viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(renew-tls): clean stale _acme-challenge TXT records before certbot

Browse source 
21+ stale TXT records accumulated from previous runs, causing certbot
DNS-01 challenge to fail. Now deletes all _acme-challenge records
from Cloudflare before certbot creates fresh ones.
This commit is contained in:
Viktor Barzin 2026-03-23 22:32:27 +02:00
parent b7409cea4e
commit 2dcb4b7fa4
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/kubernetes/setup_tls_secret/renew2.sh
View file

@ -67,6 +67,14 @@ chmod 700 $certbot_cleanup
cat $certbot_cleanup
echo "Cleaning up stale _acme-challenge TXT records from Cloudflare"
curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records?type=TXT&name=_acme-challenge.viktorbarzin.me" \
-H "Authorization: Bearer $CLOUDFLARE_TOKEN" | jq -r '.result[].id' | while read -r old_id; do
echo "Deleting stale record $old_id"
curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/$old_id" \
-H "Authorization: Bearer $CLOUDFLARE_TOKEN" > /dev/null
done
echo "Executing certbot renew command"
certbot certonly --manual --preferred-challenges=dns --email me@viktorbarzin.me --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --manual-auth-hook $certbot_auth --config-dir $config_dir --work-dir $le_dir/workdir --logs-dir $le_dir/logsdir --no-eff-email --manual-cleanup-hook $certbot_cleanup -d viktorbarzin.me -d *.viktorbarzin.me