2 ################################################################################
4 # File: certbot_authentication.sh
6 # Description: Perform domain validation by creating a TXT record on the domain
7 # from certbot. This script is designed to work with
8 # Dreamhost.com's API and certbot running on Ubuntu 20.04. Note
9 # that it has not been extended to handle multiple domains.
11 # Domain validation is the process of validating you have control
12 # over a domain. Services like Let's Encrypt can then issue you
13 # domain validated TLS certificates for use to secure websites.
15 # See also: https://help.dreamhost.com/hc/en-us/articles/217555707-DNS-API-commands
17 # Crontab: 0 0 1 * * certbot renew --manual-auth-hook /path/to/certbot_authentication.sh --manual-cleanup-hook /path/to/certbot_cleanup.sh
19 # Author: Andrew@DeFaria.com
20 # Created: Fri 04 Jun 2021 11:20:16 PDT
24 # (c) Copyright 2021, ClearSCM, Inc., all rights reserved
26 ################################################################################
27 # The following are environment variables that certbot passes to us
29 # CERTBOT_DOMAIN: Domain being authenticated. For example,
30 # _acme-challenge.example.com for a wildcart cert or
31 # _acme-challenge.subdomain.example.com for a subdomain
32 # Note: Pass in $1 for testing or use the default of
34 domain=${1:-CERTBOT_DOMAIN}
36 # CERTBOT_VALIDATION: The validation string. Pass in $2 or use the default of
38 value=${2:-CERTBOT_VALIDATION}
40 # Dreamhost key - generate at https://panel.dreamhost.com/?tree=home.api
43 # URL where the REST endpoint is
44 url="https://api.dreamhost.com/?key=$key"
46 # Add a TXT record to domain
48 echo "Adding TXT record $domain = $value)"
49 cmd="$url&unique_id=$(uuidgen)&cmd=dns-add_record&record=$domain&type=TXT&value=$value"
51 response=$(wget -O- -q "$cmd")
56 # Verifies that the TXT record has propogated. Note that this cannot be
57 # likewise used for removal of the TXT record, which also needs to propagate.
58 # However, we are not concerned with when the removal is propagated, it can
59 # do so on its own time
60 function verifyPropagation {
61 # We will try 4 times waiting 5 minutes in between
63 time_between_attempts=300
65 # Obviously it's not propagated immediately so first wait
67 while [ $attempt -lt 4 ]; do
68 echo "Waiting 5 minutes for TXT record $domain to propagate..."
69 sleep $time_between_attempts
72 echo "Attempt #$attempt: Validating of propagation of TXT record $domain"
73 TXT=$(nslookup -type=TXT $domain | grep -v "can't find" | grep $domain)
75 if [ -n "$TXT" ]; then
76 echo "TXT record $name.$domain propagated"
79 echo "TXT record $name.$domain not propagated yet"
83 echo "ERROR: Unable to validate propagation"