public
/
docker-letsencrypt-mydnshost
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Docker container for retrieving certificates from Let's Encrypt using a DNS challenge provided by MyDnsHost
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
1 Commit
1 Branche
Aborescence: 67107ccb3d
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '67107ccb3d'
${ noResults }
docker-letsencrypt-mydnshost/hook.sh

hook.sh 4.0KB
Historique Brut

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 
  1. #!/usr/bin/env bash

  2. #

  3. # Hook for adding DNS entries using MyDNSHost 

  4. 

  5. set -e

  6. set -u

  7. set -o pipefail

  8. 

  9. function deploy_challenge {

  10.     local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

  11. 

  12.     echo "deploy_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"

  13. 

  14.     mydnshost records add "_acme-challenge.${DOMAIN}" TXT "${TOKEN_VALUE}"

  15. 

  16.     sleep 10

  17. 

  18.     # This hook is called once for every domain that needs to be

  19.     # validated, including any alternative names you may have listed.

  20.     #

  21.     # Parameters:

  22.     # - DOMAIN

  23.     #   The domain name (CN or subject alternative name) being

  24.     #   validated.

  25.     # - TOKEN_FILENAME

  26.     #   The name of the file containing the token to be served for HTTP

  27.     #   validation. Should be served by your web server as

  28.     #   /.well-known/acme-challenge/${TOKEN_FILENAME}.

  29.     # - TOKEN_VALUE

  30.     #   The token value that needs to be served for validation. For DNS

  31.     #   validation, this is what you want to put in the _acme-challenge

  32.     #   TXT record. For HTTP validation it is the value that is expected

  33.     #   be found in the $TOKEN_FILENAME file.

  34. }

  35. 

  36. function clean_challenge {

  37.     local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

  38. 

  39.     echo "clean_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"

  40. 

  41.     mydnshost records rm "_acme-challenge.${DOMAIN}" TXT "${TOKEN_VALUE}"

  42. 

  43.     # This hook is called after attempting to validate each domain,

  44.     # whether or not validation was successful. Here you can delete

  45.     # files or DNS records that are no longer needed.

  46.     #

  47.     # The parameters are the same as for deploy_challenge.

  48. }

  49. 

  50. function invalid_challenge() {

  51.     local DOMAIN="${1}" RESPONSE="${2}"

  52. 

  53.     echo "invalid_challenge called: ${DOMAIN}, ${RESPONSE}"

  54. 

  55.     # This hook is called if the challenge response has failed, so domain

  56.     # owners can be aware and act accordingly.

  57.     #

  58.     # Parameters:

  59.     # - DOMAIN

  60.     #   The primary domain name, i.e. the certificate common

  61.     #   name (CN).

  62.     # - RESPONSE

  63.     #   The response that the verification server returned

  64. }

  65. 

  66. function deploy_cert {

  67.     local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"

  68. 

  69.     echo "deploy_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"

  70. 

  71.     # This hook is called once for each certificate that has been

  72.     # produced. Here you might, for instance, copy your new certificates

  73.     # to service-specific locations and reload the service.

  74.     #

  75.     # Parameters:

  76.     # - DOMAIN

  77.     #   The primary domain name, i.e. the certificate common

  78.     #   name (CN).

  79.     # - KEYFILE

  80.     #   The path of the file containing the private key.

  81.     # - CERTFILE

  82.     #   The path of the file containing the signed certificate.

  83.     # - FULLCHAINFILE

  84.     #   The path of the file containing the full certificate chain.

  85.     # - CHAINFILE

  86.     #   The path of the file containing the intermediate certificate(s).

  87. }

  88. 

  89. function unchanged_cert {

  90.     local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"

  91. 

  92.     echo "unchanged_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"

  93. 

  94.     # This hook is called once for each certificate that is still

  95.     # valid and therefore wasn't reissued.

  96.     #

  97.     # Parameters:

  98.     # - DOMAIN

  99.     #   The primary domain name, i.e. the certificate common

  100.     #   name (CN).

  101.     # - KEYFILE

  102.     #   The path of the file containing the private key.

  103.     # - CERTFILE

  104.     #   The path of the file containing the signed certificate.

  105.     # - FULLCHAINFILE

  106.     #   The path of the file containing the full certificate chain.

  107.     # - CHAINFILE

  108.     #   The path of the file containing the intermediate certificate(s).

  109. }

  110. 

  111. exit_hook() {

  112.   # This hook is called at the end of a dehydrated command and can be used

  113.   # to do some final (cleanup or other) tasks.

  114. 

  115.   :

  116. }

  117. 

  118. startup_hook() {

  119.   # This hook is called before the dehydrated command to do some initial tasks

  120.   # (e.g. starting a webserver).

  121. 

  122.   :

  123. }

  124. 

  125. HANDLER=$1; shift; $HANDLER "$@"