CPS workflow


ACME Validator Demo


# automates ACME validation for Akamai
# 1. fetch all pending CPS ACME validation DNS records
# 2. fetch all zone files 
# 3. update zone files with new ACME validation TXT records 
# 4. upload the new zone files

set -e

# fetching all CNs with pending cert changes"
CNs=$(akamai cps list | grep 'dv san' | grep '*Yes*' | cut -f3 -d'|' | awk '{print $1}')

# fetch all ACME validation records for each Domain in Akamai
for CN in ${CNs}; do
  rawRecords=$(echo -e "$rawRecords\\n$(akamai cps status --cn "$CN" --validation-type dns 2>&1 | grep Awaiting)")

# fetch all zones"
zones=$(akamai dns list-zoneconfig --summary | grep ACTIVE | awk '{print $1}')

# clean up files from our previous run 
[[ -e "./zonefiles" ]] && rm -rf "./zonefiles"
mkdir zonefiles

for zone in ${zones}; do

  # skip over zones which don't have any pending changes
  [[ $(echo "$rawRecords" | grep $zone) ]] || continue

  # fetch zone file for each zone
    akamai dns retrieve-zoneconfig $zone -dns --output "./zonefiles/${zone}.zone.tmp2"

  # increment SOA serial for each zone file 
  awk 'BEGIN{ OFS="\t" } /SOA/{$7=$7+1} 1' "./zonefiles/${zone}.zone.tmp2" > "./zonefiles/${zone}.zone.tmp"

  # delete old acme records
  grep -v "_acme-challenge." "./zonefiles/${zone}.zone.tmp" > "./zonefiles/${zone}.zone"

  # append new acme records for $zone ${NC}"
  echo "$rawRecords"  \
         | grep $zone \
         | awk  '{print "_acme-challenge." $2 ".\t" "60\t" "IN\t" "TXT\t" $7}' \
         >> "./zonefiles/${zone}.zone"

  # upload our edited zonefile
  akamai dns update-zoneconfig $zone -dns -file ./zonefiles/${zone}.zone


exit 0