Owen Griffin
4 years ago
3 changed files with 63 additions and 0 deletions
Unified View
Diff Options
-
+21 -0dns_scripts/Azure-README.txt
-
+22 -0dns_scripts/dns_add_azure
-
+20 -0dns_scripts/dns_del_azure
+ 21
- 0
dns_scripts/Azure-README.txt
View File
| @ -0,0 +1,21 @@ | |||||
| Using Azure for LetsEncrypt domain verification | |||||
| Guide for using Azure for LetsEncrypt domain verification. | |||||
| Prerequisites: | |||||
| - Azure CLI tools installed - see https://docs.microsoft.com/en-us/cli/azure/install-azure-cli | |||||
| - Logged in with azure-cli - i.e. azure login | |||||
| The dns_add_azure and dns_del_azure scripts assume that the following | |||||
| environment variables are added to the configuration file: | |||||
| - AZURE_RESOURCE_GROUP - the name of the resource group that contains the DNS zone | |||||
| - AZURE_ZONE_ID - the name of the DNS zone | |||||
| - AZURE_SUBSCRIPTION_ID - the name or ID of the subscription that AZURE_RESOURCE_GROUP is part of | |||||
| Each of these variables can be included in the .getssl.cfg, e.g: | |||||
| export AZURE_RESOURCE_GROUP=my-resource-group | |||||
| export AZURE_ZONE_ID=example.com | |||||
| export AZURE_SUBSCRIPTION_ID=my-azure-subscriptin | |||||
+ 22
- 0
dns_scripts/dns_add_azure
View File
| @ -0,0 +1,22 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Set the TXT DNS record with azure-cli | |||||
| fulldomain="${1}" | |||||
| token="${2}" | |||||
| if [[ -z "$AZURE_RESOURCE_GROUP" ]]; then | |||||
| echo "AZURE_RESOURCE_GROUP is not set. Unable to set TXT records." | |||||
| exit 2 | |||||
| fi | |||||
| if [[ -z "$AZURE_ZONE_ID" ]]; then | |||||
| echo "AZURE_ZONE_ID is not set. Unable to set TXT records." | |||||
| exit 2 | |||||
| fi | |||||
| if [[ -z "$AZURE_SUBSCRIPTION_ID" ]]; then | |||||
| echo "AZURE_SUBSCRIPTION_ID is not set. Unable to set TXT records." | |||||
| exit 2 | |||||
| fi | |||||
| az account set --subscription "$AZURE_SUBSCRIPTION_ID" | |||||
| recordset="_acme-challenge.${fulldomain/.$AZURE_ZONE_ID/}" | |||||
| [[ "$recordset" == "_acme-challenge.$fulldomain" ]] && recordset="_acme-challenge" | |||||
| az network dns record-set txt add-record -g "$AZURE_RESOURCE_GROUP" -z "$AZURE_ZONE_ID" -n "$recordset" -v "$token" | |||||
+ 20
- 0
dns_scripts/dns_del_azure
View File
| @ -0,0 +1,20 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Remove the TXT DNS record with azure-cli | |||||
| fulldomain="${1}" | |||||
| if [[ -z "$AZURE_RESOURCE_GROUP" ]]; then | |||||
| echo "AZURE_RESOURCE_GROUP is not set. Unable to set TXT records." | |||||
| exit 2 | |||||
| fi | |||||
| if [[ -z "$AZURE_ZONE_ID" ]]; then | |||||
| echo "AZURE_ZONE_ID is not set. Unable to set TXT records." | |||||
| exit 2 | |||||
| fi | |||||
| if [[ -z "$AZURE_SUBSCRIPTION_ID" ]]; then | |||||
| echo "AZURE_SUBSCRIPTION_ID is not set. Unable to set TXT records." | |||||
| exit 2 | |||||
| fi | |||||
| az account set --subscription "$AZURE_SUBSCRIPTION_ID" | |||||
| recordset="_acme-challenge.${fulldomain/.$AZURE_ZONE_ID/}" | |||||
| [[ "$recordset" == "_acme-challenge.$fulldomain" ]] && recordset="_acme-challenge" | |||||
| az network dns record-set txt delete --yes -g "$AZURE_RESOURCE_GROUP" -z "$AZURE_ZONE_ID" -n "$recordset" | |||||