Add wildcard domain support with DNS-01 ACME challenge flow
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m17s
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m17s
Support wildcard domains (*.domain.tld) in HAProxy config generation with exact-match ACLs prioritized over wildcard ACLs. Add DNS-01 challenge endpoints that coordinate with certbot via auth/cleanup hook scripts for wildcard SSL certificate issuance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
29
scripts/dns-challenge-auth-hook.sh
Executable file
29
scripts/dns-challenge-auth-hook.sh
Executable file
@@ -0,0 +1,29 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# Certbot DNS-01 auth hook
|
||||
# Called by certbot with CERTBOT_DOMAIN and CERTBOT_VALIDATION env vars
|
||||
# Writes the validation token for the API to read, then waits for proceed signal
|
||||
|
||||
TOKEN_FILE="/tmp/dns-challenge-${CERTBOT_DOMAIN}.token"
|
||||
PROCEED_FILE="/tmp/dns-challenge-${CERTBOT_DOMAIN}.proceed"
|
||||
|
||||
# Write the challenge token so the API can return it to the caller
|
||||
echo "${CERTBOT_VALIDATION}" > "${TOKEN_FILE}"
|
||||
|
||||
# Wait for the proceed signal (PHP side sets DNS record, then calls verify endpoint)
|
||||
MAX_WAIT=300
|
||||
ELAPSED=0
|
||||
|
||||
while [ ${ELAPSED} -lt ${MAX_WAIT} ]; do
|
||||
if [ -f "${PROCEED_FILE}" ]; then
|
||||
# Give DNS a moment to propagate after the signal
|
||||
sleep 5
|
||||
exit 0
|
||||
fi
|
||||
sleep 1
|
||||
ELAPSED=$((ELAPSED + 1))
|
||||
done
|
||||
|
||||
echo "Timed out waiting for proceed signal for ${CERTBOT_DOMAIN}" >&2
|
||||
exit 1
|
||||
Reference in New Issue
Block a user