Skip to content

Instantly share code, notes, and snippets.

@repomaa

repomaa/inwx-acme

Created February 2, 2016 15:38
Show Gist options
  • Save repomaa/49aca3b5f3bf2c5d73d8 to your computer and use it in GitHub Desktop.
Save repomaa/49aca3b5f3bf2c5d73d8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
inwx-acme
#!/usr/bin/bash
# Copyright (c) Joakim Reinert. All rights reserved.
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
API_URL='https://api.domrobot.com/xmlrpc/'
TMPDIR='/tmp/inwx-acme'
source "$BASEDIR/inwx-acme.auth" # contains user and pass variables
USER=$user
PASS=$pass
build_method_call() {
local method_name=$1
shift
echo -n "<?xml version=\"1.0\"?>"
echo -n "<methodCall>"
echo -n "<methodName>$method_name</methodName>"
echo -n "<params><param><value><struct>"
for param in "$@"; do
echo -n "$param"
done
echo -n "$(build_param "user" "$USER")"
echo -n "$(build_param "pass" "$PASS")"
echo -n "</struct></value></param></params>"
echo -n "</methodCall>"
}
build_param() {
local name=$1
local value=$2
local type=${3:-string}
echo -n '<member>'
echo -n "<name>$name</name>"
echo -n "<value><$type>"
if [[ "$type" = 'string' ]]; then
echo -n "<![CDATA[$value]]>"
else
echo -n "$value"
fi
echo -n "</$type></value>"
echo -n "</member>"
}
build_create_record_call() {
local domain=$1
local name=$2
local type=$3
local content=$4
local ttl=3600
build_method_call 'nameserver.createRecord' \
"$(build_param 'domain' $domain)" \
"$(build_param 'name' $name)" \
"$(build_param 'type' $type)" \
"$(build_param 'content' $content)" \
"$(build_param 'ttl' $ttl 'int')"
}
build_list_call() {
build_method_call 'nameserver.list'
}
build_delete_record_call() {
local id=$1
build_method_call 'nameserver.deleteRecord' \
"$(build_param 'id' $id)"
}
method_call() {
local call=$1
local result=$(curl -s -c "$TMPDIR/cookies" -d "$call" -H 'Content-Type: text/xml' "$API_URL")
local xpath='//methodResponse//params//member/name[text()="code"]/../value/int/text()'
local code=$(echo "$result" | xmllint --xpath "$xpath" -)
if [ $code = 1000 ]; then
echo "$result"
return 0
else
echo "$result" >&2
return 1
fi
}
deploy_challenge() {
local domain
local subdomain
if [[ -z "${1/*.*.*/}" ]]; then
domain=${1#*.}
subdomain=${1%%.*}
else
domain=$1
subdomain=''
fi
local token=$2
local result=$(method_call \
"$(build_create_record_call "$domain" "_acme-challenge.$subdomain" 'TXT' "$token")")
local code=$?
local xpath='//methodResponse//params//member/name[text()="id"]/../value/int/text()'
echo "$result" | xmllint --xpath "$xpath" -
return $code
}
clean_challenge() {
local record_id=$1
method_call \
"$(build_delete_record_call "$record_id")" > /dev/null
}
mkdir -p "$TMPDIR"
case $1 in
'deploy_challenge')
deploy_challenge "$2" "$4" > "$TMPDIR/$2.id"
;;
'clean_challenge')
clean_challenge "$(cat "$TMPDIR/$2.id")" || exit 1
rm "$TMPDIR/$2.id"
;;
esac
Raw
inwx-acme.auth
#!/usr/bin/bash
user='your inwx username'
pass='your inwx password'
@benediktg
Copy link

Here is how I applied this nice script:

apt install libxml2-utils # on Debian
cd /etc/letsencrypt.sh    # where your BASEDIR is
wget https://gist.githubusercontent.com/jreinert/49aca3b5f3bf2c5d73d8/raw/inwx-acme -Oinwx-acme-hook.sh
wget https://gist.githubusercontent.com/jreinert/49aca3b5f3bf2c5d73d8/raw/inwx-acme.auth

Now uncomment CHALLENGETYPE, set it to "dns-01". In addition to that HOOK must be changed to "${BASEDIR}/inwx-acme-hook.sh"and of course your credentials need to be typed into the inwx-acme.auth.

(Just as a short tutorial for those who might wonder how to do it 😉)

@ngzero
Copy link

ngzero commented May 17, 2016

Hi benediktg,

thanks for your short tut. I think you mean cd /etc/letsencrypt without .sh at the end.
Can you please tell me where I should uncomment CHALLENGETYPE? In which file? What is the command I need to use?
I've seen something like this ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly -a manual -t dns-01
but -t param is unknown. Can you please tell me what you've entered?

best regards
Steven

@Tronic69
Copy link

Tronic69 commented Jul 8, 2016
edited
Loading

@ngzero:

I think you mean cd /etc/letsencrypt without .sh at the end.

The path wit .sh is correct, because /etc/letsencrypt is for the Let's Encrypt Client and /etc/letsencrypt.sh for the script by Lucas (=> https://github.com/lukas2511/letsencrypt.sh).

Can you please tell me where I should uncomment CHALLENGETYPE? In which file?

You have to uncomment it in file /etc/letsencrypt.sh/config like HOOK.

What is the command I need to use?

Put your domains you want to get certs for into $BASEDIR/domains.txt and then just use <path_to_script>/letsencrypt.sh -c

@gubiq
Copy link

gubiq commented Aug 1, 2016

Your hook doesn't work with sub-subdomain as deploy_challenge() splits after the first dot.
Can you please look at my fixed fork at https://gist.github.com/gubiq/b444e50133c721816c67ce4913e7b231/revisions?

@deg0nz
Copy link

deg0nz commented Apr 23, 2018
edited
Loading

I think this can be useful for current and future users:

You can request a second user account via the INWX support and let them give that account restricted access rights to the API (e.g. limited to nameserver-manipulation, also different credentials for this account and no login possibility to the web-login if you want to).

@Kulturserver
Copy link

Hi, we encounter errors when we try to apply newly for an existing certificate with -x (force). Also, the records are not deleted automatically after the certificates are generated.

cat: /tmp/inwx-acme/diemuenchnerbuehnen.de.id: No such file or directory
<?xml version="1.0" encoding="UTF-8"?><methodResponse><params><param><value><struct><member><name>code</name><value><int>2005</int></value></member><member><name>msg</name><value><string>Parameter value syntax error</string></value></member><member><name>reasonCode</name><value><string>INVALID_ID</string></value></member><member><name>reason</name><value><string>The following parameter is invalid: id</string></value></member><member><name>details</name><value><array><data><va lue><struct><member><name>code</name><value><string>PARAM_INVALID</string></value></member><member><name>msg</name><value><string>The parameter '' is invalid</string></value></member></struct></value></data></array></value></member><member><name>svTRID</name><value><string>20180604-579071460</string></value></member><member><name>runtime</name><value><double>0.015500</double></value></member></struct></value></param></params></methodResponse>

@mythfx
Copy link

mythfx commented Nov 6, 2018

Same error for me, is there a fix?

Hi, we encounter errors when we try to apply newly for an existing certificate with -x (force). Also, the records are not deleted automatically after the certificates are generated.

cat: /tmp/inwx-acme/diemuenchnerbuehnen.de.id: No such file or directory
<?xml version="1.0" encoding="UTF-8"?><methodResponse><params><param><value><struct><member><name>code</name><value><int>2005</int></value></member><member><name>msg</name><value><string>Parameter value syntax error</string></value></member><member><name>reasonCode</name><value><string>INVALID_ID</string></value></member><member><name>reason</name><value><string>The following parameter is invalid: id</string></value></member><member><name>details</name><value><array><data><va lue><struct><member><name>code</name><value><string>PARAM_INVALID</string></value></member><member><name>msg</name><value><string>The parameter '' is invalid</string></value></member></struct></value></data></array></value></member><member><name>svTRID</name><value><string>20180604-579071460</string></value></member><member><name>runtime</name><value><double>0.015500</double></value></member></struct></value></param></params></methodResponse>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment