-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathauthenticator_godaddy.sh
executable file
·182 lines (157 loc) · 4.18 KB
/
authenticator_godaddy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
#!/bin/bash
# Uncomment this lines only to test this script manually
#CERTBOT_DOMAIN="subdomain.domain.xyz"
#CERTBOT_VALIDATION="test_value"
DEFAULT_CERTBOT_VALIDATION="default_value"
LOG_DIR="/tmp"
LOG_FILE="$LOG_DIR/authenticator.$CERTBOT_DOMAIN.log"
SECRET_FILE="/etc/letsencrypt/.secrets"
# Get your API key from https://developer.godaddy.com
API_KEY="your_api_key_here"
API_SECRET="your_api_secret_here"
# DNS entry propagation parameters
# Delay between the DNS record update and the first dig request (in seconds)
DELAY_AFTER_DNS_RECORD_UPDATE=30
# Time interval between each dig request (in seconds)
DIG_TIME_INTERVAL=15
# Number of retries of dig request before ending in a failure
DIG_NB_RETRIES=25
# Init variables
DOMAIN=""
SUBDOMAIN=""
# Create an empty file if it doesn't exist
if [ -f ${LOG_FILE} ]
then
touch ${LOG_FILE}
fi
function log {
DATE=$(date)
echo "$DATE: $1" >> $LOG_FILE
}
log "[BEGIN]"
# Log SECRET_FILE path to debug
#log "SECRET_FILE $SECRET_FILE"
# Load secrets from an external file
if [ -f ${SECRET_FILE} ]
then
# Identical to "source ${SECRET_FILE}"
. ${SECRET_FILE}
log "SECRET_FILE FOUND : EXTERNAL API KEY USED"
else
log "SECRET_FILE NOT FOUND : INTERNAL API KEY USED"
fi
# Detection of root domain or subdomain
if [ "$(uname -s)" == "Darwin" ]
then
DOMAIN=$(expr "$CERTBOT_DOMAIN" : '.*\.\(.*\..*\)')
if [[ ! -z "${DOMAIN// }" ]]
then
log "SUBDOMAIN DETECTED"
SUBDOMAIN=$(echo "$CERTBOT_DOMAIN" | awk -F"." '{print $1}')
else
DOMAIN=$CERTBOT_DOMAIN
fi
else
DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)')
if [[ ! -z "${DOMAIN// }" ]]
then
log "SUBDOMAIN DETECTED"
SUBDOMAIN=$(echo "$CERTBOT_DOMAIN" | sed "s/.$DOMAIN//")
else
DOMAIN=$CERTBOT_DOMAIN
fi
fi
log "DOMAIN $DOMAIN"
log "SUBDOMAIN $SUBDOMAIN"
# Update TXT record
RECORD_TYPE="TXT"
# Get root name server of $DOMAIN
ROOT_NS=$(dig +short $DOMAIN ns)
if [ $? -ne 0 ]
then
log "ROOT NS DIG COMMAND HAS FAILED"
log "[END]"
exit 1
elif [ -z "$ROOT_NS" ]
then
log "ROOT_NS NOT FOUND"
log "[END]"
exit 1
else
ROOT_NS=$(echo "$ROOT_NS" | tail -1)
fi
log "ROOT_NS ${ROOT_NS}"
if [[ ! -z "${SUBDOMAIN// }" ]]
then
RECORD_NAME="_acme-challenge.$SUBDOMAIN"
NS=$(dig +short $SUBDOMAIN.$DOMAIN ns)
if [ $? -ne 0 ]
then
log "SUBDOMAIN NS DIG COMMAND HAS FAILED"
log "[END]"
exit 1
elif [ -z "$NS" ]
then
log "NO SUBDOMAIN NS FOUND FOR $SUBDOMAIN"
log "USING ROOT_NS BY DEFAULT"
NS=${ROOT_NS}
else
NS=$(echo "$NS" | tail -1)
fi
else
RECORD_NAME="_acme-challenge"
NS=${ROOT_NS}
fi
log "NS ${NS}"
log "RECORD_NAME $RECORD_NAME"
log "CERTBOT_VALIDATION $CERTBOT_VALIDATION"
log "CERTBOT_DOMAIN $CERTBOT_DOMAIN"
if [ -z $CERTBOT_VALIDATION ]
then
log "CERTBOT_VALIDATION is unset"
eval CERTBOT_VALIDATION=$DEFAULT_CERTBOT_VALIDATION
log "CERTBOT_VALIDATION has been set to $CERTBOT_VALIDATION"
else
log "CERTBOT_VALIDATION is set to '$CERTBOT_VALIDATION'"
fi
# Update the previous record
IS_NONE=$(dig +short @$NS $RECORD_NAME.$DOMAIN txt | grep -e "none")
if [ $? -eq 0 ]
then
# Replace the previous record
RESPONSE_CODE=$(curl -s -X PUT -w %{http_code} \
-H "Authorization: sso-key $API_KEY:$API_SECRET" \
-H "Content-Type: application/json" \
-d "[{\"data\": \"$CERTBOT_VALIDATION\", \"ttl\": 600}]" \
"https://api.godaddy.com/v1/domains/$DOMAIN/records/$RECORD_TYPE/$RECORD_NAME")
else
# add to the existing record (for wildcard / SAN certificates)
RESPONSE_CODE=$(curl -s --request PATCH -w %{http_code} \
-H "Authorization: sso-key $API_KEY:$API_SECRET" \
-H "Content-Type: application/json" \
-d "[{\"data\": \"$CERTBOT_VALIDATION\", \"name\": \"$RECORD_NAME\", \"type\": \"$RECORD_TYPE\", \"ttl\": 600}]" \
"https://api.godaddy.com/v1/domains/$DOMAIN/records")
fi
if [ "$RESPONSE_CODE" == "200" ]
then
log "OK"
sleep $DELAY_AFTER_DNS_RECORD_UPDATE
I=0
while [ $I -le $DIG_NB_RETRIES ]
do
sleep $DIG_TIME_INTERVAL
R=$(dig +short @$NS $RECORD_NAME.$DOMAIN txt | grep -e "$CERTBOT_VALIDATION")
if [ $? -eq 0 ]
then
log "TEST $I > TOKEN FOUND"
break
else
log "TEST $I > TOKEN NOT FOUND"
let I++
fi
done
else
log "KO"
log $RESPONSE_CODE
fi
log "[END]"