eldondev/CertBotNearlyFreeSpeechAuthHook.sh

## CertBotNearlyFreeSpeechAuthHook.sh
#!/bin/bash

exec 19>/tmp/"${CERTBOT_DOMAIN}"."$(date +%F-%s)".certbot.log
export BASH_XTRACEFD=19
set -x

API_KEY="##NFS-API-KEY##"
LOGIN="##NFS-USER##"

updatedns() {
    OLDDATA=$(dig @"${NAMESERVER}" -t txt +noall +answer "${DNSRECORD}"."${CERTBOT_DOMAIN}" | awk '{gsub("\"",""); print $5}')

    for FUNCTION in removeRR addRR ; do
        echo "Running ${FUNCTION}"

        TIMESTAMP=$(date +%s)
        SALT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 16)
        REQUEST_URI="/dns/${BASEDOMAIN}/$FUNCTION"

        if [ ${FUNCTION} == "addRR" ] ; then
            BODY="name=${DNSRECORD}&data=${CERTBOT_VALIDATION}&ttl=300&type=TXT"
        else
            BODY="name=${DNSRECORD}&data=${OLDDATA}&type=TXT"
        fi

        BODY_HASH=$(printf "%s" "${BODY}" | sha1sum | awk '{print $1}')
        HASH_STRING=$(printf "%s" "${LOGIN};${TIMESTAMP};${SALT};${API_KEY};${REQUEST_URI};${BODY_HASH}")
        HASH=$(printf "%s" "${HASH_STRING}" | sha1sum | awk '{print $1}')

        curl -s -X POST -H "X-NFSN-Authentication: ${LOGIN};${TIMESTAMP};${SALT};${HASH}" \
        -d "${BODY}" "https://api.nearlyfreespeech.net${REQUEST_URI}"

    done
}

if [ -z "${CERTBOT_DOMAIN}" ] || [ -z "${CERTBOT_VALIDATION}" ] ; then
    echo "Missing Parameters from CertBot"
    exit 1
fi

BASEDOMAIN=$(echo "${CERTBOT_DOMAIN}" | awk -F. '{OFS="."; print $(NF-1),$(NF)}')
SUBDOMAIN=$(echo "${CERTBOT_DOMAIN}" | sed -e 's/'"${BASEDOMAIN}"'//' -e 's/\.$//')

if [ -z "${SUBDOMAIN}" ] ; then
    DNSRECORD="_acme-challenge"
else
    DNSRECORD="_acme-challenge.${SUBDOMAIN}"
fi

NAMESERVER=$(dig -t ns +noall +answer "${BASEDOMAIN}" | awk 'NR==1{print $5}')

updatedns

echo "Testing Validation Record"
TRY=0
while [ $TRY -ne 12 ] ; do
    CURRENT_DATA=$(dig @"${NAMESERVER}" -t txt +noall +answer "${DNSRECORD}"."${BASEDOMAIN}" | awk '{gsub("\"",""); print $5}')

    if [ ! -z "${CURRENT_DATA}" ] ; then
	    if [ "$(echo "${CURRENT_DATA}" | grep -o "${CERTBOT_VALIDATION}")" == "${CERTBOT_VALIDATION}" ] ; then
            echo Succeeded: "${CERTBOT_DOMAIN}"
            exit 0
        fi
    fi
    let TRY=$TRY+1
    sleep 5
done

echo Domain: "${CERTBOT_DOMAIN}"
echo "Validation Timed Out"
exit 1
	#!/bin/bash

	exec 19>/tmp/"${CERTBOT_DOMAIN}"."$(date +%F-%s)".certbot.log
	export BASH_XTRACEFD=19
	set -x

	API_KEY="##NFS-API-KEY##"
	LOGIN="##NFS-USER##"

	updatedns() {
	OLDDATA=$(dig @"${NAMESERVER}" -t txt +noall +answer "${DNSRECORD}"."${CERTBOT_DOMAIN}" \| awk '{gsub("\"",""); print $5}')

	for FUNCTION in removeRR addRR ; do
	echo "Running ${FUNCTION}"

	TIMESTAMP=$(date +%s)
	SALT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom \| head -c 16)
	REQUEST_URI="/dns/${BASEDOMAIN}/$FUNCTION"

	if [ ${FUNCTION} == "addRR" ] ; then
	BODY="name=${DNSRECORD}&data=${CERTBOT_VALIDATION}&ttl=300&type=TXT"
	else
	BODY="name=${DNSRECORD}&data=${OLDDATA}&type=TXT"
	fi

	BODY_HASH=$(printf "%s" "${BODY}" \| sha1sum \| awk '{print $1}')
	HASH_STRING=$(printf "%s" "${LOGIN};${TIMESTAMP};${SALT};${API_KEY};${REQUEST_URI};${BODY_HASH}")
	HASH=$(printf "%s" "${HASH_STRING}" \| sha1sum \| awk '{print $1}')

	curl -s -X POST -H "X-NFSN-Authentication: ${LOGIN};${TIMESTAMP};${SALT};${HASH}" \
	-d "${BODY}" "https://api.nearlyfreespeech.net${REQUEST_URI}"

	done
	}

	if [ -z "${CERTBOT_DOMAIN}" ] \|\| [ -z "${CERTBOT_VALIDATION}" ] ; then
	echo "Missing Parameters from CertBot"
	exit 1
	fi

	BASEDOMAIN=$(echo "${CERTBOT_DOMAIN}" \| awk -F. '{OFS="."; print $(NF-1),$(NF)}')
	SUBDOMAIN=$(echo "${CERTBOT_DOMAIN}" \| sed -e 's/'"${BASEDOMAIN}"'//' -e 's/\.$//')

	if [ -z "${SUBDOMAIN}" ] ; then
	DNSRECORD="_acme-challenge"
	else
	DNSRECORD="_acme-challenge.${SUBDOMAIN}"
	fi

	NAMESERVER=$(dig -t ns +noall +answer "${BASEDOMAIN}" \| awk 'NR==1{print $5}')

	updatedns

	echo "Testing Validation Record"
	TRY=0
	while [ $TRY -ne 12 ] ; do
	CURRENT_DATA=$(dig @"${NAMESERVER}" -t txt +noall +answer "${DNSRECORD}"."${BASEDOMAIN}" \| awk '{gsub("\"",""); print $5}')

	if [ ! -z "${CURRENT_DATA}" ] ; then
	if [ "$(echo "${CURRENT_DATA}" \| grep -o "${CERTBOT_VALIDATION}")" == "${CERTBOT_VALIDATION}" ] ; then
	echo Succeeded: "${CERTBOT_DOMAIN}"
	exit 0
	fi
	fi
	let TRY=$TRY+1
	sleep 5
	done

	echo Domain: "${CERTBOT_DOMAIN}"
	echo "Validation Timed Out"
	exit 1