RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1138 Commits
14 Branches
16 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
getssl/dns_scripts/dns_gcloud.README.md

3.7 KiB
Raw Permalink Blame History

getssl using Google Cloud DNS

https://github.com/kshji/getssl_gcloud

ver 2025-09-13

You need install gcloud command

Gcloud install

If you are using *nix server without desktop (x-term), remove DISPLAY set if it's. If you have set DISPLAY, try init process to start local chrome GUI process.

unset DISPLAY

Init gcloud using, need to do once.

gcloud init

Need also Google Cloud Console Service Account: Google Cloud Console Service Account

  • Permissions role "DNS Zone Editor" or "DNS Administrator"
  • tab Keys generate Key, JSON: result is JSON keyfile

Service Account account is email, usually something like xxx@xxx.gserviceaccount.com

Example using keyfile:

gcloud auth activate-service-account xxx@xxx.gserviceaccount.com --key-file=/somepath/PROJECT_ID_xxxxx.json

After auth you can use gcloud dns services.

Example: Get zones from your Google Cloud DNS project:

gcloud dns managed-zones list --project=PROJECT_ID

More gcloud dns commands: Reference DNS

Example: List domain TXT records:

gcloud dns record-sets list --zone=ZONEID --name="example.com." --type="TXT"

ZONEID is usually ex. for domain example.com it is examplecom

getssl configuration DNS validation using Google Cloud DNS

example.com/getssl.cfg

CA="https://acme-v02.api.letsencrypt.org"
SANS="*.example.com"

#Set this to "true" to enable DNS validation
VALIDATE_VIA_DNS="true"             
# Google Cloud DNS setup
# Use this command/script to add the challenge token to the DN#S entries for the domain
DNS_ADD_COMMAND="/somepath/dns_gcloud -c add "              
# Use this command/script to remove the challenge token from the DNS entries for the domain
DNS_DEL_COMMAND="/somepath/dns_gcloud -c del "        

# example.com setup Google Cloud DNS validation
export GCLOUD_ZONE="examplecom"          # Google Cloud DNS zoneid
export GCLOUD_PROJECTID="mydnsproject"   # Google Cloud projectid
# Google Cloud Service Account
export GCLOUD_ACCOUNT="someuser@mydnsproject.iam.gserviceaccount.com"  
export GCLOUD_KEYFILE="/somepath/mydnsprojectSomeid.json"

dns_cloud manual

  • default host is _acme-challenge.
  • default ttl is 60 s.
  • default sleep after gcloud process is 10 s.
  • default debug is 0 = off
  • env variables have to setup before using dns_gcloud:
    • GCLOUD_ZONE
    • GCLOUD_PROJECTID
    • GCLOUD_ACCOUNT
    • GCLOUD_KEYFILE

get help

dns_gloud -?
dns_gloud --help

Add TXT token

Add TXT token "testN"", host _acme-challenge.example.com

dns_gloud -c add example.com "testN"

Add TXT token "testN"", host somehost.example.com

dns_gloud -h somehost -c add example.com "testN"

Del TXT token

Del TXT token "testN"", host _acme-challenge.example.com

dns_gloud -c del example.com "testN"

Del TXT token "testN"", host somehost.example.com

dns_gloud -h somehost -c del example.com "testN"

List TXT token

List host TXT tokens, default host _acme-challenge

dns_gloud -c list example.com

List domain TXT tokens, not host. Set host empty string.

dns_gloud -h "" -c list example.com

Extra options

Debug messages, option -d with argument 0 or 1. Some debug messages to the stdout and log env settings to file to dir /var/tmp/getssl

dns_gloud -d 1 -h "" -c list example.com

Change default 60 second ttl value when adding. Remember,when deleting, ttl have to be same.

dns_gloud -c add -t 300 example.com "testN"

Change default 10 second sleep after process

dns_gloud -c add -s 5 example.com "testN"