Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Replace Bitwarden's run.sh default certbot HTTP challenge method with dns-cloudflare
*** run.sh 2020-07-09 00:18:13.829515273 -0400
--- bwdata/scripts/run.sh 2020-07-09 00:18:06.925540167 -0400
*************** function install() {
*** 68,78 ****
read EMAIL
echo ""
mkdir -p $OUTPUT_DIR/letsencrypt
! docker pull certbot/certbot
! docker run -it --rm --name certbot -p 80:80 -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
! certonly --standalone --noninteractive --agree-tos --preferred-challenges http \
! --email $EMAIL -d $DOMAIN --logs-dir /etc/letsencrypt/logs
fi
fi
--- 68,101 ----
read EMAIL
echo ""
+ echo -e -n "${CYAN}(!)${NC} Enter your CloudFlare email address: "
+ read CFEMAIL
+ echo ""
+
+ echo -e -n "${CYAN}(!)${NC} Enter your CloudFlare API key: "
+ read CFAPI
+ echo ""
+
+ mkdir -p "$ENV_DIR"
+ touch "$ENV_DIR/cloudflare.ini"
+ chmod 600 "$ENV_DIR/cloudflare.ini"
+ echo "dns_cloudflare_email = $CFEMAIL" > "$ENV_DIR/cloudflare.ini"
+ echo "dns_cloudflare_api_key = $CFAPI" >> "$ENV_DIR/cloudflare.ini"
+
mkdir -p $OUTPUT_DIR/letsencrypt
! docker run -ti --rm \
! -v "$OUTPUT_DIR/letsencrypt:/etc/letsencrypt/" \
! -v "$ENV_DIR/cloudflare.ini:/cloudflare.ini" \
! certbot/dns-cloudflare:latest \
! certonly \
! --dns-cloudflare \
! --dns-cloudflare-credentials "/cloudflare.ini" \
! -d "$DOMAIN" \
! --email "$EMAIL" \
! --agree-tos \
! --logs-dir /etc/letsencrypt/logs \
! --server https://acme-v02.api.letsencrypt.org/directory
!
fi
fi
*************** function dockerPrune() {
*** 141,160 ****
function updateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
! docker pull certbot/certbot
! docker run -i --rm --name certbot -p 443:443 -p 80:80 \
! -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
! renew --logs-dir /etc/letsencrypt/logs
fi
}
function forceUpdateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
! docker pull certbot/certbot
! docker run -i --rm --name certbot -p 443:443 -p 80:80 \
! -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
! renew --logs-dir /etc/letsencrypt/logs --force-renew
fi
}
--- 164,194 ----
function updateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
! docker run -ti --rm \
! -v "$OUTPUT_DIR/letsencrypt:/etc/letsencrypt/" \
! -v "$ENV_DIR/cloudflare.ini:/cloudflare.ini" \
! certbot/dns-cloudflare:latest \
! renew \
! --dns-cloudflare \
! --dns-cloudflare-credentials /cloudflare.ini \
! --logs-dir /etc/letsencrypt/logs
!
fi
}
function forceUpdateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
! docker run -ti --rm \
! -v "$OUTPUT_DIR/letsencrypt:/etc/letsencrypt/" \
! -v "$ENV_DIR/cloudflare.ini:/cloudflare.ini" \
! certbot/dns-cloudflare:latest \
! renew \
! --dns-cloudflare \
! --dns-cloudflare-credentials /cloudflare.ini \
! --logs-dir /etc/letsencrypt/logs \
! --force-renew
!
fi
}
@espro

This comment has been minimized.

Copy link
Owner Author

@espro espro commented Jul 9, 2020

This applies against ~/bwdata/scripts/run.sh. You'll likely need to run ./bitwarden.sh install to generate the initial downloads. After patching you'll need to comment out any calls to downloadRunFile in bitwarden.sh as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment