Skip to content

Instantly share code, notes, and snippets.

@UnixSage
Last active May 8, 2021 05:59
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save UnixSage/dbb2b1e2d833b13aa908bda657fb961b to your computer and use it in GitHub Desktop.
Drop in script for CertBot's --manual-auth-hook switch for DNS Hosted at NearlyFreeSpeech.com
#!/bin/bash
API_KEY="##NFS-API-KEY##"
LOGIN="##NFS-USER##"
updatedns() {
OLDDATA=`dig @${NAMESERVER} -t txt +noall +answer ${DNSRECORD}.${CERTBOT_DOMAIN} | awk '{gsub("\"",""); print $5}'`
for FUNCTION in removeRR addRR ; do
echo "Running ${FUNCTION}"
TIMESTAMP=$(date +%s)
SALT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 16)
REQUEST_URI="/dns/${BASEDOMAIN}/$FUNCTION"
if [ ${FUNCTION} == "addRR" ] ; then
BODY="name=${DNSRECORD}&data=${CERTBOT_VALIDATION}&ttl=300&type=TXT"
else
BODY="name=${DNSRECORD}&data=${OLDDATA}&type=TXT"
fi
BODY_HASH=$(printf "%s" "${BODY}" | sha1sum | awk '{print $1}')
HASH_STRING=$(printf "%s" "${LOGIN};${TIMESTAMP};${SALT};${API_KEY};${REQUEST_URI};${BODY_HASH}")
HASH=$(printf "%s" "${HASH_STRING}" | sha1sum | awk '{print $1}')
curl -s -X POST -H "X-NFSN-Authentication: ${LOGIN};${TIMESTAMP};${SALT};${HASH}" \
-d "${BODY}" "https://api.nearlyfreespeech.net${REQUEST_URI}"
done
}
if [ -z ${CERTBOT_DOMAIN} ] || [ -z ${CERTBOT_VALIDATION} ] ; then
echo "Missing Parameters from CertBot"
exit 1
fi
BASEDOMAIN=`echo ${CERTBOT_DOMAIN} | awk -F. '{OFS="."; print $(NF-1),$(NF)}'`
SUBDOMAIN=`echo ${CERTBOT_DOMAIN} | sed -e 's/'${BASEDOMAIN}'//' -e 's/\.$//'`
if [ -z ${SUBDOMAIN} ] ; then
DNSRECORD="_acme-challenge"
else
DNSRECORD="_acme-challenge.${SUBDOMAIN}"
fi
NAMESERVER=`dig -t ns +noall +answer ${BASEDOMAIN} | awk 'NR==1{print $5}'`
updatedns
echo "Testing Validation Record"
TRY=0
while [ $TRY -ne 12 ] ; do
CURRENT_DATA=`dig @${NAMESERVER} -t txt +noall +answer ${DNSRECORD}.${BASEDOMAIN} | awk '{gsub("\"",""); print $5}'`
if [ ! -z ${CURRENT_DATA} ] ; then
if [ ${CURRENT_DATA} == ${CERTBOT_VALIDATION} ] ; then
echo Succeeded: ${CERTBOT_DOMAIN}
exit 0
fi
fi
let TRY=$TRY+1
sleep 5
done
echo Domain: ${CERTBOT_DOMAIN}
echo "Validation Timed Out"
exit 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment