certbot(role): support DNS-01 certs using acme-dns

Introduce new configuration structure called certbot__certs, which allows for different challenge types per cert with the first challenge type supported being dns-01-acme-dns.
2026-03-31 16:48:00 +02:00 · 2026-03-31 16:48:00 +02:00 · 8bf6dfbefb
commit 8bf6dfbefb
parent 21f51ea2d7
9 changed files with 188 additions and 18 deletions
--- a/roles/certbot/files/manual_auth_scripts/dns-01-acme-dns.sh
+++ b/roles/certbot/files/manual_auth_scripts/dns-01-acme-dns.sh
@ -0,0 +1,14 @@
+# #!/usr/bin/env bash
+
+CERT_CONFIG_FILE="/etc/ansible_certbot/cert_configs/$CERTBOT_DOMAIN.json"
+ACME_DNS_SERVER_URL=$( jq -er '.dns_01_acme_dns.serverUrl' "$CERT_CONFIG_FILE" )
+export ACME_DNS_SUBDOMAIN=$( jq -er '.dns_01_acme_dns.subdomain' "$CERT_CONFIG_FILE" )
+ACME_DNS_API_USER=$( jq -er '.dns_01_acme_dns.apiUser' "$CERT_CONFIG_FILE" )
+ACME_DNS_API_KEY=$( jq -er '.dns_01_acme_dns.apiKey' "$CERT_CONFIG_FILE" )
+
+jq -nec '{ "subdomain": env.ACME_DNS_SUBDOMAIN, "txt": env.CERTBOT_VALIDATION }' | curl "$ACME_DNS_SERVER_URL/update" \
+    --request POST \
+    --fail-with-body \
+    --header "X-Api-User: $ACME_DNS_API_USER" \
+    --header "X-Api-Key: $ACME_DNS_API_KEY" \
+    --json @-