public
/
docker-letsencrypt-lexicon
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Update lexicon, switch to python 3, move hook.

master
Chris Smith 6 years ago
parent
2f289b2614
commit
0ceb712043
Signed by: Chris Smith <chris@chameth.com> GPG Key ID: 3A2D4BBDC4A3C9A9
2 changed files with 133 additions and 6 deletions
Split View Show Diff Stats
  1. 6
    6
      Dockerfile
  2. 127
    0
      hook.sh

+ 6
- 6
Dockerfile View File 

@@ -1,15 +1,15 @@
1 1 
 FROM csmith/letsencrypt-generic:latest
2 
-MAINTAINER Chris Smith <chris87@gmail.com>
2 
+MAINTAINER Chris Smith <dke@chameth.com>
3 3
4 4 
 RUN apt-get update \
5 5 
  && apt-get install -y \
6 6 
       inotify-tools \
7 
-      python2.7 \
8 
-      python-pip
7 
+      python3 \
8 
+      python3-pip
9 9
10 
-RUN pip install \
11 
-      dns-lexicon==1.1.9
10 
+RUN pip3 install \
11 
+      dns-lexicon==2.1.10
12 12
13 
-ADD https://raw.githubusercontent.com/AnalogJ/lexicon/v1.1.9/examples/letsencrypt.default.sh /dns/hook
13 
+ADD hook.sh /dns/hook
14 14 
 RUN chmod +x /dns/hook
15 15

+ 127
- 0
hook.sh View File 

@@ -0,0 +1,127 @@
1 
+#!/usr/bin/env bash
2 
+#
3 
+# Example how to deploy a DNS challange using lexicon
4 
+
5 
+set -e
6 
+set -u
7 
+set -o pipefail
8 
+
9 
+export PROVIDER=${PROVIDER:-"cloudflare"}
10 
+
11 
+function deploy_challenge {
12 
+    local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
13 
+
14 
+    echo "deploy_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"
15 
+
16 
+    lexicon $PROVIDER create ${DOMAIN} TXT --name="_acme-challenge.${DOMAIN}." --content="${TOKEN_VALUE}"
17 
+
18 
+    sleep 30
19 
+
20 
+    # This hook is called once for every domain that needs to be
21 
+    # validated, including any alternative names you may have listed.
22 
+    #
23 
+    # Parameters:
24 
+    # - DOMAIN
25 
+    #   The domain name (CN or subject alternative name) being
26 
+    #   validated.
27 
+    # - TOKEN_FILENAME
28 
+    #   The name of the file containing the token to be served for HTTP
29 
+    #   validation. Should be served by your web server as
30 
+    #   /.well-known/acme-challenge/${TOKEN_FILENAME}.
31 
+    # - TOKEN_VALUE
32 
+    #   The token value that needs to be served for validation. For DNS
33 
+    #   validation, this is what you want to put in the _acme-challenge
34 
+    #   TXT record. For HTTP validation it is the value that is expected
35 
+    #   be found in the $TOKEN_FILENAME file.
36 
+}
37 
+
38 
+function clean_challenge {
39 
+    local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
40 
+
41 
+    echo "clean_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"
42 
+
43 
+    lexicon $PROVIDER delete ${DOMAIN} TXT --name="_acme-challenge.${DOMAIN}." --content="${TOKEN_VALUE}"
44 
+
45 
+    # This hook is called after attempting to validate each domain,
46 
+    # whether or not validation was successful. Here you can delete
47 
+    # files or DNS records that are no longer needed.
48 
+    #
49 
+    # The parameters are the same as for deploy_challenge.
50 
+}
51 
+
52 
+function invalid_challenge() {
53 
+    local DOMAIN="${1}" RESPONSE="${2}"
54 
+
55 
+    echo "invalid_challenge called: ${DOMAIN}, ${RESPONSE}"
56 
+
57 
+    # This hook is called if the challenge response has failed, so domain
58 
+    # owners can be aware and act accordingly.
59 
+    #
60 
+    # Parameters:
61 
+    # - DOMAIN
62 
+    #   The primary domain name, i.e. the certificate common
63 
+    #   name (CN).
64 
+    # - RESPONSE
65 
+    #   The response that the verification server returned
66 
+}
67 
+
68 
+function deploy_cert {
69 
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
70 
+
71 
+    echo "deploy_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"
72 
+
73 
+    # This hook is called once for each certificate that has been
74 
+    # produced. Here you might, for instance, copy your new certificates
75 
+    # to service-specific locations and reload the service.
76 
+    #
77 
+    # Parameters:
78 
+    # - DOMAIN
79 
+    #   The primary domain name, i.e. the certificate common
80 
+    #   name (CN).
81 
+    # - KEYFILE
82 
+    #   The path of the file containing the private key.
83 
+    # - CERTFILE
84 
+    #   The path of the file containing the signed certificate.
85 
+    # - FULLCHAINFILE
86 
+    #   The path of the file containing the full certificate chain.
87 
+    # - CHAINFILE
88 
+    #   The path of the file containing the intermediate certificate(s).
89 
+}
90 
+
91 
+function unchanged_cert {
92 
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
93 
+
94 
+    echo "unchanged_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"
95 
+
96 
+    # This hook is called once for each certificate that is still
97 
+    # valid and therefore wasn't reissued.
98 
+    #
99 
+    # Parameters:
100 
+    # - DOMAIN
101 
+    #   The primary domain name, i.e. the certificate common
102 
+    #   name (CN).
103 
+    # - KEYFILE
104 
+    #   The path of the file containing the private key.
105 
+    # - CERTFILE
106 
+    #   The path of the file containing the signed certificate.
107 
+    # - FULLCHAINFILE
108 
+    #   The path of the file containing the full certificate chain.
109 
+    # - CHAINFILE
110 
+    #   The path of the file containing the intermediate certificate(s).
111 
+}
112 
+
113 
+exit_hook() {
114 
+  # This hook is called at the end of a dehydrated command and can be used
115 
+  # to do some final (cleanup or other) tasks.
116 
+
117 
+  :
118 
+}
119 
+
120 
+startup_hook() {
121 
+  # This hook is called before the dehydrated command to do some initial tasks
122 
+  # (e.g. starting a webserver).
123 
+
124 
+  :
125 
+}
126 
+
127 
+HANDLER=$1; shift; $HANDLER "$@"

Write Preview
Loading…
Cancel
Save