Current File : //usr/share/webmin/webmin/letsencrypt-cleanup.pl |
#!/usr/bin/perl
# Called by the let's encrypt client to remove a DNS record for validation
$no_acl_check++;
$ENV{'WEBMIN_CONFIG'} ||= "/etc/webmin";
$ENV{'WEBMIN_VAR'} ||= "/var/webmin";
if ($0 =~ /^(.*)\/[^\/]+$/) {
chdir($pwd = $1);
}
else {
chop($pwd = `pwd`);
}
$0 = "$pwd/letsencrypt-cleanup.pl";
require './webmin-lib.pl';
&foreign_require("bind8");
# Validate params
my $dname = $ENV{'CERTBOT_DOMAIN'};
$dname || die "Missing CERTBOT_DOMAIN environment variable";
# Find the DNS domain and records
my $d = &get_virtualmin_for_domain($dname);
my ($zone, $zname) = &get_bind_zone_for_domain($dname);
my ($recs, $file);
my $wapi;
if ($zone) {
# Use BIND module API calls
$zone->{'file'} || die "Zone $dname does not have a records file";
$file = &bind8::absolute_path($zone->{'file'});
&lock_file(&bind8::make_chroot($file));
&bind8::before_editing($zone);
$recs = [ &bind8::read_zone_file($file, $zname) ];
$wapi = 0;
}
elsif ($d) {
# Use Virtualmin API calls
&virtual_server::pre_records_change($d);
($recs, $file) = &virtual_server::get_domain_dns_records_and_file($d);
&lock_file(&bind8::make_chroot($file));
$wapi = 1;
}
else {
die "No DNS zone named $dname found";
}
# Find and remove the record. Does nothing if it doesn't exist so as not to
# fail a repeated cleanup.
my ($r) = grep { $_->{'name'} eq "_acme-challenge.".$dname."." } @$recs;
if ($r) {
if ($wapi) {
&virtual_server::delete_dns_record($recs, $file, $r);
}
else {
&bind8::delete_record($file, $r);
}
}
if (!$wapi) {
# Apply using BIND API calls
&bind8::sign_dnssec_zone_if_key($zone, $recs);
&bind8::bump_soa_record($file, $recs);
&bind8::after_editing($zone);
&bind8::restart_zone($zone->{'name'}, $zone->{'view'});
}
else {
# Apply using Virtualmin API
&virtual_server::post_records_change($d, $recs, $file);
&virtual_server::reload_bind_records($d);
}
&unlock_file(&bind8::make_chroot($file));
&webmin_log("letsencryptcleanup", undef, $dname);