Quick script for obtaining lets encrypt certificate through DNS authentication

Blogger: SangSir
Published: January 20, 2017
8374 views
2 comments
2461 words
Classification: Notes

Quick script for obtaining lets encrypt certificate through DNS authentication

Scripts based on letsencrypt.sh By calling the dns service provider interface to update TXT records for authentication, we can quickly obtain lets encrypt certificates. No root permission is required, no website directory and DNS resolution need to be specified

cloudxns

download

 wget  https://github.com/xdtianyu/scripts/raw/master/le-dns/le-cloudxns.sh wget  https://github.com/xdtianyu/scripts/raw/master/le-dns/cloudxns.conf chmod +x le-cloudxns.sh

to configure

cloudxns.conf Document content

 API_KEY="YOUR_API_KEY" SECRET_KEY="YOUR_SECRET_KEY" DOMAIN="example.com" CERT_DOMAINS="example.com www.example.com im.example.com" #ECC=TRUE

Modify API_KEY and SECRET_KEY For your cloudxns api key , Modify DOMAIN For your root domain name, modify CERT_DOMAINS For the list of domain names you want to sign, you need to ECC Please cancel the certificate #ECC=TRUE Comments for.

function

./le-cloudxns.sh cloudxns.conf

The last generated file is in the certs directory of the current directory

Cron scheduled task

If the certificate expires no less than 30 days, letsencrypt.sh The script will automatically ignore the update, so it needs at least 29 days to run the update.

The certificate is automatically renewed every 20 days (on the 2nd and 22nd of each month) le-cloudxns.sh At the end of the script, add service nginx reload and other reload services.

0 0 2/20 * * /etc/nginx/le-cloudxns.sh /etc/nginx/le-cloudxns.conf >> /var/log/le-cloudxns.log 2>&1

be careful ubuntu 16.04 Cannot define day of month With start days step values , you can replace the 2/20 by 2,22 。

For more detailed crontab parameters, please refer to crontab.guru Customize

dnspod

download

 wget  https://github.com/xdtianyu/scripts/raw/master/le-dns/le-dnspod.sh wget  https://github.com/xdtianyu/scripts/raw/master/le-dns/dnspod.conf chmod +x le-dnspod.sh

to configure

dnspod.conf Document content

 TOKEN="YOUR_TOKEN_ID,YOUR_API_TOKEN" RECORD_LINE="Default" DOMAIN="example.com" CERT_DOMAINS="example.com www.example.com im.example.com" #ECC=TRUE

Modify the TOKEN For your dnspod api token Note that the format is 123456,556cxxxx 。
modify DOMAIN For your root domain name, modify CERT_DOMAINS For the list of domain names you want to sign, you need to ECC Please cancel the certificate #ECC=TRUE Comments for.

function

./le-dnspod.sh dnspod.conf

The last generated file is in the certs directory of the current directory

Cron scheduled task

If the certificate expires no less than 30 days, letsencrypt.sh The script will automatically ignore the update, so it needs at least 29 days to run the update.

The certificate is automatically renewed every 20 days (on the 5th and 25th of each month) le-dnspod.sh At the end of the script, add service nginx reload and other reload services.

0 0 5/20 * * /etc/nginx/le-dnspod.sh /etc/nginx/le-dnspod.conf >> /var/log/le-dnspod.log 2>&1

be careful ubuntu 16.04 Cannot define day of month With start days step values , you can replace the 5/20 by 5,25 。

For more detailed crontab parameters, please refer to crontab.guru Customize

Last modification: November 17, 2017

If you think my article is useful to you, please feel free to appreciate it

Comment Cancel Reply
Use cookies to keep your personal information for your next quick comment. Continuing to comment means that you have agreed to the terms

comment *

Private comments

name *

🎲

mailbox *

address

2 comments

tomato
June 16th, 2017 at 03:40 pm

I can always see many programmers when I wander around

reply
1. SangSir
  July 6th, 2017 at 12:24 pm
  
  @Tomatoes
  
  Hello, brother~
  
  reply

Quick script for obtaining lets encrypt certificate through DNS authentication

SangSir • January 20, 2017

<trans data-src="<h2>通过 DNS 验证方式获取 lets-encrypt 证书的快速脚本</h2>脚本基于 <a class="no-external-link" href=""><h2>Quick script for obtaining lets encrypt certificate through DNS authentication</h2>script is based on<a class="no external link" href=“</trans> <trans data-src="https://github.com/lukas2511/letsencrypt.sh">https://github.com/lukas2511/letsencrypt.sh</trans> <trans data-src="" target="_blank">letsencrypt.sh</a>，通过调用 dns 服务商接口更新 TXT 记录用于认证，实现快速获取 lets-encrypt 证书。无需root权限，无需指定网站目录及DNS解析<h2>cloudxns</h2>下载<pre><code>wget ">"Target=" _blank ">letsencrypt. sh</a>, by calling the DNS service provider interface to update the TXT record for authentication, we can quickly obtain the lets encrypt certificate. No root permission, no need to specify the website directory and DNS resolution<h2>cloudxns</h2>Download<pre><code>wget</trans> <trans data-src="https://github.com/xdtianyu/scripts/raw/master/le-dns/le-cloudxns.sh">https://github.com/xdtianyu/scripts/raw/master/le-dns/le-cloudxns.sh</trans> <trans data-src="wget ">wget </trans> <trans data-src="https://github.com/xdtianyu/scripts/raw/master/le-dns/cloudxns.conf">https://github.com/xdtianyu/scripts/raw/master/le-dns/cloudxns.conf</trans> <trans data-src="chmod +x le-cloudxns.sh</code></pre>配置<code>cloudxns.conf</code> 文件内容<pre><code>API_KEY=&quot;">Chmod+x le cloudxns. sh</code></pre>Configuration<code>cloudxns. conf</code>File content<pre><code>API_KEY=&quot;</trans> <trans data-src="YOUR_API_KEY&quot;">YOUR_API_KEY&quot;</trans> <trans data-src="SECRET_KEY=&quot;">SECRET_KEY=&quot;</trans> <trans data-src="YOUR_SECRET_KEY&quot;">YOUR_SECRET_KEY&quot;</trans> <trans data-src="DOMAIN=&quot;">DOMAIN=&quot;</trans> <trans data-src="example.com&quot;">example.com&quot;</trans> <trans data-src="CERT_DOMAINS=&quot;">CERT_DOMAINS=&quot;</trans> <trans data-src="example.com www.example.com im.example.com&quot;">example.com www.example.com im.example.com&quot;</trans> <trans data-src="#ECC=TRUE</code></pre>修改其中的 <code>API_KEY</code> 及 <code>SECRET_KEY</code> 为您的 <a class="no-external-link" href="">#ECC=TRUE</code></pre>Modify<code>API_KEY</code>and<code>SECRET_KEY</code>for your<a class="no external link" href=“</trans> <trans data-src="https://www.cloudxns.net/AccountManage/apimanage.html">https://www.cloudxns.net/AccountManage/apimanage.html</trans> <trans data-src="" target="_blank">cloudxns api key</a> ，修改 <code>DOMAIN</code> 为你的根域名，修改 <code>CERT_DOMAINS</code> 为您要签的域名列表，需要 <code>ECC</code> 证书时请取消 <code>#ECC=TRUE</code> 的注释。">"Target=" _blank ">cloudxns api key</a>, modify<code>DOMAIN</code>to your root domain name, and modify<code>CERT_DOMAINS</code>to the list of domain names you want to sign. If you need an<code>ECC</code>certificate, please cancel the comment of<code># ECC=TRUE</code>.</trans> <trans data-src="运行<code>./">Run<code>/</trans> <trans data-src="le-cloudxns.sh cloudxns.conf</code>最后生成的文件在当前目录的 certs 目录下cron 定时任务如果证书过期时间不少于30天， <a class="no-external-link" href="">Le-cloudxns.sh cloudxns.conf</code>The last generated file is in the certs directory of the current directorycron Scheduled TaskIf the certificate expiration time is not less than 30 days,<a class="no external link" href=“</trans> <trans data-src="https://github.com/lukas2511/letsencrypt.sh">https://github.com/lukas2511/letsencrypt.sh</trans> <trans data-src="" target="_blank">letsencrypt.sh</a> 脚本会自动忽略更新，所以至少需要29天运行一次更新。每隔20天(每个月的2号和22号)自动更新一次证书，可以在 <code>le-cloudxns.sh</code> 脚本最后加入 service nginx reload等重新加载服务。">"Target=" _blank ">letsencrypt. sh</a>The script will automatically ignore the update, so it needs at least 29 days to run the update.The certificate is automatically updated every 20 days (the 2nd and 22nd of each month). You can reload the service by adding service nginx reload at the end of the<code>le cloudxns. sh</code>script.</trans> <trans data-src="<code>0 0 2/20 * * /etc/nginx/le-cloudxns.sh /etc/nginx/le-cloudxns.conf &gt;&"><code>0 0 2/20 * * /etc/nginx/le-cloudxns.sh /etc/nginx/le-cloudxns.conf &gt;&</trans> <trans data-src="gt; /">gt; /</trans> <trans data-src="var/log/le-cloudxns.log 2&gt;&">var/log/le-cloudxns.log 2&gt;&</trans> <trans data-src="amp;">amp;</trans> <trans data-src="1</code>注意 <code>ubuntu 16.04</code> 不能定义 <code>day of month</code> 含有开始天数的 <code>step values</code>，可以替换命令中的 <code>2/20</code> 为 <code>2,22</code>。</">1</code>Note<code>ubuntu 16.04</code>You cannot define<code>step values</code>with<code>day of month</code>starting days. You can replace<code>2/20</code>in the command to<code>2,22</code></</trans> <trans data-src="p>更详细的 crontab 参数请参考 <a class="no-external-link" href="">p> For more detailed crontab parameters, please refer to<a class="no external link" href=“</trans> <trans data-src="http://crontab.guru/">http://crontab.guru/</trans> <trans data-src="" target="_blank">crontab.guru</a> 进行自定义<h2>dnspod</h2>下载<pre><code>wget ">"Target=" _blank ">crontab. guru</a>Customize<h2>dnspod</h2>Download<pre><code>wget</trans> <trans data-src="https://github.com/xdtianyu/scripts/raw/master/le-dns/le-dnspod.sh">https://github.com/xdtianyu/scripts/raw/master/le-dns/le-dnspod.sh</trans> <trans data-src="wget ">wget </trans> <trans data-src="https://github.com/xdtianyu/scripts/raw/master/le-dns/dnspod.conf">https://github.com/xdtianyu/scripts/raw/master/le-dns/dnspod.conf</trans> <trans data-src="chmod +x le-dnspod.sh</code></pre>配置<code>dnspod.conf</code> 文件内容<pre><code>TOKEN=&quot;">Chmod+x le dnspod. sh</code></pre>Configuration<code>dnspod. conf</code>File content<pre><code>TOKEN=&quot;</trans> <trans data-src="YOUR_TOKEN_ID,YOUR_API_TOKEN&quot;">YOUR_TOKEN_ID,YOUR_API_TOKEN&quot;</trans> <trans data-src="RECORD_LINE=&quot;">RECORD_LINE=&quot;</trans> <trans data-src="默认&quot;">Default&quot;</trans> <trans data-src="DOMAIN=&quot;">DOMAIN=&quot;</trans> <trans data-src="example.com&quot;">example.com&quot;</trans> <trans data-src="CERT_DOMAINS=&quot;">CERT_DOMAINS=&quot;</trans> <trans data-src="example.com www.example.com im.example.com&quot;">example.com www.example.com im.example.com&quot;</trans> <trans data-src="#ECC=TRUE</code></pre>修改其中的 <code>TOKEN</code> 为您的 <a class="no-external-link" href="">#ECC=TRUE</code></pre>Modify<code>TOKEN</code>for your<a class="no external link" href=“</trans> <trans data-src="https://www.dnspod.cn/console/user/security">https://www.dnspod.cn/console/user/security</trans> <trans data-src="" target="_blank">dnspod api token</a> ，注意格式为<code>123456,556cxxxx</code>。 修改 <code>DOMAIN</code> 为你的根域名，修改 <code>CERT_DOMAINS</code> 为您要签的域名列表，需要 <code>ECC</code> 证书时请取消 <code>#ECC=TRUE</code> 的注释。">"Target=" _blank ">dnspod api token</a>. Note that the format is<code>123456556cxxxx</code>. Modify<code>DOMAIN</code>as your root domain name, and modify<code>CERT_DOMAINS</code>as the list of domain names you want to sign. If you need an<code>ECC</code>certificate, please cancel the comment of<code># ECC=TRUE</code>.</trans> <trans data-src="运行<code>./">Run<code>/</trans> <trans data-src="le-dnspod.sh dnspod.conf</code>最后生成的文件在当前目录的 certs 目录下cron 定时任务如果证书过期时间不少于30天， <a class="no-external-link" href="">Le dnspod. sh dnspod. conf</code>The last generated file is in the certs directory of the current directorycron Scheduled TaskIf the certificate expiration time is not less than 30 days,<a class="no external link" href=“</trans> <trans data-src="https://github.com/lukas2511/letsencrypt.sh">https://github.com/lukas2511/letsencrypt.sh</trans> <trans data-src="" target="_blank">letsencrypt.sh</a> 脚本会自动忽略更新，所以至少需要29天运行一次更新。每隔20天(每个月的5号和25号)自动更新一次证书，可以在 <code>le-dnspod.sh</code> 脚本最后加入 service nginx reload等重新加载服务。">"Target=" _blank ">letsencrypt. sh</a>The script will automatically ignore the update, so it needs at least 29 days to run the update.The certificate is automatically updated every 20 days (the 5th and 25th of each month). You can add service nginx reload and other services at the end of the<code>le dnspod. sh</code>script.</trans> <trans data-src="<code>0 0 5/20 * * /etc/nginx/le-dnspod.sh /etc/nginx/le-dnspod.conf &gt;&"><code>0 0 5/20 * * /etc/nginx/le-dnspod.sh /etc/nginx/le-dnspod.conf &gt;&</trans> <trans data-src="gt; /">gt; /</trans> <trans data-src="var/log/le-dnspod.log 2&gt;&">var/log/le-dnspod.log 2&gt;&</trans> <trans data-src="amp;">amp;</trans> <trans data-src="1</code>注意 <code>ubuntu 16.04</code> 不能定义 <code>day of month</code> 含有开始天数的 <code>step values</code>，可以替换命令中的 <code>5/20</code> 为 <code>5,25</code>。</">1</code>Note<code>ubuntu 16.04</code>You cannot define<code>step values</code>with<code>day of month</code>starting days. You can replace<code>5/20</code>in the command to<code>5,25</code></</trans> <trans data-src="p>更详细的 crontab 参数请参考 <a class="no-external-link" href="">p> For more detailed crontab parameters, please refer to<a class="no external link" href=“</trans> <trans data-src="http://crontab.guru/">http://crontab.guru/</trans> <trans data-src="" target="_blank">crontab.guru</a> 进行自定义">"Target=" _blank ">crontab. guru</a>Customize</trans>