Last active
December 16, 2016 09:44
-
-
Save flosell/0afb2f27f3322037f04bbc5932990816 to your computer and use it in GitHub Desktop.
Python 3 script to use as a hook for the letsencrypt.sh client (without needing a profile)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# How to use: | |
# | |
# LE_HOSTED_ZONE=XXXXXX LE_AWS_PROFILE=dns-access ./letsencrypt.sh --cron --domain example.org --challenge dns-01 --hook /tmp/hook-dns-01-lets-encrypt-route53.py | |
# | |
# More info about letsencrypt.sh: https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks | |
# Using AWS Profiles: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles | |
# Obtaining your Hosted Zone ID from Route 53: http://docs.aws.amazon.com/cli/latest/reference/route53/list-hosted-zones-by-name.html | |
# modules declaration | |
import os | |
import sys | |
import boto3 | |
from time import sleep | |
if 'LE_HOSTED_ZONE' not in os.environ: | |
raise Exception("Environment variable LE_HOSTED_ZONE not defined") | |
# declaring variables | |
hosted_zone_id = os.environ['LE_HOSTED_ZONE'] | |
def setup_dns(domain, txt_challenge): | |
global aws_profile | |
global hosted_zone_id | |
session = boto3.Session() | |
client = session.client("route53") | |
resp = client.change_resource_record_sets( | |
HostedZoneId=hosted_zone_id, | |
ChangeBatch={ | |
'Changes': [{ | |
'Action': 'UPSERT', | |
'ResourceRecordSet': { | |
'Name': '_acme-challenge.{0}'.format(domain), | |
'Type': 'TXT', | |
'TTL': 60, | |
'ResourceRecords': [{ | |
'Value': '"{0}"'.format(txt_challenge) | |
}] | |
} | |
}] | |
} | |
) | |
# wait 30 seconds for DNS update | |
sleep(30) | |
def delete_dns(domain, txt_challenge): | |
global aws_profile | |
global hosted_zone_id | |
session = boto3.Session() | |
client = session.client("route53") | |
resp = client.change_resource_record_sets( | |
HostedZoneId=hosted_zone_id, | |
ChangeBatch={ | |
'Changes': [{ | |
'Action': 'DELETE', | |
'ResourceRecordSet': { | |
'Name': '_acme-challenge.{0}'.format(domain), | |
'Type': 'TXT', | |
'TTL': 60, | |
'ResourceRecords': [{ | |
'Value': '"{0}"'.format(txt_challenge) | |
}] | |
} | |
}] | |
} | |
) | |
if __name__ == "__main__": | |
hook = sys.argv[1] | |
domain = sys.argv[2] | |
txt_challenge = sys.argv[4] | |
print(hook) | |
print(domain) | |
print(txt_challenge) | |
if hook == "deploy_challenge": | |
setup_dns(domain, txt_challenge) | |
elif hook == "clean_challenge": | |
delete_dns(domain, txt_challenge) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment