starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 01:45:54 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #791] Add support for DNS-01 challenge via the TransIP REST API #669

New issue
Closed
opened 2026-02-26 06:33:54 +03:00 by kerem · 15 comments
kerem commented 2026-02-26 06:33:54 +03:00
Owner
Copy link

Originally created by @ronaldtveen on GitHub (Dec 25, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/791

I've registered my domain with TransIP, one of the bigger players in the Dutch market when it comes to domain name registration. They have a great API for many of their services, including their DNS.

I have been running a separate docker container with DNSroboCert but would really like to use Nginx Proxy Manager with the DNS-01 challenge so I can keep blocking port 80 on my home router.

The DNS-01 challenge record can be inserted (and removed) via a simple CURL command and a single API key.

The REST API is well documented here:
https://api.transip.nl/rest/docs.html#domains-dns-post

Originally created by @ronaldtveen on GitHub (Dec 25, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/791 I've registered my domain with TransIP, one of the bigger players in the Dutch market when it comes to domain name registration. They have a great API for many of their services, including their DNS. I have been running a separate docker container with [DNSroboCert](https://dnsrobocert.readthedocs.io/en/latest/) but would really like to use Nginx Proxy Manager with the DNS-01 challenge so I can keep blocking port 80 on my home router. The DNS-01 challenge record can be inserted (and removed) via a simple CURL command and a single API key. The REST API is well documented here:\ https://api.transip.nl/rest/docs.html#domains-dns-post
kerem 2026-02-26 06:33:54 +03:00
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@alexswart commented on GitHub (May 1, 2021):

any news about this i like it to

<!-- gh-comment-id:830680361 --> @alexswart commented on GitHub (May 1, 2021): any news about this i like it to
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@chaptergy commented on GitHub (May 9, 2021):

TransIP support was added in https://github.com/jc21/nginx-proxy-manager/pull/942

<!-- gh-comment-id:835869098 --> @chaptergy commented on GitHub (May 9, 2021): TransIP support was added in https://github.com/jc21/nginx-proxy-manager/pull/942
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@poudenes commented on GitHub (Jul 26, 2021):

@ronaldtveen Im trying now to use the DNS challange in NPM but Transip don't know what I mean with this:

certbot_dns_transip:dns_transip_key_file = /etc/letsencrypt/transip-rsa.key

How do I set this?

<!-- gh-comment-id:886596833 --> @poudenes commented on GitHub (Jul 26, 2021): @ronaldtveen Im trying now to use the DNS challange in NPM but Transip don't know what I mean with this: certbot_dns_transip:dns_transip_key_file = /etc/letsencrypt/transip-rsa.key How do I set this?
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@ronaldtveen commented on GitHub (Jul 26, 2021):

@poudenes That file is used to identify you when the machine logs in to TransIP to modify the DNS records.

You will need to create a ssh-key on the machine that runs the NginxProxyManager and place those files (private and public) on that machine (choose a logical path yourself), for me that was /ssl/transip-rsa.key since I run NPM as a Home Assistant add-on.
Then change the path to that file in the config you mentioned.

In your TransIP user profile you can go to the SSH keys page/tab and put the contents of the public key in there.

That should be enough to authenticate NPM with TransIP.
Can’t give too much other support though, I’m also just a regular user of this product.

<!-- gh-comment-id:886697594 --> @ronaldtveen commented on GitHub (Jul 26, 2021): @poudenes That file is used to identify you when the machine logs in to TransIP to modify the DNS records. You will need to create a ssh-key on the machine that runs the NginxProxyManager and place those files (private and public) on that machine (choose a logical path yourself), for me that was `/ssl/transip-rsa.key` since I run NPM as a Home Assistant add-on. Then change the path to that file in the config you mentioned. In your TransIP user profile you can go to the SSH keys page/tab and put the contents of the **public** key in there. That should be enough to authenticate NPM with TransIP. Can’t give too much other support though, I’m also just a regular user of this product.
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@poudenes commented on GitHub (Jul 27, 2021):

@poudenes That file is used to identify you when the machine logs in to TransIP to modify the DNS records.

You will need to create a ssh-key on the machine that runs the NginxProxyManager and place those files (private and public) on that machine (choose a logical path yourself), for me that was /ssl/transip-rsa.key since I run NPM as a Home Assistant add-on.
Then change the path to that file in the config you mentioned.

In your TransIP user profile you can go to the SSH keys page/tab and put the contents of the public key in there.

That should be enough to authenticate NPM with TransIP.
Can’t give too much other support though, I’m also just a regular user of this product.

And do you make the SSL for SSH inside the docker or on the machine where the NPM is running in the docker?
I guess the last one....

<!-- gh-comment-id:887238448 --> @poudenes commented on GitHub (Jul 27, 2021): > @poudenes That file is used to identify you when the machine logs in to TransIP to modify the DNS records. > > You will need to create a ssh-key on the machine that runs the NginxProxyManager and place those files (private and public) on that machine (choose a logical path yourself), for me that was `/ssl/transip-rsa.key` since I run NPM as a Home Assistant add-on. > Then change the path to that file in the config you mentioned. > > In your TransIP user profile you can go to the SSH keys page/tab and put the contents of the **public** key in there. > > That should be enough to authenticate NPM with TransIP. > Can’t give too much other support though, I’m also just a regular user of this product. And do you make the SSL for SSH inside the docker or on the machine where the NPM is running in the docker? I guess the last one....
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@ronaldtveen commented on GitHub (Jul 27, 2021):

Yes, on the machine running NPM and not in the container itself.
The /ssl/letsencrypt dir is where NPM saves its certificates on my machine so I placed the key file one directory up.

<!-- gh-comment-id:887298141 --> @ronaldtveen commented on GitHub (Jul 27, 2021): Yes, on the machine running NPM and not in the container itself. The `/ssl/letsencrypt` dir is where NPM saves its certificates on my machine so I placed the key file one directory up.
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@poudenes commented on GitHub (Jul 27, 2021):

Probably you need a hosting as well. I only have domain names with TransIP. No option for adding the key

<!-- gh-comment-id:887684917 --> @poudenes commented on GitHub (Jul 27, 2021): Probably you need a hosting as well. I only have domain names with TransIP. No option for adding the key
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@ronaldtveen commented on GitHub (Jul 27, 2021):

My bad... I checked, and what I believe you should do is go to your Control Panel in TransIP and then go to API under your username profile.
There you should have the option to create a "key pair" by just inputting a description like NPM or whatever.
That returns a key file in plain text. Now copy that to your clipboard and create a /ssl/transip.key file on the server with the copied text.
Check/change the path you mentioned in the NPM config to this file, and you should be golden.
No need to create a ssh rsa key on the server itself like I said earlier... didn't remember how I did it before, but this should work.
Good luck!

<!-- gh-comment-id:887843232 --> @ronaldtveen commented on GitHub (Jul 27, 2021): My bad... I checked, and what I believe you should do is go to your Control Panel in TransIP and then go to API under your username profile. There you should have the option to create a "key pair" by just inputting a description like NPM or whatever. That returns a key file in plain text. Now copy that to your clipboard and create a `/ssl/transip.key` file on the server with the copied text. Check/change the path you mentioned in the NPM config to this file, and you should be golden. No need to create a ssh rsa key on the server itself like I said earlier... didn't remember how I did it before, but this should work. Good luck!
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@poudenes commented on GitHub (Jul 28, 2021):

For those who have same trouble here step by step what to do:

  1. Login into your TransIP account
  2. Goto "My Account" and click on API (upper right corner)
  3. You see "Key Pairs" enter name in label field (no spaces or add _ for space)
  4. Click green Kay Pair button
  5. Important! Copy the key to a save place, you will see this only ONE time!
  6. Goto your machine where NPM is running (docker or without docker)
  7. i created my key in path "/etc/ssl/private"
  8. nano transip.key and paste the key you copied at point 5
  9. chmod 600 transip.key

From here you can do the same way you always do to create a SSL.
Only now you enable "Use a DNS Challenge" and select TransIP

certbot_dns_transip:dns_transip_username = <YOUR_TRANSIP_USERNAME>
certbot_dns_transip:dns_transip_key_file = /etc/ssl/private/transip.key

If everything went ok the SSL will created... Remeber the subdomain must be point already to your machine!

