la1o · March 8, 2024 18:53 · ahpohl · May 25, 2021 · AnthonyWharton · May 26, 2021
diff --git a/automatedManualCertbotRenewal.sh b/automatedManualCertbotRenewal.sh
 #!/bin/bash
 # Copyright 2018, Anthony Wharton
 # Single script that can be called that generates certificates using the 
 # certbotFreeDNSAuthHook.sh and certbotFreeDNSCleanupHook.sh scripts.

 # This should be used as guidence of my usage, and changed to your needs. Note 
 # the generic `/path/to/...` and `DOMAIN.COM`, which should be replaced with 
 # your script location and domain respectively. In addition, for this to be
 # used on a live system, one must remove the `--dry-run` flag.

 certbot certonly                                                    \
 	--dry-run                                                   \
 	--agree-tos                                                 \
 	--manual-public-ip-logging-ok                               \
 	--renew-by-default                                          \
 	--manual                                                    \
 	--preferred-challenges=dns                                  \
 	--manual-auth-hook /path/to/certbotFreeDNSAuthHook.sh       \
 	--manual-cleanup-hook /path/to/certbotFreeDNSCleanupHook.sh \
 	-d "DOMAIN.COM"                                           \
 	-d "*.DOMAIN.COM"                                           \
 	--server https://acme-v02.api.letsencrypt.org/directory
diff --git a/certbotFreeDNSAuthHook.sh b/certbotFreeDNSAuthHook.sh
 #!/bin/bash
 # Copyright 2018, Anthony Wharton
 # Script that logs into FreeDNS.afraid.org and puts in the _acme-challenge TXT
 # record as required by certbot for let's encrypt certificates.
 # This was made for my need to automate wildcard renewals which cannot work
 # automatically.

 # TODO: Update to your FreeDNS.afraid.org username and password.
 USERNAME='user%40domain.com'  # Username for FreeDNS
 PASSWORD='verysecurepassword' # Password for FreeDNS

 WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN"
 COOKIEFILE="$WORKINGDIR/cookies.tmp"
 TXTID_FILE="$WORKINGDIR/TXT_ID"

 REGEX_DOMAINID="s~.*<td>$CERTBOT_DOMAIN</td><td[[:space:]]align=right><a[[:space:]]href=/subdomain/edit\\.php\\?edit_domain_id=\\([0-9]*\\)>\\[[[:space:]]add[[:space:]]\\]</a></td></tr>.*~\\1~;t;d"
 REGEX_TXTID="s/.*data_id=\\([0-9]*\\)>_acme-challenge.*/\\1/;t;d"
 REGEX_REF="s/.*ref[[:space:]]value=\\([a-zA-Z0-9][a-zA-Z0-9=]*\\)>.*/\\1/;t;d"

 echo "==============================================="
 if [ ! -d $WORKINGDIR ]; then
 	echo "Creating working director for temporary files ($WORKINGDIR)"
 	mkdir -m 0700 $WORKINGDIR
 fi

 echo "Logging in..."
 curl -s "https://freedns.afraid.org/zc.php?step=2 " \
     -c $COOKIEFILE                                 \
     -d "action=auth"                               \
     -d "submit=Login"                              \
     -d "username=$USERNAME"                        \
     -d "password=$PASSWORD"

 echo "Getting domain ID..."
 DOM_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
              -b $COOKIEFILE                             \
 	      | sed --posix $REGEX_DOMAINID)

 echo "Domain ID: $DOM_ID"

 echo "Getting current TXT record ID (if existent)..."
 TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
              -b $COOKIEFILE                             \
 	      | sed --posix $REGEX_TXTID)


 echo "Getting REF form..."
 REF=$(curl -s "https://freedns.afraid.org/subdomain/edit.php?edit_domain_id=$DOM_ID" \
              -b $COOKIEFILE                                                          \
 	      | sed --posix $REGEX_REF)

 echo "Creating/Updaing TXT record..."
 curl -s "https://freedns.afraid.org/subdomain/save.php?step=2" \
     -b $COOKIEFILE                                            \
     -d "type=TXT"                                             \
     -d "subdomain=_acme-challenge"                            \
     -d "domain_id=$DOM_ID"                                    \
     -d "address=%22$CERTBOT_VALIDATION%22"                    \
     -d "ref=$REF"                                             \
     -d "data_id=$TXT_ID"                                      \
     -d "send=Save%21"

 TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
              -b $COOKIEFILE                             \
 	      | sed --posix $REGEX_TXTID)
 echo "TXT record ID: $TXT_ID"
 echo Saving ID for cleanup...
 echo $TXT_ID > $TXTID_FILE

 echo "Auth Step DONE, Sleeping to allow for DNS records to propagate"

 while true
 do
    # check with OpenDNS
    TXT_VALIDATION=$(dig +short -t txt _acme-challenge.$CERTBOT_DOMAIN @208.67.220.220)
    if [ "\"$CERTBOT_VALIDATION\"" == "$TXT_VALIDATION" ]
    then
        break
    fi
    sleep 10
 done

 echo "==============================================="
diff --git a/certbotFreeDNSCleanupHook.sh b/certbotFreeDNSCleanupHook.sh
 #!/bin/bash
 # Copyright 2018, Anthony Wharton
 # Script that logs into FreeDNS.afraid.org and cleans up the _acme-challenge
 # TXT record as created by the certbotFreeDNSAuthHook.sh script.
 # This was made for my need to automate wildcard renewals which cannot work
 # automatically.

 # TODO: Update to your FreeDNS.afraid.org username and password.
 USERNAME='user%40domain.com'  # Username for FreeDNS
 PASSWORD='verysecurepassword' # Password for FreeDNS

 WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN"
 COOKIEFILE="$WORKINGDIR/cookies.tmp"
 TXTID_FILE="$WORKINGDIR/TXT_ID"

 echo "==============================================="
 echo "Cleaning up..."
 if [ ! -f $COOKIESFILE ]; then
 	echo "No saved cookies found... Logging in..."
 	curl -s "https://freedns.afraid.org/zc.php?step=2 " \
 	     -c $COOKIEFILE                                 \
 	     -d "action=auth"                               \
 	     -d "submit=Login"                              \
 	     -d "username=$USERNAME"                        \
 	     -d "password=$PASSWORD"
 fi

 if [ -f $TXTID_FILE ]; then
 	TXT_ID=$(cat $TXTID_FILE)
 	echo "Deleting TXT record ID ($TXT_ID)..."
 	QUERY="https://freedns.afraid.org/subdomain/delete2.php?"
 	QUERY+="data_id%5B%5D=$TXT_ID&"
 	QUERY+="submit=delete+selected"
 	curl -s $QUERY -b $COOKIEFILE
 fi

 rm -vrf $WORKINGDIR
 echo "DONE"
 echo "==============================================="
	#!/bin/bash
	# Copyright 2018, Anthony Wharton
	# Single script that can be called that generates certificates using the
	# certbotFreeDNSAuthHook.sh and certbotFreeDNSCleanupHook.sh scripts.

	# This should be used as guidence of my usage, and changed to your needs. Note
	# the generic `/path/to/...` and `DOMAIN.COM`, which should be replaced with
	# your script location and domain respectively. In addition, for this to be
	# used on a live system, one must remove the `--dry-run` flag.

	certbot certonly \
	--dry-run \
	--agree-tos \
	--manual-public-ip-logging-ok \
	--renew-by-default \
	--manual \
	--preferred-challenges=dns \
	--manual-auth-hook /path/to/certbotFreeDNSAuthHook.sh \
	--manual-cleanup-hook /path/to/certbotFreeDNSCleanupHook.sh \
	-d "DOMAIN.COM" \
	-d "*.DOMAIN.COM" \
	--server https://acme-v02.api.letsencrypt.org/directory
	#!/bin/bash
	# Copyright 2018, Anthony Wharton
	# Script that logs into FreeDNS.afraid.org and puts in the _acme-challenge TXT
	# record as required by certbot for let's encrypt certificates.
	# This was made for my need to automate wildcard renewals which cannot work
	# automatically.

	# TODO: Update to your FreeDNS.afraid.org username and password.
	USERNAME='user%40domain.com' # Username for FreeDNS
	PASSWORD='verysecurepassword' # Password for FreeDNS

	WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN"
	COOKIEFILE="$WORKINGDIR/cookies.tmp"
	TXTID_FILE="$WORKINGDIR/TXT_ID"

	REGEX_DOMAINID="s~.<td>$CERTBOT_DOMAIN</td><td[[:space:]]align=right><a[[:space:]]href=/subdomain/edit\\.php\\?edit_domain_id=\\([0-9]\\)>\\[[[:space:]]add[[:space:]]\\]</a></td></tr>.*~\\1~;t;d"
	REGEX_TXTID="s/.data_id=\\([0-9]\\)>_acme-challenge.*/\\1/;t;d"
	REGEX_REF="s/.ref[[:space:]]value=\\([a-zA-Z0-9][a-zA-Z0-9=]\\)>.*/\\1/;t;d"

	echo "==============================================="
	if [ ! -d $WORKINGDIR ]; then
	echo "Creating working director for temporary files ($WORKINGDIR)"
	mkdir -m 0700 $WORKINGDIR
	fi

	echo "Logging in..."
	curl -s "https://freedns.afraid.org/zc.php?step=2 " \
	-c $COOKIEFILE \
	-d "action=auth" \
	-d "submit=Login" \
	-d "username=$USERNAME" \
	-d "password=$PASSWORD"

	echo "Getting domain ID..."
	DOM_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
	-b $COOKIEFILE \
	\| sed --posix $REGEX_DOMAINID)

	echo "Domain ID: $DOM_ID"

	echo "Getting current TXT record ID (if existent)..."
	TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
	-b $COOKIEFILE \
	\| sed --posix $REGEX_TXTID)


	echo "Getting REF form..."
	REF=$(curl -s "https://freedns.afraid.org/subdomain/edit.php?edit_domain_id=$DOM_ID" \
	-b $COOKIEFILE \
	\| sed --posix $REGEX_REF)

	echo "Creating/Updaing TXT record..."
	curl -s "https://freedns.afraid.org/subdomain/save.php?step=2" \
	-b $COOKIEFILE \
	-d "type=TXT" \
	-d "subdomain=_acme-challenge" \
	-d "domain_id=$DOM_ID" \
	-d "address=%22$CERTBOT_VALIDATION%22" \
	-d "ref=$REF" \
	-d "data_id=$TXT_ID" \
	-d "send=Save%21"

	TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
	-b $COOKIEFILE \
	\| sed --posix $REGEX_TXTID)
	echo "TXT record ID: $TXT_ID"
	echo Saving ID for cleanup...
	echo $TXT_ID > $TXTID_FILE

	echo "Auth Step DONE, Sleeping to allow for DNS records to propagate"

	while true
	do
	# check with OpenDNS
	TXT_VALIDATION=$(dig +short -t txt _acme-challenge.$CERTBOT_DOMAIN @208.67.220.220)
	if [ "\"$CERTBOT_VALIDATION\"" == "$TXT_VALIDATION" ]
	then
	break
	fi
	sleep 10
	done

	echo "==============================================="