1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-23 07:27:05 +00:00

setup dns authentication for letsencrypt

This commit is contained in:
John Supplee 2019-02-11 16:05:50 +02:00
parent fc1f211af5
commit 514619b44a
4 changed files with 22 additions and 1 deletions

1
.gitignore vendored
View File

@ -5,3 +5,4 @@ tools/__pycache__/
externals/
.env
.vagrant
.idea/

View File

@ -313,6 +313,7 @@ def provision_certificates(env, limit_domains):
webroot = os.path.join(account_path, 'webroot')
os.makedirs(webroot, exist_ok=True)
with tempfile.TemporaryDirectory() as d:
miab_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
cert_file = os.path.join(d, 'cert_and_chain.pem')
print("Provisioning TLS certificates for " + ", ".join(domain_list) + ".")
certbotret = subprocess.check_output([
@ -328,7 +329,10 @@ def provision_certificates(env, limit_domains):
"--chain-path", os.path.join(d, 'chain'), # we only use the full chain
"--fullchain-path", cert_file,
"--webroot", "--webroot-path", webroot,
"--manual",
"--preferred-challenge", "dns",
"--manual-auth-hook", os.path.join(miab_dir, "/tools/dns-auth.sh"),
"--manual-cleanup-hook", os.path.join(miab_dir, "/tools/dns-cleanup.sh"),
"--config-dir", account_path,
#"--staging",

View File

@ -1,2 +1,10 @@
#!/usr/bin/env bash
# TODO: Make work with port other than 443
API_KEY=`cat /var/lib/mailinabox/api.key`
HOSTNAME=`hostname`
curl -s -X PUT -d "$CERTBOT_VALIDATION" --user "$API_KEY:" https://$HOSTNAME/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT
sleep 15

8
tools/dns-cleanup.sh Executable file
View File

@ -0,0 +1,8 @@
#!/usr/bin/env bash
# TODO: Make work with port other than 443
API_KEY=`cat /var/lib/mailinabox/api.key`
HOSTNAME=`hostname`
curl -s -X DELETE --user "$API_KEY:" https://$HOSTNAME/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT