| #!/usr/bin/env ruby | |
| require 'aws-sdk' | |
| require 'pry' | |
| require 'awesome_print' | |
| # ------------------------------------------------------------------------------ | |
| # Credentials | |
| # ------------------------------------------------------------------------------ | |
| # pick up AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY by default from | |
| # environment | |
| Aws.config.update({ | |
| region: 'us-west-2', | |
| }) | |
| # ------------------------------------------------------------------------------ | |
| def setup_dns(domain, txt_challenge) | |
| route53 = Aws::Route53::Client.new() | |
| hosted_zone = route53.list_hosted_zones_by_name( | |
| {dns_name: "#{domain}."}).hosted_zones[0] | |
| changes = [] | |
| changes << { | |
| action: "UPSERT", | |
| resource_record_set: { | |
| name: "_acme-challenge.#{domain}.", | |
| type: "TXT", | |
| ttl: 60, | |
| resource_records: [ | |
| value: "\"#{txt_challenge}\"", | |
| ], | |
| }, | |
| } | |
| resp = route53.change_resource_record_sets({ | |
| hosted_zone_id: hosted_zone.id, | |
| change_batch: { | |
| changes: changes, | |
| }, | |
| }) | |
| ap resp | |
| sleep 10 | |
| end | |
| def delete_dns(domain, txt_challenge) | |
| route53 = Aws::Route53::Client.new() | |
| hosted_zone = route53.list_hosted_zones_by_name( | |
| {dns_name: "#{domain}."}).hosted_zones[0] | |
| changes = [] | |
| changes << { | |
| action: "DELETE", | |
| resource_record_set: { | |
| name: "_acme-challenge.#{domain}.", | |
| type: "TXT", | |
| ttl: 60, | |
| resource_records: [ | |
| value: "\"#{txt_challenge}\"", | |
| ], | |
| }, | |
| } | |
| resp = route53.change_resource_record_sets({ | |
| hosted_zone_id: hosted_zone.id, | |
| change_batch: { | |
| changes: changes, | |
| }, | |
| }) | |
| ap resp | |
| sleep 10 | |
| end | |
| if __FILE__ == $0 | |
| hook_stage = ARGV[0] | |
| domain = ARGV[1] | |
| txt_challenge = ARGV[3] | |
| puts hook_stage | |
| puts domain | |
| puts txt_challenge | |
| if hook_stage == "deploy_challenge" | |
| setup_dns(domain, txt_challenge) | |
| elsif hook_stage == "clean_challenge" | |
| delete_dns(domain, txt_challenge) | |
| end | |
| end |
tache
commented
Mar 1, 2016
|
I updated your gist in my fork to allow for subdomains. |
ShruthiPitta
commented
Jul 7, 2016
|
Tried this hook with letsencrypt.sh. Looks like there is an issue when it runs with the latest version of awesome_print(1.7.0). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
spensaurus commentedFeb 19, 2016
This script works great if you are trying to issue a certificate for your hosted zone exactly (e.g. my hosted zone in AWS is example.net and I want a certificate for example.net) but it fails if you want a certificate for a subdomain (e.g. sub.example.net).
The problem is on lines 19 and 45 where it uses the domain name to search for the hosted zone. As a quick patch I just hardcoded the zone I needed and it worked great. Thanks.