starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-23 16:58:28 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Destroyed Example of DNS 01 via GoDaddy API (markdown)

Yashar Fakhari
2019-12-01 12:41:06 -08:00
parent 19c4ceb719
commit a7adb7fdc9
1 changed files with 0 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
Example-of-DNS-01-via-GoDaddy-API.md

@@ -1,103 +0,0 @@
## Basic
#!/usr/bin/env bash
#
# dns-01 challenge through GoDaddy API.
# https://developer.godaddy.com/doc#!/_v1_domains
#
set -e
set -u
set -o pipefail
domain="<domain>"
apikey="<apikey>"
secret="<secret>"
case "$1" in
"deploy_challenge")
curl -X PUT https://api.godaddy.com/v1/domains/$domain/records/TXT -H "Authorization: sso-key $apikey:$secret" -H "Content-Type: application/json" -d "[{\"name\": \"_acme-challenge.${2}\", \"ttl\": 600, \"data\": \"${4}\"}]"
;;
"clean_challenge")
curl -X PUT https://api.godaddy.com/v1/domains/$domain/records/TXT -H "Authorization: sso-key $apikey:$secret" -H "Content-Type: application/json" -d "[{\"name\": \"_acme-challenge.${2}\", \"ttl\": 600, \"data\": \"--removed--\"}]"
;;
"deploy_cert")
;;
"unchanged_cert")
;;
*)
echo Unknown hook "${1}"
exit 1
;;
esac
## More Robust
This example requires user interaction to verify that the DNS has propagated (via `nslookup`) before continuing.
And the DNS updates don't wipe out other existing TXT records (see https://github.com/lukas2511/dehydrated/issues/430).
The `deploy_cert` example is specific to nginx and comes from https://github.com/lukas2511/dehydrated/blob/master/docs/examples/hook.sh
#!/usr/bin/env bash
# Hook script for dns-01 challenge via GoDaddy API
#
# https://developer.godaddy.com/doc#!/_v1_domains
# https://github.com/lukas2511/dehydrated/blob/master/docs/examples/hook.sh
set -e
set -u
set -o pipefail
GODADDY_KEY='example-key'
GODADDY_SECRET='example-secret'
deploy_challenge() {
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
echo -n " - Sending TXT record to GoDaddy _acme-challenge.${DOMAIN}=${TOKEN_VALUE}"
curl -X PUT https://api.godaddy.com/v1/domains/${DOMAIN}/records/TXT/_acme-challenge \
-H "Authorization: sso-key ${GODADDY_KEY}:${GODADDY_SECRET}" \
-H "Content-Type: application/json" \
-d "[{\"name\": \"_acme-challenge\", \"ttl\": 600, \"data\": \"${TOKEN_VALUE}\"}]"
echo
echo " - Waiting for DNS to propagate."
while
sleep 10
nslookup -q=TXT "_acme-challenge.${DOMAIN}"
read -r -p "Does nslookup show the token yet? [y/N] " response
do
case "$response" in
[yY][eE][sS]|[yY])
break;
;;
*)
echo " - Waiting a little longer"
;;
esac
done
}
clean_challenge() {
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
echo -n " - Removing TXT record from GoDaddy _acme-challenge.${DOMAIN}=--removed--"
curl -X PUT https://api.godaddy.com/v1/domains/${DOMAIN}/records/TXT/_acme-challenge \
-H "Authorization: sso-key ${GODADDY_KEY}:${GODADDY_SECRET}" \
-H "Content-Type: application/json" \
-d "[{\"name\": \"_acme-challenge\", \"ttl\": 600, \"data\": \"--removed--\"}]"
echo
}
deploy_cert() {
cp "${KEYFILE}" "${FULLCHAINFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
systemctl reload nginx
}
unchanged_cert() {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
echo "The $DOMAIN certificate is still valid and therefore wasn't reissued."
}
HANDLER="$1"; shift
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert)$ ]]; then
"$HANDLER" "$@"
fi