2 ################################################################################
4 # File: certbot_authentication.sh
6 # Description: Perform domain validation by creating a TXT record on the domain
7 # from certbot. This script is designed to work with
8 # Dreamhost.com's API and certbot running on Ubuntu 20.04. Note
9 # that it has not been extended to handle multiple domains.
11 # Domain validation is the process of validating you have control
12 # over a domain. Services like Let's Encrypt can then issue you
13 # domain validated TLS certificates for use to secure websites.
15 # See also: https://help.dreamhost.com/hc/en-us/articles/217555707-DNS-API-commands
17 # Crontab: 0 0 20/3 * * certbot renew
19 # Note: If you symlink /etc/letsencrypt/renewal-hooks/{pre|post|deploy}
20 # to the proper scripts then all you need is certbox renew. Also
21 # if certbot doesn't think it's time to renew certs you can force it
22 # with --force-renewal
24 # Author: Andrew@DeFaria.com
25 # Created: Fri 04 Jun 2021 11:20:16 PDT
26 # Modified: Mon Oct 24 11:53:38 AM PDT 2022
29 # (c) Copyright 2021, ClearSCM, Inc., all rights reserved
31 ################################################################################
32 logfile="/tmp/$(basename $0).log"
41 # The following are environment variables that certbot passes to us
43 # CERTBOT_DOMAIN: Domain being authenticated.
44 # CERTBOT_VALIDATION: Validation string for domain.
46 # Check that CERTBOT_DOMAIN and CERTBOT_VALIDATION have been passed in properly:
47 if [ -z "$CERTBOT_DOMAIN"]; then
48 log "CERTBOT_DOMAIN not passed in!"
51 log "CERTBOT_DOMAIN = $CERTBOT_DOMAIN"
54 if [ -z "$CERTBOT_VALIDATION"]; then
55 log "CERTBOT_VALIDATION not passed in!"
58 log "CERTBOT_VALIDATION = $CERTBOT_VALIDATION"
61 # My DNS registar is Dreamhost. These variables are specific to their DNS API.
62 # Yours will probably be different.
64 # Dreamhost key - generate at https://panel.dreamhost.com/?tree=home.api
67 # URL where the REST endpoint is
68 url="https://api.dreamhost.com/?key=$key"
70 # Add a TXT record to domain
72 log "Adding TXT record $CERTBOT_DOMAIN = $CERTBOT_VALIDATION"
73 cmd="$url&unique_id=$(uuidgen)&cmd=dns-add_record&record=_acme-challenge.$CERTBOT_DOMAIN&type=TXT&value=$CERTBOT_VALIDATION"
77 response=$(wget -O- -q "$cmd")
79 log "Response = $response"
82 # Verifies that the TXT record has propogated.
83 function verifyPropagation {
84 log "Enter verifyPropagation"
86 # We will try 20 times waiting 1 minutes in between
88 time_between_attempts=60
90 # Obviously it's not propagated immediately so first wait
92 while [ $attempt -lt $max_attempts ]; do
93 log "Waiting $time_between_attempts seconds for TXT record $CERTBOT_DOMAIN to propagate..."
94 sleep $time_between_attempts
97 log "Attempt #$attempt: Validating of propagation of TXT record $CERTBOT_DOMAIN"
98 TXT=$(nslookup -type=TXT _acme-challenge.$CERTBOT_DOMAIN | grep -vi "can't find" | grep $CERTBOT_DOMAIN)
100 if [ -n "$TXT" ]; then
101 log "TXT record _acme-challenge.$CERTBOT_DOMAIN propagated"
104 log "TXT record _acme-challenge.$CERTBOT_DOMAIN not propagated yet"
108 log "ERROR: Unable to validate propagation"
110 } # verifyPropagation
115 # If we get here then new certs are produced but need to be made available
116 # for importation to the Synology. $certdir is a directory that is on the
117 # Synology mounted via NFS.
118 certdir=/System/Data/Certificates
121 cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/privkey.pem $certdir && chmod 444 $certdir/privkey.pem
122 cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/cert.pem $certdir && chmod 444 $certdir/cert.pem
123 cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/chain.pem $certdir && chmod 444 $certdir/chain.pem
124 cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/fullchain.pem $certdir && chmod 444 $certdir/fullchain.pem
projects / clearscm.git / blob