Letsencrypt certbot authenticator for Zuver domain registrar - supports wildcard certificates via the DNS challenge

certbot-authenticator-zuver.sh

#!/bin/sh

COOKIE_JAR=$(mktemp)
: ${CERTBOT_DOMAIN?"Missing CERTBOT_DOMAIN env var."}
: ${CERTBOT_VALIDATION?"Missing CERTBOT_VALIDATION env var."}
: ${ZUVER_EMAIL?"Missing ZUVER_EMAIL env var."}
: ${ZUVER_PASSWORD?"Missing ZUVER_PASSWORD env var."}
: ${ZUVER_DOMAIN_HASH?"Missing ZUVER_DOMAIN_HASH env var."}
DOMAIN_PREFIX="_acme-challenge"

curl --silent \
    --output /dev/null \
    --cookie-jar $COOKIE_JAR \
    --data-raw "email=$ZUVER_EMAIL&password=$ZUVER_PASSWORD&Login=Let%27s+go%21" \
    https://my.zuver.net.au/

[ -s $COOKIE_JAR ] || die "Authentication failed."

curl --silent \
    --output /dev/null \
    --cookie $COOKIE_JAR \
    --data "dnshostname=$DOMAIN_PREFIX&dnsdest=$CERTBOT_VALIDATION&dnsttl=3600&dnsaddtxt=dnsaddtxt" \
    https://my.zuver.net.au/home/domain/$ZUVER_DOMAIN_HASH/service

echo "Added TXT record '$CERTBOT_VALIDATION' to $DOMAIN_PREFIX.$CERTBOT_DOMAIN"

die() {
    echo $1; exit 1
}

Example usage:

ZUVER_EMAIL="your@email.com" \
ZUVER_PASSWORD="your-secret-password" \
ZUVER_DOMAIN_HASH="7cklkuxAVVVVVVggggggGGGgggGZhuvPxbBplanHeW7hg57RsrQryw%253D" \
sudo -E certbot certonly --manual --manual-auth-hook certbot-authenticator-zuver.sh -n -d *.yourdomain.com.au \
--preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok

This will login as you to Zuver, add the necessary TXT record to your domain, validate it, then issue you a wildcard certificate. Add it to your monthly cron!

Note: The big ugly ZUVER_DOMAIN_HASH can be found in the URL when you visit https://my.zuver.net.au/home/domain/ and click on "Manage DNS" under the desired domain. If anyone knows how Zuver generates these base64 encoded hashes (they're probably just UUIDs) I'm all ears.

Note 2: The -E in the sudo is important, because it preserves the env vars.