From 588a9ad34cdf1b92923396e3a5b03312c5c0362b Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Wed, 26 Nov 2025 13:15:02 +0000
Subject: [PATCH] Create/delete DNS entries for ACME DNS as well

---
 test/Dockerfile-ubuntu-acmedns |  4 ---
 test/README-Testing.md         |  5 ++++
 test/run-test.sh               | 48 +++++++++++++++++++++++++++++-----
 3 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/test/Dockerfile-ubuntu-acmedns b/test/Dockerfile-ubuntu-acmedns
index 55241a8..d8adbb4 100644
--- a/test/Dockerfile-ubuntu-acmedns
+++ b/test/Dockerfile-ubuntu-acmedns
@@ -7,10 +7,6 @@ ENV DEBIAN_FRONTEND=noninteractive
 
 # Ensure tests in this image use the staging server
 ENV staging="true"
-# 2016ENV dynamic_dns "acme-dns"
-ENV ACMEDNS_API_USER=49ac5f6d-74cd-4aca-acfe-f9457af7894c
-ENV ACMEDNS_API_KEY=2NPGF8cH7PeTrHZWXImi1prhTsQGz2pdCC7Za5zE
-ENV ACMEDNS_SUBDOMAIN=7268181b-7075-4dce-be51-9c20c205cf6e
 
 # Update and install required software
 RUN apt-get update --fix-missing
diff --git a/test/README-Testing.md b/test/README-Testing.md
index f321b39..0599025 100644
--- a/test/README-Testing.md
+++ b/test/README-Testing.md
@@ -24,6 +24,11 @@ For dynu.com:
 - Add DYNU_API_KEY to your repository's environment secrets.  The value is your account's API Key.
 - Add domains \<reponame>-centos7-getssl.freedns.org, wild-\<reponame>-centos7.freedns.org, \<reponame>-ubuntu-getssl.freedns.org, and wild-\<reponame>-ubuntu-getssl.freedns.org
 
+For ACME DNS (also needs Dynu)
+
+- Register to get a user, key and subdomain from acme-dns.io (see https://github.com/joohoi/acme-dns?tab=readme-ov-file)
+- Create a CNAME _acme-challenge.ubuntu-acmedns-getssl.freeddns.org. to ${ACMEDNS_SUBDOMAIN}.auth.acme-dns.io (this is done automatically in run-test.sh)
+
 To run dynamic DNS tests outside the CI environment, you need accounts without \<reponame> in the domain names.  Export the environment variable corresponding to the secrets (with the same values).
 
 For individual accounts, \<reponame> is your github account name.
diff --git a/test/run-test.sh b/test/run-test.sh
index ded33aa..dcf9a3a 100755
--- a/test/run-test.sh
+++ b/test/run-test.sh
@@ -24,7 +24,7 @@ function get-dynu-domain-id() {
   curl -s -X GET "https://api.dynu.com/v2/dns" \
   -H "accept: application/json" \
   -H "API-Key: $DYNU_API_KEY" | \
-  jq -r ".domains[] | select(.name | contains(\"${domain}\")) | .id"
+  jq -r ".domains[] | select(.name == \"${domain}\") | .id"
 }
 
 function remove-dynu-domain() {
@@ -42,15 +42,42 @@ function remove-dynu-domain() {
   fi
 }
 
+function add-dynu-cname() {
+  subdomain=$1
+  domain=$2
+  target=$3
+  echo "Creating CNAME record: ${subdomain}.${domain} -> ${target}"
+  domain_id=$(get-dynu-domain-id "$domain")
+  if [ -n "$domain_id" ] && [ "$domain_id" != "null" ]; then
+   curl -X POST "https://api.dynu.com/v2/dns/${domain_id}/record" \
+    -H "accept: application/json" \
+    -H "API-Key: $DYNU_API_KEY" \
+    -H "Content-Type: application/json" \
+    -d '{
+      "nodeName": "'"${subdomain}"'",
+      "recordType": "CNAME",
+      "state": true,
+      "host": "'"${target}"'"
+    }'
+    echo "CNAME record created successfully"
+  else
+    echo "Error: Domain $domain not found"
+    return 1
+  fi
+}
+
 # Cleanup function to remove dynu domains on exit
 cleanup() {
-  if [[ "$OS" == *"dynu"* ]] && [ -n "$DYNU_API_KEY" ]; then
-    echo "Cleaning up dynu domains..."
-    remove-dynu-domain "wild-$ALIAS"
+  if [[ ("$OS" == *"dynu"* || "$OS" == *"acmedns"*)]] && [ -n "$DYNU_API_KEY" ]; then
+    echo "Cleaning up domains..."
     remove-dynu-domain "$ALIAS"
+    remove-dynu-domain "wild-$ALIAS"
   fi
 }
 
+# Set up trap to run cleanup on exit
+trap cleanup EXIT
+
 if [ $# -eq 0 ]; then
   echo "Usage: $(basename "$0") <os> [<command>]"
   echo "e.g. $(basename "$0") alpine bats /getssl/test"
@@ -116,6 +143,14 @@ elif [[ "$OS" == *"acmedns"* ]]; then
   ALIAS="${REPO}${OS}-getssl.freeddns.org"
   STAGING="--env STAGING=true --env dynamic_dns=acmedns"
   GETSSL_OS="${OS%-acmedns}"
+  if [ -n "$DYNU_API_KEY" ]; then
+    echo "Creating Dynu domains for $OS..."
+    add-dynu-domain "$ALIAS"
+    add-dynu-domain "wild-$ALIAS"
+    add-dynu-cname "_acme-challenge" "$ALIAS" "${ACMEDNS_SUBDOMAIN}.auth.acme-dns.io"
+  else
+    echo "Warning: DYNU_API_KEY not set, skipping domain creation"
+  fi
 elif [[ "$OS" == "bash"* ]]; then
   GETSSL_OS="alpine"
 fi
@@ -135,6 +170,9 @@ docker run $INT\
   --env GITHUB_REPOSITORY="${GITHUB_REPOSITORY}" \
   --env DUCKDNS_TOKEN="${DUCKDNS_TOKEN}" \
   --env DYNU_API_KEY="${DYNU_API_KEY}" \
+  --env ACMEDNS_API_KEY="${ACMEDNS_API_KEY}" \
+  --env ACMEDNS_API_USER="${ACMEDNS_API_USER}" \
+  --env ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN}" \
   -v "$(pwd)":/getssl \
   --rm \
   --network ${PWD##*/}_acmenet \
@@ -156,5 +194,3 @@ docker run $INT\
   "getssl-$OS" \
   $COMMAND
 
-# Run cleanup function to delete Dynu domains (otherwise get misused)
-cleanup