Created
February 14, 2018 07:25
-
-
Save marcaurele/fa3c19ce025ca02452a015e94927514e to your computer and use it in GitHub Desktop.
Certbot/Let's encrypt hook for DNS authentication using Gandi Live DNS service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# To be used in certbot command as --manual-auth-hook parameter | |
#APIKEY="<your API key>" | |
# Strip only the top domain | |
ROOT_DOMAIN=$(python -c "import sys;u=sys.argv[1].split('.');print(u[-2]+'.'+u[-1])" "$CERTBOT_DOMAIN") | |
HOST_DOMAIN=$(python -c "import sys;print('.'.join(('_acme-challenge.'+sys.argv[1]).split('.')[:-2]))" "$CERTBOT_DOMAIN") | |
# Get Gandi zone UUID | |
ZONE_RECORD_HREF=$(curl --silent -X GET "https://dns.api.gandi.net/api/v5/domains/$ROOT_DOMAIN" \ | |
-H "X-Api-Key: $APIKEY" \ | |
-H "Content-Type: application/json" | python -c "import sys,json;print(json.load(sys.stdin)['zone_records_href'])") | |
# Create TXT record | |
RESULT=$(curl --silent -X POST "$ZONE_RECORD_HREF" \ | |
-H "X-Api-Key: $APIKEY" \ | |
-H "Content-Type: application/json" \ | |
--data '{"rrset_type":"TXT","rrset_name":"'"$HOST_DOMAIN"'","rrset_values":["'"$CERTBOT_VALIDATION"'"],"rrset_ttl":300}') | |
# Save info for cleanup | |
if [ ! -d /tmp/CERTBOT_$CERTBOT_DOMAIN ];then | |
mkdir -m 0700 /tmp/CERTBOT_$CERTBOT_DOMAIN | |
fi | |
echo $ZONE_RECORD_HREF > /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_RECORD_HREF | |
echo $HOST_DOMAIN > /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_NAME | |
# Sleep to make sure the change has time to propagate over to DNS | |
sleep 15 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cleanup hook is here: https://gist.github.com/marcaurele/4898f5c08ec9e7dc57ef2d3ded63b172