Skip to content

How To Use the ClouDNS DNS Plugin

This plugin works against the ClouDNS provider. It is assumed that you have already setup an account and registered the domains or zones you will be working against.

Note

This provider does not allow API Access on its free account tier. If you sign up for a premium plan trial and let it expire, the plugin will stop working unless you upgrade your account to premium again. Their premium plans are reasonably priced and if you are a new customer, you can help me maintain this plugin by using this affiliate link when you sign up.

Setup

First, login to your account and go to the API Settings page. Click the Add new user link and set a password and optional IP whitelist. After saving, make note of the auth-id value for this user.

(Optional) Sub Users and Zone Delegation

The standard API users have complete access to your account. But for a bit more security, you can create sub-users that only have access to a subset of zones on your account. Click the Add new sub-user link from the API Settings page. Set a password and set the DNS Zones value to the number of zones you'll be delegating the user to. The rest of the fields are either optional or can be set to 0.

After the user is created, click the text link in the DNS Zones column for the user that should be something like "0 / X" where X is the number of zone you configured for delegation. This will pop up a dialog box and let you add the specific zones you are delegating.

Make a note of the sub-auth-id or sub-auth-user name you set for later.

Using the Plugin

The CDUserType parameter must be set to either auth-id, sub-auth-id, or sub-auth-user depending on the type of credential you are using. The CDUsername parameter should be set to the ID or username of the user. The password is set using CDPassword as a SecureString value.

Warning

The CDPasswordInsecure parameter is deprecated and will be removed in the next major module version. If you are using it, please migrate to the Secure parameter set.

By default the plugin assumes Posh-ACME's default DNS propagation delay mechanics will be used. But ClouDNS also supports a polling API to check whether record changes have propagated to the nameservers. To use this instead of the default mechanics, add a CDPollPropagation = $true parameter to your plugin args. By default, it will timeout after 5 minutes if the polling API never returns a success. You can override the timeout value with CDPollTimeout in seconds. When using CDPollPropagation, you should also set Posh-ACME's DNSSleep parameter to 0 unless you are using additional plugins that don't support their own form of propagation polling.

Standard Propagation Delay

$pArgs = @{
    CDUserType = 'auth-id'
    CDUsername = '12345'
    CDPassword = (Read-Host "Password" -AsSecureString)
}
New-PACertificate example.com -Plugin ClouDNS -PluginArgs $pArgs

ClouDNS Propagation Polling

$pArgs = @{
    CDUserType = 'auth-id'
    CDUsername = '12345'
    CDPassword = (Read-Host "Password" -AsSecureString)
    CDPollPropagation = $true
}
New-PACertificate example.com -Plugin ClouDNS -PluginArgs $pArgs -DnsSleep 0