cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
haproxy-manager-base/scripts/dns-challenge-auth-hook.sh

30 lines
860 B
Bash
Raw Permalink Normal View History

Add wildcard domain support with DNS-01 ACME challenge flow Support wildcard domains (*.domain.tld) in HAProxy config generation with exact-match ACLs prioritized over wildcard ACLs. Add DNS-01 challenge endpoints that coordinate with certbot via auth/cleanup hook scripts for wildcard SSL certificate issuance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:04:32 -08:00
#!/usr/bin/env bash
set -euo pipefail
# Certbot DNS-01 auth hook
# Called by certbot with CERTBOT_DOMAIN and CERTBOT_VALIDATION env vars
# Writes the validation token for the API to read, then waits for proceed signal
TOKEN_FILE="/tmp/dns-challenge-${CERTBOT_DOMAIN}.token"
PROCEED_FILE="/tmp/dns-challenge-${CERTBOT_DOMAIN}.proceed"
# Write the challenge token so the API can return it to the caller
echo "${CERTBOT_VALIDATION}" > "${TOKEN_FILE}"
# Wait for the proceed signal (PHP side sets DNS record, then calls verify endpoint)
MAX_WAIT=300
ELAPSED=0
while [ ${ELAPSED} -lt ${MAX_WAIT} ]; do
if [ -f "${PROCEED_FILE}" ]; then
# Give DNS a moment to propagate after the signal
sleep 5
exit 0
fi
sleep 1
ELAPSED=$((ELAPSED + 1))
done
echo "Timed out waiting for proceed signal for ${CERTBOT_DOMAIN}" >&2
exit 1
Reference in New Issue Copy Permalink