GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sineverba → Cfhookbash

sineverba / Cfhookbash

Licence: mit
Cloudflare hook bash for dehydrated - DNS-01 Challenge Let's Encrypt

Programming Languages

shell
77523 projects
bash
514 projects

Labels

letsencryptcloudflarebash-script

Projects that are alternatives of or similar to Cfhookbash

Lexicon
Manipulate DNS records on various DNS providers in a standardized way.
Stars: ✭ 1,028 (+3571.43%)
Mutual labels:  cloudflare, letsencrypt
Cloudflare Api V4 Ddns
Cloudflare API v4 Dynamic DNS Update in Bash
Stars: ✭ 124 (+342.86%)
Mutual labels:  bash-script, cloudflare
Piholecloudflared
Raspberry Pi setup with Pi-Hole, CloudflareD, DHCP as the ultimate Ad-blocker
Stars: ✭ 57 (+103.57%)
Mutual labels:  cloudflare, letsencrypt
Guacamole Install Rhel 7
Apache Guacamole installation bash script for RHEL 7 and CentOS 7 including options for Nginx, HTTPS, SSL, LDAP, Let's Encrypt certificates and more
Stars: ✭ 174 (+521.43%)
Mutual labels:  bash-script, letsencrypt
Bash Utils
A collection of hand-crafted bash scripts for various common tasks.
Stars: ✭ 124 (+342.86%)
Mutual labels:  cloudflare, letsencrypt
acme-dns-01-cloudflare
Cloudflare DNS for Let's Encrypt / ACME dns-01 challenges with Greenlock.js and ACME.js
Stars: ✭ 13 (-53.57%)
Mutual labels:  letsencrypt, cloudflare
Wsl Docker Git Setup
Shell script to configure Windows Subsystem for Linux (WSL) & Ubuntu on Windows to use docker and docker-compose as well as a git-enabled prompt
Stars: ✭ 23 (-17.86%)
Mutual labels:  bash-script
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+2925%)
Mutual labels:  cloudflare
Dnslink Cloudflare
Update dnslink TXT records in Cloudflare
Stars: ✭ 22 (-21.43%)
Mutual labels:  cloudflare
Deploy Docker Swarm
Deploy scripts for docker-swarm.
Stars: ✭ 17 (-39.29%)
Mutual labels:  bash-script
Bashmultitool
A library for bash shell program containing useful functions. Can be imported into scripts to create colourful and functional scripts and TUIs.
Stars: ✭ 27 (-3.57%)
Mutual labels:  bash-script
Certbot
Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Stars: ✭ 28,541 (+101832.14%)
Mutual labels:  letsencrypt
Ubuntu Setup
script to configure fresh ubuntu install, or to update existing install
Stars: ✭ 8 (-71.43%)
Mutual labels:  bash-script
Cloudflare Ddns
DDNS script to sync public IP address to CloudFlare dns records.
Stars: ✭ 23 (-17.86%)
Mutual labels:  cloudflare
Ikev2 Setup
Set up Ubuntu Server 20.04 (or 18.04) as an IKEv2 VPN server
Stars: ✭ 872 (+3014.29%)
Mutual labels:  letsencrypt
Gitlab Docker Letsencrypt
Gitlab CE + Docker Compose + Let's Encrypt (auto generate/renew)
Stars: ✭ 22 (-21.43%)
Mutual labels:  letsencrypt
Traefik
The Cloud Native Application Proxy
Stars: ✭ 36,089 (+128789.29%)
Mutual labels:  letsencrypt
Cloudflare Workers Webpack Plugin
Launch Cloudflare Workers to the Edge from the comfort of your build step 🚀
Stars: ✭ 18 (-35.71%)
Mutual labels:  cloudflare
Certbot Letencrypt Wildcardcertificates Alydns Au
certbot'renewing letencrypt certificate plugin - automatic verification aliyun/tencentyun/godaddy dns
Stars: ✭ 839 (+2896.43%)
Mutual labels:  letsencrypt
Vault712
Grin installer and wallet viewer
Stars: ✭ 15 (-46.43%)
Mutual labels:  bash-script
View All Similar Projects ➔

Cloudflare dns-01 challenge hook bash for dehydrated

CD / CI
Semaphore CI Build Status

If you like this project, or use it, please, star it!

Cloudflare Bash hook for dehydrated.

Docker version

For Docker version usage, see wiki

Why Cloudflare? What is this script?

If you cannot solve the HTTP-01 challenge, you need to solve the DNS-01 challenge. Details here.

With use of Cloudflare API (valid also on free plan!), this script will verify your domain putting a new record with a special token inside DNS zone. At the end of Let's Encrypt validation, that record will be deleted.

Depends on jq: sudo apt get install -y jq

You only need:

  1. Register on Cloudflare (it works also on free plan)
  2. Change your domain DNS to manage them in Cloudflare (follow their guide).
  3. Run dehydrated with this hook (or run Docker image, see below)

You will find the certificates in the folder of dehydrated.

Classic mode: Prerequisites

cfhookbash has some prerequisites:

Classic mode: Setup

cd ~
git clone https://github.com/sineverba/cfhookbash.git

Classic mode: Configuration

  1. Create a file domains.txt in the folder of dehydrated
  2. Put inside a list of domains that need certificates. Multiple (sub)domains on a single line will end up on a single certificate.
example.com www.example.com
home.example.net *.home.example.net
[...]
  1. Move to the folder of cfhookbash
  2. Copy config.default.sh to config.sh
  3. Edit config.sh. To get values:
Value Where to find Deprecated?
Zone ID Main page domain > Right Column > API section N
API Token Account > My Profile > API Tokens > Create Token > API token templates > "Edit zone DNS" N
Global API Key Account > My Profile > API Tokens > Api Keys > Global API Key Y, from 4.1.0

You can choose between using an API token and using your global API key. It is preferred to create a token, since tokens can be restricted to just the permission to edit DNS records in chosen zones (the DNS:Edit permission).

If you choose to use an API token, it must be filled into api_token. If you want to use your global API key, instead use global_api_key and email.

Global API key is deprecated and will be removed in future version.

Classic mode: Usage

Make a first run with CA="https://acme-staging-v02.api.letsencrypt.org/directory" placed in a config file in root directory of dehydrated.

./dehydrated -c -t dns-01 -k '${PATH_WHERE_YOU_CLONED_CFHOOKBASH}/cfhookbash/hook.sh'

You will find the certificates inside ~/dehydrated/certs/[your.domain.name]. If you are using dehydrated with a config file and, you can speed up the requests for certificates with multiple (sub)domains by using HOOK_CHAIN="yes".

Classic mode: Post deploy

You can find in hook.sh a recall to another file (deploy.sh). Here you can write different operation to execute AFTER every successfull challenge.

There is a stub file deploy.config.sh.

Usage:

cp deploy.config.sh deploy.sh && rm deploy.config.sh && nano deploy.sh

Classic mode: Cronjob

Remember that some action require sudo privilege (start and stop webserver, e.g.).

Best is run as root and running in cronjob specify full paths.

Following script will run every monday at 4AM and will create a log in home folder.

$ sudo crontab -e

0 4 * * 1 cd /home/YOUR_USER/dehydrated && /home/YOUR_USER/dehydrated/dehydrated -c -t dns-01 -k '/home/YOUR_USER/cfhookbash/hook.sh' >> /home/YOUR_USER/"cfhookbash-$(date +'%Y-%m-%d-%H-%M-%S').log"

Update / upgrade

  • Move to folder where you downloaded it
  • Type git checkout master && git pull

Commons error messages

Error Solution
Could not route to /zones/dns_records, perhaps your object identifier is invalid? No route for that URI Check your Zone ID value. There probably is something wrong.
/home/YOUR_USER/cfhookbash/hook.sh: line XX: jq: command not found Install jq (sudo apt install jq) and try again
{"code": 1001, "error": "method_not_allowed"} Update this script by running git pull

Contributing

Everyone is welcome to contribute! See CONTRIBUTING.md

Contributors, credits and bug discovery :)

  • YasharF
  • Ramblurr
  • Dav999-v
  • fallingcats

Inspired by

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].