20s was too tight: yeil serves DNS from edge replicas fed by a
replication log, so a freshly-written _acme-challenge TXT takes a bit to
appear on every authoritative nameserver. Let's Encrypt's secondary
(multi-perspective) validation hit a not-yet-converged replica and saw a
stale value -> 'incorrect TXT record found'. 60s lets all replicas catch
up (matches what already works in practice for wildcard certs).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The email+app_password -> /api/v1/auth/login bearer mint was retired
with personal app passwords (dns commit 834c90e). Switch to sending a
yeil App key (yk_<keyId>_<secret>) directly as the Bearer token, which
the DNS API's principal auth accepts. Single credential 'dns_yeil_api_key';
removed the login round-trip. BREAKING: existing credential files must
replace email/app_password with an api_key (an App with DNS record-write
permission, minted in team Apps). README + version bumped.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replaced with appropriate punctuation (colons, commas, semicolons,
periods) per grammatical context.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces direct dns-server RPC calls (admin shared key, NetBird-only
reachability) with calls to the public /api/v1 surface. The plugin
now logs in with an email + app password, caches the returned Bearer
for the run, then findZone/addRecord/deleteRecord through HTTPS.
Any yeil user with an owned DNS zone can use it from anywhere with
internet access — no more shared key, no NetBird requirement.
INI shape:
dns_yeil_email = you@yourdomain.com
dns_yeil_app_password = abcd-efgh-ijkl-mnop
# dns_yeil_base_url = https://dns.yeil.app (optional override)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DNS-01 authenticator that walks up the labels of the validation name,
calls findzone on the dns-server RPC to locate the registered parent
zone, then addrecord/deleterecord around the TXT challenge.
Auth is HTTP Basic with the shared rpc key (matches the protocol the
yeil DNS web app uses in dns/src/lib/rpc.ts).
