Forked from grzr/hook-dns-01-lets-encrypt-route53.py
Last active
February 8, 2018 03:34
-
-
Save ahnooie/42c08f06e6bfe1917be3a3c5586e7441 to your computer and use it in GitHub Desktop.
Python 3 script to use as a hook for the letsencrypt.sh client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # How to use: | |
| # | |
| # LE_HOSTED_ZONE=XXXXXX LE_AWS_PROFILE=dns-access ./letsencrypt.sh --cron --domain example.org --challenge dns-01 --hook /tmp/hook-dns-01-lets-encrypt-route53.py | |
| # | |
| # More info about letsencrypt.sh: https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks | |
| # Using AWS Profiles: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles | |
| # Obtaining your Hosted Zone ID from Route 53: http://docs.aws.amazon.com/cli/latest/reference/route53/list-hosted-zones-by-name.html | |
| # modules declaration | |
| import os | |
| import sys | |
| import boto3 | |
| from time import sleep | |
| if 'LE_HOSTED_ZONE' not in os.environ: | |
| raise Exception("Environment variable LE_HOSTED_ZONE not defined") | |
| if 'LE_AWS_PROFILE' not in os.environ: | |
| raise Exception("Environment variable LE_AWS_PROFILE not defined") | |
| # declaring variables | |
| aws_profile = os.environ['LE_AWS_PROFILE'] | |
| hosted_zone_id = os.environ['LE_HOSTED_ZONE'] | |
| def setup_dns(domain, txt_challenge): | |
| global aws_profile | |
| global hosted_zone_id | |
| session = boto3.Session(profile_name=aws_profile) | |
| client = session.client("route53") | |
| resp = client.change_resource_record_sets( | |
| HostedZoneId=hosted_zone_id, | |
| ChangeBatch={ | |
| 'Changes': [{ | |
| 'Action': 'UPSERT', | |
| 'ResourceRecordSet': { | |
| 'Name': '_acme-challenge.{0}'.format(domain), | |
| 'Type': 'TXT', | |
| 'TTL': 60, | |
| 'ResourceRecords': [{ | |
| 'Value': '"{0}"'.format(txt_challenge) | |
| }] | |
| } | |
| }] | |
| } | |
| ) | |
| # wait 30 seconds for DNS update | |
| sleep(30) | |
| def delete_dns(domain, txt_challenge): | |
| global aws_profile | |
| global hosted_zone_id | |
| session = boto3.Session(profile_name=aws_profile) | |
| client = session.client("route53") | |
| resp = client.change_resource_record_sets( | |
| HostedZoneId=hosted_zone_id, | |
| ChangeBatch={ | |
| 'Changes': [{ | |
| 'Action': 'DELETE', | |
| 'ResourceRecordSet': { | |
| 'Name': '_acme-challenge.{0}'.format(domain), | |
| 'Type': 'TXT', | |
| 'TTL': 60, | |
| 'ResourceRecords': [{ | |
| 'Value': '"{0}"'.format(txt_challenge) | |
| }] | |
| } | |
| }] | |
| } | |
| ) | |
| if __name__ == "__main__": | |
| hook = sys.argv[1] | |
| if hook == 'exit_hook': | |
| sys.exit(0) | |
| # domain = sys.argv[2] | |
| # txt_challenge = sys.argv[4] | |
| if len(sys.argv) > 2: | |
| domain = sys.argv[2] | |
| txt_challenge = sys.argv[4] | |
| else: | |
| domain = None | |
| txt_challenge = None | |
| print(hook) | |
| print(domain) | |
| print(txt_challenge) | |
| if hook == "deploy_challenge": | |
| setup_dns(domain, txt_challenge) | |
| elif hook == "clean_challenge": | |
| delete_dns(domain, txt_challenge) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment