Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save la1o/1e0030259c534c388d17bc440f0534d0 to your computer and use it in GitHub Desktop.
Save la1o/1e0030259c534c388d17bc440f0534d0 to your computer and use it in GitHub Desktop.
FreeDNS (afraid.org) Cerbot/Let's Encrypt Manual Automation Script
#!/bin/bash
# Copyright 2018, Anthony Wharton
# Single script that can be called that generates certificates using the
# certbotFreeDNSAuthHook.sh and certbotFreeDNSCleanupHook.sh scripts.
# This should be used as guidence of my usage, and changed to your needs. Note
# the generic `/path/to/...` and `DOMAIN.COM`, which should be replaced with
# your script location and domain respectively. In addition, for this to be
# used on a live system, one must remove the `--dry-run` flag.
certbot certonly \
--dry-run \
--agree-tos \
--manual-public-ip-logging-ok \
--renew-by-default \
--manual \
--preferred-challenges=dns \
--manual-auth-hook /path/to/certbotFreeDNSAuthHook.sh \
--manual-cleanup-hook /path/to/certbotFreeDNSCleanupHook.sh \
-d "DOMAIN.COM" \
-d "*.DOMAIN.COM" \
--server https://acme-v02.api.letsencrypt.org/directory
#!/bin/bash
# Copyright 2018, Anthony Wharton
# Script that logs into FreeDNS.afraid.org and puts in the _acme-challenge TXT
# record as required by certbot for let's encrypt certificates.
# This was made for my need to automate wildcard renewals which cannot work
# automatically.
# TODO: Update to your FreeDNS.afraid.org username and password.
USERNAME='user%40domain.com' # Username for FreeDNS
PASSWORD='verysecurepassword' # Password for FreeDNS
WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN"
COOKIEFILE="$WORKINGDIR/cookies.tmp"
TXTID_FILE="$WORKINGDIR/TXT_ID"
REGEX_DOMAINID="s~.*<td>$CERTBOT_DOMAIN</td><td[[:space:]]align=right><a[[:space:]]href=/subdomain/edit\\.php\\?edit_domain_id=\\([0-9]*\\)>\\[[[:space:]]add[[:space:]]\\]</a></td></tr>.*~\\1~;t;d"
REGEX_TXTID="s/.*data_id=\\([0-9]*\\)>_acme-challenge.*/\\1/;t;d"
REGEX_REF="s/.*ref[[:space:]]value=\\([a-zA-Z0-9][a-zA-Z0-9=]*\\)>.*/\\1/;t;d"
echo "==============================================="
if [ ! -d $WORKINGDIR ]; then
echo "Creating working director for temporary files ($WORKINGDIR)"
mkdir -m 0700 $WORKINGDIR
fi
echo "Logging in..."
curl -s "https://freedns.afraid.org/zc.php?step=2 " \
-c $COOKIEFILE \
-d "action=auth" \
-d "submit=Login" \
-d "username=$USERNAME" \
-d "password=$PASSWORD"
echo "Getting domain ID..."
DOM_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
-b $COOKIEFILE \
| sed --posix $REGEX_DOMAINID)
echo "Domain ID: $DOM_ID"
echo "Getting current TXT record ID (if existent)..."
TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
-b $COOKIEFILE \
| sed --posix $REGEX_TXTID)
echo "Getting REF form..."
REF=$(curl -s "https://freedns.afraid.org/subdomain/edit.php?edit_domain_id=$DOM_ID" \
-b $COOKIEFILE \
| sed --posix $REGEX_REF)
echo "Creating/Updaing TXT record..."
curl -s "https://freedns.afraid.org/subdomain/save.php?step=2" \
-b $COOKIEFILE \
-d "type=TXT" \
-d "subdomain=_acme-challenge" \
-d "domain_id=$DOM_ID" \
-d "address=%22$CERTBOT_VALIDATION%22" \
-d "ref=$REF" \
-d "data_id=$TXT_ID" \
-d "send=Save%21"
TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
-b $COOKIEFILE \
| sed --posix $REGEX_TXTID)
echo "TXT record ID: $TXT_ID"
echo Saving ID for cleanup...
echo $TXT_ID > $TXTID_FILE
echo "Auth Step DONE, Sleeping to allow for DNS records to propagate"
while true
do
# check with OpenDNS
TXT_VALIDATION=$(dig +short -t txt _acme-challenge.$CERTBOT_DOMAIN @208.67.220.220)
if [ "\"$CERTBOT_VALIDATION\"" == "$TXT_VALIDATION" ]
then
break
fi
sleep 10
done
echo "==============================================="
#!/bin/bash
# Copyright 2018, Anthony Wharton
# Script that logs into FreeDNS.afraid.org and cleans up the _acme-challenge
# TXT record as created by the certbotFreeDNSAuthHook.sh script.
# This was made for my need to automate wildcard renewals which cannot work
# automatically.
# TODO: Update to your FreeDNS.afraid.org username and password.
USERNAME='user%40domain.com' # Username for FreeDNS
PASSWORD='verysecurepassword' # Password for FreeDNS
WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN"
COOKIEFILE="$WORKINGDIR/cookies.tmp"
TXTID_FILE="$WORKINGDIR/TXT_ID"
echo "==============================================="
echo "Cleaning up..."
if [ ! -f $COOKIESFILE ]; then
echo "No saved cookies found... Logging in..."
curl -s "https://freedns.afraid.org/zc.php?step=2 " \
-c $COOKIEFILE \
-d "action=auth" \
-d "submit=Login" \
-d "username=$USERNAME" \
-d "password=$PASSWORD"
fi
if [ -f $TXTID_FILE ]; then
TXT_ID=$(cat $TXTID_FILE)
echo "Deleting TXT record ID ($TXT_ID)..."
QUERY="https://freedns.afraid.org/subdomain/delete2.php?"
QUERY+="data_id%5B%5D=$TXT_ID&"
QUERY+="submit=delete+selected"
curl -s $QUERY -b $COOKIEFILE
fi
rm -vrf $WORKINGDIR
echo "DONE"
echo "==============================================="
@AnthonyWharton
Copy link

Haha, I’m glad to hear that! I haven’t needed this script in a while and haven’t had the time to maintain it.. glad it’s had some use for you.

I’ve since found auth using ACME/a web server to be much more reliable and instant than using DNS. The acme.sh repo looks very cool, last that I did this was with a docker compose script that spins up a certbot and nginx container... but as per my scripts it’s terribly over complicated!
https://github.com/AnthonyWharton/bitwarden_rs_helper

I’d go for something well maintained!

@alanmilinovic
Copy link

Cannot make it work. 😔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment