-
-
Save rtplv/143af1028b3ed431a615dd1e4b09a6a8 to your computer and use it in GitHub Desktop.
Certbot + Yandex.DNS (Яндекс Коннект). Manual validation hooks. Analogue https://eff-certbot.readthedocs.io/en/stable/using.html#pre-and-post-validation-hooks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get your TOKEN https://yandex.ru/dev/api360/doc/concepts/access.html | |
| # Need access level for app "directory:manage_dns" | |
| YANDEX_TOKEN="<paste your yandex token>" | |
| ORG_ID="<paste your org id>" | |
| # Strip only the top domain to get the zone id | |
| DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)') | |
| SUBDOMAIN=$(expr match "$CERTBOT_DOMAIN" '\(.*\)\..*\..*') | |
| echo $DOMAIN | |
| echo $SUBDOMAIN | |
| # Create TXT record | |
| CREATE_DOMAIN="_acme-challenge.$SUBDOMAIN" | |
| echo $CREATE_DOMAIN | |
| echo $CERTBOT_VALIDATION | |
| RECORD_ID=$(curl -s -X POST "https://api360.yandex.net/directory/v1/org/$ORG_ID/domains/$DOMAIN/dns" \ | |
| -H "Authorization: OAuth $YANDEX_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| -d "{ | |
| \"type\": \"TXT\", | |
| \"name\": \"$CREATE_DOMAIN\", | |
| \"text\": \"$CERTBOT_VALIDATION\", | |
| \"ttl\": 120 | |
| }" \ | |
| | python -c "import sys,json;print(json.load(sys.stdin)['recordId'])") | |
| # Save info for cleanup | |
| if [ ! -d /tmp/CERTBOT_$CERTBOT_DOMAIN ];then | |
| mkdir -m 0700 /tmp/CERTBOT_$CERTBOT_DOMAIN | |
| fi | |
| echo $RECORD_ID > /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID | |
| # Sleep to make sure the change has time to propagate over to DNS | |
| sleep 300 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get your TOKEN https://yandex.ru/dev/api360/doc/concepts/access.html | |
| # Need access level for app "directory:manage_dns" | |
| YANDEX_TOKEN="<paste your yandex token>" | |
| ORG_ID="<paste your org id>" | |
| if [ -f /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID ]; then | |
| RECORD_ID=$(cat /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID) | |
| rm -f /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID | |
| fi | |
| DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)') | |
| # Remove the challenge TXT record from the zone | |
| if [ -n "${RECORD_ID}" ]; then | |
| curl -s -X DELETE "https://api360.yandex.net/directory/v1/org/$ORG_ID/domains/$DOMAIN/dns/$RECORD_ID" \ | |
| -H "Authorization: OAuth $YANDEX_TOKEN" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment