jeansergegagnon / zoneedit_letsencrypt Goto Github PK
View Code? Open in Web Editor NEWScripts to enable automated ssl certificate update dns-01 challenge with Linux, Zoneedit and Letsencrypt
Scripts to enable automated ssl certificate update dns-01 challenge with Linux, Zoneedit and Letsencrypt
Hey there,
Thanks for this script! Have you thought of making it work with certbot & --manual-auth-hook without having to use getcert-wilddns-with-zoneedit.sh ? As in, certbot has its own requets & renewal methods, why implement them again here?
If I am missing something feel free to tell me ๐
Cheers,
Jason
I've got certbot scheduled to run automatically and it's calling certbot-dns-updater-with-zoneedit.sh
, which then calls zoneedit.sh
. The most recent run failed due to ZoneEdit adding two factor auth, so I pulled your latest commits to switch to a DYN token, which did work, but it is adding more TXT records every time I run it and not cleaning up the old ones.
I see you added the code at https://github.com/jeansergegagnon/zoneedit_letsencrypt/blob/master/getcert-wilddns-with-zoneedit.sh#L207-L240 to remove the old records, but that's only running if you use the getcert-wilddns-with-zoneedit.sh
script, which I'm not (specifically because I include both *.domain.com and domain.com as SANs in my cert).
It looks like the getcert-wilddns-with-zoneedit.sh
triggers a certbot run, which then calls certbot-dns-updater-with-zoneedit.sh
-> zoneedit.sh
, so it looks like if you just move the delete code into one of those scripts it would get called in all scenarios instead of just when using getcert-wilddns-with-zoneedit.sh
?
An example of a valid SPF record:
v=spf1 include:spf.migadu.com -all
This results in the following curl command line options:
-d TXT::2::host=@ -d TXT::2::txt=v=spf1 include:spf.migadu.com -all -d TXT::2::ttl=
Where both the white space and the "-all" will be causing problems.
This results in a txt record where only the first part "v=spf1" is used which cannot be saved as zoneedit checks SPF records for validity. I would really appreciate it if you could fix this!
Hi & thanks for your scripts.
I was trying to renew my certificate and it failed. I went to check the SPF TXT record which seemed to be causing the error you mention but I saw 2 TXT _acme-challenge records, which seems odd but I thought perhaps I left an old one.
I deleted both of those, kept my SPF and retried. This time the script worked fine.
The question is as the subject above, why create 2 different records? Or more to the point, why is one of those making the script fail.
Actually the log did show exactly that:
Domain: sample.org
Type: unauthorized
Detail: Incorrect TXT record
"37dOpkVV_Sz719tlbsRbd6NrVyS_UwlwETOxWFhDm88" (and 1 more) found at
_acme-challenge.sample.org
That was the first record, the second had exactly what the actual acme-challenge was.
Hi there. Not sure this set of scripts are valid since zoneedit's efforts on this seem in limbo. But I've tried with this and I'm confused on some items.
ERROR: Please set CERTBOTDIR before running this script or add certbot-auto to PATH
I'm not clear what you mean by CERTBOTDIR
. I've mkdir ~/certbot
and found the /bin/certbot
binary, however there is no certbot-auto
binary that I can find, nor any installer under yum
nor dnf
.
Any chance you can provide some leadership? Cheers
In the new versions of certbot, certbot-auto is deprecated - https://community.letsencrypt.org/t/certbot-auto-deprecated-explanation-and-solutions/139821. I tried to use your script without "-c" but it I was receiving the following error:
Skipping bootstrap because certbot-auto is deprecated on this system.
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
My suggestion is to use certbot by default and deprecate the old certbot-auto
I was trying to run the script with "-a", however I received the following error:
Use of --manual-public-ip-logging-ok is deprecated.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.
It successfully ran after replacing the --manual-public-ip-logging-ok with --email <email_address>. My suggestion is have a argument where we can insert the email address - a different one of "-e" arg.
As described here:
https://github.com/blueslow/sslcertzoneedit
Zoneedit has added an Dyn end point for creating TXT records.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.