Merge branches 'localdns' and 'localdns' of https://github.com/Keyfactor/acme-provider-caplugin into localdns

Author: bhillkeyfactor

README.md

@@ -167,7 +167,6 @@ Each provider supports multiple credential strategies:
 The RFC 2136 provider enables ACME DNS-01 challenges with on-premise DNS servers that support dynamic updates, including:
 
 - **BIND** (Berkeley Internet Name Domain)
-- **Microsoft DNS** (Windows Server DNS)
 - **PowerDNS** (with dynamic update support)
 - Any DNS server supporting RFC 2136 with TSIG authentication
 
@@ -181,6 +180,7 @@ The RFC 2136 provider enables ACME DNS-01 challenges with on-premise DNS servers
 | `Rfc2136_TsigKey` | Base64-encoded TSIG secret key | ✅ Yes |
 | `Rfc2136_TsigAlgorithm` | TSIG algorithm (default: `hmac-sha256`) | Optional |
 | `Rfc2136_Port` | DNS server port (default: `53`) | Optional |
+| `DnsVerificationServer` | DNS server IP for verification (for private zones) | Optional |
 
 #### Generating TSIG Keys
 
@@ -307,10 +307,8 @@ The RFC 2136 provider enables ACME DNS-01 challenges with on-premise DNS servers
         * **Email** - Email for ACME account registration. 
         * **EabKid** - External Account Binding Key ID (optional) 
         * **EabHmacKey** - External Account Binding HMAC key (optional) 
-        * **SignerEncryptionPhrase** - Used to encrypt singer information when account is saved to disk (optional)
-        * **DnsProvider** - DNS Provider to use for ACME DNS-01 challenges (options: Google, Cloudflare, AwsRoute53, Azure, Ns1, Rfc2136, Infoblox)
         * **SignerEncryptionPhrase** - Used to encrypt singer information when account is saved to disk (optional) 
-        * **DnsProvider** - DNS Provider to use for ACME DNS-01 challenges (options: Google, Cloudflare, AwsRoute53, Azure, Ns1, Rfc2136) 
+        * **DnsProvider** - DNS Provider to use for ACME DNS-01 challenges (options: Google, Cloudflare, AwsRoute53, Azure, Ns1, Rfc2136, Infoblox) 
         * **Google_ServiceAccountKeyPath** - Google Cloud DNS: Path to service account JSON key file only if using Google DNS (Optional) 
         * **Google_ProjectId** - Google Cloud DNS: Project ID only if using Google DNS (Optional) 
         * **Cloudflare_ApiToken** - Cloudflare DNS: API Token only if using Cloudflare DNS (Optional) 
@@ -320,17 +318,17 @@ The RFC 2136 provider enables ACME DNS-01 challenges with on-premise DNS servers
         * **Azure_TenantId** - Azure DNS: TenantId only if using Azure DNS and Not Managed Itentity in Azure (Optional) 
         * **AwsRoute53_AccessKey** - Aws DNS: Access Key only if not using AWS DNS and default AWS Chain Creds on AWS (Optional) 
         * **AwsRoute53_SecretKey** - Aws DNS: Secret Key only if using AWS DNS and not using default AWS Chain Creds on AWS (Optional) 
-        * **Ns1_ApiKey** - Ns1 DNS: Api Key only if Using Ns1 DNS (Optional)
-        * **Rfc2136_Server** - RFC 2136 DNS: Server hostname or IP address (Optional)
-        * **Rfc2136_Port** - RFC 2136 DNS: Server port (default 53) (Optional)
-        * **Rfc2136_Zone** - RFC 2136 DNS: Zone name (e.g., example.com) (Optional)
-        * **Rfc2136_TsigKeyName** - RFC 2136 DNS: TSIG key name for authentication (Optional)
-        * **Rfc2136_TsigKey** - RFC 2136 DNS: TSIG key (base64 encoded) for authentication (Optional)
-        * **Rfc2136_TsigAlgorithm** - RFC 2136 DNS: TSIG algorithm (default hmac-sha256) (Optional)
-        * **Infoblox_Host** - Infoblox DNS: API URL (e.g., https://infoblox.example.com/wapi/v2.12) only if using Infoblox DNS (Optional)
-        * **Infoblox_Username** - Infoblox DNS: Username for authentication only if using Infoblox DNS (Optional)
-        * **Infoblox_Password** - Infoblox DNS: Password for authentication only if using Infoblox DNS (Optional)
-        * **DnsVerificationServer** - DNS server to use for verifying TXT record propagation. For private/local DNS zones, set this to your authoritative DNS server IP (e.g., 10.3.10.37). Leave empty to use public DNS servers (Google, Cloudflare, etc.).
+        * **Ns1_ApiKey** - Ns1 DNS: Api Key only if Using Ns1 DNS (Optional) 
+        * **Rfc2136_Server** - RFC 2136 DNS: Server hostname or IP address (Optional) 
+        * **Rfc2136_Port** - RFC 2136 DNS: Server port (default 53) (Optional) 
+        * **Rfc2136_Zone** - RFC 2136 DNS: Zone name (e.g., example.com) (Optional) 
+        * **Rfc2136_TsigKeyName** - RFC 2136 DNS: TSIG key name for authentication (Optional) 
+        * **Rfc2136_TsigKey** - RFC 2136 DNS: TSIG key (base64 encoded) for authentication (Optional) 
+        * **Rfc2136_TsigAlgorithm** - RFC 2136 DNS: TSIG algorithm (default hmac-sha256) (Optional) 
+        * **DnsVerificationServer** - DNS server to use for verifying TXT record propagation. For private/local DNS zones, set this to your authoritative DNS server IP (e.g., 10.3.10.37). Leave empty to use public DNS servers (Google, Cloudflare, etc.). 
+        * **Infoblox_Host** - Infoblox DNS: API URL (e.g., https://infoblox.example.com/wapi/v2.12) only if using Infoblox DNS (Optional) 
+        * **Infoblox_Username** - Infoblox DNS: Username for authentication only if using Infoblox DNS (Optional) 
+        * **Infoblox_Password** - Infoblox DNS: Password for authentication only if using Infoblox DNS (Optional) 
 
 2. Define [Certificate Profiles](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCP-Gateway.htm) and [Certificate Templates](https://software.keyfactor.com/Guides/AnyCAGatewayREST/Content/AnyCAGatewayREST/AddCA-Gateway.htm) for the Certificate Authority as required. One Certificate Profile must be defined per Certificate Template. It's recommended that each Certificate Profile be named after the Product ID. The Acme plugin supports the following product IDs:
 

integration-manifest.json

@@ -101,6 +101,10 @@
                     "name": "Rfc2136_TsigAlgorithm",
                     "description": "RFC 2136 DNS: TSIG algorithm (default hmac-sha256) (Optional)"
                 },
+                {
+                    "name": "DnsVerificationServer",
+                    "description": "DNS server to use for verifying TXT record propagation. For private/local DNS zones, set this to your authoritative DNS server IP (e.g., 10.3.10.37). Leave empty to use public DNS servers (Google, Cloudflare, etc.)."
+                },
                 {
                     "name": "Infoblox_Host",
                     "description": "Infoblox DNS: API URL (e.g., https://infoblox.example.com/wapi/v2.12) only if using Infoblox DNS (Optional)"
@@ -112,10 +116,6 @@
                 {
                     "name": "Infoblox_Password",
                     "description": "Infoblox DNS: Password for authentication only if using Infoblox DNS (Optional)"
-                },
-                {
-                    "name": "DnsVerificationServer",
-                    "description": "DNS server to use for verifying TXT record propagation. For private/local DNS zones, set this to your authoritative DNS server IP (e.g., 10.3.10.37). Leave empty to use public DNS servers (Google, Cloudflare, etc.)."
                 }
             ],
             "enrollment_config": [],