blob: 1a56f8058cbef400392b0c0248e4ef129eb20172 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
#!/bin/bash
#
# Example how to deploy a DNS challenge using nsupdate
#
# https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
# slightly modified by kdrexel
# example:
#update add monitor2-test.bfh.host 7200 TXT "if-you-can-dig-it-everything-works-fine"
#printf "server %s\nzone %s.\nttl %d\nupdate add _acme-challenge.%s. %d TXT \"%s\"\nsend\n" "${DNSSERVER}" "${ZONE}" "${TTL}" "${2}" "${TTL}" "${CHALLENGE}" | $NSUPDATE
set -e
set -u
set -o pipefail
if [ $# -lt 3 ]; then
logger "$0 called with too few ARGS: $@"
exit 42
fi
# Params from hook.sh
DOMAIN="$2"
CHALLENGE="$3"
ZONE=$(cat /etc/hostname |awk -F '.' '{ print $(NF-1),$NF}'| sed -e 's/ /./')
NSUPDATE="knsupdate"
#NSUPDATE="nsupdate -k /path/to/Kdnsupdatekey.private" #bind only
DNSSERVER=$(kdig -4 @ns.bfh.science ns.bfh.science +short)
TTL=300
case "$1" in
"deploy_challenge")
for NS in $DNSSERVER
do
TEMPFILE=$(tempfile -s -dehydrated)
cat << EOF >> $TEMPFILE
server $NS
zone ${ZONE}.
ttl $TTL
update add _acme-challenge.${DOMAIN} $TTL TXT $CHALLENGE
send
EOF
$NSUPDATE $TEMPFILE
done
;;
"clean_challenge")
for NS in $DNSSERVER
do
TEMPFILE=$(tempfile -s -dehydrated-del)
cat << EOF >> $TEMPFILE
server $NS
zone ${ZONE}.
ttl $TTL
update delete _acme-challenge.${DOMAIN} $TTL TXT $CHALLENGE
send
EOF
if [ -t 1 ]
then
echo "Deleting TXT Record _acme-challenge.${DOMAIN}..."
fi
sleep 10
$NSUPDATE $TEMPFILE
done
;;
"deploy_cert")
# optional:
# /path/to/deploy_cert.sh "$@"
;;
"unchanged_cert")
# do nothing for now
;;
"startup_hook")
# do nothing for now
;;
"exit_hook")
# do nothing for now
;;
esac
exit 0
|
