#!/bin/bash
# Certificate management script with acme.sh and RFC2136
NSUPDATE_SERVER='10.0.0.1' # Replace with your DNS server IP
NSUPDATE_ZONE='example.com' # Replace with your DNS zone
DOMAIN='*.example.com' # Replace with your domain
KEY_NAME='your-key-name' # Must match the key name on your DNS server
KEY_SECRET='your-base64-secret' # Base64 encoded secret
KEY_ALGORITHM='hmac-sha512' # or hmac-md5, hmac-sha1, hmac-sha256, hmac-sha384
# Create nsupdate key content
NSUPDATE_KEY_CONTENT="key \"$KEY_NAME\" {
algorithm $KEY_ALGORITHM;
secret \"$KEY_SECRET\";
};"
echo "Issuing new certificate for $DOMAIN with acme.sh (RFC2136)..."
docker run --rm -it \
-e NSUPDATE_SERVER="$NSUPDATE_SERVER" \
-e NSUPDATE_KEY='/tmp/nsupdate.key' \
-e NSUPDATE_ZONE="$NSUPDATE_ZONE" \
-v ./acme.sh:/acme.sh \
neilpang/acme.sh \
sh -c "echo '$NSUPDATE_KEY_CONTENT' > /tmp/nsupdate.key && acme.sh --issue --server letsencrypt -k ec-256 --dns dns_nsupdate -d $DOMAIN"
echo "Done!"
