Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save ksze/7fc6aa8b7572b89f0ffe3be45414c649 to your computer and use it in GitHub Desktop.
Save ksze/7fc6aa8b7572b89f0ffe3be45414c649 to your computer and use it in GitHub Desktop.
Python 3 script to use as a hook for the letsencrypt.sh client
#!/usr/bin/env python3
# How to use:
#
# LE_HOSTED_ZONE=XXXXXX ./letsencrypt.sh --cron --domain example.org --challenge dns-01 --hook /tmp/hook-dns-01-lets-encrypt-route53.py
#
# More info about letsencrypt.sh: https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks
# Using AWS Profiles: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles
# Obtaining your Hosted Zone ID from Route 53: http://docs.aws.amazon.com/cli/latest/reference/route53/list-hosted-zones-by-name.html
# modules declaration
import os
import sys
import boto3
from time import sleep
if 'LE_HOSTED_ZONE' not in os.environ:
raise Exception("Environment variable LE_HOSTED_ZONE not defined")
# declaring variables
hosted_zone_id = os.environ['LE_HOSTED_ZONE']
def setup_dns(domain, txt_challenge):
global hosted_zone_id
session = boto3.Session()
client = session.client("route53")
resp = client.change_resource_record_sets(
HostedZoneId=hosted_zone_id,
ChangeBatch={
'Changes': [{
'Action': 'UPSERT',
'ResourceRecordSet': {
'Name': '_acme-challenge.{0}'.format(domain),
'Type': 'TXT',
'TTL': 60,
'ResourceRecords': [{
'Value': '"{0}"'.format(txt_challenge)
}]
}
}]
}
)
# wait 30 seconds for DNS update
sleep(30)
def delete_dns(domain, txt_challenge):
global hosted_zone_id
session = boto3.Session()
client = session.client("route53")
resp = client.change_resource_record_sets(
HostedZoneId=hosted_zone_id,
ChangeBatch={
'Changes': [{
'Action': 'DELETE',
'ResourceRecordSet': {
'Name': '_acme-challenge.{0}'.format(domain),
'Type': 'TXT',
'TTL': 60,
'ResourceRecords': [{
'Value': '"{0}"'.format(txt_challenge)
}]
}
}]
}
)
if __name__ == "__main__":
hook = sys.argv[1]
if hook == 'exit_hook':
sys.exit(0)
# domain = sys.argv[2]
# txt_challenge = sys.argv[4]
if len(sys.argv) > 2:
domain = sys.argv[2]
txt_challenge = sys.argv[4]
else:
domain = None
txt_challenge = None
print(hook)
print(domain)
print(txt_challenge)
if hook == "deploy_challenge":
setup_dns(domain, txt_challenge)
elif hook == "clean_challenge":
delete_dns(domain, txt_challenge)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment