ameshkov / legoagh Goto Github PK

A simple script for automating using lego with AdGuard Home

Shell 100.00%

legoagh's Introduction

legoagh

A simple script for automating using lego with AdGuard Home. It downloads the latest available release of lego, runs it and obtains a wildcard certificate for the specified domain.

Prepare:

mkdir /opt/lego
curl -s https://raw.githubusercontent.com/ameshkov/legoagh/master/lego.sh --output lego.sh
chmod +x lego.sh

If you're using CloudFlare, you need to create an API token first.

Then run the script:

DOMAIN_NAME="example.org" \
    EMAIL="you@email" \
    DNS_PROVIDER="cloudflare" \
    CLOUDFLARE_DNS_API_TOKEN="yourapitoken" \
    ./lego.sh

If you're using GoDaddy, you need to create the API credentials.

Then run the script:

DOMAIN_NAME="example.org" \
    EMAIL="you@email" \
    DNS_PROVIDER="godaddy" \
    GODADDY_API_KEY="yourapikey" \
    GODADDY_API_SECRET="yourapisecret" \
    ./lego.sh

If you're using DigitalOcean, you need to create an API token first.

Then run the script:

DOMAIN_NAME="example.org" \
    EMAIL="you@email" \
    DNS_PROVIDER="digitalocean" \
    DO_AUTH_TOKEN="yourapitoken" \
    ./lego.sh

If you're using DuckDNS, you need to copy the API from duckdns.

Then run the script:

DOMAIN_NAME="example.duckdns.org" \
    EMAIL="you@email" \
    DNS_PROVIDER="duckdns" \
    DUCKDNS_TOKEN="yourduckdnstoken" \
    ./lego.sh

By default, it uses Let's Encrypt to generate the certificate.

Alternatively, you can use a different provider. For instance, ZeroSSL.

To do this, you need to sign up for a ZeroSSL account and obtain your EAB credentials. Then just pass it to the script:

SERVER="https://acme.zerossl.com/v2/DV90" \
    EAB_KID="xxxx" \
    EAB_HMAC="xxxx" \
    ...
    ...
    ./lego.sh

legoagh's People

Contributors

Stargazers

Watchers

legoagh's Issues

no IP address in cert, issues with DNS-over-TLS clients

how to solve this ?? i need a guide

Option to set `--preferred-chain`

With Let's Encrypt switching certs today, it has broken the ability for Android Private DNS to connect to AGH. Solution I've worked out is to run the lego command like this:

CLOUDFLARE_DNS_API_TOKEN="..." \
        ./lego \
        --dns cloudflare \
        --domains "..." \
        --domains "..." \
        --email "..." \
        run \
        --preferred-chain="ISRG Root X1"

Can you add an optional env variable so that if PREFERRED-CHAIN=<something> is set, then --preferred-chain="<something>" will be added after the run command?

failed to find zone co.uk

I'm trying to generate a certificate for a .co.uk domain and in this example 123.co.uk

It appears that the script is missing the 123 part of the domain and is looking for the .co.uk zone instead of the 123.co.uk zone in CloudFlare

If I swap it out for .com it appears to correctly look for 123.com (but I don't own the .com version of the domain so correctly it fails that test)

DOMAIN_NAME="123.co.uk" \
    EMAIL="[email protected]" \
    DNS_PROVIDER="cloudflare" \
    CLOUDFLARE_DNS_API_TOKEN="1234567890abcedfgh" \
    ./lego.sh

Error output =

root@adguard:~# DOMAIN_NAME=123.co.uk [email protected] DNS_PROVIDER=cloudflare CLOUDFLARE_DNS_API_TOKEN=1234567890abcedfgh ./lego.sh
operating system: linux
cpu type: amd64
Downloading the latest lego release from https://github.com/go-acme/lego/releases/download/v4.14.0/lego_v4.14.0_linux_amd64.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
2023/09/14 06:43:40 [INFO] [*.123.co.uk, 123.co.uk] acme: Obtaining bundled SAN certificate
2023/09/14 06:43:41 [INFO] [*.123.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/264278992996
2023/09/14 06:43:41 [INFO] [123.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/264278993006
2023/09/14 06:43:41 [INFO] [*.123.co.uk] acme: use dns-01 solver
2023/09/14 06:43:41 [INFO] [123.co.uk] acme: Could not find solver for: tls-alpn-01
2023/09/14 06:43:41 [INFO] [123.co.uk] acme: Could not find solver for: http-01
2023/09/14 06:43:41 [INFO] [123.co.uk] acme: use dns-01 solver
2023/09/14 06:43:41 [INFO] [*.123.co.uk] acme: Preparing to solve DNS-01
2023/09/14 06:43:42 [INFO] [123.co.uk] acme: Preparing to solve DNS-01
2023/09/14 06:43:43 [INFO] [*.123.co.uk] acme: Cleaning DNS-01 challenge
2023/09/14 06:43:44 [WARN] [*.123.co.uk] acme: cleaning up failed: cloudflare: failed to find zone co.uk.: zone could not be found 
2023/09/14 06:43:44 [INFO] [123.co.uk] acme: Cleaning DNS-01 challenge
2023/09/14 06:43:45 [WARN] [123.co.uk] acme: cleaning up failed: cloudflare: failed to find zone co.uk.: zone could not be found 
2023/09/14 06:43:45 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/264278992996
2023/09/14 06:43:45 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/264278993006
2023/09/14 06:43:45 Could not obtain certificates:
        error: one or more domains had a problem:
[*.123.co.uk] [*.123.co.uk] acme: error presenting token: cloudflare: failed to find zone co.uk.: zone could not be found
[123.co.uk] [123.co.uk] acme: error presenting token: cloudflare: failed to find zone co.uk.: zone could not be found

