SEIT
/
docker-letsencrypt
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Fixed compatibility with PowerDNS

dehydrated-hook-powerdns
Fábio Kaiser Rauber 7 years ago
parent
2f72905676
commit
1f6024eeff
2 changed files with 136 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      Dockerfile
  2. 135
      dehydrated-dns.sh

4
Dockerfile
View File

@ -20,13 +20,11 @@ RUN apk add --no-cache --virtual .build-deps git \
&& cd lexicon \ && cd lexicon \
&& git checkout tags/v2.1.8 \ && git checkout tags/v2.1.8 \
&& cd .. \ && cd .. \
&& chmod a+x lexicon/examples/dehydrated.default.sh \
&& mv lexicon/examples/dehydrated.default.sh /usr/bin/dehydrated-dns \
&& rm -rf /tmp/* \ && rm -rf /tmp/* \
&& apk del .build-deps && apk del .build-deps
COPY config /etc/dehydrated/config COPY config /etc/dehydrated/config
COPY dehydrated-dns.sh /usr/bin/dehydrated-dns
COPY docker-entrypoint.sh / COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"] ENTRYPOINT ["/docker-entrypoint.sh"]

135
dehydrated-dns.sh
View File

@ -0,0 +1,135 @@
#!/usr/bin/env bash
#
# Example how to deploy a DNS challange using lexicon
set -e
set -u
set -o pipefail
export PROVIDER=${PROVIDER:-"cloudflare"}
function deploy_challenge {
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
echo "deploy_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"
if [ "$PROVIDER" == "POWERDNS" ]; then
lexicon $PROVIDER create ${DOMAIN} TXT --name="_acme-challenge.${DOMAIN}." --content="${TOKEN_VALUE}" --pdns-server ${LEXICON_POWERDNS_SERVER}
else
lexicon $PROVIDER create ${DOMAIN} TXT --name="_acme-challenge.${DOMAIN}." --content="${TOKEN_VALUE}"
fi
sleep 30
# This hook is called once for every domain that needs to be
# validated, including any alternative names you may have listed.
#
# Parameters:
# - DOMAIN
# The domain name (CN or subject alternative name) being
# validated.
# - TOKEN_FILENAME
# The name of the file containing the token to be served for HTTP
# validation. Should be served by your web server as
# /.well-known/acme-challenge/${TOKEN_FILENAME}.
# - TOKEN_VALUE
# The token value that needs to be served for validation. For DNS
# validation, this is what you want to put in the _acme-challenge
# TXT record. For HTTP validation it is the value that is expected
# be found in the $TOKEN_FILENAME file.
}
function clean_challenge {
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
echo "clean_challenge called: ${DOMAIN}, ${TOKEN_FILENAME}, ${TOKEN_VALUE}"
if [ "$PROVIDER" == "POWERDNS" ]; then
lexicon $PROVIDER delete ${DOMAIN} TXT --name="_acme-challenge.${DOMAIN}." --content="${TOKEN_VALUE}" --pdns-server ${LEXICON_POWERDNS_SERVER}
else
lexicon $PROVIDER delete ${DOMAIN} TXT --name="_acme-challenge.${DOMAIN}." --content="${TOKEN_VALUE}"
fi
# This hook is called after attempting to validate each domain,
# whether or not validation was successful. Here you can delete
# files or DNS records that are no longer needed.
#
# The parameters are the same as for deploy_challenge.
}
function invalid_challenge() {
local DOMAIN="${1}" RESPONSE="${2}"
echo "invalid_challenge called: ${DOMAIN}, ${RESPONSE}"
# This hook is called if the challenge response has failed, so domain
# owners can be aware and act accordingly.
#
# Parameters:
# - DOMAIN
# The primary domain name, i.e. the certificate common
# name (CN).
# - RESPONSE
# The response that the verification server returned
}
function deploy_cert {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
echo "deploy_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"
# This hook is called once for each certificate that has been
# produced. Here you might, for instance, copy your new certificates
# to service-specific locations and reload the service.
#
# Parameters:
# - DOMAIN
# The primary domain name, i.e. the certificate common
# name (CN).
# - KEYFILE
# The path of the file containing the private key.
# - CERTFILE
# The path of the file containing the signed certificate.
# - FULLCHAINFILE
# The path of the file containing the full certificate chain.
# - CHAINFILE
# The path of the file containing the intermediate certificate(s).
}
function unchanged_cert {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
echo "unchanged_cert called: ${DOMAIN}, ${KEYFILE}, ${CERTFILE}, ${FULLCHAINFILE}, ${CHAINFILE}"
# This hook is called once for each certificate that is still
# valid and therefore wasn't reissued.
#
# Parameters:
# - DOMAIN
# The primary domain name, i.e. the certificate common
# name (CN).
# - KEYFILE
# The path of the file containing the private key.
# - CERTFILE
# The path of the file containing the signed certificate.
# - FULLCHAINFILE
# The path of the file containing the full certificate chain.
# - CHAINFILE
# The path of the file containing the intermediate certificate(s).
}
exit_hook() {
# This hook is called at the end of a dehydrated command and can be used
# to do some final (cleanup or other) tasks.
:
}
startup_hook() {
# This hook is called before the dehydrated command to do some initial tasks
# (e.g. starting a webserver).
:
}
HANDLER=$1; shift; $HANDLER "$@"
Write Preview
Loading…
Cancel
Save