Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env bash
# require: git version > 2.3
# require: `db/letsencrypt` existed in git repo
if [[ -z "$CERTBOT_DOMAIN" ]] || [[ -z "$CERTBOT_VALIDATION" ]]; then
echo '$CERTBOT_DOMAIN and $CERTBOT_VALIDATION environment variables required.'
fi
source /etc/letsencrypt/dns-auth.conf
BIND_DB=${BIND_DB:-"db/letsencrypt"}
export GIT_SSH_COMMAND="ssh -i $DNSAUTH_SSH_KEY -o StrictHostKeyChecking=no"
if [[ ! -d $DNSAUTH_GIT_PATH ]]; then
git clone $DNSAUTH_GIT_UPSTREAM $DNSAUTH_GIT_PATH
fi
cd $DNSAUTH_GIT_PATH
git fetch --prune origin master
git reset --hard origin/master
if [[ -z $CERTBOT_AUTH_OUTPUT ]]; then
echo "_acme-challenge.${CERTBOT_DOMAIN}. 60 IN TXT \"${CERTBOT_VALIDATION}\"" >> $BIND_DB
git add $BIND_DB
git commit -m "Add _acme-challenge.$CERTBOT_DOMAIN"
git push origin master || exit 1
sleep 25
else
sed -i "/${CERTBOT_DOMAIN}/d" $BIND_DB
git add $BIND_DB
git commit -m "Drop _acme-challenge.$CERTBOT_DOMAIN"
git push origin master || exit 1
fi
certbot certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--preferred-challenges dns \
--email ssl@example.com \
--manual \
--manual-auth-hook /etc/letsencrypt/certbot-auth-hook.sh \
--manual-cleanup-hook /etc/letsencrypt/certbot-auth-hook.sh \
--manual-public-ip-logging-ok \
--domain example.com \
--domain '*.example.com'
DNSAUTH_SSH_KEY=/etc/letsencrypt/dnsauth-key
DNSAUTH_GIT_UPSTREAM=git@github.com:xxx/xxx.git
DNSAUTH_GIT_PATH=/etc/letsencrypt/dnsauth-repo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.