Browse Source
Create INWX API ACME Scripts
Hey there, I created a script to add get certificated with getssl using the [INWX Domrobot Python 3 Client](https://github.com/inwx/python-client)pull/855/head
L3D
1 year ago
No known key found for this signature in database
GPG Key ID: CD08445BFF4313D1
3 changed files with 261 additions and 0 deletions
Split View
Diff Options
-
+62 -0dns_scripts/INWX-README.md
-
+93 -0dns_scripts/dns_add_inwx.py
-
+106 -0dns_scripts/dns_del_inwx.py
+ 62
- 0
dns_scripts/INWX-README.md
View File
| @ -0,0 +1,62 @@ | |||
| ## Using INWX DNS for LetsEncrypt domain validation | |||
| ### Install Requirements | |||
| The INWX API Python3 script requires two Python packages: | |||
| ```bash | |||
| pip3 install INWX.Domrobot tldextract | |||
| ``` | |||
| You could install it for the user running getssl, or you could create a python3 venv. | |||
| ```bash | |||
| # install python3 venv apt packages | |||
| sudo apt install python3 python3-venv | |||
| # Create venv | |||
| python3 -m venv venv | |||
| # activate venv | |||
| source venv/bin/activate | |||
| # install requirements | |||
| pip3 install INWX.Domrobot tldextract | |||
| ``` | |||
| If you are installing the Python packages in venv, you should make sure that you either | |||
| you either enable the venv before running getssl, or you | |||
| add the venv to the ``DNS_ADD_COMMAND'' and ``DNS_DEL_COMMAND'' commands. | |||
| See example below. | |||
| ### Enabling the scripts | |||
| Set the following options in `getssl.cfg` (either global or domain-specific): | |||
| ``` | |||
| VALIDATE_VIA_DNS="true" | |||
| DNS_ADD_COMMAND="/usr/share/getssl/dns_scripts/dns_add_inwx.py" | |||
| DNS_DEL_COMMAND="/usr/share/getssl/dns_scripts/dns_del_inwx.py" | |||
| ``` | |||
| If you are using a python3 venv as described above, this is an example of how to include it: | |||
| ``` | |||
| VALIDATE_VIA_DNS="true" | |||
| DNS_ADD_COMMAND="/path/to/venv/bin/python3 /usr/share/getssl/dns_scripts/dns_add_inwx.py" | |||
| DNS_DEL_COMMAND="/path/to/venv/bin/python3 /usr/share/getssl/dns_scripts/dns_del_inwx.py" | |||
| ``` | |||
| *Obviously the "/path/to/venv" needs to be replaced with the actual path to your venv, e.g. "/home/getssl/venv".* | |||
| ### Authentication | |||
| Your INWX credentials will be used to authenticate to INWX. | |||
| If you are using a second factor, please have a look at the [INWX Domrobot Pthon3 Client](https://github.com/inwx/python-client) as it is currently not implemented in the inwx api script. | |||
| Set the following options in the domain-specific `getssl.cfg` or make sure these enviroment variables are present. | |||
| ``` | |||
| export INWX_USERNAME="your_inwx_username" | |||
| export INWX_PASSWORD="..." | |||
| ``` | |||
+ 93
- 0
dns_scripts/dns_add_inwx.py
View File
| @ -0,0 +1,93 @@ | |||
| #!/usr/bin/env python3 | |||
| # -*- coding: utf-8 -*- | |||
| """ | |||
| Script to Set TXT Record at INWX using the API | |||
| This script requires the pip packages INWX.Domrobot and tldextract | |||
| This script is using enviroment variables to get inwx credentials | |||
| """ | |||
| import sys | |||
| import os | |||
| import argparse | |||
| from INWX.Domrobot import ApiClient | |||
| import tldextract | |||
| # Create Parser-Objekt | |||
| parser = argparse.ArgumentParser( | |||
| description='Using the INWX API to change DNS TXT Records for the ACME DNS-01 Challange', | |||
| epilog= "The environment variables 'INWX_USERNAME' and 'INWX_PASSWORD' are required too") | |||
| # Adding Args | |||
| parser.add_argument('fulldomain', type=str, help='The full domain to add TXT Record.') | |||
| parser.add_argument('token', type=str, help='The ACME DNS-01 token.') | |||
| parser.add_argument('--debug', action='store_true', help='Enable debug mode.') | |||
| # Parsing Args | |||
| args = parser.parse_args() | |||
| INWX_FULLDOMAIN = args.fulldomain | |||
| ACME_TOKEN = args.token | |||
| DEBUG = args.debug | |||
| # Parsing ENV | |||
| INWX_USERNAME = os.getenv('INWX_USERNAME', '') | |||
| INWX_PASSWORD = os.getenv('INWX_PASSWORD', '') | |||
| # Splitting Domain | |||
| domain = tldextract.extract(INWX_FULLDOMAIN) | |||
| INWX_SUBDOMAIN = domain.subdomain | |||
| INWX_DOMAIN = f"{domain.domain}.{domain.suffix}" | |||
| # Check if either environment variable is empty and handle the error | |||
| if not INWX_USERNAME or not INWX_PASSWORD: | |||
| print("Error: The following environment variables are required and cannot be empty:") | |||
| if not INWX_USERNAME: | |||
| print(" - INWX_USERNAME: Your INWX account username.") | |||
| if not INWX_PASSWORD: | |||
| print(" - INWX_PASSWORD: Your INWX account password.") | |||
| sys.exit(1) | |||
| if DEBUG: | |||
| print(f'FQDN: {INWX_FULLDOMAIN}') | |||
| print(f'Domain: {INWX_DOMAIN}') | |||
| print(f'Subdomain: {INWX_SUBDOMAIN}') | |||
| print(f'Token: {ACME_TOKEN}') | |||
| print(f'User: {INWX_USERNAME}') | |||
| print(f'Password: {INWX_PASSWORD}') | |||
| # By default the ApiClient uses the test api (OT&E). | |||
| # If you want to use the production/live api we have a | |||
| # constant named API_LIVE_URL in the ApiClient class. | |||
| # Just set api_url=ApiClient.API_LIVE_URL and you're good. | |||
| # api_client = ApiClient(api_url=ApiClient.API_OTE_URL, debug_mode=DEBUG) | |||
| api_client = ApiClient(api_url=ApiClient.API_LIVE_URL, debug_mode=DEBUG) | |||
| # If you have 2fa enabled, take a look at the documentation of the ApiClient#login method | |||
| # to get further information about the login, especially the shared_secret parameter. | |||
| login_result = api_client.login(INWX_USERNAME, INWX_PASSWORD) | |||
| # login was successful | |||
| if login_result['code'] == 1000: | |||
| # Make an api call and save the result in a variable. | |||
| # We want to create a new nameserver record, so we call the api method nameserver.createRecord. | |||
| # See https://www.inwx.de/en/help/apidoc/f/ch02s15.html#nameserver.createRecord for parameters | |||
| # ApiClient#call_api returns the api response as a dict. | |||
| if INWX_SUBDOMAIN == '': | |||
| domain_entry_result = api_client.call_api(api_method='nameserver.createRecord', method_params={'domain': INWX_DOMAIN, 'name': '_acme-challenge', 'type': 'TXT', 'content': ACME_TOKEN}) # pylint: disable=C0301 | |||
| else: | |||
| domain_entry_result = api_client.call_api(api_method='nameserver.createRecord', method_params={'domain': INWX_DOMAIN, 'name': f'_acme-challenge.{INWX_SUBDOMAIN}', 'type': 'TXT', 'content': ACME_TOKEN}) # pylint: disable=C0301 | |||
| # With or without successful check, we perform a logout. | |||
| api_client.logout() | |||
| # validating return code | |||
| if domain_entry_result['code'] == 2302: | |||
| sys.exit(f"{domain_entry_result['msg']}.\nTry nameserver.updateRecord or nameserver.deleteRecord instead") # pylint: disable=C0301 | |||
| elif domain_entry_result['code'] == 1000: | |||
| if DEBUG: | |||
| print(domain_entry_result['msg']) | |||
| sys.exit() | |||
| else: | |||
| sys.exit(domain_entry_result) | |||
| else: | |||
| sys.exit('Api login error. Code: ' + str(login_result['code']) + ' Message: ' + login_result['msg']) # pylint: disable=C0301 | |||
+ 106
- 0
dns_scripts/dns_del_inwx.py
View File
| @ -0,0 +1,106 @@ | |||
| #!/usr/bin/env python3 | |||
| # -*- coding: utf-8 -*- | |||
| """ | |||
| Script to remove TXT Record at INWX using the API | |||
| This script requires the pip packages INWX.Domrobot and tldextract | |||
| This script is using enviroment variables to get inwx credentials | |||
| """ | |||
| import sys | |||
| import os | |||
| import argparse | |||
| from INWX.Domrobot import ApiClient | |||
| import tldextract | |||
| # Create Parser-Objekt | |||
| parser = argparse.ArgumentParser( | |||
| description='Using the INWX API to remove DNS TXT Records for the ACME DNS-01 Challange', | |||
| epilog= "The environment variables 'INWX_USERNAME' and 'INWX_PASSWORD' are required too") | |||
| # Adding Args | |||
| parser.add_argument('fulldomain', type=str, help='The full domain to add TXT Record.') | |||
| parser.add_argument('token', type=str, help='The ACME DNS-01 token.') | |||
| parser.add_argument('--debug', action='store_true', help='Enable debug mode.') | |||
| # Parsing Args | |||
| args = parser.parse_args() | |||
| INWX_FULLDOMAIN = args.fulldomain | |||
| ACME_TOKEN = args.token | |||
| DEBUG = args.debug | |||
| # Parsing ENV | |||
| INWX_USERNAME = os.getenv('INWX_USERNAME', '') | |||
| INWX_PASSWORD = os.getenv('INWX_PASSWORD', '') | |||
| # Splitting Domain | |||
| domain = tldextract.extract(INWX_FULLDOMAIN) | |||
| INWX_SUBDOMAIN = domain.subdomain | |||
| INWX_DOMAIN = f"{domain.domain}.{domain.suffix}" | |||
| # Check if either environment variable is empty and handle the error | |||
| if not INWX_USERNAME or not INWX_PASSWORD: | |||
| print("Error: The following environment variables are required and cannot be empty:") | |||
| if not INWX_USERNAME: | |||
| print(" - INWX_USERNAME: Your INWX account username.") | |||
| if not INWX_PASSWORD: | |||
| print(" - INWX_PASSWORD: Your INWX account password.") | |||
| sys.exit(1) | |||
| if DEBUG: | |||
| print(f'FQDN: {INWX_FULLDOMAIN}') | |||
| print(f'Domain: {INWX_DOMAIN}') | |||
| print(f'Subdomain: {INWX_SUBDOMAIN}') | |||
| print(f'Token: {ACME_TOKEN}') | |||
| print(f'User: {INWX_USERNAME}') | |||
| print(f'Password: {INWX_PASSWORD}') | |||
| # By default the ApiClient uses the test api (OT&E). | |||
| # If you want to use the production/live api we have a | |||
| # constant named API_LIVE_URL in the ApiClient class. | |||
| # Just set api_url=ApiClient.API_LIVE_URL and you're good. | |||
| # api_client = ApiClient(api_url=ApiClient.API_OTE_URL, debug_mode=DEBUG) | |||
| api_client = ApiClient(api_url=ApiClient.API_LIVE_URL, debug_mode=DEBUG) | |||
| # If you have 2fa enabled, take a look at the documentation of the ApiClient#login method | |||
| # to get further information about the login, especially the shared_secret parameter. | |||
| login_result = api_client.login(INWX_USERNAME, INWX_PASSWORD) | |||
| # login was successful | |||
| if login_result['code'] == 1000: | |||
| # Make an api call and save the result in a variable. | |||
| # We want to get a the id of the _acme-challange TXT record, | |||
| # so we call the api method nameserver.info. | |||
| # See https://www.inwx.de/en/help/apidoc/f/ch02s15.html#nameserver.info for parameters | |||
| # ApiClient#call_api returns the api response as a dict. | |||
| if INWX_SUBDOMAIN == '': | |||
| domain_info_result = api_client.call_api(api_method='nameserver.info', method_params={'domain': INWX_DOMAIN, 'name': '_acme-challenge', 'type': 'TXT', 'content': ACME_TOKEN}) # pylint: disable=C0301 | |||
| else: | |||
| domain_info_result = api_client.call_api(api_method='nameserver.info', method_params={'domain': INWX_DOMAIN, 'name': f'_acme-challenge.{INWX_SUBDOMAIN}', 'type': 'TXT', 'content': ACME_TOKEN}) # pylint: disable=C0301 | |||
| if 'record' not in domain_info_result['resData']: | |||
| api_client.logout() | |||
| sys.exit(f'No DNS TXT Entry found for _acme-challenge.{INWX_FULLDOMAIN}.') | |||
| else: | |||
| for row in domain_info_result['resData']['record']: | |||
| domain_delete_result = api_client.call_api(api_method='nameserver.deleteRecord', method_params={'id': row['id']}) # pylint: disable=C0301 | |||
| if domain_delete_result['code'] == 1000: | |||
| if DEBUG: | |||
| print(domain_delete_result['msg']) | |||
| else: | |||
| api_client.logout() | |||
| sys.exit(domain_delete_result) | |||
| # With or without successful check, we perform a logout. | |||
| api_client.logout() | |||
| # validating return code | |||
| if domain_info_result['code'] == 2302: | |||
| sys.exit(f"{domain_info_result['msg']}.\nTry nameserver.updateRecord or nameserver.deleteRecord instead") # pylint: disable=C0301 | |||
| elif domain_info_result['code'] == 1000: | |||
| if DEBUG: | |||
| print(domain_info_result['msg']) | |||
| sys.exit() | |||
| else: | |||
| sys.exit(domain_info_result) | |||
| else: | |||
| sys.exit('Api login error. Code: ' + str(login_result['code']) + ' Message: ' + login_result['msg']) # pylint: disable=C0301 | |||