auth

#!/usr/bin/env php
<?php

require __DIR__ . DIRECTORY_SEPARATOR . 'Certbot.php';

exit(Certbot::make(getenv('CERTBOT_DOMAIN'))->auth(getenv('CERTBOT_VALIDATION')));

Certbot.php

<?php

/**
 * Class Certbot
 */
class Certbot
{
    /**
     * @var self
     */
    private static $instance;
    protected $domain;
    protected $configFile = __DIR__ . DIRECTORY_SEPARATOR . 'config.json';
    protected $config;

    /**
     * Certbot constructor.
     *
     * @param $domain
     */
    protected function __construct($domain)
    {
        $this->domain = preg_match('/(?:.*\.)?(.*\..*)/', $domain, $matches) ? $matches[1] : $domain;
        $this->setConfig();
    }

    /**
     * @param null $configFile
     *
     * @return \Certbot
     */
    public function setConfig($configFile = null): self
    {
        $json = '{}';

        switch (true) {
            case file_exists($configFile):
                $json = file_get_contents($configFile);
                break;
            case file_exists($this->configFile):
                $json = file_get_contents($this->configFile);
                break;
        }

        $this->config = json_decode($json, true);

        return $this;
    }

    /**
     * @param $domain
     *
     * @return \Certbot
     */
    final public static function make($domain): self
    {
        if (static::$instance === null) {
            static::$instance = new static($domain);
        }

        return static::$instance;
    }

    /**
     * @return int
     */
    public function cleanup(): int
    {
        $xml = $this->call('get_domain_records');

        if ($xml->domains->error == 'ok') {
            $records = $xml->domains->domain->response->record;
            foreach ($records as $record) {
                if ($record['type'] == 'TXT' && $record['subdomain'] == '_acme-challenge') {
                    $this->call('delete_record', ['record_id' => (int)$record['id']]);
                }
            }
            return 0;
        }

        return 1;
    }

    /**
     * @param string $method
     * @param array $params
     *
     * @return \SimpleXMLElement
     */
    protected function call(string $method, array $params = []): \SimpleXMLElement
    {
        $params += [
            'domain' => $this->domain,
            'token' => $this->config[$this->domain],
        ];

        $url = 'https://pddimp.yandex.ru/nsapi/' . $method . '.xml?' . http_build_query($params);

        $curl = curl_init($url);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($curl);
        curl_close($curl);

        file_put_contents('/tmp/logl.log', print_r([$url, $response], true));

        return simplexml_load_string($response, null, 0);
    }

    /**
     * @param string $validation
     *
     * @return int
     */
    public function auth(string $validation): int
    {
        $xml = $this->call(
            'add_txt_record',
            [
                'subdomain' => '_acme-challenge',
                'ttl' => 900,
                'content' => $validation,
            ]
        );

        return $xml->domains->error != 'ok';
    }
}

cleanup

#!/usr/bin/env php
<?php

require __DIR__ . DIRECTORY_SEPARATOR . 'Certbot.php';

exit(Certbot::make(getenv('CERTBOT_DOMAIN'))->cleanup());

commmand

sudo /lib/letsencrypt/letsencrypt-auto certonly \
  --manual-public-ip-logging-ok \
  --agree-tos \
  --email z700i@ya.ru \
  --renew-by-default \
  -d finag.in \
  -d *.finag.in \
  --manual \
  --manual-auth-hook /lib/certbot-dns-pddyandex/auth \
  --manual-cleanup-hook /lib/certbot-dns-pddyandex/cleanup \
  --preferred-challenges dns-01 \
  --server https://acme-v02.api.letsencrypt.org/directory

config.json

{
  "example.com": "YANDEX_PDD_API_KEY",
  "domain.com": "YANDEX_PDD_API_KEY"
}