Casket v1.4.0 DNS migration guide

Casket v1.4.0 updates the certmagic library to keep up to date with LetsEncrypt changes. Some breaking changes were made to the tls.dns directives to support the new certmagic version. This document outlines the changes and provides guidance on how to update your Caddyfile to use the new syntax.

No longer supported

Due to lack of LibDNS module, the following DNS providers are no longer supported. If you are using one of these providers and need support for it in Casket, please open an issue on the issue tracker and we will do our best to accommodate your use case.

• alidns
• auroradns
• cloudxns
• conoha
• dnsimple
• dnsmadeeasy
• dyn
• exoscale
• gandiv5 - Merged with gandi provider
• generic
• glesys
• httpreq
• inwx
• lightsail
• namesilo
• nifcloud
• ns1
• otc
• rackspace
• selectel
• stackpath
• vscale

acmedns

• ✅ Environment variables still supported: ACME_DNS_API_BASE, ACME_DNS_STORAGE_PATH
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns acmedns {
        server_url <server_url>
        storage    /path/to/storage.json
        username   <username>
        password   <password>
        subdomain  <subdomain>
      }
    }
  }

• ℹ️ Casket no longer tries to create or write to the storage file. Consequences of this are unknown.

azure

• ✅ Environment variables still supported: AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_RESOURCE_GROUP
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns cloudflare {
        tenant_id       <string>
        client_id       <string>
        client_secret   <string>
        subscription_id <string>
        resource_group  <string>
      }
    }
  }

• ❗ Environment variables no longer supported: AZURE_METADATA_ENDPOINT, AZURE_ENVIRONMENT, AZURE_TTL, AZURE_PROPAGATION_TIMEOUT, AZURE_POLLING_INTERVAL

cloudflare

• ✅ Environment variables still supported: CLOUDFLARE_ZONE_API_TOKEN, CF_ZONE_API_TOKEN, CLOUDFLARE_DNS_API_TOKEN, CF_DNS_API_TOKEN
• ✅ zonetoken type still supported (dns cloudflare zonetoken <token>)
• ✨ Single argument now supported for a scoped API token dns cloudflare <token>
• ✨ Block syntax now supported for a scoped API token:

  example.com {
    tls {
      dns cloudflare {
        token <token>
      }
    }
  }

• ❗ Legacy token types (anything that isn't a Scoped Token, e.g. account tokens) no longer supported. See more
• ❗ token type no longer supported

linode

• ✅ Environment variables still supported: DO_AUTH_TOKEN
• ✅ Token argument still supported: dns linode <token>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns linode {
        token <token>
      }
    }
  }

• ❗ Environment variables no longer supported: DO_TTL, DO_PROPAGATION_TIMEOUT, DO_POLLING_INTERVAL, DO_HTTP_TIMEOUT

dnspod

• ✅ Environment variables still supported: DNSPOD_API_KEY
• ✅ API key argument still supported: dns dnspod <key>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns dnspod {
        key <key>
      }
    }
  }

• ❗ Environment variables no longer supported: DNSPOD_TTL, DNSPOD_PROPAGATION_TIMEOUT, DNSPOD_POLLING_INTERVAL, DNSPOD_HTTP_TIMEOUT

duckdns

• ✅ Environment variables still supported: DUCKDNS_TOKEN
• ✅ Token argument still supported: dns duckdns <key>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns duckdns {
        token <token>
      }
    }
  }

• ❗ Environment variables no longer supported: DUCKDNS_PROPAGATION_TIMEOUT, DUCKDNS_POLLING_INTERVAL, DUCKDNS_HTTP_TIMEOUT, DUCKDNS_SEQUENCE_INTERVAL

gandi

• ✅ Environment variables still supported: GANDI_API_KEY
• ✅ API key argument still supported: dns gandi <key>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns gandi {
        key <key>
      }
    }
  }

• ❗ Environment variables no longer supported: GANDI_TTL, GANDI_PROPAGATION_TIMEOUT, GANDI_POLLING_INTERVAL, GANDI_HTTP_TIMEOUT

godaddy

• ✅ Environment variables still supported: GODADDY_API_KEY, GODADDY_API_SECRET
• ✅ API key + secret argument still supported: dns godaddy <key> <secret>
• ✨ Combined API key and secret argument now supported (key + secret joined by a colon): dns godaddy <key:secret>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns godaddy {
        key    <key>
        secret <secret>
      }
    }
  }

• ❗ Environment variables no longer supported: GODADDY_TTL, GODADDY_PROPAGATION_TIMEOUT, GODADDY_POLLING_INTERVAL, GODADDY_HTTP_TIMEOUT

googlecloud

• ✅ Environment variables still supported: GCE_SERVICE_ACCOUNT, GCE_PROJECT
• ✨ Shorthand syntax: dns googlecloud <project_id> <service_account_json_path>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns googlecloud {
        project         <project_id>
        service_account <path>
      }
    }
  }

