1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
name: Obtain Certificate
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
environment: desec-test-account
strategy:
# You can use PyPy versions in python-version.
# For example, pypy2 and pypy3
matrix:
python-version: [
'3.9',
'3.10',
'3.11',
'3.12',
'3.13',
]
certbot-version: [
'2.11.1',
'3.3.0',
'4.2.0',
]
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Install
run: |
sudo apt-get install -y dnsutils
pip3 install certbot~=$CERTBOT_VERSION .
pip3 freeze
env:
CERTBOT_VERSION: ${{ matrix.certbot-version }}
- name: Create domain
shell: bash
run: |
PYTHON=$(echo $PYTHON | sed "s/\./-/g")
CERTBOT=$(echo $CERTBOT | sed "s/\./-/g")
curl -X POST https://desec.io/api/v1/domains/ \
--header "Authorization: Token $TOKEN" \
--header "Content-Type: application/json" --data @- <<< \
"{\"name\": \"certbot-$CERTBOT-python-$PYTHON-$DOMAIN\"}"
sleep 80 # wait for deSEC to propagate changes
env:
DOMAIN: ${{secrets.DESEC_DOMAIN}}
CERTBOT: ${{matrix.certbot-version}}
PYTHON: ${{matrix.python-version}}
TOKEN: ${{secrets.DESEC_TOKEN}}
- name: Setup Credentials
run: 'echo "dns_desec_token = $TOKEN" > desec-secret.ini'
shell: bash
env:
TOKEN: ${{secrets.DESEC_TOKEN}}
- name: Get Cert
run: |
PYTHON=$(echo $PYTHON | sed "s/\./-/g")
CERTBOT=$(echo $CERTBOT | sed "s/\./-/g")
certbot certonly \
--config-dir tmp/certbot/config \
--logs-dir tmp/certbot/logs \
--work-dir tmp/certbot/work \
--authenticator dns-desec \
--email $EMAIL \
--dns-desec-credentials desec-secret.ini \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--dry-run \
-d "certbot-$CERTBOT-python-$PYTHON-$DOMAIN" \
-d "*.certbot-$CERTBOT-python-$PYTHON-$DOMAIN"
shell: bash
env:
DOMAIN: ${{secrets.DESEC_DOMAIN}}
EMAIL: ${{secrets.DESEC_EMAIL}}
CERTBOT: ${{matrix.certbot-version}}
PYTHON: ${{matrix.python-version}}
- name: Query TXT record and show log
if: ${{ failure() }}
run: |
PYTHON=$(echo $PYTHON | sed "s/\./-/g")
CERTBOT=$(echo $CERTBOT | sed "s/\./-/g")
dig @ns1.desec.io TXT _acme-challenge.certbot-$CERTBOT-python-$PYTHON-$DOMAIN
dig @ns2.desec.org TXT _acme-challenge.certbot-$CERTBOT-python-$PYTHON-$DOMAIN
cat tmp/certbot/logs/letsencrypt.log
env:
DOMAIN: ${{secrets.DESEC_DOMAIN}}
CERTBOT: ${{matrix.certbot-version}}
PYTHON: ${{matrix.python-version}}
|
