Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save eldondev/fb5323580310b7c5781fb9a0f891bed8 to your computer and use it in GitHub Desktop.
Save eldondev/fb5323580310b7c5781fb9a0f891bed8 to your computer and use it in GitHub Desktop.
Drop in script for CertBot's --manual-auth-hook switch for DNS Hosted at NearlyFreeSpeech.com
#!/bin/bash
exec 19>/tmp/"${CERTBOT_DOMAIN}"."$(date +%F-%s)".certbot.log
export BASH_XTRACEFD=19
set -x
API_KEY="##NFS-API-KEY##"
LOGIN="##NFS-USER##"
updatedns() {
OLDDATA=$(dig @"${NAMESERVER}" -t txt +noall +answer "${DNSRECORD}"."${CERTBOT_DOMAIN}" | awk '{gsub("\"",""); print $5}')
for FUNCTION in removeRR addRR ; do
echo "Running ${FUNCTION}"
TIMESTAMP=$(date +%s)
SALT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 16)
REQUEST_URI="/dns/${BASEDOMAIN}/$FUNCTION"
if [ ${FUNCTION} == "addRR" ] ; then
BODY="name=${DNSRECORD}&data=${CERTBOT_VALIDATION}&ttl=300&type=TXT"
else
BODY="name=${DNSRECORD}&data=${OLDDATA}&type=TXT"
fi
BODY_HASH=$(printf "%s" "${BODY}" | sha1sum | awk '{print $1}')
HASH_STRING=$(printf "%s" "${LOGIN};${TIMESTAMP};${SALT};${API_KEY};${REQUEST_URI};${BODY_HASH}")
HASH=$(printf "%s" "${HASH_STRING}" | sha1sum | awk '{print $1}')
curl -s -X POST -H "X-NFSN-Authentication: ${LOGIN};${TIMESTAMP};${SALT};${HASH}" \
-d "${BODY}" "https://api.nearlyfreespeech.net${REQUEST_URI}"
done
}
if [ -z "${CERTBOT_DOMAIN}" ] || [ -z "${CERTBOT_VALIDATION}" ] ; then
echo "Missing Parameters from CertBot"
exit 1
fi
BASEDOMAIN=$(echo "${CERTBOT_DOMAIN}" | awk -F. '{OFS="."; print $(NF-1),$(NF)}')
SUBDOMAIN=$(echo "${CERTBOT_DOMAIN}" | sed -e 's/'"${BASEDOMAIN}"'//' -e 's/\.$//')
if [ -z "${SUBDOMAIN}" ] ; then
DNSRECORD="_acme-challenge"
else
DNSRECORD="_acme-challenge.${SUBDOMAIN}"
fi
NAMESERVER=$(dig -t ns +noall +answer "${BASEDOMAIN}" | awk 'NR==1{print $5}')
updatedns
echo "Testing Validation Record"
TRY=0
while [ $TRY -ne 12 ] ; do
CURRENT_DATA=$(dig @"${NAMESERVER}" -t txt +noall +answer "${DNSRECORD}"."${BASEDOMAIN}" | awk '{gsub("\"",""); print $5}')
if [ ! -z "${CURRENT_DATA}" ] ; then
if [ "$(echo "${CURRENT_DATA}" | grep -o "${CERTBOT_VALIDATION}")" == "${CERTBOT_VALIDATION}" ] ; then
echo Succeeded: "${CERTBOT_DOMAIN}"
exit 0
fi
fi
let TRY=$TRY+1
sleep 5
done
echo Domain: "${CERTBOT_DOMAIN}"
echo "Validation Timed Out"
exit 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment