Created
June 21, 2020 15:28
-
-
Save sciguy16/23fae554241695b22fd2963a9e77be51 to your computer and use it in GitHub Desktop.
Certbot hooks to update a Windows DNS server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# dns-cleanup.sh | |
# certbot hook to use nsupdate to send the validation to an Active Directory DNS server | |
nsupdate -g << EOF | |
update delete _acme-challenge.$CERTBOT_DOMAIN TXT | |
send | |
EOF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# dns-update.sh | |
# certbot hook to use nsupdate to send the validation to an Active Directory DNS server | |
nsupdate -g << EOF | |
update add _acme-challenge.$CERTBOT_DOMAIN 100 TXT $CERTBOT_VALIDATION | |
send | |
EOF | |
echo "Starting sleeeep" | |
sleep 120 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
nsupdate -g
depends on kerberos having been intialised on the server with a service account in theDnsUpdateProxy
AD groupRun certbot as:
certbot certonly --manual --preferred-challenges dns --test --manual-auth-hook ./dns-update.sh --manual-cleanup-hook ./dns-cleanup.sh -d example.com