refactor: restructure namecheap support to use unified DNS provider architecture

- Create NamecheapDNSProvider class implementing DNSProvider interface
- Add Namecheap to DNSProviderFactory registration
- Update DNS_PROVIDERS.md with Namecheap configuration documentation
- Remove old namecheap_dns.py standalone script
- Update entrypoint.sh to use unified certman.py and dns_manager.py
- Update renew-certificate.sh to use unified certbot manager
- Fetch missing certman.py and dns_manager.py from main branch

This change integrates Namecheap support into the new unified architecture
instead of using standalone scripts, making it consistent with other DNS
providers and enabling automatic plugin installation and credential management.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: Leechael

custom-domain/NAMECHEAP_USAGE.md

@@ -0,0 +1,207 @@
+# Namecheap DNS 支持使用指南
+
+这个 nginx 镜像现在支持 Cloudflare 和 Namecheap 两个 DNS 提供商，可以自动申请和更新 SSL 证书。
+
+## 前提条件
+
+### Namecheap API 启用
+
+1. 登录 Namecheap 账户
+2. 进入 **Profile > Tools > Namecheap API Access**
+3. 启用 API 访问并获取 API 密钥
+4. 添加你的客户端 IP 到白名单
+
+### 所需凭据
+
+- `NAMECHEAP_USERNAME`：Namecheap 用户名
+- `NAMECHEAP_API_KEY`：API 密钥
+- `NAMECHEAP_CLIENT_IP`：客户端 IP 地址
+
+## 使用方法
+
+### 1. Docker Compose 配置
+
+```yaml
+services:
+  dstack-ingress:
+    image: kvin/dstack-ingress@sha256:b61d50360c7a4e5ab7d22f5ce87677714f3f64a65db34ee5eebcc54683950c89
+    ports:
+      - "443:443"
+    environment:
+      # 设置 DNS 提供商为 namecheap
+      - DNS_PROVIDER=namecheap
+      
+      # Namecheap 凭据
+      - NAMECHEAP_USERNAME=${NAMECHEAP_USERNAME}
+      - NAMECHEAP_API_KEY=${NAMECHEAP_API_KEY}
+      - NAMECHEAP_CLIENT_IP=${NAMECHEAP_CLIENT_IP}
+      
+      # 通用设置
+      - DOMAIN=${DOMAIN}
+      - GATEWAY_DOMAIN=${GATEWAY_DOMAIN}
+      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
+      - SET_CAA=true
+      - TARGET_ENDPOINT=http://app:80
+    volumes:
+      - /var/run/tappd.sock:/var/run/tappd.sock
+      - cert-data:/etc/letsencrypt
+    restart: unless-stopped
+
+  app:
+    image: nginx
+    restart: unless-stopped
+
+volumes:
+  cert-data:
+```
+
+### 2. 环境变量配置
+
+创建 `.env` 文件：
+
+```bash
+# DNS 提供商选择（cloudflare 或 namecheap）
+DNS_PROVIDER=namecheap
+
+# Namecheap 配置
+NAMECHEAP_USERNAME=your-username
+NAMECHEAP_API_KEY=your-api-key
+NAMECHEAP_CLIENT_IP=your-client-ip
+
+# 域名配置
+DOMAIN=your-domain.com
+GATEWAY_DOMAIN=your-gateway.com
+[email protected]
+```
+
+### 3. 启动容器
+
+```bash
+docker-compose up -d
+```
+
+## 单独测试 Namecheap DNS 脚本
+
+### 设置环境变量
+
+```bash
+export NAMECHEAP_USERNAME="your-username"
+export NAMECHEAP_API_KEY="your-api-key"
+export NAMECHEAP_CLIENT_IP="your-client-ip"
+```
+
+### 测试命令
+
+```bash
+# 获取域名信息
+./scripts/namecheap_dns.py get_zone_id --domain example.com
+
+# 设置 CNAME 记录
+./scripts/namecheap_dns.py set_cname \
+    --domain test.example.com \
+    --content target.example.com
+
+# 设置 TXT 记录
+./scripts/namecheap_dns.py set_txt \
+    --domain _tapp-address.example.com \
+    --content "app-id:443"
+
+# 设置 CAA 记录（注意：Namecheap API 不支持，需手动添加）
+./scripts/namecheap_dns.py set_caa \
+    --domain example.com \
+    --caa-tag issue \
+    --caa-value "letsencrypt.org"
+```
+
+### 使用沙箱环境测试
+
+```bash
+./scripts/namecheap_dns.py get_zone_id \
+    --domain example.com \
+    --sandbox
+```
+
+## 验证测试结果
+
+### 1. 检查容器日志
+
+```bash
+docker logs <container_name>
+```
+
+### 2. 验证 DNS 记录
+
+```bash
+# 检查 CNAME 记录
+nslookup your-domain.com
+
+# 检查 TXT 记录
+nslookup -type=TXT _tapp-address.your-domain.com
+
+# 使用 dig 命令查看详细信息
+dig your-domain.com CNAME
+dig _tapp-address.your-domain.com TXT
+```
+
+### 3. 测试 HTTPS 访问
+
+```bash
+# 测试 SSL 证书
+curl -I https://your-domain.com
+
+# 查看证书详情
+openssl s_client -connect your-domain.com:443 -servername your-domain.com
+```
+
+### 4. 检查证书文件
+
+```bash
+# 进入容器查看证书
+docker exec -it <container_name> bash
+ls -la /etc/letsencrypt/live/$DOMAIN/
+```
+
+## 切换回 Cloudflare
+
+如果需要切换回 Cloudflare，只需修改环境变量：
+
+```bash
+# 设置 DNS 提供商为 cloudflare（或删除此变量使用默认值）
+DNS_PROVIDER=cloudflare
+
+# Cloudflare 配置
+CLOUDFLARE_API_TOKEN=your-cloudflare-token
+CLOUDFLARE_ZONE_ID=your-zone-id  # 可选，会自动获取
+```
+
+## 注意事项
+
+### Namecheap 限制
+
+1. **CAA 记录**：Namecheap API 目前不支持 CAA 记录，需要手动在控制面板添加
+2. **域名要求**：域名必须在 Namecheap 注册且使用 Namecheap DNS
+3. **IP 白名单**：客户端 IP 必须在 API 设置中白名单
+4. **API 限制**：有速率限制，避免频繁调用
+
+### 故障排除
+
+1. **API 错误**：检查用户名、API 密钥和 IP 白名单设置
+2. **域名不存在**：确认域名在 Namecheap 注册且使用其 DNS 服务
+3. **证书申请失败**：检查域名解析和 Let's Encrypt 限制
+4. **权限错误**：确保脚本有执行权限
+
+### 安全建议
+
+1. 使用环境变量而不是硬编码凭据
+2. 限制 API 密钥的访问权限
+3. 定期轮换 API 密钥
+4. 监控 DNS 变更日志
+
+## 支持的功能
+
+- ✅ 自动 SSL 证书申请和续期
+- ✅ CNAME 记录管理
+- ✅ TXT 记录管理
+- ⚠️ CAA 记录（需手动设置）
+- ✅ 多域名支持
+- ✅ 通配符证书支持

custom-domain/custom-domain/dstack-ingress/DNS_PROVIDERS.md

@@ -0,0 +1,140 @@
+# DNS Provider Configuration Guide
+
+This guide explains how to configure dstack-ingress to work with different DNS providers for managing custom domains and SSL certificates.
+
+## Supported DNS Providers
+
+- **Cloudflare** - The original and default provider
+- **Linode DNS** - For Linode-hosted domains
+- **Namecheap DNS** - For Namecheap-hosted domains
+
+## Environment Variables
+
+### Common Variables (Required for all providers)
+
+- `DOMAIN` - Your custom domain (e.g., `app.example.com`)
+- `GATEWAY_DOMAIN` - dstack gateway domain (e.g., `_.dstack-prod5.phala.network`)
+- `CERTBOT_EMAIL` - Email for Let's Encrypt registration
+- `TARGET_ENDPOINT` - Backend application endpoint to proxy to
+- `DNS_PROVIDER` - DNS provider to use (`cloudflare`, `linode`, `namecheap`)
+
+### Optional Variables
+
+- `SET_CAA` - Enable CAA record setup (default: false)
+- `PORT` - HTTPS port (default: 443)
+- `TXT_PREFIX` - Prefix for TXT records (default: "_tapp-address")
+
+## Provider-Specific Configuration
+
+### Cloudflare
+
+```bash
+DNS_PROVIDER=cloudflare
+CLOUDFLARE_API_TOKEN=your-api-token
+```
+
+**Required Permissions:**
+- Zone:Read
+- DNS:Edit
+
+### Linode DNS
+
+```bash
+DNS_PROVIDER=linode
+LINODE_API_TOKEN=your-api-token
+```
+
+**Required Permissions:**
+- Domains: Read/Write access
+
+**Important Note for Linode:**
+- Linode has a limitation where CAA and CNAME records cannot coexist on the same subdomain
+- To work around this, the system will attempt to use A records instead of CNAME records
+- If the gateway domain can be resolved to an IP, an A record will be created
+- If resolution fails, it falls back to CNAME (but CAA records won't work on that subdomain)
+- This is a Linode-specific limitation not present in other providers
+
+### Namecheap DNS
+
+```bash
+DNS_PROVIDER=namecheap
+NAMECHEAP_USERNAME=your-namecheap-username
+NAMECHEAP_API_KEY=your-namecheap-api-key
+NAMECHEAP_CLIENT_IP=your-client-ip
+```
+
+**Required Configuration:**
+- Namecheap username and API key from your Namecheap account
+- Client IP address (whitelisted in Namecheap API settings)
+
+**Important Notes for Namecheap:**
+- Namecheap API requires whitelisting your IP address in their control panel
+- Namecheap does not support CAA records through their API - these must be configured manually
+- DNS propagation may take longer than other providers (up to 15 minutes)
+- Use sandbox mode for testing by setting `NAMECHEAP_SANDBOX=true`
+
+## Docker Compose Example
+
+```yaml
+version: '3.8'
+
+services:
+  ingress:
+    image: dstack-ingress:latest
+    ports:
+      - "443:443"
+    environment:
+      # Common configuration
+      - DNS_PROVIDER=linode
+      - DOMAIN=app.example.com
+      - GATEWAY_DOMAIN=_.dstack-prod5.phala.network
+      - [email protected]
+      - TARGET_ENDPOINT=http://backend:8080
+
+      # Linode specific
+      - LINODE_API_TOKEN=your-api-token
+    volumes:
+      - ./letsencrypt:/etc/letsencrypt
+      - ./evidences:/evidences
+```
+
+## Migration from Cloudflare-only Setup
+
+If you're currently using the Cloudflare-only version:
+
+1. **No changes needed for Cloudflare users** - The default behavior remains Cloudflare
+2. **For other providers** - Add the `DNS_PROVIDER` environment variable and provider-specific credentials
+
+## Troubleshooting
+
+### DNS Provider Detection
+
+If you see "Could not detect DNS provider type", ensure you have either:
+- Set `DNS_PROVIDER` environment variable explicitly, OR
+- Set provider-specific credential environment variables (e.g., `CLOUDFLARE_API_TOKEN`)
+
+### Certificate Generation Issues
+
+Different providers may have different propagation times. The default is 120 seconds, but you may need to adjust based on your provider's behavior.
+
+### Permission Errors
+
+Ensure your API tokens/credentials have the necessary permissions listed above for your provider.
+
+## API Token Generation
+
+### Cloudflare
+1. Go to https://dash.cloudflare.com/profile/api-tokens
+2. Create token with Zone:Read and DNS:Edit permissions
+3. Scope to specific zones if desired
+
+### Linode
+1. Go to https://cloud.linode.com/profile/tokens
+2. Create a Personal Access Token
+3. Grant "Domains" Read/Write access
+
+### Namecheap
+1. Go to https://www.namecheap.com/myaccount/api-settings/
+2. Enable API access and whitelist your IP address
+3. Note your API key and username
+4. For testing, use the sandbox environment at https://www.sandbox.namecheap.com/