Forked from ahnooie/hook-dns-01-lets-encrypt-route53.py
Last active
February 8, 2018 06:58
-
-
Save ksze/7fc6aa8b7572b89f0ffe3be45414c649 to your computer and use it in GitHub Desktop.
Python 3 script to use as a hook for the letsencrypt.sh client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# How to use: | |
# | |
# LE_HOSTED_ZONE=XXXXXX ./letsencrypt.sh --cron --domain example.org --challenge dns-01 --hook /tmp/hook-dns-01-lets-encrypt-route53.py | |
# | |
# More info about letsencrypt.sh: https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks | |
# Using AWS Profiles: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles | |
# Obtaining your Hosted Zone ID from Route 53: http://docs.aws.amazon.com/cli/latest/reference/route53/list-hosted-zones-by-name.html | |
# modules declaration | |
import os | |
import sys | |
import boto3 | |
from time import sleep | |
if 'LE_HOSTED_ZONE' not in os.environ: | |
raise Exception("Environment variable LE_HOSTED_ZONE not defined") | |
# declaring variables | |
hosted_zone_id = os.environ['LE_HOSTED_ZONE'] | |
def setup_dns(domain, txt_challenge): | |
global hosted_zone_id | |
session = boto3.Session() | |
client = session.client("route53") | |
resp = client.change_resource_record_sets( | |
HostedZoneId=hosted_zone_id, | |
ChangeBatch={ | |
'Changes': [{ | |
'Action': 'UPSERT', | |
'ResourceRecordSet': { | |
'Name': '_acme-challenge.{0}'.format(domain), | |
'Type': 'TXT', | |
'TTL': 60, | |
'ResourceRecords': [{ | |
'Value': '"{0}"'.format(txt_challenge) | |
}] | |
} | |
}] | |
} | |
) | |
# wait 30 seconds for DNS update | |
sleep(30) | |
def delete_dns(domain, txt_challenge): | |
global hosted_zone_id | |
session = boto3.Session() | |
client = session.client("route53") | |
resp = client.change_resource_record_sets( | |
HostedZoneId=hosted_zone_id, | |
ChangeBatch={ | |
'Changes': [{ | |
'Action': 'DELETE', | |
'ResourceRecordSet': { | |
'Name': '_acme-challenge.{0}'.format(domain), | |
'Type': 'TXT', | |
'TTL': 60, | |
'ResourceRecords': [{ | |
'Value': '"{0}"'.format(txt_challenge) | |
}] | |
} | |
}] | |
} | |
) | |
if __name__ == "__main__": | |
hook = sys.argv[1] | |
if hook == 'exit_hook': | |
sys.exit(0) | |
# domain = sys.argv[2] | |
# txt_challenge = sys.argv[4] | |
if len(sys.argv) > 2: | |
domain = sys.argv[2] | |
txt_challenge = sys.argv[4] | |
else: | |
domain = None | |
txt_challenge = None | |
print(hook) | |
print(domain) | |
print(txt_challenge) | |
if hook == "deploy_challenge": | |
setup_dns(domain, txt_challenge) | |
elif hook == "clean_challenge": | |
delete_dns(domain, txt_challenge) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment