initial commit

README.md

@@ -0,0 +1,6 @@
+# Certbot authentication hooks for knot DNS
+
+KnotDNS is my preferred authoritative DNS, so I wrote these quick scripts for certbot authentication.  
+There are two versions, one for when the DNS is being hosted at the same location as the certbot request, 
+and one for where we have to send a DNS update to the authoritative DNS server, such as when behind an 
+dynamic IP.

dns_cleanup.template

@@ -0,0 +1,6 @@
+server DNS_SERVER
+zone DOMAIN_NAME
+origin DOMAIN_NAME
+ttl 360
+del SUBDOMAIN 360 txt
+send

dns_update.template

@@ -0,0 +1,6 @@
+server DNS_SERVER
+zone DOMAIN_NAME
+origin DOMAIN_NAME
+ttl 360
+add SUBDOMAIN 360 txt VALIDATION_STRING
+send

same-server-authenticator-hook.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)')
+CHALLENGE_DOMAIN="_acme-challenge.${CERTBOT_DOMAIN}"
+
+knotc zone-begin ${DOMAIN}
+knotc zone-set ${DOMAIN} ${CERTBOT_DOMAIN} 360 TXT ${CERTBOT_VALIDATION}
+knotc zone-commit
+
+echo "${CERTBOT_VALIDATION}" > /tmp/certbot_validation_txt_${CERTBOT_DOMAIN}.txt
+
+sleep 25

same-server-cleanup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+DOMAIN=$(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)')
+CHALLENGE_DOMAIN="_acme-challenge.${CERTBOT_DOMAIN}"
+
+knotc zone-begin ${DOMAIN}
+knotc zone-unset ${DOMAIN} ${CERTBOT_DOMAIN} TXT
+knotc zone-commit ${DOMAIN}