public
/
docker-letsencrypt-lexicon
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Obtains certificates from Let's Encrypt, using Lexicon to answer DNS-based challenges
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
Tree: 0ceb712043
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0ceb712043'
${ noResults }
docker-letsencrypt-lexicon/hook.sh

hook.sh 4.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 
  1. #!/usr/bin/env bash

  2. #

  3. # Example how to deploy a DNS challange using lexicon

  4. 

  5. set -e

  6. set -u

  7. set -o pipefail

  8. 

  9. export PROVIDER=${PROVIDER:-"cloudflare"}

  10. 

  11. function deploy_challenge {

  12.     local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

  13. 

  14.     echo "deploy_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"

  15. 

  16.     lexicon $PROVIDER create ${DOMAIN} TXT --name="_acme-challenge.${DOMAIN}." --content="${TOKEN_VALUE}"

  17. 

  18.     sleep 30

  19. 

  20.     # This hook is called once for every domain that needs to be

  21.     # validated, including any alternative names you may have listed.

  22.     #

  23.     # Parameters:

  24.     # - DOMAIN

  25.     #   The domain name (CN or subject alternative name) being

  26.     #   validated.

  27.     # - TOKEN_FILENAME

  28.     #   The name of the file containing the token to be served for HTTP

  29.     #   validation. Should be served by your web server as

  30.     #   /.well-known/acme-challenge/${TOKEN_FILENAME}.

  31.     # - TOKEN_VALUE

  32.     #   The token value that needs to be served for validation. For DNS

  33.     #   validation, this is what you want to put in the _acme-challenge

  34.     #   TXT record. For HTTP validation it is the value that is expected

  35.     #   be found in the $TOKEN_FILENAME file.

  36. }

  37. 

  38. function clean_challenge {

  39.     local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

  40. 

  41.     echo "clean_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"

  42. 

  43.     lexicon $PROVIDER delete ${DOMAIN} TXT --name="_acme-challenge.${DOMAIN}." --content="${TOKEN_VALUE}"

  44. 

  45.     # This hook is called after attempting to validate each domain,

  46.     # whether or not validation was successful. Here you can delete

  47.     # files or DNS records that are no longer needed.

  48.     #

  49.     # The parameters are the same as for deploy_challenge.

  50. }

  51. 

  52. function invalid_challenge() {

  53.     local DOMAIN="${1}" RESPONSE="${2}"

  54. 

  55.     echo "invalid_challenge called: ${DOMAIN}, ${RESPONSE}"

  56. 

  57.     # This hook is called if the challenge response has failed, so domain

  58.     # owners can be aware and act accordingly.

  59.     #

  60.     # Parameters:

  61.     # - DOMAIN

  62.     #   The primary domain name, i.e. the certificate common

  63.     #   name (CN).

  64.     # - RESPONSE

  65.     #   The response that the verification server returned

  66. }

  67. 

  68. function deploy_cert {

  69.     local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"

  70. 

  71.     echo "deploy_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"

  72. 

  73.     # This hook is called once for each certificate that has been

  74.     # produced. Here you might, for instance, copy your new certificates

  75.     # to service-specific locations and reload the service.

  76.     #

  77.     # Parameters:

  78.     # - DOMAIN

  79.     #   The primary domain name, i.e. the certificate common

  80.     #   name (CN).

  81.     # - KEYFILE

  82.     #   The path of the file containing the private key.

  83.     # - CERTFILE

  84.     #   The path of the file containing the signed certificate.

  85.     # - FULLCHAINFILE

  86.     #   The path of the file containing the full certificate chain.

  87.     # - CHAINFILE

  88.     #   The path of the file containing the intermediate certificate(s).

  89. }

  90. 

  91. function unchanged_cert {

  92.     local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"

  93. 

  94.     echo "unchanged_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"

  95. 

  96.     # This hook is called once for each certificate that is still

  97.     # valid and therefore wasn't reissued.

  98.     #

  99.     # Parameters:

  100.     # - DOMAIN

  101.     #   The primary domain name, i.e. the certificate common

  102.     #   name (CN).

  103.     # - KEYFILE

  104.     #   The path of the file containing the private key.

  105.     # - CERTFILE

  106.     #   The path of the file containing the signed certificate.

  107.     # - FULLCHAINFILE

  108.     #   The path of the file containing the full certificate chain.

  109.     # - CHAINFILE

  110.     #   The path of the file containing the intermediate certificate(s).

  111. }

  112. 

  113. exit_hook() {

  114.   # This hook is called at the end of a dehydrated command and can be used

  115.   # to do some final (cleanup or other) tasks.

  116. 

  117.   :

  118. }

  119. 

  120. startup_hook() {

  121.   # This hook is called before the dehydrated command to do some initial tasks

  122.   # (e.g. starting a webserver).

  123. 

  124.   :

  125. }

  126. 

  127. HANDLER=$1; shift; $HANDLER "$@"