certbot(role): support DNS-01 certs using acme-dns
All checks were successful
/ Ansible Lint (push) Successful in 3m36s
All checks were successful
/ Ansible Lint (push) Successful in 3m36s
Introduce new configuration structure called certbot__certs, which allows for different challenge types per cert with the first challenge type supported being dns-01-acme-dns.
This commit is contained in:
parent
21f51ea2d7
commit
8bf6dfbefb
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
9 changed files with 188 additions and 18 deletions
14
roles/certbot/files/manual_auth_scripts/dns-01-acme-dns.sh
Normal file
14
roles/certbot/files/manual_auth_scripts/dns-01-acme-dns.sh
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
# #!/usr/bin/env bash
|
||||
|
||||
CERT_CONFIG_FILE="/etc/ansible_certbot/cert_configs/$CERTBOT_DOMAIN.json"
|
||||
ACME_DNS_SERVER_URL=$( jq -er '.dns_01_acme_dns.serverUrl' "$CERT_CONFIG_FILE" )
|
||||
export ACME_DNS_SUBDOMAIN=$( jq -er '.dns_01_acme_dns.subdomain' "$CERT_CONFIG_FILE" )
|
||||
ACME_DNS_API_USER=$( jq -er '.dns_01_acme_dns.apiUser' "$CERT_CONFIG_FILE" )
|
||||
ACME_DNS_API_KEY=$( jq -er '.dns_01_acme_dns.apiKey' "$CERT_CONFIG_FILE" )
|
||||
|
||||
jq -nec '{ "subdomain": env.ACME_DNS_SUBDOMAIN, "txt": env.CERTBOT_VALIDATION }' | curl "$ACME_DNS_SERVER_URL/update" \
|
||||
--request POST \
|
||||
--fail-with-body \
|
||||
--header "X-Api-User: $ACME_DNS_API_USER" \
|
||||
--header "X-Api-Key: $ACME_DNS_API_KEY" \
|
||||
--json @-
|
||||
Loading…
Add table
Add a link
Reference in a new issue