UnixSage/CertBotNearlyFreeSpeechAuthHook.sh

## CertBotNearlyFreeSpeechAuthHook.sh
#!/bin/bash

API_KEY="##NFS-API-KEY##"
LOGIN="##NFS-USER##"

updatedns() {
    OLDDATA=`dig @${NAMESERVER} -t txt +noall +answer ${DNSRECORD}.${CERTBOT_DOMAIN} | awk '{gsub("\"",""); print $5}'`

    for FUNCTION in removeRR addRR ; do
        echo "Running ${FUNCTION}"

        TIMESTAMP=$(date +%s)
        SALT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 16)
        REQUEST_URI="/dns/${BASEDOMAIN}/$FUNCTION"

        if [ ${FUNCTION} == "addRR" ] ; then
            BODY="name=${DNSRECORD}&data=${CERTBOT_VALIDATION}&ttl=300&type=TXT"
        else
            BODY="name=${DNSRECORD}&data=${OLDDATA}&type=TXT"
        fi

        BODY_HASH=$(printf "%s" "${BODY}" | sha1sum | awk '{print $1}')
        HASH_STRING=$(printf "%s" "${LOGIN};${TIMESTAMP};${SALT};${API_KEY};${REQUEST_URI};${BODY_HASH}")
        HASH=$(printf "%s" "${HASH_STRING}" | sha1sum | awk '{print $1}')

        curl -s -X POST -H "X-NFSN-Authentication: ${LOGIN};${TIMESTAMP};${SALT};${HASH}" \
        -d "${BODY}" "https://api.nearlyfreespeech.net${REQUEST_URI}"

    done
}

if [ -z ${CERTBOT_DOMAIN} ] || [ -z ${CERTBOT_VALIDATION} ] ; then
    echo "Missing Parameters from CertBot"
    exit 1
fi

BASEDOMAIN=`echo ${CERTBOT_DOMAIN} | awk -F. '{OFS="."; print $(NF-1),$(NF)}'`
SUBDOMAIN=`echo ${CERTBOT_DOMAIN} | sed -e 's/'${BASEDOMAIN}'//' -e 's/\.$//'`

if [ -z ${SUBDOMAIN} ] ; then
    DNSRECORD="_acme-challenge"
else
    DNSRECORD="_acme-challenge.${SUBDOMAIN}"
fi

NAMESERVER=`dig -t ns +noall +answer ${BASEDOMAIN} | awk 'NR==1{print $5}'`

updatedns

echo "Testing Validation Record"
TRY=0
while [ $TRY -ne 12 ] ; do
    CURRENT_DATA=`dig @${NAMESERVER} -t txt +noall +answer ${DNSRECORD}.${BASEDOMAIN} | awk '{gsub("\"",""); print $5}'`

    if [ ! -z ${CURRENT_DATA} ] ; then
        if [ ${CURRENT_DATA} == ${CERTBOT_VALIDATION} ] ; then
            echo Succeeded: ${CERTBOT_DOMAIN}
            exit 0
        fi
    fi
    let TRY=$TRY+1
    sleep 5
done

echo Domain: ${CERTBOT_DOMAIN}
echo "Validation Timed Out"
exit 1
	#!/bin/bash

	API_KEY="##NFS-API-KEY##"
	LOGIN="##NFS-USER##"

	updatedns() {
	OLDDATA=`dig @${NAMESERVER} -t txt +noall +answer ${DNSRECORD}.${CERTBOT_DOMAIN} \| awk '{gsub("\"",""); print $5}'`

	for FUNCTION in removeRR addRR ; do
	echo "Running ${FUNCTION}"

	TIMESTAMP=$(date +%s)
	SALT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom \| head -c 16)
	REQUEST_URI="/dns/${BASEDOMAIN}/$FUNCTION"

	if [ ${FUNCTION} == "addRR" ] ; then
	BODY="name=${DNSRECORD}&data=${CERTBOT_VALIDATION}&ttl=300&type=TXT"
	else
	BODY="name=${DNSRECORD}&data=${OLDDATA}&type=TXT"
	fi

	BODY_HASH=$(printf "%s" "${BODY}" \| sha1sum \| awk '{print $1}')
	HASH_STRING=$(printf "%s" "${LOGIN};${TIMESTAMP};${SALT};${API_KEY};${REQUEST_URI};${BODY_HASH}")
	HASH=$(printf "%s" "${HASH_STRING}" \| sha1sum \| awk '{print $1}')

	curl -s -X POST -H "X-NFSN-Authentication: ${LOGIN};${TIMESTAMP};${SALT};${HASH}" \
	-d "${BODY}" "https://api.nearlyfreespeech.net${REQUEST_URI}"

	done
	}

	if [ -z ${CERTBOT_DOMAIN} ] \|\| [ -z ${CERTBOT_VALIDATION} ] ; then
	echo "Missing Parameters from CertBot"
	exit 1
	fi

	BASEDOMAIN=`echo ${CERTBOT_DOMAIN} \| awk -F. '{OFS="."; print $(NF-1),$(NF)}'`
	SUBDOMAIN=`echo ${CERTBOT_DOMAIN} \| sed -e 's/'${BASEDOMAIN}'//' -e 's/\.$//'`

	if [ -z ${SUBDOMAIN} ] ; then
	DNSRECORD="_acme-challenge"
	else
	DNSRECORD="_acme-challenge.${SUBDOMAIN}"
	fi

	NAMESERVER=`dig -t ns +noall +answer ${BASEDOMAIN} \| awk 'NR==1{print $5}'`

	updatedns

	echo "Testing Validation Record"
	TRY=0
	while [ $TRY -ne 12 ] ; do
	CURRENT_DATA=`dig @${NAMESERVER} -t txt +noall +answer ${DNSRECORD}.${BASEDOMAIN} \| awk '{gsub("\"",""); print $5}'`

	if [ ! -z ${CURRENT_DATA} ] ; then
	if [ ${CURRENT_DATA} == ${CERTBOT_VALIDATION} ] ; then
	echo Succeeded: ${CERTBOT_DOMAIN}
	exit 0
	fi
	fi
	let TRY=$TRY+1
	sleep 5
	done

	echo Domain: ${CERTBOT_DOMAIN}
	echo "Validation Timed Out"
	exit 1