inwx-acme

#!/usr/bin/bash

# Copyright (c) Joakim Reinert. All rights reserved.
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

API_URL='https://api.domrobot.com/xmlrpc/'
TMPDIR='/tmp/inwx-acme'

source "$BASEDIR/inwx-acme.auth" # contains user and pass variables

USER=$user
PASS=$pass

build_method_call() {
    local method_name=$1
    shift
    echo -n "<?xml version=\"1.0\"?>"
    echo -n "<methodCall>"
    echo -n "<methodName>$method_name</methodName>"
    echo -n "<params><param><value><struct>"

    for param in "$@"; do
        echo -n "$param"
    done

    echo -n "$(build_param "user" "$USER")"
    echo -n "$(build_param "pass" "$PASS")"

    echo -n "</struct></value></param></params>"
    echo -n "</methodCall>"
}

build_param() {
    local name=$1
    local value=$2
    local type=${3:-string}
    echo -n '<member>'
    echo -n "<name>$name</name>"
    echo -n "<value><$type>"
    if [[ "$type" = 'string' ]]; then
        echo -n "<![CDATA[$value]]>"
    else
        echo -n "$value"
    fi
    echo -n "</$type></value>"
    echo -n "</member>"
}

build_create_record_call() {
    local domain=$1
    local name=$2
    local type=$3
    local content=$4
    local ttl=3600

    build_method_call 'nameserver.createRecord' \
        "$(build_param 'domain' $domain)" \
        "$(build_param 'name' $name)" \
        "$(build_param 'type' $type)" \
        "$(build_param 'content' $content)" \
        "$(build_param 'ttl' $ttl 'int')"
}

build_list_call() {
    build_method_call 'nameserver.list'
}

build_delete_record_call() {
    local id=$1
    build_method_call 'nameserver.deleteRecord' \
        "$(build_param 'id' $id)"
}

method_call() {
    local call=$1
    local result=$(curl -s -c "$TMPDIR/cookies" -d "$call" -H 'Content-Type: text/xml' "$API_URL")
    local xpath='//methodResponse//params//member/name[text()="code"]/../value/int/text()'
    local code=$(echo "$result" | xmllint --xpath "$xpath" -)
    if [ $code = 1000 ]; then
        echo "$result"
        return 0
    else
        echo "$result" >&2
        return 1
    fi
}

deploy_challenge() {
    local domain
    local subdomain
    if [[ -z "${1/*.*.*/}" ]]; then
        domain=${1#*.}
        subdomain=${1%%.*}
    else
        domain=$1
        subdomain=''
    fi
    local token=$2

    local result=$(method_call \
        "$(build_create_record_call "$domain" "_acme-challenge.$subdomain" 'TXT' "$token")")
    local code=$?
    local xpath='//methodResponse//params//member/name[text()="id"]/../value/int/text()'
    echo "$result" | xmllint --xpath "$xpath" -
    return $code
}

clean_challenge() {
    local record_id=$1
    method_call \
        "$(build_delete_record_call "$record_id")" > /dev/null
}

mkdir -p "$TMPDIR"

case $1 in
'deploy_challenge')
    deploy_challenge "$2" "$4" > "$TMPDIR/$2.id"
    ;;
'clean_challenge')
    clean_challenge "$(cat "$TMPDIR/$2.id")" || exit 1
    rm "$TMPDIR/$2.id"
    ;;
esac

inwx-acme.auth

#!/usr/bin/bash

user='your inwx username'
pass='your inwx password'

Here is how I applied this nice script:

apt install libxml2-utils # on Debian
cd /etc/letsencrypt.sh    # where your BASEDIR is
wget https://gist.githubusercontent.com/jreinert/49aca3b5f3bf2c5d73d8/raw/inwx-acme -Oinwx-acme-hook.sh
wget https://gist.githubusercontent.com/jreinert/49aca3b5f3bf2c5d73d8/raw/inwx-acme.auth

Now uncomment CHALLENGETYPE, set it to "dns-01". In addition to that HOOK must be changed to "${BASEDIR}/inwx-acme-hook.sh"and of course your credentials need to be typed into the inwx-acme.auth.

(Just as a short tutorial for those who might wonder how to do it 😉)

Hi benediktg,

thanks for your short tut. I think you mean cd /etc/letsencrypt without .sh at the end.
Can you please tell me where I should uncomment CHALLENGETYPE? In which file? What is the command I need to use?
I've seen something like this ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly -a manual -t dns-01
but -t param is unknown. Can you please tell me what you've entered?

best regards
Steven

@ngzero:

I think you mean cd /etc/letsencrypt without .sh at the end.

The path wit .sh is correct, because /etc/letsencrypt is for the Let's Encrypt Client and /etc/letsencrypt.sh for the script by Lucas (=> https://github.com/lukas2511/letsencrypt.sh).

Can you please tell me where I should uncomment CHALLENGETYPE? In which file?

You have to uncomment it in file /etc/letsencrypt.sh/config like HOOK.

What is the command I need to use?

Put your domains you want to get certs for into $BASEDIR/domains.txt and then just use <path_to_script>/letsencrypt.sh -c

Your hook doesn't work with sub-subdomain as deploy_challenge() splits after the first dot.
Can you please look at my fixed fork at https://gist.github.com/gubiq/b444e50133c721816c67ce4913e7b231/revisions?

I think this can be useful for current and future users:

You can request a second user account via the INWX support and let them give that account restricted access rights to the API (e.g. limited to nameserver-manipulation, also different credentials for this account and no login possibility to the web-login if you want to).

Hi, we encounter errors when we try to apply newly for an existing certificate with -x (force). Also, the records are not deleted automatically after the certificates are generated.

cat: /tmp/inwx-acme/diemuenchnerbuehnen.de.id: No such file or directory
<?xml version="1.0" encoding="UTF-8"?><methodResponse><params><param><value><struct><member><name>code</name><value><int>2005</int></value></member><member><name>msg</name><value><string>Parameter value syntax error</string></value></member><member><name>reasonCode</name><value><string>INVALID_ID</string></value></member><member><name>reason</name><value><string>The following parameter is invalid: id</string></value></member><member><name>details</name><value><array><data><va lue><struct><member><name>code</name><value><string>PARAM_INVALID</string></value></member><member><name>msg</name><value><string>The parameter '' is invalid</string></value></member></struct></value></data></array></value></member><member><name>svTRID</name><value><string>20180604-579071460</string></value></member><member><name>runtime</name><value><double>0.015500</double></value></member></struct></value></param></params></methodResponse>

Same error for me, is there a fix?

Hi, we encounter errors when we try to apply newly for an existing certificate with -x (force). Also, the records are not deleted automatically after the certificates are generated.

cat: /tmp/inwx-acme/diemuenchnerbuehnen.de.id: No such file or directory
<?xml version="1.0" encoding="UTF-8"?><methodResponse><params><param><value><struct><member><name>code</name><value><int>2005</int></value></member><member><name>msg</name><value><string>Parameter value syntax error</string></value></member><member><name>reasonCode</name><value><string>INVALID_ID</string></value></member><member><name>reason</name><value><string>The following parameter is invalid: id</string></value></member><member><name>details</name><value><array><data><va lue><struct><member><name>code</name><value><string>PARAM_INVALID</string></value></member><member><name>msg</name><value><string>The parameter '' is invalid</string></value></member></struct></value></data></array></value></member><member><name>svTRID</name><value><string>20180604-579071460</string></value></member><member><name>runtime</name><value><double>0.015500</double></value></member></struct></value></param></params></methodResponse>