search

do-know / Crypt-LE

Crypt::LE - Let's Encrypt / Buypass / ZeroSSL and other ACME-servers client and library in Perl for obtaining free SSL certificates (inc. generating RSA/ECC keys and CSRs). HTTP/DNS verification is supported out of the box, EAB (External Account Binding) supported, easily extended with plugins, easily dockerized.
https://Do-Know.com
Artistic License 2.0
354 stars 60 forks source link

Can't extract DNS values from first part #93

Open He-Man321 opened 3 months ago

He-Man321 commented 3 months ago

I have created a PS script to create the certificates, update the DNS (through the GoDaddy API) and import the PFX file to IIS, and although I still have a few things to tidy I can see how it can all work...

...Except, how do you get the DNS TXT values from the first command into variables?

Essentially, when you run the first part (with the --delayed argument) it outputs several (one for each sub domain specified) keys that need to be put in to the DNS TXT records. I can copy and paste these in to the following commands that set them using the GoDaddy API, but how can I have them output in to variables so I can automate this?

There is nothing in the documentation, but without this I don't see how I can automate the whole thing?

Thanks.

JustinWebDev commented 3 months ago

What is the 'first command' and the 'following commands'?

I tried to do the same thing and had to abandon it. I had trouble with getting GoDaddy's API to work but also had the same issue you are asking with the DNS TXT values. The only way I could see it work was output a log from LE then find the value in the log file. I was chasing Log::Log4perl stuff. Gave me a headache. I was so close, too.

I hope the developer can supply a more straight-forward way.

He-Man321 commented 3 months ago

If you had trouble with the GoDaddy DNS, the below is what I did to get it working, in case that helps:

So run this to start the process: ./le64.exe -email "support@domain.co.uk" -key domain.key -csr domain.csr -csr-key domain.key -crt domain.crt -domains "domain.co.uk,www.domain.co.uk" -generate-missing -live --handle-as dns --export-pfx "PASSWORD" --tag-pfx "domain.co.uk" --delayed

then this to create the DNS entries (note the "OUTPUT FROM ABOVE HERE" bit, which is the bit I want to automate: Invoke-RestMethod -Method PUT -Uri "https://api.godaddy.com/v1/domains/domain.co.uk/records/TXT/_acme-challenge" -Headers @{ Authorization="sso-key GODADDYKEY:GODADDYSECRET"} -ContentType "application/json" -Body "[{"data": "OUTPUT FROM ABOVE HERE","ttl": 600}]"; Invoke-RestMethod -Method PUT -Uri "https://api.godaddy.com/v1/domains/domain.co.uk/records/TXT/_acme-challenge.www" -Headers @{ Authorization="sso-key GODADDYKEY:GODADDYSECRET"} -ContentType "application/json" -Body "[{"data": "OUTPUT FROM ABOVE HERE","ttl": 600}]";

then this to complete the certificate generation: ./le64.exe -email "support@domain.co.uk" -key domain.key -csr domain.csr -csr-key domain.key -crt domain.crt -domains "domain.co.uk,www.domain.co.uk" -generate-missing -live --handle-as dns --export-pfx "PASSWORD" --tag-pfx "domain.co.uk"

And finally, to clear up the DNS entries afterwards: Invoke-RestMethod -Method DELETE -Uri "https://api.godaddy.com/v1/domains/domain.co.uk/records/TXT/_acme-challenge" -Headers @{ Authorization="sso-key GODADDYKEY:GODADDYSECRET"} Invoke-RestMethod -Method DELETE -Uri "https://api.godaddy.com/v1/domains/domain.co.uk/records/TXT/_acme-challenge.www" -Headers @{ Authorization="sso-key GODADDYKEY:GODADDYSECRET"}

I then imported the certificate to IIS with this: $thumb=(Import-PfxCertificate -FilePath "domain.pfx" -CertStoreLocation "Cert:\LocalMachine\WebHosting" -Password (ConvertTo-SecureString -String "PASSWORD" -AsPlainText -Force)).Thumbprint

Which gave me the thumbprint to the add it to the bindings, which I didn't quite finish, because I didn't see the point unless I could automate that earlier step...

JustinWebDev commented 3 months ago

Thanks much for that info!