• ❗ GCE_SERVICE_ACCOUNT must be a path to a JSON file, it cannot be the JSON contents
• ❗ Environment variables no longer supported: GCE_ALLOW_PRIVATE_ZONE, GCE_DEBUG, GCE_TTL, GCE_PROPAGATION_TIMEOUT, GCE_POLLING_INTERVAL

linode

• ✅ Environment variables still supported: LINODE_TOKEN
• ✅ Token argument still supported: dns linode <token>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns linode {
        token <token>
      }
    }
  }

• ❗ Environment variables no longer supported: LINODE_TTL, LINODE_PROPAGATION_TIMEOUT, LINODE_POLLING_INTERVAL, LINODE_HTTP_TIMEOUT

namecheap

• ✅ Environment variables still supported: NAMECHEAP_API_USER, NAMECHEAP_API_KEY, NAMECHEAP_SANDBOX
• ✅ Shorthand arguments still supported: dns namecheap <username> <key>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns namecheap {
        username <username>
        key      <key>
        [sandbox] # Optional
      }
    }
  }

• ❗ Environment variables no longer supported: NAMECHEAP_DEBUG, NAMECHEAP_TTL, NAMECHEAP_PROPAGATION_TIMEOUT, NAMECHEAP_POLLING_INTERVAL, NAMECHEAP_HTTP_TIMEOUT

namedotcom

• ✅ Environment variables still supported: NAMEDOTCOM_USERNAME, NAMEDOTCOM_API_TOKEN, NAMEDOTCOM_SERVER
• ✅ Shorthand arguments still supported: dns namedotcom <username> <token> and dns namedotcom <username> <token> <server>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns namedotcom {
        username <username>
        token    <token>
        server   <server>
      }
    }
  }

• ❗ Environment variables no longer supported: NAMEDOTCOM_TTL, NAMEDOTCOM_PROPAGATION_TIMEOUT, NAMEDOTCOM_POLLING_INTERVAL, NAMEDOTCOM_HTTP_TIMEOUT

ovh

• ✅ Environment variables still supported: OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY
• ✅ Token argument still supported: dns ovh <endpoint> <application_key> <application_secret> <consumer_key>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns ovh {
        endpoint          <endpoint>
        application_key   <application_key>
        application_token <application_token>
        consumer_key      <consumer_key>
      }
    }
  }

• ❗ Environment variables no longer supported: OVH_TTL, OVH_PROPAGATION_TIMEOUT, OVH_POLLING_INTERVAL, OVH_HTTP_TIMEOUT

pdns

• ✅ Environment variables still supported: PDNS_API_KEY, PDNS_API_URL, PDNS_SERVER_ID
• ✅ Token argument still supported: dns pdns <api_url> <api_key>
• ✨ Server ID can now be specified in shorthand: dns pdns <api_url> <api_key> <server_id>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns pdns {
        api_url   <endpoint>
        api_key    <key>
        server_id <server_id>
      }
    }
  }

• ❗ Environment variables no longer supported: PDNS_TTL, PDNS_PROPAGATION_TIMEOUT, PDNS_POLLING_INTERVAL, PDNS_HTTP_TIMEOUT

rfc2136

• ✅ Environment variables still supported: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET, RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER
• ✅ Shorthand arguments still supported: dns rfc2136 <nameserver> <key_algorithm> <key_name> <key_secret>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns rfc2136 {
        key        <key_name>
        secret     <key_secret>
        algorithm  <key_algorithm>
        nameserver <nameserver>
      }
    }
  }

• ❗ Passing a timeout is no longer supported
• ❗ Environment variables no longer supported: RFC2136_DNS_TIMEOUT, RFC2136_TTL, RFC2136_PROPAGATION_TIMEOUT, RFC2136_POLLING_INTERVAL, RFC2136_SEQUENCE_INTERVAL

route53

• ✅ Environment variables still supported: AWS_ACCESS_KEY_ID, AWS_SECRET_KEY_ID, AWS_REGION, AWS_MAX_RETRIES
• ✅ New environment variable: AWS_PROFILE
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns route53 {
        access_key_id     <access_key_id>
        secret_access_key <secret_access_key>
        region            region>
        max_retries       <max_retries>
        aws_profile       <profile>
      }
    }
  }

• ❗ Environment variables no longer supported: AWS_HOSTED_ZONE_ID, AWS_TTL, AWS_PROPAGATION_TIMEOUT, AWS_POLLING_INTERVAL

transip

• ✅ Environment variables still supported: TRANSIP_ACCOUNT_NAME, TRANSIP_PRIVATE_KEY_PATH
• ✅ New environment variable: TRANSIP_PROFILE
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns transip {
        account_name     <account_name>
        private_key_path <private_key_path>
      }
    }
  }

• ❗ Environment variables no longer supported: TRANSIP_TTL, TRANSIP_PROPAGATION_TIMEOUT, TRANSIP_POLLING_INTERVAL

vultr

• ✅ Environment variables still supported: VULTR_API_KEY
• ✅ API key argument still supported: dns vultr <key>
• ✨ Block syntax now supported for configuration:

  example.com {
    tls {
      dns vultr {
        key <key>
      }
    }
  }

• ❗ Environment variables no longer supported: VULTR_TTL, VULTR_PROPAGATION_TIMEOUT, VULTR_POLLING_INTERVAL, VULTR_HTTP_TIMEOUT