For future reference,
Here is what my config looks like,
{"apps":
"events": {
"subscriptions": [
{
"events": ["cert_obtained"],
"handlers": [
{
"handler": "exec",
"command": "bash",
"args": [
"/var/lib/caddy/cert.obtained.sh",
"{event.data.identifier}"
]
}
]
},
{
"events": ["cert_obtaining"],
"handlers": [
{
"handler": "exec",
"command": "bash",
"args": [
"/var/lib/caddy/cert.obtaining.sh",
"{event.data.identifier}"
]
}
]
}
]
},
"tls": {
"automation": {
"policies": [
{
"subjects": [
"testirc.hs.domain.me",
"dash.domain.me",
"git.domain.me",
"jellyfin.domain.me",
"ldap.domain.me",
"qbit.domain.me",
"mc.domain.me",
"s.domain.me"
],
"issuers": [
{
"challenges": {
"dns": {
"provider": {
"api_token": "",
"name": "cloudflare"
}
}
},
"module": "acme"
},
{
"challenges": {
"dns": {
"provider": {
"api_token": "",
"name": "cloudflare"
}
}
},
"module": "zerossl"
}
]
}
]
}
}
}
And here is what the scripts look like. They can almost definitely be cleaned up a little but it works and I am probably not going to bother with this again. (If I had to, I’ll rewrite it in go then do this again)
# cert-obtained.sh
TOKEN=
PRIVATE_ZONE=hs.domain.me
ZONE=domain.me
set -e
set -o pipefail
echo "Working with domain $1"
if [[ $1 != *.hs.domain.me ]] && [[ $1 != hs.domain.me ]]; then
exit 0;
fi
ZONE_ID_QUERY=$(echo ".result [] | select(.name == \"$ZONE\") | .id");
echo "Zone ID Query is $ZONE_ID_QUERY"
ZONE_ID=$(curl -X GET "https://api.cloudflare.com/client/v4/zones" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type:application/json" | jq --raw-output "$ZONE_ID_QUERY")
echo $ZONE_ID
record=$(echo "{\"content\": \"ns.home.domain.me\", \"name\": \"hs.domain.me\", \"proxied\": false, \"type\": \"NS\", \"ttl\": 600}")
echo $record
curl -X POST -v "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type:application/json" \
--data "$record"
# cert-obtaining.sh
TOKEN=
PRIVATE_ZONE=hs.domain.me
ZONE=domain.me
echo "Working with domain $1"
if [[ $1 != *.hs.domain.me ]] && [[ $1 != hs.domain.me ]]; then
exit 0;
fi
ZONE_ID_QUERY=$(echo ".result [] | select(.name == \"$ZONE\") | .id");
echo "Zone ID Query is $ZONE_ID_QUERY"
ZONE_ID=$(curl -X GET "https://api.cloudflare.com/client/v4/zones" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type:application/json" | jq --raw-output "$ZONE_ID_QUERY")
echo $ZONE_ID
RECORD_ID_QUERY=$(echo ".result [] | select(.name == \"$PRIVATE_ZONE\") | .id");
echo "Zone ID Query is $RECORD_ID_QUERY"
RECORD_ID=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type:application/json" | jq --raw-output "$RECORD_ID_QUERY")
echo $RECORD_ID
curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type:application/json" || true
sleep 10
Notes:
- Here is the list of events and inputs in those events for reference events: Implement event system by francislavoie · Pull Request #4912 · caddyserver/caddy · GitHub