Where as the following seems to pickup the domain name

root@adguard:~# DOMAIN_NAME=123.com [email protected] DNS_PROVIDER=cloudflare CLOUDFLARE_DNS_API_TOKEN=1234567890abcedfgh ./lego.sh
operating system: linux
cpu type: amd64
Downloading the latest lego release from https://github.com/go-acme/lego/releases/download/v4.14.0/lego_v4.14.0_linux_amd64.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
2023/09/14 06:43:22 [INFO] [*.123.com, 123.com] acme: Obtaining bundled SAN certificate
2023/09/14 06:43:23 [INFO] [*.123.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/264278931346
2023/09/14 06:43:23 [INFO] [123.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/264278931356
2023/09/14 06:43:23 [INFO] [*.123.com] acme: use dns-01 solver
2023/09/14 06:43:23 [INFO] [123.com] acme: Could not find solver for: tls-alpn-01
2023/09/14 06:43:23 [INFO] [123.com] acme: Could not find solver for: http-01
2023/09/14 06:43:23 [INFO] [123.com] acme: use dns-01 solver
2023/09/14 06:43:23 [INFO] [*.123.com] acme: Preparing to solve DNS-01
2023/09/14 06:43:24 [INFO] [123.com] acme: Preparing to solve DNS-01
2023/09/14 06:43:24 [INFO] [*.123.com] acme: Cleaning DNS-01 challenge
2023/09/14 06:43:24 [WARN] [*.123.com] acme: cleaning up failed: cloudflare: failed to find zone 123.com.: zone could not be found 
2023/09/14 06:43:24 [INFO] [123.com] acme: Cleaning DNS-01 challenge
2023/09/14 06:43:24 [WARN] [123.com] acme: cleaning up failed: cloudflare: failed to find zone 123.com.: zone could not be found 
2023/09/14 06:43:24 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/264278931346
2023/09/14 06:43:25 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/264278931356
2023/09/14 06:43:25 Could not obtain certificates:
        error: one or more domains had a problem:
[*.123.com] [*.123.com] acme: error presenting token: cloudflare: failed to find zone 123.com.: zone could not be found
[123.com] [123.com] acme: error presenting token: cloudflare: failed to find zone 123.com.: zone could not be found

does script work on openwrt for duskdns ?

followed the following script to generate cert for automating using lego for a domain for duckdns

it gives an error that ./lego.sh not found

Not sure if the script is still working okay. and if yes whats wrong above?

How to renew lego SSL for adguardhome

I use this script to ssl adguard home. how to update ssl?
is there a command to update it automatically?

Hello. Today I have received the letter from Let'sEncrypt that my certificate will expire in 10 days. How I can renew it using this script? I have used this script in order to create the certificate for GoDaddy.

Support multiple domain names

I'm in the process of changing my domain name, and it would be really nice to have a cert that covers both while I updated DOH/DOT devices.

I inputted for the domain name "dns.example.com,dns.differentexample.com,*.dns.differentexample.com" and while the current code works (albeit very clunkily, requesting for differentdomain.com multiple times) to get the cert on Let's Ecrypt's side, it has issues trying to save the file name as ./.lego/certificates/_.dns.example.com,dns.differentexample.com,*.dns.differentexample.com.key.

A simple fix ~~(although I do not know how to do this myself)~~ (See PR below) would be to split the domain name by commas and only save it as the first domain name.

Downloading the latest lego release from https://github.com/go-acme/lego/releases/download/v4.12.3/lego_v4.12.3_linux_amd64.tar.gz
curl: option --etag-save: is unknown
curl: try 'curl --help' or 'curl --manual' for more information

Auto renew certs

What would be the best practice for automatically renewing certs before the old ones expire?

Help

Hello. How to run this script with zerossl on vps ?
I tried but it doesn't work.
I tried with let's encrypt and not working.

Adguard home snap

ameshkov / legoagh Goto Github PK

legoagh's Introduction

legoagh

legoagh's People

Contributors

Stargazers

Watchers

Forkers

legoagh's Issues

Recommend Projects

Recommend Topics

Recommend Org