Letsencrypt & TLSA - automation
Casper Gielen
cgielen+dane-sys4 at uvt.nl
Mon Feb 20 12:50:10 CET 2017
Op 20-02-17 om 11:55 schreef John Allen:
> Is the process to update the serial number automatic? If so care to share.
Just a tiny and unreliable script that works in my controlled
environment where zonefiles use a serial based on the date. I wouldn't
recommend using it as is, but I've attached it for inspiration.
--
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
-------------- next part --------------
#!/usr/bin/env bash
#
# Update serial in a zone file
# Casper Gielen, 2016
usage() {
echo "usage: update-serial <zonefile>"
echo "Updates the serial of a zonefile to the current date + a counter"
exit 1
}
zonefile="$1"
[ -z "$zonefile" ] && usage
# FIXME: improve the way we find the serial
old=$(awk '/;serial/{print $1}' $zonefile)
old_date=${old:0:8}
old_count=${old:(-2)}
new_date=$(date +%Y%m%d)
new_count="00"
if [ "$new_date" == "$old_date" ]; then
new_count=$(printf "%02d" "$[ 10#$old_count + 1 ]")
fi
new="${new_date}${new_count}"
# FIXME: make sure we change the right line
sed -i "s/$old/$new/" $zonefile
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20170220/e650b509/attachment-0001.asc>
More information about the dane-users
mailing list