Arc metadata service,
+if you get `azuredns: DefaultAzureCredential: failed to acquire a token.` error messages,
+you may need to set the environment variables:
+* `IMDS_ENDPOINT=http://localhost:40342`
+* `IDENTITY_ENDPOINT=http://localhost:40342/metadata/identity/oauth2/token`
+
+A timeout wrapper is configured for this authentication method.
+The duraction can be configured by setting the `AZURE_AUTH_MSI_TIMEOUT`.
+The default timeout is 2 seconds.
+This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `msi`.
+
+### Azure CLI
+
+The Azure CLI is a command-line tool provided by Microsoft to interact with Azure resources.
+It provides an easy way to authenticate by simply running `az login` command.
+The generated token will be cached by default in the `~/.azure` folder.
+
+This authentication method can be specificaly used by setting the `AZURE_AUTH_METHOD` environment variable to `cli`.
+
+### Open ID Connect
+
+Open ID Connect is a mechanism that establish a trust relationship between a running environment and the Azure AD identity provider.
+It can be enabled by setting the `AZURE_AUTH_METHOD` environment variable to `oidc`.
+
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    AZURE_CLIENT_ID = "Client ID"
+    AZURE_CLIENT_SECRET = "Client secret"
+    AZURE_TENANT_ID = "Tenant ID"
+    AZURE_CLIENT_CERTIFICATE_PATH = "Client certificate path"
+    AZURE_SUBSCRIPTION_ID = "DNS zone subscription ID"
+    AZURE_RESOURCE_GROUP = "DNS zone resource group"
+  [Configuration.Additional]
+    AZURE_ENVIRONMENT = "Azure environment, one of: public, usgovernment, and china"
+    AZURE_PRIVATE_ZONE = "Set to true to use Azure Private DNS Zones and not public"
+    AZURE_ZONE_NAME = "Zone name to use inside Azure DNS service to add the TXT record in"
+    AZURE_AUTH_METHOD = "Specify which authentication method to use"
+    AZURE_AUTH_MSI_TIMEOUT = "Managed Identity timeout duration"
+    AZURE_TTL = "The TTL of the TXT record used for the DNS challenge"
+    AZURE_POLLING_INTERVAL = "Time between DNS propagation check"
+    AZURE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+
+[Links]
+  API = "https://docs.microsoft.com/en-us/go/azure/"
+  GoClient = "https://github.com/Azure/azure-sdk-for-go"

internal/cert/config/brandit.toml

@@ -1,4 +1,4 @@
-Name = "BRANDIT"
+Name = "Brandit"
 Description = ''''''
 URL = "https://www.brandit.com/"
 Code = "brandit"

internal/cert/config/bunny.toml

@@ -19,4 +19,4 @@ lego --email you@example.com --dns bunny --domains my.example.org run
 
 [Links]
   API = "https://docs.bunny.net/reference/dnszonepublic_index"
-  bunny-go = "https://github.com/simplesurance/bunny-go"
+  bunny-go = "https://github.com/nrdcg/bunny-go"

internal/cert/config/cloudflare.toml

@@ -33,7 +33,7 @@ very specific access can be granted to your resources at Cloudflare.
 See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
 
 The main resources Lego cares for are the DNS entries for your Zones.
-It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
+It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
 
 Hence, you should create an API token with the following permissions:
 

internal/cert/config/cloudru.toml

@@ -0,0 +1,27 @@
+Name = "Cloud.ru"
+Description = ''''''
+URL = "https://cloud.ru"
+Code = "cloudru"
+Since = "v4.14.0"
+
+Example = '''
+CLOUDRU_SERVICE_INSTANCE_ID=ppp \
+CLOUDRU_KEY_ID=xxx \
+CLOUDRU_SECRET=yyy \
+lego --email you@example.com --dns cloudru --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    CLOUDRU_SERVICE_INSTANCE_ID = "Service Instance ID (parentId)"
+    CLOUDRU_KEY_ID = "Key ID (login)"
+    CLOUDRU_SECRET = "Key Secret"
+  [Configuration.Additional]
+    CLOUDRU_POLLING_INTERVAL = "Time between DNS propagation check"
+    CLOUDRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    CLOUDRU_TTL = "The TTL of the TXT record used for the DNS challenge"
+    CLOUDRU_HTTP_TIMEOUT = "API request timeout"
+    CLOUDRU_SEQUENCE_INTERVAL = "Time between sequential requests"
+
+[Links]
+  API = "https://cloud.ru/ru/docs/clouddns/ug/topics/api-ref.html"

internal/cert/config/derak.toml

@@ -0,0 +1,20 @@
+Name = "Derak Cloud"
+Description = ''''''
+URL = "https://derak.cloud/"
+Code = "derak"
+Since = "v4.12.0"
+
+Example = '''
+DERAK_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --email myemail@example.com --dns derak --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    DERAK_API_KEY = "The API key"
+  [Configuration.Additional]
+    DERAK_WEBSITE_ID = "Force the zone/website ID"
+    DERAK_POLLING_INTERVAL = "Time between DNS propagation check"
+    DERAK_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    DERAK_TTL = "The TTL of the TXT record used for the DNS challenge"
+    DERAK_HTTP_TIMEOUT = "API request timeout"

internal/cert/config/designate.toml

@@ -43,6 +43,10 @@ For more information, you can read about the different methods of authentication
 
 - [Keystone username/password](https://docs.openstack.org/keystone/latest/user/supported_clients.html)
 - [Keystone application credentials](https://docs.openstack.org/keystone/latest/user/application_credentials.html)
+
+Public cloud providers with support for Designate:
+
+- [Fuga Cloud](https://fuga.cloud/)
 '''
 
 [Configuration]
@@ -65,4 +69,4 @@ For more information, you can read about the different methods of authentication
 
 [Links]
   API = "https://docs.openstack.org/designate/latest/"
-  GoClient = "https://godoc.org/github.com/gophercloud/gophercloud/openstack/dns/v2"
+  GoClient = "https://pkg.go.dev/github.com/gophercloud/gophercloud/openstack/dns/v2"

internal/cert/config/dnsimple.toml

@@ -16,7 +16,7 @@ Additional = '''
 if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
 
 While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
-DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.
+DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
 
 To authenticate you need to provide a valid API token.
 HTTP Basic Authentication is intentionally not supported.
@@ -24,7 +24,7 @@ HTTP Basic Authentication is intentionally not supported.
 ### API tokens
 
 You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
-Only Account API tokens are supported, if you try to use an User API token you will receive an error message.
+Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
 '''
 
 [Configuration]

internal/cert/config/edgedns.toml

@@ -15,7 +15,7 @@ lego --email you@example.com --dns edgedns --domains my.example.org run
 '''
 
 Additional = '''
-Akamai credentials are automatically detected in the following locations and prioritized in the following order:
+Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
 
 1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
   - `AKAMAI_{SECTION}_HOST`
@@ -40,7 +40,7 @@ See also:
 - [Setting up Akamai credentials](https://developer.akamai.com/api/getting-started)
 - [.edgerc Format](https://developer.akamai.com/legacy/introduction/Conf_Client.html#edgercformat)
 - [API Client Authentication](https://developer.akamai.com/legacy/introduction/Client_Auth.html)
-- [Config from Env](https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/master/edgegrid/config.go#L118)
+- [Config from Env](https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/master/pkg/edgegrid/config.go#L118)
 '''
 
 [Configuration]

internal/cert/config/efficientip.toml

@@ -0,0 +1,27 @@
+Name = "Efficient IP"
+Description = ''''''
+URL = "https://efficientip.com/"
+Code = "efficientip"
+Since = "v4.13.0"
+
+Example = '''
+EFFICIENTIP_USERNAME="user" \
+EFFICIENTIP_PASSWORD="secret" \
+EFFICIENTIP_HOSTNAME="ipam.example.org" \
+EFFICIENTIP_DNS_NAME="dns.smart" \
+lego --email you@example.com --dns efficientip --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    EFFICIENTIP_USERNAME = "Username"
+    EFFICIENTIP_PASSWORD = "Password"
+    EFFICIENTIP_HOSTNAME = "Hostname (ex: foo.example.com)"
+    EFFICIENTIP_DNS_NAME = "DNS name (ex: dns.smart)"
+  [Configuration.Additional]
+    EFFICIENTIP_INSECURE_SKIP_VERIFY = "Whether or not to verify EfficientIP API certificate"
+    EFFICIENTIP_VIEW_NAME = "View name (ex: external)"
+    EFFICIENTIP_POLLING_INTERVAL = "Time between DNS propagation check"
+    EFFICIENTIP_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    EFFICIENTIP_TTL = "The TTL of the TXT record used for the DNS challenge"
+    EFFICIENTIP_HTTP_TIMEOUT = "API request timeout"

