network/roles/certbot_dns/templates/certbot-auth.j2

14 lines
306 B
Django/Jinja

#!/bin/sh
dns={{ dns[0] }}
ldap_user={{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }}
ttl=10
kinit -k -t /etc/krb5.keytab "${ldap_user}"
nsupdate -g <<EOF
server ${dns}
update add _acme-challenge.${CERTBOT_DOMAIN} ${ttl} TXT ${CERTBOT_VALIDATION}
send
EOF
sleep $(( ttl + 5 ))