| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 |
- Name = "External program"
- Description = "Solving the DNS-01 challenge using an external program."
- URL = "/dns/exec"
- Code = "exec"
- Since = "v0.5.0"
- Example = '''
- EXEC_PATH=/the/path/to/myscript.sh \
- lego --email you@example.com --dns exec --domains my.example.org run
- '''
- Additional = '''
- ## Base Configuration
- | Environment Variable Name | Description |
- |---------------------------|---------------------------------------|
- | `EXEC_MODE` | `RAW`, none |
- | `EXEC_PATH` | The path of the the external program. |
- ## Additional Configuration
- | Environment Variable Name | Description |
- |----------------------------|-------------------------------------------|
- | `EXEC_POLLING_INTERVAL` | Time between DNS propagation check. |
- | `EXEC_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation. |
- | `EXEC_SEQUENCE_INTERVAL` | Time between sequential requests. |
- ## Description
- The file name of the external program is specified in the environment variable `EXEC_PATH`.
- When it is run by lego, three command-line parameters are passed to it:
- The action ("present" or "cleanup"), the fully-qualified domain name and the value for the record.
- For example, requesting a certificate for the domain 'my.example.org' can be achieved by calling lego as follows:
- ```bash
- EXEC_PATH=./update-dns.sh \
- lego --email you@example.com \
- --dns exec \
- --domains my.example.org run
- ```
- It will then call the program './update-dns.sh' with like this:
- ```bash
- ./update-dns.sh "present" "_acme-challenge.my.example.org." "MsijOYZxqyjGnFGwhjrhfg-Xgbl5r68WPda0J9EgqqI"
- ```
- The program then needs to make sure the record is inserted.
- When it returns an error via a non-zero exit code, lego aborts.
- When the record is to be removed again,
- the program is called with the first command-line parameter set to `cleanup` instead of `present`.
- If you want to use the raw domain, token, and keyAuth values with your program, you can set `EXEC_MODE=RAW`:
- ```bash
- EXEC_MODE=RAW \
- EXEC_PATH=./update-dns.sh \
- lego --email you@example.com \
- --dns exec \
- --domains my.example.org run
- ```
- It will then call the program `./update-dns.sh` like this:
- ```bash
- ./update-dns.sh "present" "my.example.org." "--" "some-token" "KxAy-J3NwUmg9ZQuM-gP_Mq1nStaYSaP9tYQs5_-YsE.ksT-qywTd8058G-SHHWA3RAN72Pr0yWtPYmmY5UBpQ8"
- ```
- ## Commands
- {{% notice note %}}
- The `--` is because the token MAY start with a `-`, and the called program may try and interpret a `-` as indicating a flag.
- In the case of urfave, which is commonly used,
- you can use the `--` delimiter to specify the start of positional arguments, and handle such a string safely.
- {{% /notice %}}
- ### Present
- | Mode | Command |
- |---------|----------------------------------------------------|
- | default | `myprogram present -- <FQDN> <record>` |
- | `RAW` | `myprogram present -- <domain> <token> <key_auth>` |
- ### Cleanup
- | Mode | Command |
- |---------|----------------------------------------------------|
- | default | `myprogram cleanup -- <FQDN> <record>` |
- | `RAW` | `myprogram cleanup -- <domain> <token> <key_auth>` |
- ### Timeout
- The command have to display propagation timeout and polling interval into Stdout.
- The values must be formatted as JSON, and times are in seconds.
- Example: `{"timeout": 30, "interval": 5}`
- If an error occurs or if the command is not provided:
- the default display propagation timeout and polling interval are used.
- | Mode | Command |
- |---------|----------------------------------------------------|
- | default | `myprogram timeout` |
- | `RAW` | `myprogram timeout` |
- '''
|
