From 68d3ea1968d23c20712142a26a24da7ce7e0b01e Mon Sep 17 00:00:00 2001
From: Daniel Martinez <danny@keybored.co>
Date: Fri, 24 Apr 2020 21:09:42 -0400
Subject: [PATCH] initial commit

---
 README.md                         |  6 ++++++
 dns_cleanup.template              |  6 ++++++
 dns_update.template               |  6 ++++++
 same-server-authenticator-hook.sh | 12 ++++++++++++
 same-server-cleanup.sh            |  8 ++++++++
 5 files changed, 38 insertions(+)
 create mode 100644 README.md
 create mode 100644 dns_cleanup.template
 create mode 100644 dns_update.template
 create mode 100644 same-server-authenticator-hook.sh
 create mode 100644 same-server-cleanup.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7aa5baa
--- /dev/null
+++ b/README.md
@@ -0,0 +1,6 @@
+# Certbot authentication hooks for knot DNS
+
+KnotDNS is my preferred authoritative DNS, so I wrote these quick scripts for certbot authentication.  
+There are two versions, one for when the DNS is being hosted at the same location as the certbot request, 
+and one for where we have to send a DNS update to the authoritative DNS server, such as when behind an 
+dynamic IP.
diff --git a/dns_cleanup.template b/dns_cleanup.template
new file mode 100644
index 0000000..9b9738c
--- /dev/null
+++ b/dns_cleanup.template
@@ -0,0 +1,6 @@
+server DNS_SERVER
+zone DOMAIN_NAME
+origin DOMAIN_NAME
+ttl 360
+del SUBDOMAIN 360 txt
+send
diff --git a/dns_update.template b/dns_update.template
new file mode 100644
index 0000000..44729db
--- /dev/null
+++ b/dns_update.template
@@ -0,0 +1,6 @@
+server DNS_SERVER
+zone DOMAIN_NAME
+origin DOMAIN_NAME
+ttl 360
+add SUBDOMAIN 360 txt VALIDATION_STRING
+send
diff --git a/same-server-authenticator-hook.sh b/same-server-authenticator-hook.sh
new file mode 100644
index 0000000..43068ae
--- /dev/null
+++ b/same-server-authenticator-hook.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)')
+CHALLENGE_DOMAIN="_acme-challenge.${CERTBOT_DOMAIN}"
+
+knotc zone-begin ${DOMAIN}
+knotc zone-set ${DOMAIN} ${CERTBOT_DOMAIN} 360 TXT ${CERTBOT_VALIDATION}
+knotc zone-commit
+
+echo "${CERTBOT_VALIDATION}" > /tmp/certbot_validation_txt_${CERTBOT_DOMAIN}.txt
+
+sleep 25
diff --git a/same-server-cleanup.sh b/same-server-cleanup.sh
new file mode 100644
index 0000000..4012b6d
--- /dev/null
+++ b/same-server-cleanup.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)')
+CHALLENGE_DOMAIN="_acme-challenge.${CERTBOT_DOMAIN}"
+
+knotc zone-begin ${DOMAIN}
+knotc zone-unset ${DOMAIN} ${CERTBOT_DOMAIN} TXT
+knotc zone-commit ${DOMAIN}