From 2895e8dec53b0e09f7d5a02bf77399a63ee91a2a Mon Sep 17 00:00:00 2001 From: Brett Weiland Date: Tue, 15 Dec 2020 13:24:57 -0600 Subject: new file: DO_NOT_LOOSE_ME new file: godaddy_add_txt.py new file: godaddy_del_txt.py new file: push.sh new file: renew_certificate.sh --- DO_NOT_LOOSE_ME | 3 +++ __pycache__/godaddy_add_txt.cpython-37.pyc | Bin 0 -> 910 bytes __pycache__/godaddy_del_txt.cpython-37.pyc | Bin 0 -> 769 bytes godaddy_add_txt.py | 33 +++++++++++++++++++++++++++++ godaddy_del_txt.py | 28 ++++++++++++++++++++++++ push.sh | 9 ++++++++ renew_certificate.sh | 13 ++++++++++++ 7 files changed, 86 insertions(+) create mode 100644 DO_NOT_LOOSE_ME create mode 100644 __pycache__/godaddy_add_txt.cpython-37.pyc create mode 100644 __pycache__/godaddy_del_txt.cpython-37.pyc create mode 100755 godaddy_add_txt.py create mode 100755 godaddy_del_txt.py create mode 100755 push.sh create mode 100755 renew_certificate.sh diff --git a/DO_NOT_LOOSE_ME b/DO_NOT_LOOSE_ME new file mode 100644 index 0000000..59b3c7e --- /dev/null +++ b/DO_NOT_LOOSE_ME @@ -0,0 +1,3 @@ +[{"data":"v=spf1 a mx ip4:45.63.74.172 ~all","name":"@","ttl":3600,"type":"TXT"},{"data":"\"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxl3FIIGHyRm+oLf1rBn3gJiR7BtLHYeuIIP+0Olo9aw4ywkmkPunDbFjT1o+pz2yvRGH2t3W16amQ3JGBf1Dy2EyBXgcdZg1/xIqBGtGD7udWVokydY0ZCcc6aO7BnCQNI7LcaIiF5VCULJh2n5QrCNsu4CR56EguDiGw9auM2c14kJ3yhhKUsDiklHbPbavEU0IluuXnJWh38\" \t \"aQE+bfk2Y2dw8VDDSA19fivaWqXd/UJFXjqtxxfplXwoH2p3TWJ01jVeACRrqeaH1vQwnqIgnPXJfGT5VVwXT7FChC1W5xM7SOMUC4gyl6+OK+/xHasWUMxEmIa/mGiJVCGFjuZQIDAQAB\"","name":"2020._domainkey","ttl":3600,"type":"TXT"},{"data":"AeG3oTpDImoT5fJ2Mq1_fSkI76gVPGYnKLeWG5DfqeM","name":"_acme-challenge","ttl":3600,"type":"TXT"},{"data":"v=DMARC1; p=none","name":"_dmarc","ttl":3600,"type":"TXT"}] + +> diff --git a/__pycache__/godaddy_add_txt.cpython-37.pyc b/__pycache__/godaddy_add_txt.cpython-37.pyc new file mode 100644 index 0000000..00430a4 Binary files /dev/null and b/__pycache__/godaddy_add_txt.cpython-37.pyc differ diff --git a/__pycache__/godaddy_del_txt.cpython-37.pyc b/__pycache__/godaddy_del_txt.cpython-37.pyc new file mode 100644 index 0000000..f391f71 Binary files /dev/null and b/__pycache__/godaddy_del_txt.cpython-37.pyc differ diff --git a/godaddy_add_txt.py b/godaddy_add_txt.py new file mode 100755 index 0000000..4733bb1 --- /dev/null +++ b/godaddy_add_txt.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python3 +import requests +import json +from os import environ +from time import sleep + +if not 'CERTBOT_DOMAIN' in environ: + print("Environment variable CERTBOT_DOMAIN is not set.\nMake sure you're running this script as a certbot hook.") + exit(1) + +if not 'CERTBOT_VALIDATION' in environ: + print("Environment variable CERTBOT_VALIDATION is not set.\nMake sure you're running this script as a certbot hook.") + exit(1) + +domain = environ['CERTBOT_DOMAIN'] +validation = environ['CERTBOT_VALIDATION'] + +key = 'e4NBykPszU4u_AQSkww3bDD4mBYUn4jERAL' +secret = 'Wg9Pr9Du82cPU3FP6H6CNr' + +s = requests.session() +s.headers.update({ + 'Authorization' : "sso-key {}:{}".format(key, secret) + }) + +data = {"name": "_acme-challenge", + "data": validation, + "ttl": 600, + "type": "TXT"} + +r = s.patch("https://api.godaddy.com/v1/domains/{}/records".format(domain), json = [data]) + +sleep(20) diff --git a/godaddy_del_txt.py b/godaddy_del_txt.py new file mode 100755 index 0000000..cdf8ef4 --- /dev/null +++ b/godaddy_del_txt.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python3 +import requests +import json +from os import environ + +if not 'CERTBOT_DOMAIN' in environ: + print("Environment variable CERTBOT_DOMAIN is not set.\nMake sure you're running this script as a certbot hook.") + exit(1) + +domain = environ['CERTBOT_DOMAIN'] + +key = 'e4NBykPszU4u_AQSkww3bDD4mBYUn4jERAL' +secret = 'Wg9Pr9Du82cPU3FP6H6CNr' + +s = requests.session() +s.headers.update({ + 'Authorization' : "sso-key {}:{}".format(key, secret) + }) + +records = s.get("https://api.godaddy.com/v1/domains/{}/records/TXT".format(domain)).json() + +for rnum, r in enumerate(records): + if r['name'] == "_acme-challenge": + records.pop(rnum) + +re = s.put("https://api.godaddy.com/v1/domains/{}/records/TXT".format(domain), json = records) + + diff --git a/push.sh b/push.sh new file mode 100755 index 0000000..e1f0fdd --- /dev/null +++ b/push.sh @@ -0,0 +1,9 @@ +#!/bin/bash +sftp root@bpcspace.com << EOF +put godaddy_add_txt.py /root/scripts/maintenance/ssl_renewal +put godaddy_del_txt.py /root/scripts/maintenance/ssl_renewal +put renew_certificate.sh /root/scripts/maintenance/ssl_renewal +EOF +ssh root@bpcspace.com << EOF +chmod a+x /root/scripts/maintenance/ssl_renewal/* +EOF diff --git a/renew_certificate.sh b/renew_certificate.sh new file mode 100755 index 0000000..448c1aa --- /dev/null +++ b/renew_certificate.sh @@ -0,0 +1,13 @@ +#!/bin/bash +echo "Renewing SSL certificates for bpcspace.com on $(date)" | mail 19132286776@messaging.sprintpcs.com +certbot certonly --domains "bpcspace.com, *.bpcspace.com" --manual --manual-public-ip-logging-ok --agree-tos --text --manual-auth-hook "/root/scripts/maintenance/ssl_renewal/godaddy_add_txt.py" --manual-cleanup-hook "/root/scripts/maintenance/ssl_renewal/godaddy_del_txt.py" --preferred-challenges dns +error=$? +if [ $error -ne 0 ]; then + echo "Failed with error code $error." | mail 19132286776@messaging.sprintpcs.com +fi + +systemctl restart apache2 +systemctl restart filebin-server +systemctl restart postfix + + -- cgit v1.2.3