Support wildcard domains and multiple configs

[agross]

Hi,

I thought you might be interested in this. I use your fork without acme.sh as I need wildcard domains, so I call certbot directly with --manual-auth-hook and --manual-cleanup-hook:

#!/usr/bin/env bash

set -euo pipefail

domains=()
rest=()

for arg in "$@"; do
  if [[ "$arg" == *.* ]]; then
    domains+=(--domain "$arg")
  else
    rest+=("$arg")
  fi
done

certbot certonly \
        "${domains[@]}" \
        "${rest[@]}" \
        --agree-tos \
        --manual \
        --manual-public-ip-logging-ok \
        --preferred-challenges dns-01 \
        --manual-auth-hook /root/certbot-inwx-dns \
        --manual-cleanup-hook /root/certbot-inwx-dns

/root/certbot-inwx-dns

#!/usr/bin/env bash

set -euo pipefail

echo Running DNS authenticator with CERTBOT_DOMAIN=$CERTBOT_DOMAIN CERTBOT_VALIDATION=$CERTBOT_VALIDATION

args=(--acme-record-name $CERTBOT_DOMAIN --challenge $CERTBOT_VALIDATION)

if [[ ! -v CERTBOT_AUTH_OUTPUT ]]; then
  echo Adding challenge...
  op=--add
  # After we set up the record, wait a bit before continuing.
  after=(sleep 30s)
else
  echo Removing challenge...
  op=--remove
fi

/usr/local/src/acme.sh-inwx/acme-inwx.py "$op" "${args[@]}"

"${after[@]}"

Both files are not part of the repository, but the last one calls your script.

As wildcard authentication may cause two challenges under the same name, e.g. when requesting a cert for example.com and *.example.com we

• must add a new TXT RR unless one with the same name and content exists
• delete only the one we have to clean up

as both the script is being called for each of the domains.

On top of that I need to manage domains for multiple INWX accounts on a single server, so one config.py file is not enough. Having written my first Python code today execing to import dynamically seemed to be a viable solution.