Managing DNS connectors

Configure a DNS connector

Once installed, DNS connectors must be configured to connect to your DNS provider. Multiple DNS providers can be connected to a single connector.

  • Cloudflare

  • Amazon Route 53

  • Azure DNS

  • GoDaddy DNS

  • Akamai Edge DNS

  • DNSimple

  • OVHcloud

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the Cloudflare provider.

    sectigo-dcs.exe provider add -type cloudflare -name "<yourProviderName>" -token "<yourCloudflareToken>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Cloudflare, the value must be cloudflare.

    name

    The name used to represent the DNS provider in SCM.

    token

    The authentication token specific to your Cloudflare account. This token is required to authorize the DNS connector to interact with Cloudflare’s API on behalf of your account.

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name "<yourProviderName>"

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the Amazon Route 53 provider.

    sectigo-dcs.exe provider add -type route53 -name "<yourProviderName>" -access-key-id "<yourAccessKeyID>" -region "<yourAWSRegion>" -secret-key "<yourSecretKey>" -session-token "<yourSessionToken>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Amazon Route 53, the value must be route53.

    name

    The name used to represent the DNS provider in SCM.

    access-key-id

    The AWS access key ID generated for your AWS account. This key is used to authenticate API requests.

    region

    The AWS region where your Route 53 resources are located.

    Some examples of AWS region IDs include us-east-1, eu-west-1, and so on.

    secret-key

    The AWS secret access key generated for your AWS account. This key, along with the access key ID, is used to sign API requests.

    session-token

    (Optional) The session token for temporary security credentials. This is included if you are using temporary credentials from AWS STS (Security Token Service).

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name "<yourProviderName>"

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the Azure DNS provider.

    sectigo-dcs.exe provider add -type azure -name "<yourProviderName>" -resource-group "<yourResourceGroupName>" -subscription "<yourSubscriptionID>" -tenant-id "<yourTenantID>" -client-id "<yourClientID>" -client-secret "<yourClientSecret>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Azure DNS, the value must be azure.

    name

    The name used to represent the DNS provider in SCM.

    resource-group

    The name of the Azure resource group that contains your DNS zone.

    subscription

    The Azure subscription ID associated with your account. This identifies your subscription within Azure.

    tenant-id

    The Microsoft Entra ID (formerly Azure Active Directory) tenant ID.

    client-id

    The client ID of the Microsoft Entra application. This is used for authentication.

    client-secret

    The client secret associated with the Microsoft Entra application. This is used for authentication.

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name "<yourProviderName>"

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the GoDaddy DNS provider.

    sectigo-dcs.exe provider add -type godaddy -name "<yourProviderName>" -api-key "<yourAPIKey>" -api-secret "<yourAPISecret>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For GoDaddy DNS, the value must be godaddy.

    name

    The name used to represent the DNS provider in SCM.

    api-key

    The API key generated from your GoDaddy account. This key is used to authenticate API requests.

    api-secret

    The API secret associated with your GoDaddy API key. This secret, along with the API key, is used to sign API requests.

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name "<yourProviderName>"

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the Akamai Edge DNS provider.

    sectigo-dcs.exe provider add -type akamai -name "<yourProviderName>" -access-token "<yourAccessToken>" -client-secret "<yourClientSecret>" -client-token "<yourClientToken>" -host "<yourHost>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Akamai Edge DNS, the value must be akamai.

    name

    The name used to represent the DNS provider in SCM.

    access-token

    The access token generated from your Akamai account. This token is used to authenticate API requests.

    client-secret

    The client secret associated with your Akamai API client. This secret, along with the client token, is used to sign API requests.

    client-token

    The client token generated from your Akamai account. This token, along with the client secret, is used to authenticate API requests.

    host

    The host URL for the Akamai API endpoint. This specifies the server to which API requests are sent.

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name "<yourProviderName>"

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the DNSimple DNS provider.

    sectigo-dcs.exe provider add -type dnsimple -name "<yourProviderName>" -access-token "<yourAccessToken>" -account-id "<yourAccountID>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For DNSimple DNS, the value must be dnsimple.

    name

    The name used to represent the DNS provider in SCM.

    access-token

    The access token generated from your DNSimple account. This token is used to authenticate API requests.

    account-id

    The account ID associated with your DNSimple account. This ID is used to specify which account the API requests should be applied to.

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name "<yourProviderName>"

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Add the OVHcloud provider.

    sectigo-dcs.exe provider add -type ovh -name "<yourProviderName>" -endpoint <yourOVHendpoint> -app-key "<yourAPIkey>" -app-secret "<yourAppSecret>" -consumer-key "<yourConsumerKey>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For OVHcloud, the value must be ovh.

    name

    The name used to represent the DNS provider in SCM.

    endpoint

    The OVH region ID indicating where your services are hosted.

    Some examples of OVHcloud region IDs include ovh-eu, ovh-ca, and ovh-us.

    app-key

    The Application Key (AK) provided by OVHcloud when you register your application. This key is used to identify your application in API requests.

    app-secret

    The Application Secret (AS) provided by OVHcloud alongside the Application Key. This secret, along with the application key, is used to sign API requests.

    consumer-key

    The Consumer Key (CK) obtained after authenticating your application with OVHcloud’s API using your Application Key and Application Secret. This key grants your application permission to make API requests on behalf of a user’s account.

  3. Verify the provider is added.

    sectigo-dcs.exe debug provider ping -name "<yourProviderName>"

You can view additional CLI commands with the help command.

sectigo-dcs provider help

Managing DNS providers

Modify a DNS provider

  • Cloudflare

  • Amazon Route 53

  • Azure DNS

  • GoDaddy DNS

  • Akamai Edge DNS

  • DNSimple

  • OVHcloud

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Modify the Cloudflare provider.

    sectigo-dcs.exe provider modify -type cloudflare -name "<yourProviderName>" -token "<yourCloudflareToken>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Cloudflare, the value must be cloudflare.

    name

    The name used to represent the DNS provider in SCM.

    token

    The authentication token specific to your Cloudflare account. This token is required to authorize the DNS connector to interact with Cloudflare’s API on behalf of your account.

  3. Verify the provider’s details.

    sectigo-dcs.exe provider list

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Modify the Amazon Route 53 provider.

    sectigo-dcs.exe provider modify -type route53 -name "<yourProviderName>" -access-key-id "<yourAccessKeyID>" -region "<yourAWSRegion>" -secret-key "<yourSecretKey>" -session-token "<yourSessionToken>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Amazon Route 53, the value must be route53.

    name

    The name used to represent the DNS provider in SCM.

    access-key-id

    The AWS access key ID generated for your AWS account. This key is used to authenticate API requests.

    region

    The AWS region where your Route 53 resources are located.

    Some examples of AWS region IDs include us-east-1, eu-west-1, and so on.

    secret-key

    The AWS secret access key generated for your AWS account. This key, along with the access key ID, is used to sign API requests.

    session-token

    (Optional) The session token for temporary security credentials. This is included if you are using temporary credentials from AWS STS (Security Token Service).

  3. Verify the provider’s details.

    sectigo-dcs.exe provider list

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Modify the Azure DNS provider.

    sectigo-dcs.exe provider modify -type azure -name "<yourProviderName>" -resource-group "<yourResourceGroupName>" -subscription "<yourSubscriptionID>" -tenant-id "<yourTenantID>" -client-id "<yourClientID>" -client-secret "<yourClientSecret>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Azure DNS, the value must be azure.

    name

    The name used to represent the DNS provider in SCM.

    resource-group

    The name of the Azure resource group that contains your DNS zone.

    subscription

    The Azure subscription ID associated with your account. This identifies your subscription within Azure.

    tenant-id

    The Microsoft Entra ID (formerly Azure Active Directory) tenant ID.

    client-id

    The client ID of the Microsoft Entra application. This is used for authentication.

    client-secret

    The client secret associated with the Microsoft Entra application. This is used for authentication.

  3. Verify the provider’s details.

    sectigo-dcs.exe provider list

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Modify the GoDaddy DNS provider.

    sectigo-dcs.exe provider modify -type godaddy -name "<yourProviderName>" -api-key "<yourAPIKey>" -api-secret "<yourAPISecret>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For GoDaddy DNS, the value must be godaddy.

    name

    The name used to represent the DNS provider in SCM.

    api-key

    The API key generated from your GoDaddy account. This key is used to authenticate API requests.

    api-secret

    The API secret associated with your GoDaddy API key. This secret, along with the API key, is used to sign API requests.

  3. Verify the provider’s details.

    sectigo-dcs.exe provider list

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Modify the Akamai Edge DNS provider.

    sectigo-dcs.exe provider modify -type akamai -name "<yourProviderName>" -access-token "<yourAccessToken>" -client-secret "<yourClientSecret>" -client-token "<yourClientToken>" -host "<yourHost>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For Akamai Edge DNS, the value must be akamai.

    name

    The name used to represent the DNS provider in SCM.

    access-token

    The access token generated from your Akamai account. This token is used to authenticate API requests.

    client-secret

    The client secret associated with your Akamai API client. This secret, along with the client token, is used to sign API requests.

    client-token

    The client token generated from your Akamai account. This token, along with the client secret, is used to authenticate API requests.

    host

    The host URL for the Akamai API endpoint. This specifies the server to which API requests are sent.

  3. Verify the provider’s details.

    sectigo-dcs.exe provider list

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Modify the DNSimple DNS provider.

    sectigo-dcs.exe provider modify -type dnsimple -name "<yourProviderName>" -access-token "<yourAccessToken>" -account-id "<yourAccountID>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For DNSimple DNS, the value must be dnsimple.

    name

    The name used to represent the DNS provider in SCM.

    access-token

    The access token generated from your DNSimple account. This token is used to authenticate API requests.

    account-id

    The account ID associated with your DNSimple account. This ID is used to specify which account the API requests should be applied to.

  3. Verify the provider’s details.

    sectigo-dcs.exe provider list

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Modify the OVHcloud provider.

    sectigo-dcs.exe provider modify -type ovh -name "<yourProviderName>" -endpoint <yourOVHendpoint> -app-key "<yourAPIkey>" -app-secret "<yourAppSecret>" -consumer-key "<yourConsumerKey>"

    The command options are outlined in the following table.

    Option Description

    type

    The type of DNS provider that is being added.

    For OVHcloud, the value must be ovh.

    name

    The name used to represent the DNS provider in SCM.

    endpoint

    The OVH region ID indicating where your services are hosted.

    Some examples of OVHcloud region IDs include ovh-eu, ovh-ca, and ovh-us.

    app-key

    The Application Key (AK) provided by OVHcloud when you register your application. This key is used to identify your application in API requests.

    app-secret

    The Application Secret (AS) provided by OVHcloud alongside the Application Key. This secret, along with the application key, is used to sign API requests.

    consumer-key

    The Consumer Key (CK) obtained after authenticating your application with OVHcloud’s API using your Application Key and Application Secret. This key grants your application permission to make API requests on behalf of a user’s account.

  3. Verify the provider’s details.

    sectigo-dcs.exe provider list

Delete a DNS provider

  1. In a command prompt window, navigate to the DNS connector install location.

  2. Delete the DNS provider.

    sectigo-dcs.exe provider delete -name "<yourProviderName>"

  3. Verify that the provider has been deleted.

    sectigo-dcs.exe provider list

Restore a DNS connector

DNS connectors that are offline for over 30 days may lose the ability to connect to SCM. In most cases, this connectivity can be restored by doing the following:

  1. Log in to SCM.

  2. Navigate to Integrations  DNS Connectors.

  3. Select the connector to be restored, and click Restore.

  4. Click OK.

  5. Save the displayed token, and close the Restore Connector dialog.

  6. In a command prompt window, navigate to the DNS connector install location.

  7. Restore the connector.

    register -token <registration_token> -force

Update a DNS connector

  1. Log in to SCM.

  2. From the left-hand menu, select About.

  3. Click the Download DNS Connector icon.

  4. (Optional) If required, move the SectigoDCS.msi file to the DNS connector machine.

  5. Right-click SectigoDCS.msi and click Install.

    The package automatically recognizes that there’s an existing version of the DNS connector and initiates an update instead of a new install.

  6. Read the EULA, select I accept the terms in the License Agreement, and click Next.

  7. (Optional) Specify an installation location.

  8. Click Next, Install, and Close.

Uninstall a DNS connector

  1. In Windows, navigate to Settings  Apps & features.

  2. Search for Sectigo.

  3. Select the Sectigo DNS Connector and click Uninstall.

  4. (Optional) Delete the files and logs associated with the DNS connector.

    1. Navigate to C:\ProgramData\Sectigo Limited.

    2. Delete the SectigoDCS folder.

      This cannot be undone. Only delete this folder if you want to completely remove all files and logs related to the DNS Connector.

  5. In SCM, navigate to Integrations  DNS Connectors.

  6. Select the connector you want to delete.

  7. Click the Delete icon.

  8. Click Delete.

DNS connector service commands

Command Description

Start

Start a DNS connector:

sc start SectigoDCS

Stop

Stop a DNS connector:

sc stop SectigoDCS

Query

Query the status of a DNS connector:

sc query SectigoDCS