Last active
October 5, 2023 09:30
-
-
Save ryzhovau/e5eb6ed957a5ced3c3bf56e50018f05e to your computer and use it in GitHub Desktop.
Dehydrated hook script for pdd.yandex.com DNS challenge
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# dns-01 challenge for Yandex PDD | |
domain='domain.com' | |
# domain alias as in dehydrated config | |
domain_alias='wildcard_domain_com' | |
# Get token at https://pddimp.yandex.ru/token/index.xml?domain=$domain | |
token='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' | |
case "$1" in | |
"deploy_challenge") | |
if [ -z "$(wget -qO - "https://pddimp.yandex.ru/nsapi/add_txt_record.xml?token=$token&domain=$domain&subdomain=_acme-challenge&ttl=900&content=$4" | grep '<error>ok</error>')" ]; then | |
echo 'Error while adding TXT record, exiting...' | |
exit 1 | |
fi | |
echo | |
;; | |
"clean_challenge") | |
sep='<record domain=' | |
records="$(wget -qO - https://pddimp.yandex.ru/nsapi/get_domain_records.xml?token=$token)" | |
while [ "$records" != "${records#*$sep}" ];do | |
record=$(echo "${records%%$sep*}" | grep _acme-challenge.$domain | cut -d'"' -f12) | |
[[ -z "$record" ]] || wget -qO - "https://pddimp.yandex.ru/nsapi/delete_record.xml?token=$token&domain=$domain&record_id=$record" > /dev/null | |
records="${records#*$sep}" | |
done | |
;; | |
"deploy_cert") | |
cp $CERTDIR/$domain_alias/fullchain.pem /etc/nginx/ssl/ | |
cp $CERTDIR/$domain_alias/privkey.pem /etc/nginx/ssl/ | |
systemctl reload nginx | |
tg_say.sh "SSL certificates renewed." | |
;; | |
"unchanged_cert") | |
;; | |
"startup_hook") | |
;; | |
"exit_hook") | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment