Docker container for retrieving certificates from Let's Encrypt using a DNS challenge provided by MyDnsHost
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

hook.sh 4.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. #!/usr/bin/env bash
  2. #
  3. # Hook for adding DNS entries using MyDNSHost
  4. set -e
  5. set -u
  6. set -o pipefail
  7. function deploy_challenge {
  8. local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
  9. echo "deploy_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"
  10. mydnshost records add "_acme-challenge.${DOMAIN}" TXT "${TOKEN_VALUE}"
  11. sleep 10
  12. # This hook is called once for every domain that needs to be
  13. # validated, including any alternative names you may have listed.
  14. #
  15. # Parameters:
  16. # - DOMAIN
  17. # The domain name (CN or subject alternative name) being
  18. # validated.
  19. # - TOKEN_FILENAME
  20. # The name of the file containing the token to be served for HTTP
  21. # validation. Should be served by your web server as
  22. # /.well-known/acme-challenge/${TOKEN_FILENAME}.
  23. # - TOKEN_VALUE
  24. # The token value that needs to be served for validation. For DNS
  25. # validation, this is what you want to put in the _acme-challenge
  26. # TXT record. For HTTP validation it is the value that is expected
  27. # be found in the $TOKEN_FILENAME file.
  28. }
  29. function clean_challenge {
  30. local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
  31. echo "clean_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"
  32. mydnshost records rm "_acme-challenge.${DOMAIN}" TXT "${TOKEN_VALUE}"
  33. # This hook is called after attempting to validate each domain,
  34. # whether or not validation was successful. Here you can delete
  35. # files or DNS records that are no longer needed.
  36. #
  37. # The parameters are the same as for deploy_challenge.
  38. }
  39. function invalid_challenge() {
  40. local DOMAIN="${1}" RESPONSE="${2}"
  41. echo "invalid_challenge called: ${DOMAIN}, ${RESPONSE}"
  42. # This hook is called if the challenge response has failed, so domain
  43. # owners can be aware and act accordingly.
  44. #
  45. # Parameters:
  46. # - DOMAIN
  47. # The primary domain name, i.e. the certificate common
  48. # name (CN).
  49. # - RESPONSE
  50. # The response that the verification server returned
  51. }
  52. function deploy_cert {
  53. local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
  54. echo "deploy_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"
  55. # This hook is called once for each certificate that has been
  56. # produced. Here you might, for instance, copy your new certificates
  57. # to service-specific locations and reload the service.
  58. #
  59. # Parameters:
  60. # - DOMAIN
  61. # The primary domain name, i.e. the certificate common
  62. # name (CN).
  63. # - KEYFILE
  64. # The path of the file containing the private key.
  65. # - CERTFILE
  66. # The path of the file containing the signed certificate.
  67. # - FULLCHAINFILE
  68. # The path of the file containing the full certificate chain.
  69. # - CHAINFILE
  70. # The path of the file containing the intermediate certificate(s).
  71. }
  72. function unchanged_cert {
  73. local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
  74. echo "unchanged_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"
  75. # This hook is called once for each certificate that is still
  76. # valid and therefore wasn't reissued.
  77. #
  78. # Parameters:
  79. # - DOMAIN
  80. # The primary domain name, i.e. the certificate common
  81. # name (CN).
  82. # - KEYFILE
  83. # The path of the file containing the private key.
  84. # - CERTFILE
  85. # The path of the file containing the signed certificate.
  86. # - FULLCHAINFILE
  87. # The path of the file containing the full certificate chain.
  88. # - CHAINFILE
  89. # The path of the file containing the intermediate certificate(s).
  90. }
  91. exit_hook() {
  92. # This hook is called at the end of a dehydrated command and can be used
  93. # to do some final (cleanup or other) tasks.
  94. :
  95. }
  96. startup_hook() {
  97. # This hook is called before the dehydrated command to do some initial tasks
  98. # (e.g. starting a webserver).
  99. :
  100. }
  101. HANDLER=$1; shift; $HANDLER "$@"