├── .gitignore
├── .env.example
├── create_conoha_dns_record.sh
├── delete_conoha_dns_record.sh
├── LICENSE
├── README.md
└── conoha_dns_api.sh


/.gitignore:
--------------------------------------------------------------------------------
1 | .env


--------------------------------------------------------------------------------
/.env.example:
--------------------------------------------------------------------------------
 1 | 
 2 | # ConoHa Region (tyo1 or tyo2)
 3 | CNH_REGION=tyo1
 4 | 
 5 | # ConoHa API Tenant ID
 6 | CNH_TENANT_ID=YOUR_TENANT_ID
 7 | 
 8 | # ConoHa API User name
 9 | CNH_USERNAME=YOUR_USERNAME
10 | 
11 | # ConoHa API User Password
12 | CNH_PASSWORD=YOUR_PASSWORD
13 | 


--------------------------------------------------------------------------------
/create_conoha_dns_record.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # -------- #
 4 | # VARIABLE #
 5 | # -------- #
 6 | # ----- certbot ----- #
 7 | # CERTBOT_DOMAIN
 8 | # CERTBOT_VALIDATION
 9 | 
10 | # ----- script ----- # 
11 | SCRIPT_NAME=$(basename $0)
12 | SCRIPT_PATH=$(dirname $(readlink -f $0))
13 | 
14 | # ----- conoha_dns_api.sh  ----- #
15 | CNH_DNS_DOMAIN=${CERTBOT_DOMAIN}'.'
16 | CNH_DNS_DOMAIN_ROOT=`echo ${CNH_DNS_DOMAIN} | sed -r 's/^.*?\.([a-zA-Z0-9]+\.[a-zA-Z0-9]+)/\1/g'`
17 | CNH_DNS_NAME='_acme-challenge.'${CNH_DNS_DOMAIN}
18 | CNH_DNS_TYPE="TXT"
19 | CNH_DNS_DATA=${CERTBOT_VALIDATION}
20 | 
21 | # -------- #
22 | # FUNCTION #
23 | # -------- #
24 | source ${SCRIPT_PATH}/conoha_dns_api.sh
25 | 
26 | # ----------------- #
27 | # CREATE DNS RECORD # 
28 | # ----------------- #
29 | create_conoha_dns_record
30 | 


--------------------------------------------------------------------------------
/delete_conoha_dns_record.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # -------- #
 4 | # VARIABLE #
 5 | # -------- #
 6 | # ----- certbot ----- #
 7 | # CERTBOT_DOMAIN
 8 | # CERTBOT_VALIDATION
 9 | 
10 | # ----- script ----- # 
11 | SCRIPT_NAME=$(basename $0)
12 | SCRIPT_PATH=$(dirname $(readlink -f $0))
13 | 
14 | # ----- conoha_dns_api.sh  ----- #
15 | CNH_DNS_DOMAIN=${CERTBOT_DOMAIN}'.'
16 | CNH_DNS_DOMAIN_ROOT=`echo ${CNH_DNS_DOMAIN} | sed -r 's/^.*?\.([a-zA-Z0-9]+\.[a-zA-Z0-9]+)/\1/g'`
17 | CNH_DNS_NAME='_acme-challenge.'${CNH_DNS_DOMAIN}
18 | CNH_DNS_TYPE="TXT"
19 | CNH_DNS_DATA=${CERTBOT_VALIDATION}
20 | 
21 | # -------- #
22 | # FUNCTION #
23 | # -------- #
24 | source ${SCRIPT_PATH}/conoha_dns_api.sh
25 | 
26 | # ------------- #
27 | # GET RECORD ID #
28 | # ------------- #
29 | CNH_RECORD_ID=$(get_conoha_dns_record_id)
30 | 
31 | # ----------------- #
32 | # DELETE DNS RECORD #
33 | # ----------------- #
34 | delete_conoha_dns_record ${CNH_RECORD_ID}
35 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019 k2snow
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # letsencrypt-dns-conoha
 2 | 
 3 | ## Overview
 4 | Script to get Let's Encrypt Wildcard SSL Certificate using DNS in ConoHa VPS.
 5 | 
 6 | ## Requirements
 7 | - CentOS7
 8 | - certbot 0.22.0+
 9 | - jq
10 | - DNS to manage your domain with ConoHa VPS.
11 | 
12 | ## Setup
13 | - Place code in your server.
14 | - Copy `.env.example` to `.env`.
15 | - Set region, tenant id, username and password in the `.env`.
16 | 
17 | ## Usage
18 | - Test to get Wildcard SSL Certificate.
19 | ```
20 | # certbot certonly \
21 | --dry-run \
22 | --manual \
23 | --agree-tos \
24 | --no-eff-email \
25 | --manual-public-ip-logging-ok \
26 | --preferred-challenges dns-01 \
27 | --server https://acme-v02.api.letsencrypt.org/directory \
28 | -d "<base domain name>" \
29 | -d "*.<base domain name>" \
30 | -m "<mail address>" \
31 | --manual-auth-hook /path/to/letsencrypt-dns-conoha/create_conoha_dns_record.sh \
32 | --manual-cleanup-hook /path/to/letsencrypt-dns-conoha/delete_conoha_dns_record.sh
33 | ```
34 | 
35 | - Get Wildcard SSL Certificate.
36 | ```
37 | # certbot certonly \
38 | --manual \
39 | --agree-tos \
40 | --no-eff-email \
41 | --manual-public-ip-logging-ok \
42 | --preferred-challenges dns-01 \
43 | --server https://acme-v02.api.letsencrypt.org/directory \
44 | -d "<base domain name>" \
45 | -d "*.<base domain name>" \
46 | -m "<mail address>" \
47 | --manual-auth-hook /path/to/letsencrypt-dns-conoha/create_conoha_dns_record.sh \
48 | --manual-cleanup-hook /path/to/letsencrypt-dns-conoha/delete_conoha_dns_record.sh
49 | ```
50 | 
51 | - Test to renew Wildcard SSL Certificate.
52 | ```
53 | # certbot renew --force-renewal --dry-run
54 | ```
55 | 
56 | - Renew Wildcard SSL Certificate.
57 | ```
58 | # certbot renew
59 | ```
60 | 
61 | ## References
62 | - [Pre and Post Validation Hooks](https://certbot.eff.org/docs/using.html#pre-and-post-validation-hooks)
63 | - [ACME v2 Production Environment & Wildcards](https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578)
64 | - [ConoHa API Documantation](https://www.conoha.jp/docs/)
65 | 
66 | ## Licence
67 | This software is released under the MIT License.
68 | 


--------------------------------------------------------------------------------
/conoha_dns_api.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # -------- #
 4 | # VARIABLE #
 5 | # -------- #
 6 | SCRIPT_PATH=$(dirname $(readlink -f $0))
 7 | source ${SCRIPT_PATH}/.env
 8 | 
 9 | # -------- #
10 | # FUNCTION #
11 | # -------- #
12 | get_conoha_token(){
13 |   curl -sS https://identity.${CNH_REGION}.conoha.io/v2.0/tokens \
14 |   -X POST \
15 |   -H "Accept: application/json" \
16 |   -d '{ "auth": { "passwordCredentials": { "username": "'${CNH_USERNAME}'", "password": "'${CNH_PASSWORD}'" }, "tenantId": "'${CNH_TENANT_ID}'" } }' \
17 |   | jq -r ".access.token.id"
18 | }
19 | 
20 | get_conoha_domain_id(){
21 |   curl -sS https://dns-service.${CNH_REGION}.conoha.io/v1/domains \
22 |   -X GET \
23 |   -H "Accept: application/json" \
24 |   -H "Content-Type: application/json" \
25 |   -H "X-Auth-Token: ${CNH_TOKEN}" \
26 |   | jq -r '.domains[] | select(.name == "'${CNH_DNS_DOMAIN_ROOT}'") | .id'
27 | }
28 | 
29 | create_conoha_dns_record(){
30 |   curl -sS https://dns-service.${CNH_REGION}.conoha.io/v1/domains/${CNH_DOMAIN_ID}/records \
31 |   -X POST \
32 |   -H "Accept: application/json" \
33 |   -H "Content-Type: application/json" \
34 |   -H "X-Auth-Token: ${CNH_TOKEN}" \
35 |   -d '{ "name": "'${CNH_DNS_NAME}'", "type": "'${CNH_DNS_TYPE}'", "data": "'${CNH_DNS_DATA}'", "ttl": 60 }'
36 | }
37 | 
38 | get_conoha_dns_record_id(){
39 |   curl -sS https://dns-service.${CNH_REGION}.conoha.io/v1/domains/${CNH_DOMAIN_ID}/records \
40 |   -X GET \
41 |   -H "Accept: application/json" \
42 |   -H "Content-Type: application/json" \
43 |   -H "X-Auth-Token: ${CNH_TOKEN}" \
44 |   | jq -r '.records[] | select(.name == "'${CNH_DNS_NAME}'" and .data == "'${CNH_DNS_DATA}'") | .id'
45 | }
46 | 
47 | delete_conoha_dns_record(){
48 |   local delete_id=$1
49 |   curl -sS https://dns-service.${CNH_REGION}.conoha.io/v1/domains/${CNH_DOMAIN_ID}/records/${delete_id} \
50 |   -X DELETE \
51 |   -H "Accept: application/json" \
52 |   -H "Content-Type: application/json" \
53 |   -H "X-Auth-Token: ${CNH_TOKEN}"
54 | }
55 | 
56 | # ----------- #
57 | # GET A TOKEN #
58 | # ----------- #
59 | CNH_TOKEN=$(get_conoha_token)
60 | 
61 | # ----------------- #
62 | # GET THE DOMAIN ID #
63 | # ----------------- #
64 | CNH_DOMAIN_ID=$(get_conoha_domain_id)
65 | 


--------------------------------------------------------------------------------