This repository has been archived by the owner on Jun 13, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
598 additions
and
585 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| /.git/ | ||
| /.gitignore | ||
| /.travis-yml | ||
| /target | ||
| /LICENSE.txt | ||
| /.git/ | ||
| /.gitignore | ||
| /.travis-yml | ||
| /target | ||
| /LICENSE.txt | ||
| /README.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| root = true | ||
|
|
||
| [*] | ||
| charset = utf-8 | ||
| end_of_line = lf | ||
| insert_final_newline = false | ||
| indent_style = tab | ||
| indent_size = 4 | ||
| trim_trailing_whitespace = true | ||
|
|
||
| [*.yml] | ||
| indent_style = space | ||
| indent_size = 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,11 @@ | ||
| FROM ekidd/rust-musl-builder:stable as builder | ||
| COPY . . | ||
| RUN cargo install cargo-deb | ||
| RUN cargo deb --target x86_64-unknown-linux-musl | ||
|
|
||
| FROM certbot/certbot:rolling | ||
| VOLUME /etc/letsencrypt | ||
| COPY --from=builder /home/rust/src/target/x86_64-unknown-linux-musl/release/letsencrypt-inwx /usr/bin/ | ||
| COPY etc/* /usr/lib/letsencrypt-inwx/ | ||
|
|
||
| FROM ekidd/rust-musl-builder:stable as builder | ||
| COPY . . | ||
| RUN cargo install cargo-deb | ||
| RUN cargo deb --target x86_64-unknown-linux-musl | ||
|
|
||
| FROM certbot/certbot:rolling | ||
| VOLUME /etc/letsencrypt | ||
| COPY --from=builder /home/rust/src/target/x86_64-unknown-linux-musl/release/letsencrypt-inwx /usr/bin/ | ||
| COPY etc/* /usr/lib/letsencrypt-inwx/ | ||
|
|
||
| ENTRYPOINT ["/bin/sh", "/usr/lib/letsencrypt-inwx/docker-entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,21 @@ | ||
| MIT License | ||
| Copyright (c) 2018 Matthias Herzog | ||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||
| of this software and associated documentation files (the "Software"), to deal | ||
| in the Software without restriction, including without limitation the rights | ||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
| copies of the Software, and to permit persons to whom the Software is | ||
| furnished to do so, subject to the following conditions: | ||
| The above copyright notice and this permission notice shall be included in all | ||
| copies or substantial portions of the Software. | ||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
| MIT License | ||
|
|
||
| Copyright (c) 2018 Matthias Herzog | ||
|
|
||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||
| of this software and associated documentation files (the "Software"), to deal | ||
| in the Software without restriction, including without limitation the rights | ||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
| copies of the Software, and to permit persons to whom the Software is | ||
| furnished to do so, subject to the following conditions: | ||
|
|
||
| The above copyright notice and this permission notice shall be included in all | ||
| copies or substantial portions of the Software. | ||
|
|
||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
| SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,50 +1,50 @@ | ||
| # letsencrypt-inwx [](https://travis-ci.org/kegato/letsencrypt-inwx) [](https://hub.docker.com/r/kegato/letsencrypt-inwx/) [](https://crates.io/crates/letsencrypt-inwx) | ||
|
|
||
| A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx. This allows you to obtain wildcard certificates from letsencrypt. | ||
|
|
||
| ## Installation | ||
| ### Ubuntu / Debian | ||
| - Build the .deb package or download it from [releases](https://github.com/kegato/letsencrypt-inwx/releases/latest) and install it with `sudo dpkg -i <path_to_the_deb_file>` | ||
|
|
||
| ### Other linux | ||
| - Build the executable or download it from [releases](https://github.com/kegato/letsencrypt-inwx/releases/latest) and copy it to `/usr/bin/` | ||
| - Copy both certbot scripts from `./etc/` to `/usr/lib/letsencrypt-inwx/` | ||
|
|
||
| ### With cargo | ||
| - Run `cargo install letsencrypt-inwx` | ||
|
|
||
| ## Usage | ||
| ### With certbot | ||
| - Put your inwx login data seperated by a newline into `/etc/letsencrypt-inwx-cred` | ||
| - Make sure the file is only readable for root `sudo chmod 600 /etc/letsencrypt-inwx-cred` | ||
| - You can now get certificates from [certbot](https://certbot.eff.org/) by running `sudo certbot certonly -n --agree-tos --email <your_email> --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>` | ||
|
|
||
| #### Notes | ||
| - You need atleast certbot 0.22.0 to issue wildcard certificates. | ||
| - You can put your inwx login data into `~/.config/letsencrypt-inwx-cred` if you want to run certbot as non-root user | ||
|
|
||
| ### With Docker and certbot | ||
| - Put your inwx login data into a docker env file like this | ||
| ```sh | ||
| INWX_USER=username | ||
| INWX_PASSWD=password | ||
| ``` | ||
| - Generate your certificate by running `docker run --rm -it --env-file <your-env-file> -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx certonly --email <your_email> --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>` | ||
| - Your certificate is now at `/etc/letsencrypt/live/<your_domain>/` | ||
| - You can renew your certificate by running `docker run --rm -it --env-file <your-env-file> -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx renew` | ||
|
|
||
| ### Manually | ||
| - Put your inwx login data seperated by a newline into a file | ||
| - Create a txt record with `letsencrypt-inwx create -c <credential_file> -d _acme-challenge.your-domain.com -v <acme_token>` | ||
| - Delete it with `letsencrypt-inwx delete -c <credential_file> -d _acme-challenge.your-domain.com` | ||
|
|
||
| ## Building | ||
| ### Requirements | ||
| `libssl-dev` and `pkg-config` are required when building on Ubuntu / Debian see [here](https://github.com/sfackler/rust-openssl). | ||
|
|
||
| ### .deb package | ||
| - Install [cargo-deb](https://github.com/mmstick/cargo-deb) by running `cargo install cargo-deb` | ||
| - Run `cargo deb` to build the package | ||
|
|
||
| ### only the executable | ||
| # letsencrypt-inwx [](https://travis-ci.org/kegato/letsencrypt-inwx) [](https://hub.docker.com/r/kegato/letsencrypt-inwx/) [](https://crates.io/crates/letsencrypt-inwx) | ||
|
|
||
| A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx. This allows you to obtain wildcard certificates from letsencrypt. | ||
|
|
||
| ## Installation | ||
| ### Ubuntu / Debian | ||
| - Build the .deb package or download it from [releases](https://github.com/kegato/letsencrypt-inwx/releases/latest) and install it with `sudo dpkg -i <path_to_the_deb_file>` | ||
|
|
||
| ### Other linux | ||
| - Build the executable or download it from [releases](https://github.com/kegato/letsencrypt-inwx/releases/latest) and copy it to `/usr/bin/` | ||
| - Copy both certbot scripts from `./etc/` to `/usr/lib/letsencrypt-inwx/` | ||
|
|
||
| ### With cargo | ||
| - Run `cargo install letsencrypt-inwx` | ||
|
|
||
| ## Usage | ||
| ### With certbot | ||
| - Put your inwx login data seperated by a newline into `/etc/letsencrypt-inwx-cred` | ||
| - Make sure the file is only readable for root `sudo chmod 600 /etc/letsencrypt-inwx-cred` | ||
| - You can now get certificates from [certbot](https://certbot.eff.org/) by running `sudo certbot certonly -n --agree-tos --email <your_email> --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>` | ||
|
|
||
| #### Notes | ||
| - You need atleast certbot 0.22.0 to issue wildcard certificates. | ||
| - You can put your inwx login data into `~/.config/letsencrypt-inwx-cred` if you want to run certbot as non-root user | ||
|
|
||
| ### With Docker and certbot | ||
| - Put your inwx login data into a docker env file like this | ||
| ```sh | ||
| INWX_USER=username | ||
| INWX_PASSWD=password | ||
| ``` | ||
| - Generate your certificate by running `docker run --rm -it --env-file <your-env-file> -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx certonly --email <your_email> --preferred-challenges=dns-01 --manual --manual-auth-hook /usr/lib/letsencrypt-inwx/certbot-inwx-auth --manual-cleanup-hook /usr/lib/letsencrypt-inwx/certbot-inwx-cleanup --manual-public-ip-logging-ok -d <your_domain>` | ||
| - Your certificate is now at `/etc/letsencrypt/live/<your_domain>/` | ||
| - You can renew your certificate by running `docker run --rm -it --env-file <your-env-file> -v /etc/letsencrypt:/etc/letsencrypt kegato/letsencrypt-inwx renew` | ||
|
|
||
| ### Manually | ||
| - Put your inwx login data seperated by a newline into a file | ||
| - Create a txt record with `letsencrypt-inwx create -c <credential_file> -d _acme-challenge.your-domain.com -v <acme_token>` | ||
| - Delete it with `letsencrypt-inwx delete -c <credential_file> -d _acme-challenge.your-domain.com` | ||
|
|
||
| ## Building | ||
| ### Requirements | ||
| `libssl-dev` and `pkg-config` are required when building on Ubuntu / Debian see [here](https://github.com/sfackler/rust-openssl). | ||
|
|
||
| ### .deb package | ||
| - Install [cargo-deb](https://github.com/mmstick/cargo-deb) by running `cargo install cargo-deb` | ||
| - Run `cargo deb` to build the package | ||
|
|
||
| ### only the executable | ||
| - Run `cargo build --release` to build the `letsencrypt-inwx` executable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,29 +1,29 @@ | ||
| use trust_dns_resolver::config::{ResolverConfig, ResolverOpts}; | ||
| use trust_dns_resolver::Resolver; | ||
|
|
||
| pub fn check_txt_record(domain: &str, value: &str) -> bool { | ||
| let mut opts = ResolverOpts::default(); | ||
| opts.cache_size = 0; | ||
|
|
||
| let resolver = match Resolver::new(ResolverConfig::default(), opts) { | ||
| Ok(resolver) => resolver, | ||
| _ => return false | ||
| }; | ||
|
|
||
| let result = match resolver.txt_lookup(domain) { | ||
| Ok(result) => result, | ||
| _ => return false | ||
| }; | ||
|
|
||
| for record in result.iter() { | ||
| for data in record.txt_data().iter() { | ||
| let data = String::from_utf8_lossy(data); | ||
| if data == value { | ||
| return true; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| false | ||
| use trust_dns_resolver::config::{ResolverConfig, ResolverOpts}; | ||
| use trust_dns_resolver::Resolver; | ||
|
|
||
| pub fn check_txt_record(domain: &str, value: &str) -> bool { | ||
| let mut opts = ResolverOpts::default(); | ||
| opts.cache_size = 0; | ||
|
|
||
| let resolver = match Resolver::new(ResolverConfig::default(), opts) { | ||
| Ok(resolver) => resolver, | ||
| _ => return false | ||
| }; | ||
|
|
||
| let result = match resolver.txt_lookup(domain) { | ||
| Ok(result) => result, | ||
| _ => return false | ||
| }; | ||
|
|
||
| for record in result.iter() { | ||
| for data in record.txt_data().iter() { | ||
| let data = String::from_utf8_lossy(data); | ||
|
|
||
| if data == value { | ||
| return true; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| false | ||
| } |
Oops, something went wrong.