#!/bin/bash # certbot-hook-quovadis.sh # INSTALL: # mkdir mkdir /etc/letsencrypt/ucc-hooks # cp certbot-hook-quovadis.sh /etc/letsencrypt/ucc-hooks # CONFIG: # Create a config file config.sh in the same directory as the script # containing # QV_API_KEY= # UCC_USERNAME= # USAGE: # Script runs as a manual auth hook with certbot # Example command line is: # certbot certonly --server https://acme-v02.api.letsencrypt.org/directory \ # --manual \ # --preferred-challenges=dns # --manual-auth-hook /etc/letsencrypt/ucc-hooks/certbot-hook-quovadis.sh \ # -d .ucc.asn.au SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )" SOURCE="$(readlink "$SOURCE")" # if $SOURCE was a relative symlink, we need to resolve it relative # to the path where the symlink file was located [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" done DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )" if [ -f "$DIR/config.sh" ]; then source $DIR/config.sh else echo "config.sh not found in same directory as script" fi # Strip only the top domain to get the zone id DOMAIN=$(expr match "$CERTBOT_DOMAIN" '\(.*\)\.ucc\..*') BASE_API="${BASE_API:-https://quovadis.ucc.asn.au/quovadis}" # Create TXT record RECORD_ID=$(curl -s -X POST "$BASE_API/update-challenge" \ -d "username=$UCC_USERNAME" \ -d "api_key=$QV_API_KEY" \ -d "challenge=$DOMAIN" \ -d "value=$CERTBOT_VALIDATION") # Sleep to make sure the change has time to propagate over to DNS sleep 25