la1o/automatedManualCertbotRenewal.sh

## automatedManualCertbotRenewal.sh
#!/bin/bash
# Copyright 2018, Anthony Wharton
# Single script that can be called that generates certificates using the
# certbotFreeDNSAuthHook.sh and certbotFreeDNSCleanupHook.sh scripts.

# This should be used as guidence of my usage, and changed to your needs. Note
# the generic `/path/to/...` and `DOMAIN.COM`, which should be replaced with
# your script location and domain respectively. In addition, for this to be
# used on a live system, one must remove the `--dry-run` flag.

certbot certonly                                                    \
	--dry-run                                                   \
	--agree-tos                                                 \
	--manual-public-ip-logging-ok                               \
	--renew-by-default                                          \
	--manual                                                    \
	--preferred-challenges=dns                                  \
	--manual-auth-hook /path/to/certbotFreeDNSAuthHook.sh       \
	--manual-cleanup-hook /path/to/certbotFreeDNSCleanupHook.sh \
	-d "DOMAIN.COM"                                           \
	-d "*.DOMAIN.COM"                                           \
	--server https://acme-v02.api.letsencrypt.org/directory

## certbotFreeDNSAuthHook.sh
#!/bin/bash
# Copyright 2018, Anthony Wharton
# Script that logs into FreeDNS.afraid.org and puts in the _acme-challenge TXT
# record as required by certbot for let's encrypt certificates.
# This was made for my need to automate wildcard renewals which cannot work
# automatically.

# TODO: Update to your FreeDNS.afraid.org username and password.
USERNAME='user%40domain.com'  # Username for FreeDNS
PASSWORD='verysecurepassword' # Password for FreeDNS

WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN"
COOKIEFILE="$WORKINGDIR/cookies.tmp"
TXTID_FILE="$WORKINGDIR/TXT_ID"

REGEX_DOMAINID="s~.*<td>$CERTBOT_DOMAIN</td><td[[:space:]]align=right><a[[:space:]]href=/subdomain/edit\\.php\\?edit_domain_id=\\([0-9]*\\)>\\[[[:space:]]add[[:space:]]\\]</a></td></tr>.*~\\1~;t;d"
REGEX_TXTID="s/.*data_id=\\([0-9]*\\)>_acme-challenge.*/\\1/;t;d"
REGEX_REF="s/.*ref[[:space:]]value=\\([a-zA-Z0-9][a-zA-Z0-9=]*\\)>.*/\\1/;t;d"

echo "==============================================="
if [ ! -d $WORKINGDIR ]; then
	echo "Creating working director for temporary files ($WORKINGDIR)"
	mkdir -m 0700 $WORKINGDIR
fi

echo "Logging in..."
curl -s "https://freedns.afraid.org/zc.php?step=2 " \
     -c $COOKIEFILE                                 \
     -d "action=auth"                               \
     -d "submit=Login"                              \
     -d "username=$USERNAME"                        \
     -d "password=$PASSWORD"

echo "Getting domain ID..."
DOM_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
              -b $COOKIEFILE                             \
	      | sed --posix $REGEX_DOMAINID)

echo "Domain ID: $DOM_ID"

echo "Getting current TXT record ID (if existent)..."
TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
              -b $COOKIEFILE                             \
	      | sed --posix $REGEX_TXTID)


echo "Getting REF form..."
REF=$(curl -s "https://freedns.afraid.org/subdomain/edit.php?edit_domain_id=$DOM_ID" \
              -b $COOKIEFILE                                                          \
	      | sed --posix $REGEX_REF)

echo "Creating/Updaing TXT record..."
curl -s "https://freedns.afraid.org/subdomain/save.php?step=2" \
     -b $COOKIEFILE                                            \
     -d "type=TXT"                                             \
     -d "subdomain=_acme-challenge"                            \
     -d "domain_id=$DOM_ID"                                    \
     -d "address=%22$CERTBOT_VALIDATION%22"                    \
     -d "ref=$REF"                                             \
     -d "data_id=$TXT_ID"                                      \
     -d "send=Save%21"

TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
              -b $COOKIEFILE                             \
	      | sed --posix $REGEX_TXTID)
echo "TXT record ID: $TXT_ID"
echo Saving ID for cleanup...
echo $TXT_ID > $TXTID_FILE

echo "Auth Step DONE, Sleeping to allow for DNS records to propagate"

while true
do
    # check with OpenDNS
    TXT_VALIDATION=$(dig +short -t txt _acme-challenge.$CERTBOT_DOMAIN @208.67.220.220)
    if [ "\"$CERTBOT_VALIDATION\"" == "$TXT_VALIDATION" ]
    then
        break
    fi
    sleep 10
done

echo "==============================================="

## certbotFreeDNSCleanupHook.sh
#!/bin/bash
# Copyright 2018, Anthony Wharton
# Script that logs into FreeDNS.afraid.org and cleans up the _acme-challenge
# TXT record as created by the certbotFreeDNSAuthHook.sh script.
# This was made for my need to automate wildcard renewals which cannot work
# automatically.

# TODO: Update to your FreeDNS.afraid.org username and password.
USERNAME='user%40domain.com'  # Username for FreeDNS
PASSWORD='verysecurepassword' # Password for FreeDNS

WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN"
COOKIEFILE="$WORKINGDIR/cookies.tmp"
TXTID_FILE="$WORKINGDIR/TXT_ID"

echo "==============================================="
echo "Cleaning up..."
if [ ! -f $COOKIESFILE ]; then
	echo "No saved cookies found... Logging in..."
	curl -s "https://freedns.afraid.org/zc.php?step=2 " \
	     -c $COOKIEFILE                                 \
	     -d "action=auth"                               \
	     -d "submit=Login"                              \
	     -d "username=$USERNAME"                        \
	     -d "password=$PASSWORD"
fi

if [ -f $TXTID_FILE ]; then
	TXT_ID=$(cat $TXTID_FILE)
	echo "Deleting TXT record ID ($TXT_ID)..."
	QUERY="https://freedns.afraid.org/subdomain/delete2.php?"
	QUERY+="data_id%5B%5D=$TXT_ID&"
	QUERY+="submit=delete+selected"
	curl -s $QUERY -b $COOKIEFILE
fi

rm -vrf $WORKINGDIR
echo "DONE"
echo "==============================================="
	#!/bin/bash
	# Copyright 2018, Anthony Wharton
	# Single script that can be called that generates certificates using the
	# certbotFreeDNSAuthHook.sh and certbotFreeDNSCleanupHook.sh scripts.

	# This should be used as guidence of my usage, and changed to your needs. Note
	# the generic `/path/to/...` and `DOMAIN.COM`, which should be replaced with
	# your script location and domain respectively. In addition, for this to be
	# used on a live system, one must remove the `--dry-run` flag.

	certbot certonly \
	--dry-run \
	--agree-tos \
	--manual-public-ip-logging-ok \
	--renew-by-default \
	--manual \
	--preferred-challenges=dns \
	--manual-auth-hook /path/to/certbotFreeDNSAuthHook.sh \
	--manual-cleanup-hook /path/to/certbotFreeDNSCleanupHook.sh \
	-d "DOMAIN.COM" \
	-d "*.DOMAIN.COM" \
	--server https://acme-v02.api.letsencrypt.org/directory
	#!/bin/bash
	# Copyright 2018, Anthony Wharton
	# Script that logs into FreeDNS.afraid.org and puts in the _acme-challenge TXT
	# record as required by certbot for let's encrypt certificates.
	# This was made for my need to automate wildcard renewals which cannot work
	# automatically.

	# TODO: Update to your FreeDNS.afraid.org username and password.
	USERNAME='user%40domain.com' # Username for FreeDNS
	PASSWORD='verysecurepassword' # Password for FreeDNS

	WORKINGDIR="/tmp/CERTBOT_$CERTBOT_DOMAIN"
	COOKIEFILE="$WORKINGDIR/cookies.tmp"
	TXTID_FILE="$WORKINGDIR/TXT_ID"

	REGEX_DOMAINID="s~.<td>$CERTBOT_DOMAIN</td><td[[:space:]]align=right><a[[:space:]]href=/subdomain/edit\\.php\\?edit_domain_id=\\([0-9]\\)>\\[[[:space:]]add[[:space:]]\\]</a></td></tr>.*~\\1~;t;d"
	REGEX_TXTID="s/.data_id=\\([0-9]\\)>_acme-challenge.*/\\1/;t;d"
	REGEX_REF="s/.ref[[:space:]]value=\\([a-zA-Z0-9][a-zA-Z0-9=]\\)>.*/\\1/;t;d"

	echo "==============================================="
	if [ ! -d $WORKINGDIR ]; then
	echo "Creating working director for temporary files ($WORKINGDIR)"
	mkdir -m 0700 $WORKINGDIR
	fi

	echo "Logging in..."
	curl -s "https://freedns.afraid.org/zc.php?step=2 " \
	-c $COOKIEFILE \
	-d "action=auth" \
	-d "submit=Login" \
	-d "username=$USERNAME" \
	-d "password=$PASSWORD"

	echo "Getting domain ID..."
	DOM_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
	-b $COOKIEFILE \
	\| sed --posix $REGEX_DOMAINID)

	echo "Domain ID: $DOM_ID"

	echo "Getting current TXT record ID (if existent)..."
	TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
	-b $COOKIEFILE \
	\| sed --posix $REGEX_TXTID)


	echo "Getting REF form..."
	REF=$(curl -s "https://freedns.afraid.org/subdomain/edit.php?edit_domain_id=$DOM_ID" \
	-b $COOKIEFILE \
	\| sed --posix $REGEX_REF)

	echo "Creating/Updaing TXT record..."
	curl -s "https://freedns.afraid.org/subdomain/save.php?step=2" \
	-b $COOKIEFILE \
	-d "type=TXT" \
	-d "subdomain=_acme-challenge" \
	-d "domain_id=$DOM_ID" \
	-d "address=%22$CERTBOT_VALIDATION%22" \
	-d "ref=$REF" \
	-d "data_id=$TXT_ID" \
	-d "send=Save%21"

	TXT_ID=$(curl -s "https://freedns.afraid.org/subdomain/" \
	-b $COOKIEFILE \
	\| sed --posix $REGEX_TXTID)
	echo "TXT record ID: $TXT_ID"
	echo Saving ID for cleanup...
	echo $TXT_ID > $TXTID_FILE

	echo "Auth Step DONE, Sleeping to allow for DNS records to propagate"

	while true
	do
	# check with OpenDNS
	TXT_VALIDATION=$(dig +short -t txt _acme-challenge.$CERTBOT_DOMAIN @208.67.220.220)
	if [ "\"$CERTBOT_VALIDATION\"" == "$TXT_VALIDATION" ]
	then
	break
	fi
	sleep 10
	done

	echo "==============================================="