More auth input options

README.md

@@ -51,7 +51,9 @@ Sometimes it takes a while until the desired DNS record is published, which allo
 
 Run Certbot in manual mode:
 
-`sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d example.com -d *.example.com`
+```shell
+sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook "$(pwd)/auth-hook.py strato-auth.json" --manual-cleanup-hook "$(pwd)/cleanup-hook.py strato-auth.json" -d example.com -d *.example.com
+```
 
 This will generate a wildcard certificate for your domain without the need to manually enter the TXT records.
 

auth-hook.py

@@ -11,17 +11,36 @@
 def main():
     """Run authentification hook."""
     # get authentication data
-    with open(
-            os.path.dirname(__file__) + os.path.normcase('/strato-auth.json'),
-            encoding='UTF-8',
-            ) as file:
-        auth = json.load(file)
-        username = auth.get('username')
-        password = auth.get('password')
-        totp_secret = auth.get('totp_secret')
-        totp_devicename = auth.get('totp_devicename')
-        waiting_time = auth.get('waiting_time', 0)
-        api_url = auth.get('api_url')
+
+    #check if environment variable exists
+    if 'STRATO_AUTH_ENV_ENABLE' in os.environ:
+        username = os.environ.get('STRATO_USERNAME')
+        password = os.environ.get('STRATO_PASSWORD')
+        totp_secret = os.environ.get('STRATO_TOTP_SECRET')
+        totp_devicename = os.environ.get('STRATO_TOTP_DEVICENAME')
+        #parse string as int
+        waiting_time = int(os.environ.get('STRATO_WAITING_TIME', 0))
+        api_url = os.environ.get('STRATO_API_URL')
+    else:
+        print(os.environ.get('STRATO_AUTH_ENV_ENABLE'))
+        #if argument exists, use it as path to auth.json
+        if len(sys.argv) != 2:
+            print('No path to auth.json provided. Using default.')
+            auth_path = "strato-auth.json"
+        else:
+            auth_path = sys.argv[1]
+
+        with open(
+                os.path.dirname(__file__) + os.path.normcase('/'+auth_path),
+                encoding='UTF-8',
+                ) as file:
+            auth = json.load(file)
+            username = auth.get('username')
+            password = auth.get('password')
+            totp_secret = auth.get('totp_secret')
+            totp_devicename = auth.get('totp_devicename')
+            waiting_time = auth.get('waiting_time', 0)
+            api_url = auth.get('api_url')
 
     strato = CertbotStratoApi(api_url)
     if not strato.login(username, password, totp_secret, totp_devicename):

cleanup-hook.py

@@ -9,17 +9,31 @@
 
 def main():
     """Run cleanup hook."""
-    # get authentication data
-    with open(
-            os.path.dirname(__file__) + os.path.normcase('/strato-auth.json'),
-            encoding='UTF-8',
-            ) as file:
-        auth = json.load(file)
-        username = auth.get('username')
-        password = auth.get('password')
-        totp_secret = auth.get('totp_secret')
-        totp_devicename = auth.get('totp_devicename')
-        api_url = auth.get('api_url')
+    #check if environment variable exists
+    if 'STRATO_AUTH_ENV_ENABLE' in os.environ :
+        username = os.environ.get('STRATO_USERNAME')
+        password = os.environ.get('STRATO_PASSWORD')
+        totp_secret = os.environ.get('STRATO_TOTP_SECRET')
+        totp_devicename = os.environ.get('STRATO_TOTP_DEVICENAME')
+        api_url = os.environ.get('STRATO_API_URL')
+    else:
+        #if argument exists, use it as path to auth.json
+        if len(sys.argv) != 2:
+            print('No path to auth.json provided. Using default.')
+            auth_path = "strato-auth.json"
+        else:
+            auth_path = sys.argv[1]
+
+        with open(
+                os.path.dirname(__file__) + os.path.normcase('/'+auth_path),
+                encoding='UTF-8',
+        ) as file:
+            auth = json.load(file)
+            username = auth.get('username')
+            password = auth.get('password')
+            totp_secret = auth.get('totp_secret')
+            totp_devicename = auth.get('totp_devicename')
+            api_url = auth.get('api_url')
 
     strato = CertbotStratoApi(api_url)
     if not strato.login(username, password, totp_secret, totp_devicename):

docker/Dockerfile

@@ -7,4 +7,4 @@ FROM certbot/certbot
 Add ./ ./
 RUN chmod +x *.py
 RUN pip3 install --no-cache-dir -r requirements.txt
-ENTRYPOINT ["sh",  "-c", "certbot certonly --agree-tos --no-eff-email --email $EMAIL --manual --preferred-challenges dns --manual-auth-hook /opt/certbot/auth-hook.py --manual-cleanup-hook /opt/certbot/cleanup-hook.py -d $DOMAIN -d *.$DOMAIN"]
+ENTRYPOINT ["sh",  "-c", "certbot certonly --agree-tos --no-eff-email --email $EMAIL --manual --preferred-challenges dns --manual-auth-hook /opt/certbot/auth-hook.py --manual-cleanup-hook /opt/certbot/cleanup-hook.py  -d $DOMAIN -d *.$DOMAIN"]

docker/auth.env.sample

@@ -0,0 +1,7 @@
+STRATO_AUTH_ENV_ENABLE=true
+STRATO_USERNAME=your_username
+STRATO_PASSWORD=your_password
+STRATO_TOTP_SECRET=your_totp_secret
+STRATO_TOTP_DEVICENAME=your_totp_device_name
+STRATO_WAITING_TIME=0
+STRATO_API_URL=https://www.strato.de/apps/CustomerService

docker/run.sh

@@ -1,2 +1,2 @@
 #!/bin/bash
-docker run --env-file certbot.env --rm -v letsencrypt:/etc/letsencrypt stratobot 
+docker run --env-file certbot.env --env-file auth.env --rm -v letsencrypt:/etc/letsencrypt stratobot