Forked from AnthonyWharton/automatedManualCertbotRenewal.sh
Last active
March 8, 2024 18:53
-
-
Save la1o/1e0030259c534c388d17bc440f0534d0 to your computer and use it in GitHub Desktop.
FreeDNS (afraid.org) Cerbot/Let's Encrypt Manual Automation Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Copyright 2018, Anthony Wharton | |
# Single script that can be called that generates certificates using the | |
# certbotFreeDNSAuthHook.sh and certbotFreeDNSCleanupHook.sh scripts. | |
# This should be used as guidence of my usage, and changed to your needs. Note | |
# the generic `/path/to/...` and `DOMAIN.COM`, which should be replaced with | |
# your script location and domain respectively. In addition, for this to be | |
# used on a live system, one must remove the `--dry-run` flag. | |
certbot certonly \ | |
--dry-run \ | |
--agree-tos \ | |
--manual-public-ip-logging-ok \ | |
--renew-by-default \ | |
--manual \ | |
--preferred-challenges=dns \ | |
--manual-auth-hook /path/to/certbotFreeDNSAuthHook.sh \ | |
--manual-cleanup-hook /path/to/certbotFreeDNSCleanupHook.sh \ | |
-d "DOMAIN.COM" \ | |
-d "*.DOMAIN.COM" \ | |
--server https://acme-v02.api.letsencrypt.org/directory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Copyright 2018, Anthony Wharton | |
# Script that logs into FreeDNS.afraid.org and puts in the _acme-challenge TXT | |
# record as required by certbot for let's encrypt certificates. | |
# This was made for my need to automate wildcard renewals which cannot work | |
# automatically. | |
# TODO: Update to your FreeDNS.afraid.org username and password. | |
USERNAME='user%40domain.com' # Username for FreeDNS | |
PASSWORD='verysecurepassword' # Password for FreeDNS | |
WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN" | |
COOKIEFILE="$WORKINGDIR/cookies.tmp" | |
TXTID_FILE="$WORKINGDIR/TXT_ID" | |
REGEX_DOMAINID="s~.*<td>$CERTBOT_DOMAIN</td><td[[:space:]]align=right><a[[:space:]]href=/subdomain/edit\\.php\\?edit_domain_id=\\([0-9]*\\)>\\[[[:space:]]add[[:space:]]\\]</a></td></tr>.*~\\1~;t;d" | |
REGEX_TXTID="s/.*data_id=\\([0-9]*\\)>_acme-challenge.*/\\1/;t;d" | |
REGEX_REF="s/.*ref[[:space:]]value=\\([a-zA-Z0-9][a-zA-Z0-9=]*\\)>.*/\\1/;t;d" | |
echo "===============================================" | |
if [ ! -d $WORKINGDIR ]; then | |
echo "Creating working director for temporary files ($WORKINGDIR)" | |
mkdir -m 0700 $WORKINGDIR | |
fi | |
echo "Logging in..." | |
curl -s "https://freedns.afraid.org/zc.php?step=2 " \ | |
-c $COOKIEFILE \ | |
-d "action=auth" \ | |
-d "submit=Login" \ | |
-d "username=$USERNAME" \ | |
-d "password=$PASSWORD" | |
echo "Getting domain ID..." | |
DOM_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \ | |
-b $COOKIEFILE \ | |
| sed --posix $REGEX_DOMAINID) | |
echo "Domain ID: $DOM_ID" | |
echo "Getting current TXT record ID (if existent)..." | |
TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \ | |
-b $COOKIEFILE \ | |
| sed --posix $REGEX_TXTID) | |
echo "Getting REF form..." | |
REF=$(curl -s "https://freedns.afraid.org/subdomain/edit.php?edit_domain_id=$DOM_ID" \ | |
-b $COOKIEFILE \ | |
| sed --posix $REGEX_REF) | |
echo "Creating/Updaing TXT record..." | |
curl -s "https://freedns.afraid.org/subdomain/save.php?step=2" \ | |
-b $COOKIEFILE \ | |
-d "type=TXT" \ | |
-d "subdomain=_acme-challenge" \ | |
-d "domain_id=$DOM_ID" \ | |
-d "address=%22$CERTBOT_VALIDATION%22" \ | |
-d "ref=$REF" \ | |
-d "data_id=$TXT_ID" \ | |
-d "send=Save%21" | |
TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \ | |
-b $COOKIEFILE \ | |
| sed --posix $REGEX_TXTID) | |
echo "TXT record ID: $TXT_ID" | |
echo Saving ID for cleanup... | |
echo $TXT_ID > $TXTID_FILE | |
echo "Auth Step DONE, Sleeping to allow for DNS records to propagate" | |
while true | |
do | |
# check with OpenDNS | |
TXT_VALIDATION=$(dig +short -t txt _acme-challenge.$CERTBOT_DOMAIN @208.67.220.220) | |
if [ "\"$CERTBOT_VALIDATION\"" == "$TXT_VALIDATION" ] | |
then | |
break | |
fi | |
sleep 10 | |
done | |
echo "===============================================" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Copyright 2018, Anthony Wharton | |
# Script that logs into FreeDNS.afraid.org and cleans up the _acme-challenge | |
# TXT record as created by the certbotFreeDNSAuthHook.sh script. | |
# This was made for my need to automate wildcard renewals which cannot work | |
# automatically. | |
# TODO: Update to your FreeDNS.afraid.org username and password. | |
USERNAME='user%40domain.com' # Username for FreeDNS | |
PASSWORD='verysecurepassword' # Password for FreeDNS | |
WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN" | |
COOKIEFILE="$WORKINGDIR/cookies.tmp" | |
TXTID_FILE="$WORKINGDIR/TXT_ID" | |
echo "===============================================" | |
echo "Cleaning up..." | |
if [ ! -f $COOKIESFILE ]; then | |
echo "No saved cookies found... Logging in..." | |
curl -s "https://freedns.afraid.org/zc.php?step=2 " \ | |
-c $COOKIEFILE \ | |
-d "action=auth" \ | |
-d "submit=Login" \ | |
-d "username=$USERNAME" \ | |
-d "password=$PASSWORD" | |
fi | |
if [ -f $TXTID_FILE ]; then | |
TXT_ID=$(cat $TXTID_FILE) | |
echo "Deleting TXT record ID ($TXT_ID)..." | |
QUERY="https://freedns.afraid.org/subdomain/delete2.php?" | |
QUERY+="data_id%5B%5D=$TXT_ID&" | |
QUERY+="submit=delete+selected" | |
curl -s $QUERY -b $COOKIEFILE | |
fi | |
rm -vrf $WORKINGDIR | |
echo "DONE" | |
echo "===============================================" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cannot make it work. 😔