Skip to content

feat: Add DNS challenge provider support for Aliyun ESA.#5639

Open
lampofaladdin wants to merge 1 commit into
NginxProxyManager:developfrom
lampofaladdin:develop
Open

feat: Add DNS challenge provider support for Aliyun ESA.#5639
lampofaladdin wants to merge 1 commit into
NginxProxyManager:developfrom
lampofaladdin:develop

Conversation

@lampofaladdin

@lampofaladdin lampofaladdin commented Jun 6, 2026

Copy link
Copy Markdown

Why

Add DNS challenge provider support for Aliyun ESA.

Aliyun ESA uses a different Certbot DNS plugin from the existing Aliyun DNS provider. This PR adds a new provider entry for:

Credentials template:

dns_aliyun_esa_access_key_id = 12345678
dns_aliyun_esa_access_key_secret = 1234567890abcdef1234567890abcdef

This is a non-breaking addition and does not change the existing Aliyun provider.

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Code refactoring
  • API changes
  • Performance improvement
  • Test addition or update

AI Usage

  • AI was used to write this
  • AI was used to review this

Snapshot

  • Certbot Successfully received certificate.
37c07441bf837e51ecc328b3dc0f6ec8
  • NPM select UI
84b3e88691bb008dec573b29aaf24af9
  • Aliyun ESA
a3835bd3-d0c6-4eb5-b7ba-4984f54a365a
  • NPM Success
fcec355aea3cd299edf5de06680e1f40

@nginxproxymanagerci

nginxproxymanagerci Bot commented Jun 6, 2026

Copy link
Copy Markdown

Docker Image for build 1 is available on DockerHub:

nginxproxymanager/nginx-proxy-manager-dev:pr-5639

Note

Ensure you backup your NPM instance before testing this image! Especially if there are database changes.
This is a different docker image namespace than the official image.

Warning

Changes and additions to DNS Providers require verification by at least 2 members of the community!

toviszsolt
toviszsolt reviewed Jun 26, 2026
View reviewed changes

@toviszsolt toviszsolt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion, the PR could potentially pose a supply chain risk for the following reasons:

  • The PR and the plugin author are the same person
  • The plugin is very new — 3 weeks old, with 4 commits
  • I think it's very strange that Alibaba Cloud doesn't have an official plugin.

Note: Aliyun ESA (Edge Security Acceleration) is a globally distributed edge network platform by Alibaba Cloud that integrates CDN, edge computing, and security services.

@lampofaladdin

lampofaladdin commented Jun 26, 2026

Copy link
Copy Markdown
Author

Thanks for taking a look. I understand the concern.

The reason I created this package is that Alibaba Cloud has an official ESA SDK, but as far as I know they don’t provide an official Certbot DNS plugin for ESA.

At first I wanted to use an existing repo, https://github.com/kyangconn/certbot-dns-aliyun-esa,but it wasn’t published on PyPI. Since NPM installs Certbot plugins from Python packages, I rewrote a small version myself and published it.

The plugin is pretty simple: it uses the official Alibaba Cloud ESA SDK to add and remove the TXT record needed for DNS-01 validation.

I’m totally open to making changes if there are specific security requirements you’d like the package to meet, such as adding CI, documenting the required RAM permissions, using PyPI Trusted Publishing, or anything else you think is necessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
@toviszsolt toviszsolt toviszsolt left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lampofaladdin @toviszsolt