Skip to content

Update All-Inkl (kas) DNS plugin to certbot-dns-kas ~=1.0#5637

Open
mobilandi wants to merge 4 commits into
NginxProxyManager:developfrom
mobilandi:develop
Open

Update All-Inkl (kas) DNS plugin to certbot-dns-kas ~=1.0#5637
mobilandi wants to merge 4 commits into
NginxProxyManager:developfrom
mobilandi:develop

Conversation

@mobilandi
Copy link
Copy Markdown
Contributor

@mobilandi mobilandi commented Jun 6, 2026

What

Bumps the bundled All-Inkl (kas) DNS plugin from certbot-dns-kas ~=0.1.1
to ~=1.0 and drops the now-unnecessary kasserver dependency.

Why

certbot-dns-kas 1.0.0 is a ground-up rewrite that talks to the All-Inkl KAS
API directly (only requests; no more kasserver/zeep/lxml). The pinned
~=0.1.1 is what NPM users currently get, and it has several bugs that 1.0.0
fixes:

  • Wildcard + apex certificates (example.com + *.example.com) now work —
    0.1.x overwrote the shared _acme-challenge TXT record, so validation failed.
  • Multi-label public suffixes (.or.at, .co.uk, .com.au, …) now resolve
    the correct zone — 0.1.x assumed the last two labels and failed with
    zone_not_found.
  • Cleanup removes exactly the challenge record it created (no orphaned
    _acme-challenge TXT records left behind).

Because the rewrite no longer uses kasserver, the dependencies field is
cleared (this also drops the heavy zeep/lxml chain).

Closes #1106, closes #2178

This also addresses the root cause behind #5349 (already closed): the bundled
0.1.x plugin failed on wildcard+apex certificates and on multi-label TLDs such
as .or.at. certbot-dns-kas 1.0.0 fixes both.

Notes

  • Requires certbot >= 2.0 and Python >= 3.9, both satisfied by current NPM
    images.
  • Verified end-to-end in NPM against the live KAS API: wildcard+apex issuance
    and clean teardown.

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Code refactoring
  • API changes
  • Performance improvement
  • Test addition or update

AI Usage

  • AI was used to write this
  • AI was used to review this

@nginxproxymanagerci
Copy link
Copy Markdown

nginxproxymanagerci Bot commented Jun 6, 2026

Docker Image for build 3 is available on DockerHub:

nginxproxymanager/nginx-proxy-manager-dev:pr-5637

Note

Ensure you backup your NPM instance before testing this image! Especially if there are database changes.
This is a different docker image namespace than the official image.

Warning

Changes and additions to DNS Providers require verification by at least 2 members of the community!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ALL-Inkl DNS Challange Add All-inkl / kasserver as DNS-01 Provider

1 participant

@mobilandi