From 7186ebb6f194c55781432162a47ff62a0bb21023 Mon Sep 17 00:00:00 2001
From: Alexis Savin <alexissavin@users.noreply.github.com>
Date: Sun, 12 Nov 2023 21:29:57 +0100
Subject: [PATCH] efficientip: add insecure skip verify option (#2052)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
---
 cmd/zz_gen_cmd_dnshelp.go                  |  1 +
 docs/content/dns/zz_gen_efficientip.md     |  1 +
 providers/dns/efficientip/efficientip.go   | 10 ++++++++++
 providers/dns/efficientip/efficientip.toml |  1 +
 4 files changed, 13 insertions(+)

diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go
index 7835c783..dc57da40 100644
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@@ -964,6 +964,7 @@ func displayDNSHelp(w io.Writer, name string) error {
 
 		ew.writeln(`Additional Configuration:`)
 		ew.writeln(`	- "EFFICIENTIP_HTTP_TIMEOUT":	API request timeout`)
+		ew.writeln(`	- "EFFICIENTIP_INSECURE_SKIP_VERIFY":	Whether or not to verify EfficientIP API certificate`)
 		ew.writeln(`	- "EFFICIENTIP_POLLING_INTERVAL":	Time between DNS propagation check`)
 		ew.writeln(`	- "EFFICIENTIP_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation`)
 		ew.writeln(`	- "EFFICIENTIP_TTL":	The TTL of the TXT record used for the DNS challenge`)
diff --git a/docs/content/dns/zz_gen_efficientip.md b/docs/content/dns/zz_gen_efficientip.md
index 129499b5..34f55f1d 100644
--- a/docs/content/dns/zz_gen_efficientip.md
+++ b/docs/content/dns/zz_gen_efficientip.md
@@ -54,6 +54,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 | Environment Variable Name | Description |
 |--------------------------------|-------------|
 | `EFFICIENTIP_HTTP_TIMEOUT` | API request timeout |
+| `EFFICIENTIP_INSECURE_SKIP_VERIFY` | Whether or not to verify EfficientIP API certificate |
 | `EFFICIENTIP_POLLING_INTERVAL` | Time between DNS propagation check |
 | `EFFICIENTIP_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
 | `EFFICIENTIP_TTL` | The TTL of the TXT record used for the DNS challenge |
diff --git a/providers/dns/efficientip/efficientip.go b/providers/dns/efficientip/efficientip.go
index cf532e7c..6d639bce 100644
--- a/providers/dns/efficientip/efficientip.go
+++ b/providers/dns/efficientip/efficientip.go
@@ -3,6 +3,7 @@ package efficientip
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"net/http"
@@ -26,6 +27,7 @@ const (
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
 	EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
 	EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
+	EnvInsecureSkipVerify = envNamespace + "INSECURE_SKIP_VERIFY"
 )
 
 // Config is used to configure the creation of the DNSProvider.
@@ -35,6 +37,7 @@ type Config struct {
 	Hostname           string
 	DNSName            string
 	ViewName           string
+	InsecureSkipVerify bool
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
 	HTTPClient         *http.Client
@@ -71,6 +74,7 @@ func NewDNSProvider() (*DNSProvider, error) {
 	config.Hostname = values[EnvHostname]
 	config.DNSName = values[EnvDNSName]
 	config.ViewName = env.GetOrDefaultString(EnvViewName, "")
+	config.InsecureSkipVerify = env.GetOrDefaultBool(EnvInsecureSkipVerify, false)
 
 	return NewDNSProviderConfig(config)
 }
@@ -100,6 +104,12 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		client.HTTPClient = config.HTTPClient
 	}
 
+	if config.InsecureSkipVerify {
+		client.HTTPClient.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+	}
+
 	return &DNSProvider{config: config, client: client}, nil
 }
 
diff --git a/providers/dns/efficientip/efficientip.toml b/providers/dns/efficientip/efficientip.toml
index 278701e0..cd202280 100644
--- a/providers/dns/efficientip/efficientip.toml
+++ b/providers/dns/efficientip/efficientip.toml
@@ -19,6 +19,7 @@ lego --email you@example.com --dns efficientip --domains my.example.org run
     EFFICIENTIP_HOSTNAME = "Hostname (ex: foo.example.com)"
     EFFICIENTIP_DNS_NAME = "DNS name (ex: dns.smart)"
   [Configuration.Additional]
+    EFFICIENTIP_INSECURE_SKIP_VERIFY = "Whether or not to verify EfficientIP API certificate"
     EFFICIENTIP_VIEW_NAME = "View name (ex: external)"
     EFFICIENTIP_POLLING_INTERVAL = "Time between DNS propagation check"
     EFFICIENTIP_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"