Switch to certbot-dns-duckdns

This commit is contained in:
Eric Nemchik 2022-10-06 18:08:20 +00:00
parent 3fb6e3f54d
commit 53db9755b2
8 changed files with 32 additions and 28 deletions

View File

@ -116,6 +116,7 @@ RUN \
certbot-dns-dnspod \
certbot-dns-do \
certbot-dns-domeneshop \
certbot-dns-duckdns \
certbot-dns-dynu \
certbot-dns-gehirn \
certbot-dns-godaddy \

View File

@ -116,6 +116,7 @@ RUN \
certbot-dns-dnspod \
certbot-dns-do \
certbot-dns-domeneshop \
certbot-dns-duckdns \
certbot-dns-dynu \
certbot-dns-gehirn \
certbot-dns-godaddy \

View File

@ -116,6 +116,7 @@ RUN \
certbot-dns-dnspod \
certbot-dns-do \
certbot-dns-domeneshop \
certbot-dns-duckdns \
certbot-dns-dynu \
certbot-dns-gehirn \
certbot-dns-godaddy \

View File

@ -336,7 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **06.10.22:** - Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
* **06.10.22:** - Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
* **05.10.22:** - Use certbot file hooks instead of command line hooks
* **04.10.22:** - Add godaddy and porkbun dns plugins.
* **03.10.22:** - Add default_server back to default site conf's https listen.

View File

@ -156,7 +156,7 @@ app_setup_nginx_reverse_proxy_block: ""
# changelog
changelogs:
- { date: "06.10.22:", desc: "Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
- { date: "06.10.22:", desc: "Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
- { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" }
- { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." }
- { date: "03.10.22:", desc: "Add default_server back to default site conf's https listen." }

View File

@ -1,8 +0,0 @@
#!/bin/bash
. /config/.donoteditthisfile.conf
curl https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN}\&token=${ORIGDUCKDNSTOKEN}\&txt=${CERTBOT_VALIDATION}
echo "sleeping 60"
sleep 60

View File

@ -0,0 +1,3 @@
# Instructions: https://github.com/infinityofspace/certbot_dns_duckdns#credentials-file-or-cli-parameters
# Replace with your API token from your duckdns account.
dns_duckdns_token=<your-duckdns-token>

View File

@ -23,7 +23,7 @@ for i in "${SANED_VARS[@]}"; do
done
# check to make sure DNSPLUGIN is selected if dns validation is used
if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
sleep infinity
fi
@ -50,7 +50,7 @@ if [ -f "/config/donoteditthisfile.conf" ]; then
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
fi
if [ ! -f "/config/.donoteditthisfile.conf" ]; then
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
echo "Created .donoteditthisfile.conf"
fi
@ -64,6 +64,25 @@ if [ -z "$VALIDATION" ]; then
echo "VALIDATION parameter not set; setting it to http"
fi
# set duckdns validation to dns
if [ "$VALIDATION" = "duckdns" ]; then
VALIDATION="dns"
DNSPLUGIN="duckdns"
if [ -n "$DUCKDNSTOKEN" ] && ! grep -q "dns_duckdns_token=${DUCKDNSTOKEN}$" /config/dns-conf/duckdns.ini;then
sed -i "s|^dns_duckdns_token=.*|dns_duckdns_token=${DUCKDNSTOKEN}|g" /config/dns-conf/duckdns.ini
fi
fi
if [ "$VALIDATION" = "dns" ] && [ "$DNSPLUGIN" = "duckdns" ]; then
if [ "$SUBDOMAINS" = "wildcard" ]; then
echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
export ONLY_SUBDOMAINS=true
else
echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
export SUBDOMAINS=""
fi
export EXTRA_DOMAINS=""
fi
# if zerossl is selected or staging is set to true, use the relevant server
if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then
echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
@ -142,7 +161,7 @@ if [ "$VALIDATION" = "dns" ]; then
elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|duckdns|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then
@ -159,17 +178,6 @@ if [ "$VALIDATION" = "dns" ]; then
elif [ "$VALIDATION" = "tls-sni" ]; then
PREFCHAL="--standalone --preferred-challenges http"
echo "*****tls-sni validation has been deprecated, attempting http validation instead"
elif [ "$VALIDATION" = "duckdns" ]; then
PREFCHAL="--manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt"
chmod +x /app/duckdns-txt
echo "duckdns validation is selected"
if [ "$SUBDOMAINS" = "wildcard" ]; then
echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
export URL_REAL="-d *.${URL}"
else
echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
export URL_REAL="-d ${URL}"
fi
else
PREFCHAL="--standalone --preferred-challenges http"
echo "http validation is selected"
@ -189,7 +197,7 @@ rm -rf /config/keys/cert.key
ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
# checking for changes in cert variables, revoking certs if necessary
if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$DUCKDNSTOKEN" = "$ORIGDUCKDNSTOKEN" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then
if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [ "$ORIGONLY_SUBDOMAINS" = "true" ] && [ ! "$ORIGSUBDOMAINS" = "wildcard" ]; then
ORIGDOMAIN="$(echo "$ORIGSUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
@ -217,7 +225,7 @@ if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "
fi
# saving new variables
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
# alter extension for error message
if [ "$DNSPLUGIN" = "google" ]; then
@ -255,8 +263,6 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
if [ ! -d /config/keys/letsencrypt ]; then
if [ "$VALIDATION" = "dns" ]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
elif [ "$VALIDATION" = "duckdns" ]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure your DUCKDNSTOKEN is correct."
else
echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
fi