<!-- gh-comment-id:888043558 --> @poudenes commented on GitHub (Jul 28, 2021): For those who have same trouble here step by step what to do: 1. Login into your TransIP account 2. Goto "My Account" and click on API (upper right corner) 3. You see "Key Pairs" enter name in label field (no spaces or add _ for space) 4. Click green Kay Pair button 5. Important! Copy the key to a save place, you will see this only ONE time! 6. Goto your machine where NPM is running (docker or without docker) 7. i created my key in path "/etc/ssl/private" 8. nano transip.key and paste the key you copied at point 5 9. chmod 600 transip.key From here you can do the same way you always do to create a SSL. Only now you enable "Use a DNS Challenge" and select TransIP ``` certbot_dns_transip:dns_transip_username = <YOUR_TRANSIP_USERNAME> certbot_dns_transip:dns_transip_key_file = /etc/ssl/private/transip.key ``` If everything went ok the SSL will created... Remeber the subdomain must be point already to your machine!
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@Bart-van-Gorp commented on GitHub (Dec 18, 2022):

@poudenes Ik heb mijn web server draaien op ubuntu server. Kun je aangeven wat het exacte commando is om het key path aan te maken? Dit vanaf het begin tot het einde. Ik heb momenteel Godaddy wat niet wordt ondersteund met ssl certificaten en wil overstappen naar TransIP.

<!-- gh-comment-id:1356853897 --> @Bart-van-Gorp commented on GitHub (Dec 18, 2022): @poudenes Ik heb mijn web server draaien op ubuntu server. Kun je aangeven wat het exacte commando is om het key path aan te maken? Dit vanaf het begin tot het einde. Ik heb momenteel Godaddy wat niet wordt ondersteund met ssl certificaten en wil overstappen naar TransIP.
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@poudenes commented on GitHub (Dec 18, 2022):

@poudenes Ik heb mijn web server draaien op ubuntu server. Kun je aangeven wat het exacte commando is om het key path aan te maken? Dit vanaf het begin tot het einde. Ik heb momenteel Godaddy wat niet wordt ondersteund met ssl certificaten en wil overstappen naar TransIP.

Het werkte even. Daarna niet meer. Ik ben geheel overgestapt op clouflare tunnel. Beste keuze ooit. Geen enkele verwijzing is mijn ip nummer zichtbaar

<!-- gh-comment-id:1356876517 --> @poudenes commented on GitHub (Dec 18, 2022): > @poudenes Ik heb mijn web server draaien op ubuntu server. Kun je aangeven wat het exacte commando is om het key path aan te maken? Dit vanaf het begin tot het einde. Ik heb momenteel Godaddy wat niet wordt ondersteund met ssl certificaten en wil overstappen naar TransIP. Het werkte even. Daarna niet meer. Ik ben geheel overgestapt op clouflare tunnel. Beste keuze ooit. Geen enkele verwijzing is mijn ip nummer zichtbaar
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@Bart-van-Gorp commented on GitHub (Dec 18, 2022):

Hoef je voor Cloudflare geen poorten open te zetten? Cloudflare stond ook nog op mijn lijstje om te onderzoeken.

<!-- gh-comment-id:1356877797 --> @Bart-van-Gorp commented on GitHub (Dec 18, 2022): Hoef je voor Cloudflare geen poorten open te zetten? Cloudflare stond ook nog op mijn lijstje om te onderzoeken.
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@poudenes commented on GitHub (Dec 19, 2022):

Hoef je voor Cloudflare geen poorten open te zetten? Cloudflare stond ook nog op mijn lijstje om te onderzoeken.

Cloudflare is gratis te gebruiken. Je maakt een tunnel aan en je hebt wel beperkte poorten. Maar ik kan alles benaderen via https en achter de tunnel verwijzen naar alle poorten die de appricaties gebruiken. Ssh poort is te gebruiken.

Ik ben echt onwijs enthousiast.

