Skip to content

iaean/otc2h

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
.otc-certbot-hook.auth
.otc-certbot-hook.auth
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
otc-certbot-hook.sh
otc-certbot-hook.sh
 
 

Repository files navigation

OTC ACME DNS challenge automatization for certbot

Bash hook for certbot to automate ACME (IETF RFC 8555) DNS-01 challenging with Open Telekom Cloud (OTC) DNS Service. Let's Encrypt is the most popular public ACME CA. Telesec is planning to provide an ACME service.

Quick Start

To obtain a certificate for your OTC hosted domain right away, follow these steps.

  1. Install certbot. There are many ways to install certbot, depending on your distribution and preference. Please follow instructions on https://certbot.eff.org/

  2. Install hook. To authenticate your OTC domain against an ACME CA like Let's Encrypt using the DNS challenge mechanism, you will need to update your domain DNS dynamically. The hook script automatizes this process for you. To use it, download the otc-certbot-hook.sh and .otc-certbot-hook.auth files and place them into a directory of your choice. Ensure that you have a recent curl and jq as well on your system.

  1. Set up hook. You need to provide some OTC credentials to the hook. To do so, edit the .otc-certbot-hook.auth file. It's commented.

  2. Run certbot. To obtain your certificate, run certbot in manual mode, setup to use the OTC hook you just downloaded. For detailed instructions on how to use certbot, please refer to the certbot manual. A typical use of certbot is listed below. Note that the hook may wait up to one minute to be sure that the challenge was correctly published.

certbot --manual --text --preferred-challenges dns \
        --manual-auth-hook ./otc-certbot-hook.sh \
        --manual-cleanup-hook ./otc-certbot-hook.sh \
        -d "YOUR.DOMAIN.TLD" certonly

TODO

  • OTC AK/SK authentication support
  • DNS Zone nesting support
  • Multiple {OTC_ROOT_ZONES}

Best way seems a portable binary that encapsulates the OTC DNS dealing.

[~]> acme-otc --help
An ACME DNS-01 challenge handler for OTC.
Usage: acme-otc [-s|-d] -n fqdn -t challenge

# Publish ACME challenge for YOUR.DOMAIN.TLD
[~]> acme-otc [--set] --fqdn YOUR.DOMAIN.TLD --token bslb8t...BokMyg
# Delete ACME challenge for YOUR.DOMAIN.TLD
[~]> acme-otc --delete --fqdn YOUR.DOMAIN.TLD --token bslb8t...BokMyg

There is i.a. LEGO which supports OTC but doesn't support AK/SK and zone nesting.

Contribution

You are welcome! Please do not hesitate to contact us with any improvements of this work. All work should be licensed under MIT license or compatible.

About

A certbot hook for OTC

Topics

dns letsencrypt tls ssl certbot otc open-telekom-cloud

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages