Skip to content

Instantly share code, notes, and snippets.

@marcaurele

marcaurele/certbot-gandi-authenticator.sh

Created February 14, 2018 07:25
Show Gist options
  • Save marcaurele/fa3c19ce025ca02452a015e94927514e to your computer and use it in GitHub Desktop.
Save marcaurele/fa3c19ce025ca02452a015e94927514e to your computer and use it in GitHub Desktop.
Download ZIP
Certbot/Let's encrypt hook for DNS authentication using Gandi Live DNS service
Raw
certbot-gandi-authenticator.sh
#!/bin/bash
# To be used in certbot command as --manual-auth-hook parameter
#APIKEY="<your API key>"
# Strip only the top domain
ROOT_DOMAIN=$(python -c "import sys;u=sys.argv[1].split('.');print(u[-2]+'.'+u[-1])" "$CERTBOT_DOMAIN")
HOST_DOMAIN=$(python -c "import sys;print('.'.join(('_acme-challenge.'+sys.argv[1]).split('.')[:-2]))" "$CERTBOT_DOMAIN")
# Get Gandi zone UUID
ZONE_RECORD_HREF=$(curl --silent -X GET "https://dns.api.gandi.net/api/v5/domains/$ROOT_DOMAIN" \
-H "X-Api-Key: $APIKEY" \
-H "Content-Type: application/json" | python -c "import sys,json;print(json.load(sys.stdin)['zone_records_href'])")
# Create TXT record
RESULT=$(curl --silent -X POST "$ZONE_RECORD_HREF" \
-H "X-Api-Key: $APIKEY" \
-H "Content-Type: application/json" \
--data '{"rrset_type":"TXT","rrset_name":"'"$HOST_DOMAIN"'","rrset_values":["'"$CERTBOT_VALIDATION"'"],"rrset_ttl":300}')
# Save info for cleanup
if [ ! -d /tmp/CERTBOT_$CERTBOT_DOMAIN ];then
mkdir -m 0700 /tmp/CERTBOT_$CERTBOT_DOMAIN
fi
echo $ZONE_RECORD_HREF > /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_RECORD_HREF
echo $HOST_DOMAIN > /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_NAME
# Sleep to make sure the change has time to propagate over to DNS
sleep 15
@marcaurele
Copy link
Author

Cleanup hook is here: https://gist.github.com/marcaurele/4898f5c08ec9e7dc57ef2d3ded63b172

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment