dns_scripts for Azure CLI

4 years ago · 966f618349
--- a/dns_scripts/Azure-README.txt
+++ b/dns_scripts/Azure-README.txt
@ -0,0 +1,21 @@
 Using Azure for LetsEncrypt domain verification

 Guide for using Azure for LetsEncrypt domain verification.

 Prerequisites:
 - Azure CLI tools installed - see https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
 - Logged in with azure-cli - i.e. azure login

 The dns_add_azure and dns_del_azure scripts assume that the following
 environment variables are added to the configuration file:

 - AZURE_RESOURCE_GROUP - the name of the resource group that contains the DNS zone 
 - AZURE_ZONE_ID - the name of the DNS zone 
 - AZURE_SUBSCRIPTION_ID - the name or ID of the subscription that AZURE_RESOURCE_GROUP is part of

 Each of these variables can be included in the .getssl.cfg, e.g:

 export AZURE_RESOURCE_GROUP=my-resource-group
 export AZURE_ZONE_ID=example.com
 export AZURE_SUBSCRIPTION_ID=my-azure-subscriptin 

--- a/dns_scripts/dns_add_azure
+++ b/dns_scripts/dns_add_azure
@ -0,0 +1,22 @@
 #!/usr/bin/env bash
 # Set the TXT DNS record with azure-cli
 fulldomain="${1}"
 token="${2}"

 if [[ -z "$AZURE_RESOURCE_GROUP" ]]; then
  echo "AZURE_RESOURCE_GROUP is not set. Unable to set TXT records."
  exit 2
 fi
 if [[ -z "$AZURE_ZONE_ID" ]]; then
  echo "AZURE_ZONE_ID is not set. Unable to set TXT records."
  exit 2
 fi
 if [[ -z "$AZURE_SUBSCRIPTION_ID" ]]; then 
  echo "AZURE_SUBSCRIPTION_ID is not set. Unable to set TXT records."
  exit 2
 fi

 az account set --subscription "$AZURE_SUBSCRIPTION_ID"
 recordset="_acme-challenge.${fulldomain/.$AZURE_ZONE_ID/}"
 [[ "$recordset" == "_acme-challenge.$fulldomain" ]] && recordset="_acme-challenge"
 az network dns record-set txt add-record -g "$AZURE_RESOURCE_GROUP" -z "$AZURE_ZONE_ID" -n "$recordset" -v "$token"
--- a/dns_scripts/dns_del_azure
+++ b/dns_scripts/dns_del_azure
@ -0,0 +1,20 @@
 #!/usr/bin/env bash
 # Remove the TXT DNS record with azure-cli
 fulldomain="${1}"
 if [[ -z "$AZURE_RESOURCE_GROUP" ]]; then
  echo "AZURE_RESOURCE_GROUP is not set. Unable to set TXT records."
  exit 2
 fi
 if [[ -z "$AZURE_ZONE_ID" ]]; then
  echo "AZURE_ZONE_ID is not set. Unable to set TXT records."
  exit 2
 fi
 if [[ -z "$AZURE_SUBSCRIPTION_ID" ]]; then 
  echo "AZURE_SUBSCRIPTION_ID is not set. Unable to set TXT records."
  exit 2
 fi

 az account set --subscription "$AZURE_SUBSCRIPTION_ID"
 recordset="_acme-challenge.${fulldomain/.$AZURE_ZONE_ID/}"
 [[ "$recordset" == "_acme-challenge.$fulldomain" ]] && recordset="_acme-challenge"
 az network dns record-set txt delete --yes -g "$AZURE_RESOURCE_GROUP" -z "$AZURE_ZONE_ID" -n "$recordset"