blob: 6bb618ca70b98eb57aa9b7ded78fcf90efd4c94d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
#!/bin/sh
set -e
HOOK="$(basename "${0}")"
HOOK_ACTION="$(echo "${HOOK}" | awk -F. '{ print $1 }')"
# set nsupdate action
case "${HOOK}" in
clean_challenge.*)
HOOK_ACTION="delete"
;;
deploy_challenge.*)
HOOK_ACTION="add"
;;
*)
echo "'${HOOK}': no such hook action '${HOOK_ACTION}'" >&2
echo "'${HOOK}': use 'clean_challenge.' or 'deploy_challenge.' as prefix in your symlink" >&2
exit 1
;;
esac
# alternatives handling for dig
if command -v kdig > /dev/null 2>&1
then
# knot-dnsutils
DIG="kdig"
elif command -v dig > /dev/null 2>&1
then
# bind-dnsutils
DIG="dig"
else
echo "'${HOOK}': need dig from bind-dnsutils or knot-dnsutils" >&2
exit 1
fi
# alternatives handling for nsupdate
if command -v knsupdate > /dev/null 2>&1
then
# knot-dnsutils
NSUPDATE="knsupdate"
elif command -v nsupdate > /dev/null 2>&1
then
# bind-dnsutils
NSUPDATE="nsupdate"
else
echo "'${HOOK}': need nsupdate from bind-dnsutils or knot-dnsutils" >&2
exit 1
fi
# config
for FILE in /etc/default/dehydrated-nsupdate /etc/default/dehydrated-nsupdate.d/*
do
if [ -e "${FILE}" ]
then
. "${FILE}"
fi
done
# find txt record to update
CNAME="$(${DIG} "_acme-challenge.${DOMAIN}" 2>&1 | awk '/CNAME/ { print $5 }' | tail -n1)"
if [ -n "${CNAME}" ]
then
TXT_RECORD="${CNAME}"
else
TXT_RECORD="_acme-challenge.${DOMAIN}"
fi
# find nameservers to update
ZONE="${TXT_RECORD}"
while true
do
NAMESERVERS="$(${DIG} NS "${ZONE}" 2>&1 | awk '/NS/ { print $5 }' | tail -n1)"
if [ -n "${NAMESERVERS}" ]
then
break
else
ZONE="$(echo "${ZONE}" | cut -d '.' -f 2-)"
fi
done
NAMESERVERS="$(${DIG} +short NS "${ZONE}")"
# update nameservers
for NAMESERVER in ${NAMESERVERS}
do
echo -n " + Adding TXT record (${TXT_RECORD})..."
echo "server ${NAMESERVER}
zone ${ZONE}
ttl 0
update ${HOOK_ACTION} ${TXT_RECORD} 0 TXT ${TOKEN_VALUE}
send" | "${NSUPDATE}"
echo " done."
done
|