Created
November 1, 2022 07:30
-
-
Save yuswitayudi/2f2b3927a14c35fc84059167a9778b60 to your computer and use it in GitHub Desktop.
generate ssl with certbot acme-challanges DNS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get your API key from https://www.cloudflare.com/a/account/my-account | |
| API_KEY="your-api-key" | |
| EMAIL="[email protected]" | |
| # Strip only the top domain to get the zone id | |
| DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)') | |
| # Get the Cloudflare zone id | |
| ZONE_EXTRA_PARAMS="status=active&page=1&per_page=20&order=status&direction=desc&match=all" | |
| ZONE_ID=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DOMAIN&$ZONE_EXTRA_PARAMS" \ | |
| -H "X-Auth-Email: $EMAIL" \ | |
| -H "X-Auth-Key: $API_KEY" \ | |
| -H "Content-Type: application/json" | python -c "import sys,json;print(json.load(sys.stdin)['result'][0]['id'])") | |
| # Create TXT record | |
| CREATE_DOMAIN="_acme-challenge.$CERTBOT_DOMAIN" | |
| RECORD_ID=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \ | |
| -H "X-Auth-Email: $EMAIL" \ | |
| -H "X-Auth-Key: $API_KEY" \ | |
| -H "Content-Type: application/json" \ | |
| --data '{"type":"TXT","name":"'"$CREATE_DOMAIN"'","content":"'"$CERTBOT_VALIDATION"'","ttl":120}' \ | |
| | python -c "import sys,json;print(json.load(sys.stdin)['result']['id'])") | |
| # Save info for cleanup | |
| if [ ! -d /tmp/CERTBOT_$CERTBOT_DOMAIN ];then | |
| mkdir -m 0700 /tmp/CERTBOT_$CERTBOT_DOMAIN | |
| fi | |
| echo $ZONE_ID > /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_ID | |
| echo $RECORD_ID > /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID | |
| # Sleep to make sure the change has time to propagate over to DNS | |
| sleep 25 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get your API key from https://www.cloudflare.com/a/account/my-account | |
| API_KEY="your-api-key" | |
| EMAIL="[email protected]" | |
| if [ -f /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_ID ]; then | |
| ZONE_ID=$(cat /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_ID) | |
| rm -f /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_ID | |
| fi | |
| if [ -f /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID ]; then | |
| RECORD_ID=$(cat /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID) | |
| rm -f /tmp/CERTBOT_$CERTBOT_DOMAIN/RECORD_ID | |
| fi | |
| # Remove the challenge TXT record from the zone | |
| if [ -n "${ZONE_ID}" ]; then | |
| if [ -n "${RECORD_ID}" ]; then | |
| curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" \ | |
| -H "X-Auth-Email: $EMAIL" \ | |
| -H "X-Auth-Key: $API_KEY" \ | |
| -H "Content-Type: application/json" | |
| fi | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment