Skip to content

Instantly share code, notes, and snippets.

@holderbaum

holderbaum/dns.md

Created January 9, 2019 12:49
Show Gist options
  • Save holderbaum/071955909d977a6d450a75a5d47abda5 to your computer and use it in GitHub Desktop.
Save holderbaum/071955909d977a6d450a75a5d47abda5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dns.md

certbot certonly --manual --preferred-challenges dns --manual-auth-hook auth.sh --manual-cleanup-hook cleanup.sh --staging -d DOMAIN

auth.sh:

#!/bin/bash

zone=_acme-challenge.$CERTBOT_DOMAIN
zone_file=/etc/bind/acme.zone

cat <<-EOF >"$zone_file"
\$TTL 10
@   IN SOA ns hostmaster (
    $(date +%s)   ; serial
    86400        ; refresh
    1M           ; retry
    3600000      ; expire
    86400 )      ; minimum
 
@    IN NS  ns.webstash.org.
@ 10 IN TXT "$CERTBOT_VALIDATION"
EOF

cat <<-EOF >/etc/bind/named.conf
options {
        directory "/var/cache/bind";
        dnssec-validation auto;
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        additional-from-cache no;
};

zone "$zone" {
	allow-query {any;};
        type master;
	check-names ignore;
        file "$zone_file";
        notify yes;
        allow-transfer { "none"; };
};
EOF

systemctl restart bind9

cleanup.sh

#!/bin/bash

systemctl stop bind9

rm -f /etc/bind/acme.zone
rm -f /etc/bind/named.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment