Created
February 6, 2020 12:25
-
-
Save jahir/9c12f3ca4e8990fc669b0131ea7c0752 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # dehydrated hook script for verification by dns | |
| # | |
| # args (see https://github.com/lukas2511/dehydrated/blob/master/docs/dns-verification.md) | |
| # $1 an operation name (clean_challenge, deploy_challenge, deploy_cert, invalid_challenge or request_failure) and some operands for that. For deploy_challenge | |
| # $2 is the domain name for which the certificate is required, | |
| # $3 is a "challenge token" (which is not needed for dns-01), and | |
| # $4 is a token which needs to be inserted in a TXT record for the domain. | |
| # | |
| declare -A DEDYN_TOKENS | |
| DEDYN_TOKENS=( | |
| ["yourname.dedyn.io"]="YOUR_TOKEN" | |
| ["anothername.dedyn.io"]="ANOTHER_TOKEN" | |
| ) | |
| ############################################ | |
| # args: | |
| # - domain_name | |
| # - token from let's encrypt | |
| deploy_challenge() { | |
| local DEDYN_NAME="$1" | |
| local LE_TOKEN="$2" | |
| local DEDYN_TOKEN=${DEDYN_TOKENS[$DEDYN_NAME]} | |
| [ -z "$DEDYN_TOKEN" ] && { echo "error: no dedyn token for $DEDYN_NAME!"; exit 1; } | |
| local args=( \ | |
| '-Ss' \ | |
| '-H' "Authorization: Token $DEDYN_TOKEN" \ | |
| '-H' 'Accept: application/json' \ | |
| '-H' 'Content-Type: application/json' \ | |
| '-d' '{"subname":"_acme-challenge", "type":"TXT", "records":["\"'"$LE_TOKEN"'\""], "ttl":60}' \ | |
| '-o' '/dev/null' \ | |
| ) | |
| curl -X PUT "${args[@]}" -f "https://desec.io/api/v1/domains/$DEDYN_NAME/rrsets/_acme-challenge.../TXT/" || | |
| (>&2 echo "If the previous error was a 404 error, that's ok"; curl -X POST "${args[@]}" https://desec.io/api/v1/domains/$DEDYN_NAME/rrsets/) | |
| declare -i cnt=0 | |
| while ! dig +short TXT _acme-challenge.$DEDYN_NAME @ns1.desec.io | grep -q -- "$LE_TOKEN"; do | |
| if [ $cnt -ge 90 ]; then | |
| >&2 echo "Token could not be published. Please check your dedyn credentials." | |
| exit 5 | |
| fi | |
| cnt+=1 | |
| echo -n "." | |
| sleep 1 | |
| done | |
| >&2 echo "Ok, got token published (after $cnt s)." | |
| } | |
| ############################################ | |
| clean_challenge() { | |
| local DEDYN_NAME="$1" | |
| local DEDYN_TOKEN=${DEDYN_TOKENS[$DEDYN_NAME]} | |
| [ -z "$DEDYN_TOKEN" ] && { echo "error: no dedyn token for $DEDYN_NAME!"; exit 1; } | |
| curl -X DELETE \ | |
| -H "Authorization: Token $DEDYN_TOKEN" \ | |
| -H 'Accept: application/json' \ | |
| "https://desec.io/api/v1/domains/$DEDYN_NAME/rrsets/_acme-challenge.../TXT/" | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment