diff --git a/README.md b/README.md index fb6d82e..5937390 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,9 @@ Sometimes it takes a while until the desired DNS record is published, which allo Run Certbot in manual mode: -`sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d example.com -d *.example.com` +```shell +sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook "$(pwd)/auth-hook.py strato-auth.json" --manual-cleanup-hook "$(pwd)/cleanup-hook.py strato-auth.json" -d example.com -d *.example.com +``` This will generate a wildcard certificate for your domain without the need to manually enter the TXT records. diff --git a/auth-hook.py b/auth-hook.py index a49aa40..e3c2c1b 100755 --- a/auth-hook.py +++ b/auth-hook.py @@ -11,17 +11,36 @@ def main(): """Run authentification hook.""" # get authentication data - with open( - os.path.dirname(__file__) + os.path.normcase('/strato-auth.json'), - encoding='UTF-8', - ) as file: - auth = json.load(file) - username = auth.get('username') - password = auth.get('password') - totp_secret = auth.get('totp_secret') - totp_devicename = auth.get('totp_devicename') - waiting_time = auth.get('waiting_time', 0) - api_url = auth.get('api_url') + + #check if environment variable exists + if 'STRATO_AUTH_ENV_ENABLE' in os.environ: + username = os.environ.get('STRATO_USERNAME') + password = os.environ.get('STRATO_PASSWORD') + totp_secret = os.environ.get('STRATO_TOTP_SECRET') + totp_devicename = os.environ.get('STRATO_TOTP_DEVICENAME') + #parse string as int + waiting_time = int(os.environ.get('STRATO_WAITING_TIME', 0)) + api_url = os.environ.get('STRATO_API_URL') + else: + print(os.environ.get('STRATO_AUTH_ENV_ENABLE')) + #if argument exists, use it as path to auth.json + if len(sys.argv) != 2: + print('No path to auth.json provided. Using default.') + auth_path = "strato-auth.json" + else: + auth_path = sys.argv[1] + + with open( + os.path.dirname(__file__) + os.path.normcase('/'+auth_path), + encoding='UTF-8', + ) as file: + auth = json.load(file) + username = auth.get('username') + password = auth.get('password') + totp_secret = auth.get('totp_secret') + totp_devicename = auth.get('totp_devicename') + waiting_time = auth.get('waiting_time', 0) + api_url = auth.get('api_url') strato = CertbotStratoApi(api_url) if not strato.login(username, password, totp_secret, totp_devicename): diff --git a/cleanup-hook.py b/cleanup-hook.py index 759c4a4..8e26483 100755 --- a/cleanup-hook.py +++ b/cleanup-hook.py @@ -9,17 +9,31 @@ def main(): """Run cleanup hook.""" - # get authentication data - with open( - os.path.dirname(__file__) + os.path.normcase('/strato-auth.json'), - encoding='UTF-8', - ) as file: - auth = json.load(file) - username = auth.get('username') - password = auth.get('password') - totp_secret = auth.get('totp_secret') - totp_devicename = auth.get('totp_devicename') - api_url = auth.get('api_url') + #check if environment variable exists + if 'STRATO_AUTH_ENV_ENABLE' in os.environ : + username = os.environ.get('STRATO_USERNAME') + password = os.environ.get('STRATO_PASSWORD') + totp_secret = os.environ.get('STRATO_TOTP_SECRET') + totp_devicename = os.environ.get('STRATO_TOTP_DEVICENAME') + api_url = os.environ.get('STRATO_API_URL') + else: + #if argument exists, use it as path to auth.json + if len(sys.argv) != 2: + print('No path to auth.json provided. Using default.') + auth_path = "strato-auth.json" + else: + auth_path = sys.argv[1] + + with open( + os.path.dirname(__file__) + os.path.normcase('/'+auth_path), + encoding='UTF-8', + ) as file: + auth = json.load(file) + username = auth.get('username') + password = auth.get('password') + totp_secret = auth.get('totp_secret') + totp_devicename = auth.get('totp_devicename') + api_url = auth.get('api_url') strato = CertbotStratoApi(api_url) if not strato.login(username, password, totp_secret, totp_devicename): diff --git a/docker/Dockerfile b/docker/Dockerfile index 8faa52f..7012ca2 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -7,4 +7,4 @@ FROM certbot/certbot Add ./ ./ RUN chmod +x *.py RUN pip3 install --no-cache-dir -r requirements.txt -ENTRYPOINT ["sh", "-c", "certbot certonly --agree-tos --no-eff-email --email $EMAIL --manual --preferred-challenges dns --manual-auth-hook /opt/certbot/auth-hook.py --manual-cleanup-hook /opt/certbot/cleanup-hook.py -d $DOMAIN -d *.$DOMAIN"] +ENTRYPOINT ["sh", "-c", "certbot certonly --agree-tos --no-eff-email --email $EMAIL --manual --preferred-challenges dns --manual-auth-hook /opt/certbot/auth-hook.py --manual-cleanup-hook /opt/certbot/cleanup-hook.py -d $DOMAIN -d *.$DOMAIN"] diff --git a/docker/auth.env.sample b/docker/auth.env.sample new file mode 100644 index 0000000..d5bf52e --- /dev/null +++ b/docker/auth.env.sample @@ -0,0 +1,7 @@ +STRATO_AUTH_ENV_ENABLE=true +STRATO_USERNAME=your_username +STRATO_PASSWORD=your_password +STRATO_TOTP_SECRET=your_totp_secret +STRATO_TOTP_DEVICENAME=your_totp_device_name +STRATO_WAITING_TIME=0 +STRATO_API_URL=https://www.strato.de/apps/CustomerService \ No newline at end of file diff --git a/docker/run.sh b/docker/run.sh index 36a385e..042692e 100644 --- a/docker/run.sh +++ b/docker/run.sh @@ -1,2 +1,2 @@ #!/bin/bash -docker run --env-file certbot.env --rm -v letsencrypt:/etc/letsencrypt stratobot +docker run --env-file certbot.env --env-file auth.env --rm -v letsencrypt:/etc/letsencrypt stratobot