Last active
February 23, 2023 11:06
-
-
Save bilhackmac/0a8dffa26b21019de0385b20db70ac68 to your computer and use it in GitHub Desktop.
ACME DNS01 challenge script for HTTPD mod_md MDChallengeDns01 directive — OVH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| # Env vars OVH_API_APP_KEY is required in any case | |
| # Env vars OVH_API_APP_SECRET and OVH_API_CONSUMER_KEY are required for setup and teardown | |
| OVH_API_URL=${OVH_API_URL:-"https://api.ovh.com/1.0"} | |
| ovhTS() { | |
| curl -s "${OVH_API_URL}/auth/time" | |
| } | |
| request() { | |
| local ts="$(ovhTS)" | |
| local clearSig="${OVH_API_APP_SECRET}+${OVH_API_CONSUMER_KEY}+${1}+${OVH_API_URL}${2}+${3}+${ts}" | |
| local sig=$(echo "\$1\$$(echo -n "${clearSig}" | sha1sum - | cut -d " " -f1)") | |
| curl -sX${1} \ | |
| -H "Content-Type: application/json;charset=utf-8" \ | |
| -H "X-Ovh-Application: ${OVH_API_APP_KEY}" \ | |
| -H "X-Ovh-Consumer: ${OVH_API_CONSUMER_KEY}" \ | |
| -H "X-Ovh-Signature: ${sig}" \ | |
| -H "X-Ovh-Timestamp: ${ts}" \ | |
| -d "${3}" \ | |
| "${OVH_API_URL}${2}" | |
| } | |
| requestNoAuth() { | |
| local ts="$(ovhTS)" | |
| curl -sX${1} \ | |
| -H "Content-Type: application/json;charset=utf-8" \ | |
| -H "X-Ovh-Application: ${OVH_API_APP_KEY}" \ | |
| -H "X-Ovh-Timestamp: ${ts}" \ | |
| -d "${3}" \ | |
| "${OVH_API_URL}${2}" | |
| } | |
| domain() { | |
| if [ "acme-dns01-ovh-tld" = $(basename "${0}") ]; then | |
| echo "${1}" | awk 'BEGIN { FS=OFS="." } { print $(NF-1), $NF }' | |
| else | |
| echo "${1}" | awk 'BEGIN { FS=OFS="." } { print $(NF-2), $(NF-1), $NF }' | |
| fi | |
| } | |
| subDomainSuffix() { | |
| local subDomain | |
| if [ "acme-dns01-ovh-tld" = $(basename "${0}") ]; then | |
| subDomain=$(echo "${1}" | awk 'BEGIN { FS=OFS="." } { NF=NF-2; print }') | |
| else | |
| subDomain=$(echo "${1}" | awk 'BEGIN { FS=OFS="." } { NF=NF-3; print }') | |
| fi | |
| test -n "${subDomain}" && subDomain=.${subDomain} | |
| echo ${subDomain} | |
| } | |
| setup() { | |
| ${0} teardown "${@}" | |
| local domain=$(domain "${1}") | |
| local subDomainSuffix=$(subDomainSuffix "${1}") | |
| request POST "/domain/zone/${domain}/record" "{\"fieldType\": \"TXT\",\"subDomain\": \"_acme-challenge${subDomainSuffix}\",\"target\": \"${2}\"}" > /dev/null | |
| request POST "/domain/zone/${domain}/refresh" > /dev/null | |
| } | |
| teardown() { | |
| local domain=$(domain "${1}") | |
| local subDomainSuffix=$(subDomainSuffix "${1}") | |
| records="$(request GET "/domain/zone/${domain}/record?fieldType=TXT&subDomain=_acme-challenge${subDomainSuffix}" | jq -r .[])" | |
| for record in $records; do | |
| request DELETE "/domain/zone/${domain}/record/${record}" > /dev/null | |
| done | |
| request POST "/domain/zone/${domain}/refresh" > /dev/null | |
| } | |
| credential() { | |
| local domain=$(domain "${1}") | |
| requestNoAuth POST '/auth/credential' "{\"accessRules\": [{\"method\": \"GET\",\"path\": \"/domain/zone/${domain}/record\"},{\"method\": \"DELETE\",\"path\": \"/domain/zone/${domain}/record/*\"},{\"method\": \"POST\",\"path\": \"/domain/zone/${domain}/record\"},{\"method\": \"POST\",\"path\": \"/domain/zone/${domain}/refresh\"}]}" | |
| echo | |
| } | |
| call=${1} | |
| shift | |
| ${call} "${@}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment