This repository has been archived by the owner on Dec 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcertbot-auth-hook.sh
executable file
·77 lines (64 loc) · 3.47 KB
/
certbot-auth-hook.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/bin/bash
## Reference: https://www.namecheap.com/support/api/methods/domains-dns/set-hosts.aspx
## Inspiration: https://github.com/seansch/letsencrypt_namecheap_dns_api_hook/blob/master/namecheap_dns_api_hook.sh
DNS_TIMEOUT=${DNS_TIMEOUT:-150}
REQ="/tmp/${CERTBOT_DOMAIN}.original.request"
TTY=$(/usr/bin/tty)
# Get the current DNS entries, process them and add them again, because the sad api from namecheap will overwrite everything
curl -s "http://api.namecheap.com/xml.response?apiuser=${API_USER}&apikey=${API_KEY}&username=${API_USER}&Command=namecheap.domains.dns.getHosts&ClientIp=`curl -s ipinfo.io/ip`&SLD=${CERTBOT_DOMAIN%%.*}&TLD=${CERTBOT_DOMAIN##*.}" > ${REQ}.xml
if [[ $? -ne 0 ]]; then
echo "[ERROR] curl namecheap api failed!" > $TTY
exit 1
fi
# Parse the incoming XML and prepare the parameters
XPATH='//ApiResponse/CommandResponse/DomainDNSGetHostsResult/host'
INCR=5
POST_DATA=`sed -E 's/(xmlns|xsi:.*)=\".*\"//g' < ${REQ}.xml | \
xmlstarlet sel -T -t -m "$XPATH" -v '
concat("HostName",position()+'$INCR',"=",@Name,"&",
"RecordType",position()+'$INCR',"=",@Type,"&",
"Address",position()+'$INCR',"=",@Address,"&",
"MXPref",position()+'$INCR',"=",@MXPref,"&",
"TTL",position()+'$INCR',"=",@TTL,"&"
)' -`
# Save current parameters to a temp file, to be called by the cleanup hook script
echo "$POST_DATA" > $REQ
if [[ `wc -c < $REQ` -lt 2 ]]; then
echo "[ERROR] emtpy response from namecheap API, perhaps failed?!" > $TTY
echo "Response: `cat ${REQ}.xml`" > $TTY
exit 2
fi
# Add the new parameters in front, not sure which one of them work... what the heck are you doing, namecheap?
# TODO remove the useless entries, leave only relevant, but for now it just works like that, cannot afford to make all permutations test, maybe someone?
INCR=1
POST_DATA="HostName$INCR=@&RecordType$INCR=TXT&Address$INCR=_acme-challenge.${CERTBOT_DOMAIN}=${CERTBOT_VALIDATION}&TTL$INCR=60&${POST_DATA}"
INCR=2
POST_DATA="HostName$INCR=@&RecordType$INCR=TXT&Address$INCR=_acme-challenge=${CERTBOT_VALIDATION}&TTL$INCR=60&${POST_DATA}"
INCR=3
POST_DATA="HostName$INCR=_acme-challenge.${CERTBOT_DOMAIN}&RecordType$INCR=TXT&Address$INCR=${CERTBOT_VALIDATION}&TTL$INCR=60&${POST_DATA}"
INCR=4
POST_DATA="HostName$INCR=_acme-challenge&RecordType$INCR=TXT&Address$INCR=${CERTBOT_VALIDATION}&TTL$INCR=60&${POST_DATA}"
echo "Request data: [$POST_DATA]" > $TTY
# Call the namecheap cheap API
curl -s "http://api.namecheap.com/xml.response?apiuser=${API_USER}&apikey=${API_KEY}&username=${API_USER}&Command=namecheap.domains.dns.setHosts&ClientIp=`curl -s ipinfo.io/ip`&SLD=${CERTBOT_DOMAIN%%.*}&TLD=${CERTBOT_DOMAIN##*.}" \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "$POST_DATA"
if [[ $? -ne 0 ]]; then
echo "[ERROR] curl namecheap api failed!" > $TTY
exit 3
fi
# No need to check for the XML output from namecheap, since the overall validation will fail if there is an error returned
# Wait for DNS updates to be provisioned (check at $WAITING second intervals)
timer=0
WAITING=15
until dig @8.8.8.8 txt ${CERTBOT_DOMAIN} | grep "${CERTBOT_VALIDATION}" 2>&1 > /dev/null; do
if [[ $timer -ge $DNS_TIMEOUT ]]; then
break
else
echo " + DNS not propagated. Waiting ${WAITING}s for record creation and replication... Total time elapsed has been $timer out of $DNS_TIMEOUT seconds." > $TTY
((timer+=$WAITING))
sleep $WAITING
fi
done
# Sleep to allow DNS propagation
#sleep ${DNS_TIMEOUT}