Difficulties with --manual-auth-hook

Ok, I try to make an automated script for my lets encrypt on namecheap. I’M NO EXPERT IN BASH/LINUX STUFF, BUT I’M A QUICK STUDY

I want to automate the certificate creation as much as possible, so that with one line I can create & validate an external domain.

So far, I’ve made a script that I called in PHP that changes my TXT for a domain under my guard on a distant server (shared hosting with reseller account). For exemple, if I ask my server to go to
http://exemple.com/?challengestr=ABC&domain=domain.com, it will change the _acme… TXT domain for domain.com to ABC.

So I made the following Bash

/usr/local/bin/sslauthscript.bs

#!/bin/bash
DOMAIN=$CERTBOT_DOMAIN
VALIDATION=$CERTBOT_VALIDATION

curl "http://exemple.com/?challengestr=$VALIDATION&domain=$DOMAIN"
wait

So when I call the next line, the domain and validation are pushed by curl to the server, the validation key is added to the server, and the ownership is validated.

CLI
sudo certbot certonly --manual --preferred-challenges=dns --agree-tos --manual-public-ip-logging-ok --manual-auth-hook /usr/local/bin/sslauthscript.bs -d domain.com

Well… it doesn’t work… the following URL is called: “http://exemple.com/?challengestr=VALIDATION&domain=DOMAIN”, as if $CERTBOT_DOMAIN and $CERTBOT_VALIDATION are never defined.

I’m pretty sure it’s a Code 12 (inches from the screen) but I RTFM all night long and Lionel Richie is not the solution.

Please can you help

What url gets constructed when calling the following:

env CERTBOT_DOMAIN=example.com CERTBOT_VALIDATION=foobar /usr/local/bin/sslauthscript.bs

This basically sets the environment variables and executes the script.

I get foobar : example.com on the server

When I call the certbot script I get that:

Error output from sslauthscript.bs:
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:04 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:05 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:06 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:07 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:08 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:09 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:10 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:11 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:12 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:13 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:14 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:15 --:--:--     0
100     1    0     1    0     0      0      0 --:--:--  0:00:16 --:--:--     0
100     1    0     1    0     0      0      0 --:--:--  0:00:16 --:--:--     0

So, the script gets executed now? What did you change?
To suppress the progress meter, you may call curl with option -s.

O the

I dont know, it did work, but verification was called too quick. I added "sleep 5" at the end of the script and fixed the problem!

Hoooo I get it…

In my PHP script I had, in the first lines, an

echo ‘!’;

I guess that was enough of an awnser for certbot to start validation (even if the php had not put the DNS record)

OK, but this has nothing todo with your initial problem, where environment variables did not get expanded correctly. Nobody could learn anything from this thread.

By the way: as long as your whole setup is not finished, I would recommend using the staging environment for your tests, not the production environment.

Initially name weren’t working. Today they were (I havn’t put a flipacoin() function in my bash script btw).

I dont think this tread is totally useless. I mean, where does it says that if your bashscript does return anything certbot will continue its way?

Thanks for the hint on staging enviromnent

It might also be good to put some kind of authentication in there, so that other people who some how learn about this service can’t use your API to get certificates for your domains!

in fact the exemple.com is in fact http://localhost/ (was easier to explain that way)

Sounds safer! :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.