blob: 9b26bd32e3e4bacafb181a6d2b6c91b849ed857c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#! /bin/sh
# This source code is released into the public domain.
. /usr/local/share/lfacme/init.sh
. /usr/local/share/lfacme/dnsutils.sh
# begin, done or failed
ACTION=$1
# ACME method, must be dns-01.
METHOD=$2
# This is the full domain name we're authorising.
DOMAIN=$3
# Token name, not used for dns-01.
TOKEN=$4
# The token value we need to create.
AUTH=$5
if [ "$#" -ne 5 ]; then
_fatal "missing arguments"
fi
if [ "$METHOD" != "dns-01" ]; then
exit 1
fi
if [ -z "$ACME_DNS_KEYFILE" ]; then
_fatal "ACME_DNS_KEYFILE not configured"
fi
# Add a new record using nsupdate.
_add_record() {
local domain="$1"
local auth="$2"
nsupdate -k "$ACME_DNS_KEYFILE" <<EOF
update add _acme-challenge.${DOMAIN}. 300 IN TXT "${AUTH}"
send
EOF
return $?
}
# Remove an existing record using nsupdate.
_remove_record() {
local domain="$1"
local auth="$2"
nsupdate -k "$ACME_DNS_KEYFILE" <<EOF
update delete _acme-challenge.${DOMAIN}. 300 IN TXT "${AUTH}"
send
EOF
return $?
}
case "$ACTION" in
begin)
if ! _add_record "$DOMAIN" "$AUTH"; then
_fatal "failed to add the DNS record for %s" "$DOMAIN"
exit 1
fi
if ! lfacme_dns_wait_for_record "$DOMAIN" "$AUTH"; then
_fatal "timed out waiting for the DNS record for '%s' to be published" \
"$DOMAIN"
exit 1
fi
exit 0
;;
done|failed)
_remove_record "$DOMAIN" "$AUTH"
exit $?
;;
*)
_fatal "unknown action: %s" "$ACTION"
;;
esac
|
