|
@@ -0,0 +1,125 @@
|
|
1
|
+#!/usr/bin/env bash
|
|
2
|
+#
|
|
3
|
+# Hook for adding DNS entries using MyDNSHost
|
|
4
|
+
|
|
5
|
+set -e
|
|
6
|
+set -u
|
|
7
|
+set -o pipefail
|
|
8
|
+
|
|
9
|
+function deploy_challenge {
|
|
10
|
+ local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
|
|
11
|
+
|
|
12
|
+ echo "deploy_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"
|
|
13
|
+
|
|
14
|
+ mydnshost records add "_acme-challenge.${DOMAIN}" TXT "${TOKEN_VALUE}"
|
|
15
|
+
|
|
16
|
+ sleep 10
|
|
17
|
+
|
|
18
|
+ # This hook is called once for every domain that needs to be
|
|
19
|
+ # validated, including any alternative names you may have listed.
|
|
20
|
+ #
|
|
21
|
+ # Parameters:
|
|
22
|
+ # - DOMAIN
|
|
23
|
+ # The domain name (CN or subject alternative name) being
|
|
24
|
+ # validated.
|
|
25
|
+ # - TOKEN_FILENAME
|
|
26
|
+ # The name of the file containing the token to be served for HTTP
|
|
27
|
+ # validation. Should be served by your web server as
|
|
28
|
+ # /.well-known/acme-challenge/${TOKEN_FILENAME}.
|
|
29
|
+ # - TOKEN_VALUE
|
|
30
|
+ # The token value that needs to be served for validation. For DNS
|
|
31
|
+ # validation, this is what you want to put in the _acme-challenge
|
|
32
|
+ # TXT record. For HTTP validation it is the value that is expected
|
|
33
|
+ # be found in the $TOKEN_FILENAME file.
|
|
34
|
+}
|
|
35
|
+
|
|
36
|
+function clean_challenge {
|
|
37
|
+ local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
|
|
38
|
+
|
|
39
|
+ echo "clean_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"
|
|
40
|
+
|
|
41
|
+ mydnshost records rm "_acme-challenge.${DOMAIN}" TXT "${TOKEN_VALUE}"
|
|
42
|
+
|
|
43
|
+ # This hook is called after attempting to validate each domain,
|
|
44
|
+ # whether or not validation was successful. Here you can delete
|
|
45
|
+ # files or DNS records that are no longer needed.
|
|
46
|
+ #
|
|
47
|
+ # The parameters are the same as for deploy_challenge.
|
|
48
|
+}
|
|
49
|
+
|
|
50
|
+function invalid_challenge() {
|
|
51
|
+ local DOMAIN="${1}" RESPONSE="${2}"
|
|
52
|
+
|
|
53
|
+ echo "invalid_challenge called: ${DOMAIN}, ${RESPONSE}"
|
|
54
|
+
|
|
55
|
+ # This hook is called if the challenge response has failed, so domain
|
|
56
|
+ # owners can be aware and act accordingly.
|
|
57
|
+ #
|
|
58
|
+ # Parameters:
|
|
59
|
+ # - DOMAIN
|
|
60
|
+ # The primary domain name, i.e. the certificate common
|
|
61
|
+ # name (CN).
|
|
62
|
+ # - RESPONSE
|
|
63
|
+ # The response that the verification server returned
|
|
64
|
+}
|
|
65
|
+
|
|
66
|
+function deploy_cert {
|
|
67
|
+ local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
|
|
68
|
+
|
|
69
|
+ echo "deploy_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"
|
|
70
|
+
|
|
71
|
+ # This hook is called once for each certificate that has been
|
|
72
|
+ # produced. Here you might, for instance, copy your new certificates
|
|
73
|
+ # to service-specific locations and reload the service.
|
|
74
|
+ #
|
|
75
|
+ # Parameters:
|
|
76
|
+ # - DOMAIN
|
|
77
|
+ # The primary domain name, i.e. the certificate common
|
|
78
|
+ # name (CN).
|
|
79
|
+ # - KEYFILE
|
|
80
|
+ # The path of the file containing the private key.
|
|
81
|
+ # - CERTFILE
|
|
82
|
+ # The path of the file containing the signed certificate.
|
|
83
|
+ # - FULLCHAINFILE
|
|
84
|
+ # The path of the file containing the full certificate chain.
|
|
85
|
+ # - CHAINFILE
|
|
86
|
+ # The path of the file containing the intermediate certificate(s).
|
|
87
|
+}
|
|
88
|
+
|
|
89
|
+function unchanged_cert {
|
|
90
|
+ local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
|
|
91
|
+
|
|
92
|
+ echo "unchanged_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"
|
|
93
|
+
|
|
94
|
+ # This hook is called once for each certificate that is still
|
|
95
|
+ # valid and therefore wasn't reissued.
|
|
96
|
+ #
|
|
97
|
+ # Parameters:
|
|
98
|
+ # - DOMAIN
|
|
99
|
+ # The primary domain name, i.e. the certificate common
|
|
100
|
+ # name (CN).
|
|
101
|
+ # - KEYFILE
|
|
102
|
+ # The path of the file containing the private key.
|
|
103
|
+ # - CERTFILE
|
|
104
|
+ # The path of the file containing the signed certificate.
|
|
105
|
+ # - FULLCHAINFILE
|
|
106
|
+ # The path of the file containing the full certificate chain.
|
|
107
|
+ # - CHAINFILE
|
|
108
|
+ # The path of the file containing the intermediate certificate(s).
|
|
109
|
+}
|
|
110
|
+
|
|
111
|
+exit_hook() {
|
|
112
|
+ # This hook is called at the end of a dehydrated command and can be used
|
|
113
|
+ # to do some final (cleanup or other) tasks.
|
|
114
|
+
|
|
115
|
+ :
|
|
116
|
+}
|
|
117
|
+
|
|
118
|
+startup_hook() {
|
|
119
|
+ # This hook is called before the dehydrated command to do some initial tasks
|
|
120
|
+ # (e.g. starting a webserver).
|
|
121
|
+
|
|
122
|
+ :
|
|
123
|
+}
|
|
124
|
+
|
|
125
|
+HANDLER=$1; shift; $HANDLER "$@"
|