internal/cert/config/exec.toml

@@ -69,7 +69,7 @@ EXEC_PATH=./update-dns.sh \
 It will then call the program `./update-dns.sh` like this:
 
 ```bash
-./update-dns.sh "present" "my.example.org." "--" "some-token" "KxAy-J3NwUmg9ZQuM-gP_Mq1nStaYSaP9tYQs5_-YsE.ksT-qywTd8058G-SHHWA3RAN72Pr0yWtPYmmY5UBpQ8"
+./update-dns.sh "present" "--" "my.example.org." "some-token" "KxAy-J3NwUmg9ZQuM-gP_Mq1nStaYSaP9tYQs5_-YsE.ksT-qywTd8058G-SHHWA3RAN72Pr0yWtPYmmY5UBpQ8"
 ```
 
 ## Commands
@@ -84,29 +84,14 @@ you can use the `--` delimiter to specify the start of positional arguments, and
 
 | Mode    | Command                                            |
 |---------|----------------------------------------------------|
-| default | `myprogram present -- <FQDN> <record>`             |
+| default | `myprogram present <FQDN> <record>`                |
 | `RAW`   | `myprogram present -- <domain> <token> <key_auth>` |
 
 ### Cleanup
 
 | Mode    | Command                                            |
 |---------|----------------------------------------------------|
-| default | `myprogram cleanup -- <FQDN> <record>`             |
+| default | `myprogram cleanup <FQDN> <record>`                |
 | `RAW`   | `myprogram cleanup -- <domain> <token> <key_auth>` |
 
-### Timeout
-
-The command have to display propagation timeout and polling interval into Stdout.
-
-The values must be formatted as JSON, and times are in seconds.
-Example: `{"timeout": 30, "interval": 5}`
-
-If an error occurs or if the command is not provided:
-the default display propagation timeout and polling interval are used.
-
-| Mode    | Command                                            |
-|---------|----------------------------------------------------|
-| default | `myprogram timeout`                                |
-| `RAW`   | `myprogram timeout`                                |
-
 '''

internal/cert/config/gandiv5.toml

@@ -5,13 +5,14 @@ Code = "gandiv5"
 Since = "v0.5.0"
 
 Example = '''
-GANDIV5_API_KEY=abcdefghijklmnopqrstuvwx \
+GANDIV5_PERSONAL_ACCESS_TOKEN=abcdefghijklmnopqrstuvwx \
 lego --email you@example.com --dns gandiv5 --domains my.example.org run
 '''
 
 [Configuration]
   [Configuration.Credentials]
-    GANDIV5_API_KEY = "API key"
+    GANDIV5_PERSONAL_ACCESS_TOKEN = "Personal Access Token"
+    GANDIV5_API_KEY = "API key (Deprecated)"
   [Configuration.Additional]
     GANDIV5_POLLING_INTERVAL = "Time between DNS propagation check"
     GANDIV5_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"

internal/cert/config/gcore.toml

@@ -1,6 +1,6 @@
-Name = "G-Core Labs"
+Name = "G-Core"
 Description = ''''''
-URL = "https://gcorelabs.com/dns/"
+URL = "https://gcore.com/dns/"
 Code = "gcore"
 Since = "v4.5.0"
 
@@ -11,7 +11,7 @@ lego --email you@example.com --dns gcore --domains my.example.org run
 
 [Configuration]
   [Configuration.Credentials]
-    GCORE_PERMANENT_API_TOKEN = "Permanent API tokene (https://gcorelabs.com/blog/permanent-api-token-explained/)"
+    GCORE_PERMANENT_API_TOKEN = "Permanent API token (https://gcore.com/blog/permanent-api-token-explained/)"
   [Configuration.Additional]
     GCORE_POLLING_INTERVAL = "Time between DNS propagation check"
     GCORE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
@@ -19,4 +19,4 @@ lego --email you@example.com --dns gcore --domains my.example.org run
     GCORE_HTTP_TIMEOUT = "API request timeout"
 
 [Links]
-  API = "https://dnsapi.gcorelabs.com/docs#tag/zonesV2"
+  API = "https://api.gcore.com/docs/dns#tag/zones"

internal/cert/config/googledomains.toml

@@ -6,7 +6,7 @@ Since = "v4.11.0"
 
 Example = '''
 GOOGLE_DOMAINS_ACCESS_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
-lego --email you@example.com --dns gdomains --domains my.example.org run
+lego --email you@example.com --dns googledomains --domains my.example.org run
 '''
 
 [Configuration]

internal/cert/config/httpnet.toml

@@ -0,0 +1,25 @@
+Name = "http.net"
+Description = ''''''
+URL = "https://www.http.net/"
+Code = "httpnet"
+Since = "v4.15.0"
+
+Example = '''
+HTTPNET_API_KEY=xxxxxxxx \
+lego --email you@example.com --dns httpnet --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    HTTPNET_API_KEY = "API key"
+  [Configuration.Additional]
+    HTTPNET_ZONE_NAME = "Zone name in ACE format"
+    HTTPNET_POLLING_INTERVAL = "Time between DNS propagation check"
+    HTTPNET_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    HTTPNET_TTL = "The TTL of the TXT record used for the DNS challenge"
+    HTTPNET_HTTP_TIMEOUT = "API request timeout"
+
+[Links]
+  API = "https://www.http.net/docs/api/#dns"
+
+

internal/cert/config/httpreq.toml

@@ -17,7 +17,7 @@ The server must provide:
 - `POST` `/present`
 - `POST` `/cleanup`
 
-The URL of the server must be define by `HTTPREQ_ENDPOINT`.
+The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
 
 ### Mode
 

internal/cert/config/ibmcloud.toml

@@ -12,7 +12,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
 
 [Configuration]
   [Configuration.Credentials]
-    SOFTLAYER_USERNAME = "User name (IBM Cloud is <accountID>_<emailAddress>)"
+    SOFTLAYER_USERNAME = "Username (IBM Cloud is <accountID>_<emailAddress>)"
     SOFTLAYER_API_KEY = "Classic Infrastructure API key"
   [Configuration.Additional]
     SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check"

internal/cert/config/ipv64.toml

@@ -0,0 +1,22 @@
+Name = "IPv64"
+Description = ''''''
+URL = "https://ipv64.net/"
+Code = "ipv64"
+Since = "v4.13.0"
+
+Example = '''
+IPV64_API_KEY=xxxxxx \
+lego --email you@example.com --dns ipv64 --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    IPV64_API_KEY = "Account API Key"
+  [Configuration.Additional]
+    IPV64_POLLING_INTERVAL = "Time between DNS propagation check"
+    IPV64_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    IPV64_TTL = "The TTL of the TXT record used for the DNS challenge"
+    IPV64_HTTP_TIMEOUT = "API request timeout"
+
+[Links]
+  API = "https://ipv64.net/dyndns_updater_api"

internal/cert/config/joker.toml

@@ -29,7 +29,7 @@ In the SVC mode, username and passsword are not your email and account passwords
 
 As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
 
-> 1. please login at Joker.com, visit 'My Domains',
+> 1. please log in at Joker.com, visit 'My Domains',
 >    find the domain you want to add  Let's Encrypt certificate for, and chose "DNS" in the menu
 >
 > 2. on the top right, you will find the setting for 'Dynamic DNS'.

internal/cert/config/lightsail.toml

@@ -56,4 +56,4 @@ Alternatively, you can also set the `Resource` to `*` (wildcard), which allow to
     LIGHTSAIL_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
 
 [Links]
-  GoClient = "https://github.com/aws/aws-sdk-go/"
+  GoClient = "https://github.com/aws/aws-sdk-go-v2"

internal/cert/config/liquidweb.toml

@@ -5,24 +5,23 @@ Code = "liquidweb"
 Since = "v3.1.0"
 
 Example = '''
-LIQUID_WEB_USERNAME=someuser \
-LIQUID_WEB_PASSWORD=somepass \
-LIQUID_WEB_ZONE=tacoman.com.net \
+LWAPI_USERNAME=someuser \
+LWAPI_PASSWORD=somepass \
 lego --email you@example.com --dns liquidweb --domains my.example.org run
 '''
 
 [Configuration]
   [Configuration.Credentials]
-    LIQUID_WEB_USERNAME = "Storm API Username"
-    LIQUID_WEB_PASSWORD = "Storm API Password"
-    LIQUID_WEB_ZONE = "DNS Zone"
+    LWAPI_USERNAME = "Liquid Web API Username"
+    LWAPI_PASSWORD = "Liquid Web API Password"
   [Configuration.Additional]
-    LIQUID_WEB_URL = "Storm API endpoint"
-    LIQUID_WEB_TTL = "The TTL of the TXT record used for the DNS challenge"
-    LIQUID_WEB_POLLING_INTERVAL = "Time between DNS propagation check"
-    LIQUID_WEB_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
-    LIQUID_WEB_HTTP_TIMEOUT = "Maximum waiting time for the DNS records to be created (not verified)"
+    LWAPI_ZONE = "DNS Zone"
+    LWAPI_URL = "Liquid Web API endpoint"
+    LWAPI_TTL = "The TTL of the TXT record used for the DNS challenge"
+    LWAPI_POLLING_INTERVAL = "Time between DNS propagation check"
+    LWAPI_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    LWAPI_HTTP_TIMEOUT = "Maximum waiting time for the DNS records to be created (not verified)"
 
 [Links]
-  API = "https://cart.liquidweb.com/storm/api/docs/v1/"
+  API = "https://api.liquidweb.com/docs/"
   GoClient = "https://github.com/liquidweb/liquidweb-go"

internal/cert/config/metaname.toml

@@ -0,0 +1,24 @@
+Name = "Metaname"
+Description = ''''''
+URL = "https://metaname.net"
+Code = "metaname"
+Since = "v4.13.0"
+
+Example = '''
+METANAME_ACCOUNT_REFERENCE=xxxx \
+METANAME_API_KEY=yyyyyyy \
+lego --email you@example.com --dns metaname --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    METANAME_ACCOUNT_REFERENCE = "The four-digit reference of a Metaname account"
+    METANAME_API_KEY = "API Key"
+  [Configuration.Additional]
+    METANAME_POLLING_INTERVAL = "Time between DNS propagation check"
+    METANAME_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    METANAME_TTL = "The TTL of the TXT record used for the DNS challenge"
+
+[Links]
+  API = "https://metaname.net/api/1.1/doc"
+  GoClient = "https://github.com/nzdjb/go-metaname"

internal/cert/config/nicmanager.toml

@@ -30,7 +30,7 @@ lego --email you@example.com --dns nicmanager --domains my.example.org run
 Additional = '''
 ## Description
 
-You can login using your account name + username or using your email address.
+You can log in using your account name + username or using your email address.
 Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
 '''
 

internal/cert/config/otc.toml

@@ -16,9 +16,10 @@ Example = ''''''
   [Configuration.Additional]
     OTC_POLLING_INTERVAL = "Time between DNS propagation check"
     OTC_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    OTC_SEQUENCE_INTERVAL = "Time between sequential requests"
     OTC_TTL = "The TTL of the TXT record used for the DNS challenge"
     OTC_HTTP_TIMEOUT = "API request timeout"
 
 [Links]
-  API = "https://docs.otc.t-systems.com/en-us/dns/index.html"
+  API = "https://docs.otc.t-systems.com/domain-name-service/api-ref/index.html"
 

internal/cert/config/ovh.toml

@@ -17,7 +17,7 @@ Additional = '''
 
 Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
 
-When requesting the consumer key, the following configuration can be use to define access rights:
+When requesting the consumer key, the following configuration can be used to define access rights:
 
 ```json
 {

internal/cert/config/rcodezero.toml

@@ -0,0 +1,33 @@
+Name = "RcodeZero"
+Description = ''''''
+URL = "https://www.rcodezero.at/"
+Code = "rcodezero"
+Since = "v4.13"
+
+Example = '''
+RCODEZERO_API_TOKEN=<mytoken> \
+lego --email you@example.com --dns rcodezero --domains my.example.org run
+'''
+
+Additional = '''
+## Description
+
+Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
+These are special tokens with limited access for ACME requests only.
+
+RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
+
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    RCODEZERO_API_TOKEN = "API token"
+  [Configuration.Additional]
+    RCODEZERO_POLLING_INTERVAL = "Time between DNS propagation check"
+    RCODEZERO_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    RCODEZERO_TTL = "The TTL of the TXT record used for the DNS challenge"
+    RCODEZERO_HTTP_TIMEOUT = "API request timeout"
+
+[Links]
+  # Note: the API endpoint used inside the client is not documented.
+  API = "https://my.rcodezero.at/openapi"

internal/cert/config/regru.toml

@@ -15,6 +15,8 @@ lego --email you@example.com --dns regru --domains my.example.org run
     REGRU_USERNAME = "API username"
     REGRU_PASSWORD = "API password"
   [Configuration.Additional]
+    REGRU_TLS_CERT = "authentication certificate"
+    REGRU_TLS_KEY = "authentication private key"
     REGRU_POLLING_INTERVAL = "Time between DNS propagation check"
     REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
     REGRU_TTL = "The TTL of the TXT record used for the DNS challenge"

internal/cert/config/route53.toml

@@ -70,7 +70,7 @@ so it is recommended to narrow them down as much as possible if you are using th
 
 ### Least privilege policy for production purposes
 
-The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge.
+The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
 Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
 Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
 
@@ -129,7 +129,8 @@ Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with
     AWS_HOSTED_ZONE_ID = "Override the hosted zone ID."
     AWS_PROFILE = "Managed by the AWS client (`AWS_PROFILE_FILE` is not supported)"
     AWS_SDK_LOAD_CONFIG = "Managed by the AWS client. Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported)"
-    AWS_ASSUME_ROLE_ARN = "Managed by the AWS Role ARN (`AWS_ASSUME_ROLE_ARN` is not supported)"
+    AWS_ASSUME_ROLE_ARN = "Managed by the AWS Role ARN (`AWS_ASSUME_ROLE_ARN_FILE` is not supported)"
+    AWS_EXTERNAL_ID = "Managed by STS AssumeRole API operation (`AWS_EXTERNAL_ID_FILE` is not supported)"
   [Configuration.Additional]
     AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
     AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"
@@ -139,4 +140,4 @@ Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with
 
 [Links]
   API = "https://docs.aws.amazon.com/Route53/latest/APIReference/API_Operations_Amazon_Route_53.html"
-  GoClient = "https://github.com/aws/aws-sdk-go/aws"
+  GoClient = "https://github.com/aws/aws-sdk-go-v2"

internal/cert/config/s3.toml

@@ -0,0 +1,54 @@
+Name = "Amazon S3"
+Description = ''''''
+URL = "https://aws.amazon.com/s3/"
+Code = "s3"
+Since = "v4.14.0"
+
+Example = '''
+AWS_ACCESS_KEY_ID=your_key_id \
+AWS_SECRET_ACCESS_KEY=your_secret_access_key \
+AWS_REGION=aws-region \
+lego --domains example.com --email your_example@email.com --http --http.s3-bucket your_s3_bucket --accept-tos=true run
+'''
+
+Additional = '''
+## Description
+
+AWS Credentials are automatically detected in the following locations and prioritized in the following order:
+
+1. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, [`AWS_SESSION_TOKEN`]
+2. Shared credentials file (defaults to `~/.aws/credentials`, profiles can be specified using `AWS_PROFILE`)
+3. Amazon EC2 IAM role
+
+The AWS Region is automatically detected in the following locations and prioritized in the following order:
+
+1. Environment variables: `AWS_REGION`
+2. Shared configuration file if `AWS_SDK_LOAD_CONFIG` is set (defaults to `~/.aws/config`, profiles can be specified using `AWS_PROFILE`)
+
+See also: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/
+
+### Broad privileges for testing purposes
+
+Will need to create an S3 bucket which has read permissions set for Everyone (public access).
+The S3 bucket doesn't require static website hosting to be enabled.
+AWS_REGION must match the region where the s3 bucket is hosted.
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    AWS_ACCESS_KEY_ID = "Managed by the AWS client. Access key ID (`AWS_ACCESS_KEY_ID_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
+    AWS_SECRET_ACCESS_KEY = "Managed by the AWS client. Secret access key (`AWS_SECRET_ACCESS_KEY_FILE` is not supported, use `AWS_SHARED_CREDENTIALS_FILE` instead)"
+    AWS_REGION = "Managed by the AWS client (`AWS_REGION_FILE` is not supported)"
+    S3_BUCKET = "Name of the s3 bucket"
+    AWS_PROFILE = "Managed by the AWS client (`AWS_PROFILE_FILE` is not supported)"
+    AWS_SDK_LOAD_CONFIG = "Managed by the AWS client. Retrieve the region from the CLI config file (`AWS_SDK_LOAD_CONFIG_FILE` is not supported)"
+    AWS_ASSUME_ROLE_ARN = "Managed by the AWS Role ARN (`AWS_ASSUME_ROLE_ARN_FILE` is not supported)"
+    AWS_EXTERNAL_ID = "Managed by STS AssumeRole API operation (`AWS_EXTERNAL_ID_FILE` is not supported)"
+  [Configuration.Additional]
+    AWS_SHARED_CREDENTIALS_FILE = "Managed by the AWS client. Shared credentials file."
+    AWS_MAX_RETRIES = "The number of maximum returns the service will use to make an individual API request"
+
+[Links]
+  API = "https://docs.aws.amazon.com/AmazonS3/latest/userguide//Welcome.html"
+  GoClient = "https://docs.aws.amazon.com/sdk-for-go/"
+

internal/cert/config/sonic.toml

@@ -26,7 +26,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
 
 This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
 
-Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`.
+Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.
 '''
 
 [Configuration]

internal/cert/config/vkcloud.toml

@@ -12,7 +12,7 @@ lego --email you@example.com --dns vkcloud --domains "example.org" --domains "*.
 '''
 
 Additional = '''
-## Credential inforamtion
+## Credential information
 
 You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
 

internal/cert/config/yandex360.toml

@@ -0,0 +1,25 @@
+Name = "Yandex 360"
+Description = '''
+'''
+URL = "https://360.yandex.ru"
+Code = "yandex360"
+Since = "v4.14.0"
+
+Example = '''
+YANDEX360_OAUTH_TOKEN=<your OAuth Token> \
+YANDEX360_ORG_ID=<your organization ID> \
+lego --email you@example.com --dns yandex360 --domains my.example.org run
+'''
+
+[Configuration]
+  [Configuration.Credentials]
+    YANDEX360_OAUTH_TOKEN = "The OAuth Token"
+    YANDEX360_ORG_ID = "The organization ID"
+  [Configuration.Additional]
+    YANDEX360_POLLING_INTERVAL = "Time between DNS propagation check"
+    YANDEX360_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    YANDEX360_HTTP_TIMEOUT = "API request timeout"
+    YANDEX360_TTL = "The TTL of the TXT record used for the DNS challenge"
+
+[Links]
+  API = "https://yandex.ru/dev/api360/doc/ref/DomainDNSService.html"

internal/cert/config/yandexcloud.toml

@@ -37,7 +37,7 @@ cat key.json | base64
 
 [Configuration]
   [Configuration.Credentials]
-    YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions"
+    YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains information about iam token of service account with `dns.admin` permissions"
     YANDEX_CLOUD_FOLDER_ID = "The string id of folder (aka project) in Yandex Cloud"
   [Configuration.Additional]
     YANDEX_CLOUD_POLLING_INTERVAL = "Time between DNS propagation check"

lego-config.sh

@@ -20,7 +20,7 @@ download_and_extract() {
 # Copy .toml files from providers to the specified directory
 copy_toml_files() {
     local source_dir="$1/lego-master/providers"
-    local target_dir="server/pkg/cert/config"
+    local target_dir="internal/cert/config"
 
     # Remove the lego-master folder
     if [ ! -d "$target_dir" ]; then