Based on: https://www.truenas.com/community/threads/acme-dns-authenticator-shell-script.106589/
Relecant source code: https://github.com/truenas/middleware/blob/master/src/middlewared/middlewared/plugins/acme_protocol_/authenticators/shell.py
The authenticator script is called two times during the certificate generation:
1. The validation record creation which is called in the following way:
script set domain validation_name validaton_context timeout
2. The validation record deletion which is called in following way:
script unset domain validation_name validation_context
It is up to script implementation to handle both calls and perform the record creation.
Example:
tah set nas.example.com _acme-challenge.nas.example.com validation_tokenDownload binary:
wget -O /path/in/pool/tah <link>Make it executable:
chmod +x /path/in/pool/tahInitialize:
/path/in/pool/tah init
Set Hetzner DNS API key (change the API key) in the current user's $HOME. The file must contains the API key string only!
echo -n "api-key" > $HOME/.tahtokenTest config (change the domain):
/path/in/pool/tah test nas.example.comClone the repo and build:
go build .