Skip to content

Commit

Permalink
hetzner dns
Browse files Browse the repository at this point in the history
  • Loading branch information
@Razikus
Razikus committed Oct 9, 2024
1 parent 60d749c commit 9a642da
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Dockerfile.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ RUN set -x ; apk add procmail --no-cache --repository http://dl-cdn.alpinelinux.
&& apk add --no-cache --allow-untrusted "$(basename "${!url}")" \
&& rm "$(basename "${!url}")"

RUN curl -fsSL "https://raw.githubusercontent.com/balena-io/open-balena/master/scripts/_keyid.js" -o /opt/_keyid.js
RUN curl -fsSL "https://raw.githubusercontent.com/balena-io/open-balena/v3.8.5/scripts/_keyid.js" -o /opt/_keyid.js

WORKDIR /etc/letsencrypt

Expand Down
32 changes: 32 additions & 0 deletions entry.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,37 @@ function get_env_var_value {
echo "${varval}"
}

function hetzner_issue_public_cert {
local balena_device_uuid
balena_device_uuid="${1}"

local dns_tld
dns_tld="${2}"
[[ -n "${dns_tld}" ]] || return

hetzner_api_token="$(get_env_var_value "${balena_device_uuid}" HETZNER_API_TOKEN)"
[[ -n "${hetzner_api_token}" ]] || return

mkdir -p ~/.secrets/certbot

echo "dns_hetzner_api_token = ${hetzner_api_token}" \
> ~/.secrets/certbot/hetzner.ini \
&& chmod 0600 ~/.secrets/certbot/hetzner.ini

# Install the Hetzner DNS plugin for Certbot
pip install certbot-dns-hetzner

# shellcheck disable=SC2086
with_backoff certbot certonly --agree-tos --non-interactive --verbose --expand \
--authenticator dns-hetzner \
--dns-hetzner-credentials ~/.secrets/certbot/hetzner.ini \
--dns-hetzner-propagation-seconds 60 \
--cert-name "${dns_tld}" \
-m "$(get_acme_email ${balena_device_uuid})" \
-d "${dns_tld}" \
${sans}
}

function cloudflare_issue_public_cert {
local balena_device_uuid
balena_device_uuid="${1}"
Expand Down Expand Up @@ -300,6 +331,7 @@ function issue_public_certs {
# chain breaks after first success
cloudflare_issue_public_cert "${balena_device_uuid}" "${dns_tld}" \
|| gandi_issue_public_cert "${balena_device_uuid}" "${dns_tld}" \
|| hetzner_issue_public_cert "${balena_device_uuid}" "${dns_tld}" \
|| true
fi

Expand Down

0 comments on commit 9a642da

Please sign in to comment.