Created
March 17, 2018 14:03
-
-
Save klo2k/a5032b58f87c4868f1aaec0d050c8bc2 to your computer and use it in GitHub Desktop.
Certbot automated certificate renew via DNS-01 method, with Duck DNS (and Stunnel) (SSL, let's encrypt, letsencrypt)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Setup | |
| certbot certonly --manual --preferred-challenges dns -m [email protected] --agree-tos --manual-public-ip-logging-ok -d example.com | |
| ## Renewal scripts | |
| cat > /root/authhook.sh <<'EOF' | |
| #!/bin/bash | |
| /bin/echo url="https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN}&token=YOUR_DUCKDNS_TOKEN&txt=${CERTBOT_VALIDATION}"|/usr/bin/curl -s -K - | |
| EOF | |
| chmod 700 /root/authhook.sh | |
| cat > /root/cleanuphook.sh <<'EOF' | |
| #!/bin/bash | |
| /bin/echo url="https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN}&token=YOUR_DUCKDNS_TOKEN&txt=${CERTBOT_VALIDATION}&clear=true"|/usr/bin/curl -s -K - | |
| EOF | |
| chmod 700 /root/cleanuphook.sh | |
| cat > /root/posthook.sh <<'EOF' | |
| #!/bin/bash | |
| /bin/systemctl reload stunnel4 | |
| EOF | |
| chmod 700 /root/posthook.sh | |
| ## Renewal | |
| # Use --force-renewal --dry-run to test | |
| /usr/bin/certbot renew --manual --preferred-challenges dns \ | |
| --manual-auth-hook /root/authhook.sh --manual-cleanup-hook /root/cleanuphook.sh --post-hook /root/posthook.sh \ | |
| --cert-name example.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment