2 ################################################################################
4 # File: certbot_cleanup.sh
6 # Description: Perform cleanup after domain validation by removing the TXT
7 # record on the domain created by certbot_authentication.sh
9 # Domain validation is the process of validating you have control
10 # over a domain. Services like Let's Encrypt can then issue you
11 # domain validated TLS certificates for use to secure websites.
13 # See also: https://help.dreamhost.com/hc/en-us/articles/217555707-DNS-API-commands
15 # Crontab: 0 0 20/3 * * certbot renew
17 # Author: Andrew@DeFaria.com
18 # Created: Fri 04 Jun 2021 11:20:16 PDT
19 # Modified: Mon Oct 24 11:53:38 AM PDT 2022
22 # (c) Copyright 2021, ClearSCM, Inc., all rights reserved
24 ################################################################################
25 logfile="/tmp/$(basename $0).log"
34 # The following are environment variables that certbot passes to us
36 # CERTBOT_DOMAIN: Domain being authenticated.
37 # CERTBOT_VALIDATION: Validation string for domain
39 # Check that CERTBOT_DOMAIN and CERTBOT_VALIDATION have been passed in properly
40 if [ -z "$CERTBOT_DOMAIN"]; then
41 log "CERTBOT_DOMAIN not passed in!"
44 log "CERTBOT_DOMAIN = $CERTBOT_DOMAIN"
47 if [ -z "$CERTBOT_VALIDATION"]; then
48 log "CERTBOT_VALIDATION not passed in!"
51 log "CERTBOT_VALIDATION = $CERTBOT_VALIDATION"
54 # My DNS registar is Dreamhost. These variables are specific to their DNS API.
55 # Yours will probably be different.
57 # Dreamhost key - generate at https://panel.dreamhost.com/?tree=home.api
60 # URL where the REST endpoint is
61 url="https://api.dreamhost.com/?key=$key"
63 # Remove a TXT record. Oddly you must also specify the value.
65 log "Removing TXT record $CERTBOT_DOMAIN = $CERTBOT_VALIDATION"
66 cmd="$url&unique_id=$(uuidgen)&cmd=dns-remove_record&record=_acme-challenge.$CERTBOT_DOMAIN&type=TXT&value=$CERTBOT_VALIDATION"
69 response=$(wget -O- -q "$cmd")
71 log "Response = $response"
76 # Removal is instanteous but propagation will take some time. No need to wait