Aller au contenu

aozorashinyuu

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

 Type de contenu 

Messages posté(e)s par aozorashinyuu

    [TUTO] [Zone publique sur DNS Server] Renouvellement automatisé de certificat wildcard

    dans Tutoriels

    Posté(e)

    Hello,

    Here is a really big huge thanks for this script. I have a proposal to extends its capabilities:
     - init method: add bool variable saying whereas the ZONE_NAME is an alias domain or not

    ZONE_ALIAS=true # Zone is alias

    - certificate_issue method: replace the acme.sh line to handle challenge-alias when the previous variable is set to true

    certificate_issue() {
        echo -e "Issueing certificate...\n"
        if [ "$ZONE_ALIAS" = true ];
        then
            ${ACME_DIR}/acme.sh --issue -d ${CERT_DOMAIN} -d ${CERT_WDOMAIN} --challenge-alias ${ZONE_NAME} --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt | tee ${CERT_HOME}/${CERT_DOMAIN}/${LOG}
        else
            ${ACME_DIR}/acme.sh --issue -d ${CERT_DOMAIN} -d ${CERT_WDOMAIN}  --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt | tee ${CERT_HOME}/${CERT_DOMAIN}/${LOG}
        fi
        mapfile -t array < <(grep -A1 "Domain: '" ${CERT_HOME}/${CERT_DOMAIN}/${LOG} | cut -d"'" -f2 | sed 's/--//g' | sed '/^$/d')
        echo "${array[0]}. 1 IN TXT \"${array[1]}"\" >> ${ZONE}
        echo "${array[2]}. 1 IN TXT \"${array[3]}"\" >> ${ZONE}
        echo -e "\nTXT records are :\n"
        tail -n 2 ${ZONE}
    }

    - saved_syno_values_removing method: replace prevent a crash by adding some conditions (file does not exists uh?)

    saved_syno_values_removing() {
        CERT_CONF=${CERT_HOME}/${CERT_DOMAIN}/${CERT_DOMAIN}.conf
        if [ -f "${CERT_CONF}" ]; then
            sed -E '/^SAVED_SYNO|Le_DeployHook/d' ${CERT_CONF} > ${CERT_CONF}.bkp
        fi
        if [ -f "${CERT_CONF}.bkp" ]; then
            mv ${CERT_CONF}.bkp ${CERT_CONF}
        fi
    }

    - dns_spread: add a sleep after the changes (30 seconds may be way too much but oh well, the Txt fields would not spread to slave dns zones without this, uh?...). 

    dns_spread() {
        echo -e "\nSpreading zone changes to slave DNS servers, please wait 30 seconds...\n"
        SERIAL=$(sed -n '/SOA/{n;p}' $ZONE)
        INCR_SERIAL=$((SERIAL+1))
        sed "s/${SERIAL}/\t${INCR_SERIAL}/" ${ZONE} > ${ZONE_TEMP}
        mv ${ZONE_TEMP} ${ZONE}
        sleep 30
    }


    WIth theses changes i only expose online a slave synology dns zone from a syno router and i removed all encountered bugs. 🙂

    2
×
×
  • Créer...

Information importante

Nous avons placé des cookies sur votre appareil pour aider à améliorer ce site. Vous pouvez choisir d’ajuster vos paramètres de cookie, sinon nous supposerons que vous êtes d’accord pour continuer.