Last active
September 30, 2025 05:41
-
-
Save 1vank1n/71c66b42c44b579ac7cf9c8c410e23d5 to your computer and use it in GitHub Desktop.
Certbot + Yandex.DNS (Яндекс Коннект). Manual validation hooks. Analogue https://eff-certbot.readthedocs.io/en/stable/using.html#pre-and-post-validation-hooks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get your TOKEN https://yandex.ru/dev/api360/doc/concepts/access.html | |
| # Need access level for app "directory:manage_dns" | |
| YANDEX_TOKEN="<paste your yandex token>" | |
| ORG_ID="<paste your org id>" | |
| # Strip only the top domain to get the zone id | |
| DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)') | |
| SUBDOMAIN=$(expr match "$CERTBOT_DOMAIN" '\(.*\)\..*\..*') | |
| echo $DOMAIN | |
| echo $SUBDOMAIN | |
| # Create TXT record | |
| CREATE_DOMAIN="_acme-challenge.$SUBDOMAIN" | |
| echo $CREATE_DOMAIN | |
| echo $CERTBOT_VALIDATION | |
| RECORD_ID=$(curl -s -X POST "https://api360.yandex.net/directory/v1/org/$ORG_ID/domains/$DOMAIN/dns" \ | |
| -H "Authorization: OAuth $YANDEX_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| -d "{ | |
| \"type\": \"TXT\", | |
| \"name\": \"$CREATE_DOMAIN\", | |
| \"text\": \"$CERTBOT_VALIDATION\", | |
| \"ttl\": 120 | |
| }" \ | |
| | python -c "import sys,json;print(json.load(sys.stdin)['recordId'])") | |
| # Save info for cleanup | |
| if [ ! -d /tmp/CERTBOT_$CERTBOT_DOMAIN ];then | |
| mkdir -m 0700 /tmp/CERTBOT_$CERTBOT_DOMAIN | |
| fi | |
| echo $RECORD_ID > /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID | |
| # Sleep to make sure the change has time to propagate over to DNS | |
| sleep 300 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get your TOKEN https://yandex.ru/dev/api360/doc/concepts/access.html | |
| # Need access level for app "directory:manage_dns" | |
| YANDEX_TOKEN="<paste your yandex token>" | |
| ORG_ID="<paste your org id>" | |
| if [ -f /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID ]; then | |
| RECORD_ID=$(cat /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID) | |
| rm -f /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID | |
| fi | |
| DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)') | |
| # Remove the challenge TXT record from the zone | |
| if [ -n "${RECORD_ID}" ]; then | |
| curl -s -X DELETE "https://api360.yandex.net/directory/v1/org/$ORG_ID/domains/$DOMAIN/dns/$RECORD_ID" \ | |
| -H "Authorization: OAuth $YANDEX_TOKEN" | |
| fi |
Author
Author
YANDEX_TOKEN — https://yandex.com/dev/id/doc/ru/register-client
ORG_ID — https://admin.yandex.ru
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Example of usage:
certbot certonly --manual --preferred-challenges=dns \ --manual-auth-hook /web/certbot_scripts/authenticator.sh \ --manual-cleanup-hook /web/certbot_scripts/cleanup.sh \ -d example.com && service nginx reload