<!-- gh-comment-id:1357142960 --> @poudenes commented on GitHub (Dec 19, 2022): > Hoef je voor Cloudflare geen poorten open te zetten? Cloudflare stond ook nog op mijn lijstje om te onderzoeken. Cloudflare is gratis te gebruiken. Je maakt een tunnel aan en je hebt wel beperkte poorten. Maar ik kan alles benaderen via https en achter de tunnel verwijzen naar alle poorten die de appricaties gebruiken. Ssh poort is te gebruiken. Ik ben echt onwijs enthousiast.
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@Bart-van-Gorp commented on GitHub (Dec 19, 2022):

Dat wordt even stoeien met KPN. De Experiabox V12 is aangesloten op mijn
eigen routers. Momenteel draai ik dus een dubbele NAT op een eigen subnet.
Ik wist helaas niet dat hun V12 niet in bridge modus kon staan. Het is mij
gelukt om de router te vervangen door mijn Deco X60, de echter werkt de
Vlan 4 nu niet via de instellingen van mijn router. Hiervoor dient de
router een speciale proxy tunnel te hebben wat niet lekker werkt. Ook kan dit enkel met PPPOE ipv dhcp

Op ma 19 dec. 2022 07:06 schreef poudenes @.***>:

Hoef je voor Cloudflare geen poorten open te zetten? Cloudflare stond ook
nog op mijn lijstje om te onderzoeken.

Cloudflare is gratis te gebruiken. Je maakt een tunnel aan en je hebt wel
beperkte poorten. Maar ik kan alles benaderen via https en achter de tunnel
verwijzen naar alle poorten die de appricaties gebruiken. Ssh poort is te
gebruiken.

Ik ben echt onwijs enthousiast.


Reply to this email directly, view it on GitHub
https://github.com/NginxProxyManager/nginx-proxy-manager/issues/791#issuecomment-1357142960,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ABQSSZDFCUJF6T76U5EKU53WN73MZANCNFSM4VJH5KEQ
.
You are receiving this because you commented.Message ID:
@.***>

<!-- gh-comment-id:1357162085 --> @Bart-van-Gorp commented on GitHub (Dec 19, 2022): Dat wordt even stoeien met KPN. De Experiabox V12 is aangesloten op mijn eigen routers. Momenteel draai ik dus een dubbele NAT op een eigen subnet. Ik wist helaas niet dat hun V12 niet in bridge modus kon staan. Het is mij gelukt om de router te vervangen door mijn Deco X60, de echter werkt de Vlan 4 nu niet via de instellingen van mijn router. Hiervoor dient de router een speciale proxy tunnel te hebben wat niet lekker werkt. Ook kan dit enkel met PPPOE ipv dhcp Op ma 19 dec. 2022 07:06 schreef poudenes ***@***.***>: > Hoef je voor Cloudflare geen poorten open te zetten? Cloudflare stond ook > nog op mijn lijstje om te onderzoeken. > > Cloudflare is gratis te gebruiken. Je maakt een tunnel aan en je hebt wel > beperkte poorten. Maar ik kan alles benaderen via https en achter de tunnel > verwijzen naar alle poorten die de appricaties gebruiken. Ssh poort is te > gebruiken. > > Ik ben echt onwijs enthousiast. > > — > Reply to this email directly, view it on GitHub > <https://github.com/NginxProxyManager/nginx-proxy-manager/issues/791#issuecomment-1357142960>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ABQSSZDFCUJF6T76U5EKU53WN73MZANCNFSM4VJH5KEQ> > . > You are receiving this because you commented.Message ID: > ***@***.***> >
kerem commented 2026-02-26 06:33:55 +03:00
Author
Owner
Copy link

@poudenes commented on GitHub (Dec 19, 2022):

Zover ik weet gaat alles via Cloudflare over https. Dus als 443 open staat ben je klaar. Achter de schermen op je decide waar cloudflare draait wordt alles intern op interne netwerk doorgezet naar je devices met hun specifieke poorten.

Dus cloudflare is interessant als je aantal applicaties die je vanaf buiten wilt bereiken op een web portal.

<!-- gh-comment-id:1357215526 --> @poudenes commented on GitHub (Dec 19, 2022): Zover ik weet gaat alles via Cloudflare over https. Dus als 443 open staat ben je klaar. Achter de schermen op je decide waar cloudflare draait wordt alles intern op interne netwerk doorgezet naar je devices met hun specifieke poorten. Dus cloudflare is interessant als je aantal applicaties die je vanaf buiten wilt bereiken op een web portal.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#669
No description provided.