Public/Unpublish-DNSChallenge.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
function Unpublish-DnsChallenge {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory,Position=0)]
        [string]$Domain,
        [Parameter(Mandatory,Position=1)]
        [PSTypeName('PoshACME.PAAccount')]$Account,
        [Parameter(Mandatory,Position=2)]
        [string]$Token,
        [Parameter(Mandatory,Position=3)]
        [string]$Plugin,
        [Parameter(Position=4)]
        [hashtable]$PluginArgs,
        [switch]$NoPrefix
    )

    if ($NoPrefix) {
        $recordName = $Domain
    } else {
        $recordName = "_acme-challenge.$Domain"
    }

    $txtValue = Get-KeyAuthorization $Token $Account -ForDNS

    Write-Debug "Calling $Plugin plugin to remove $recordName TXT with value $txtValue"

    # dot source the plugin file
    $pluginDir = Join-Path $MyInvocation.MyCommand.Module.ModuleBase 'DnsPlugins'
    . (Join-Path $pluginDir "$Plugin.ps1")

    # check for the command that should exist now based on plugin name
    $delCommand = "Remove-DnsTxt$Plugin"
    if (!(Get-Command $delCommand -ErrorAction Ignore)) {
        throw "Expected plugin command $delCommand not found."
    }

    # call the function with the required parameters and splatting the rest
    &$delCommand -RecordName $recordName -TxtValue $txtValue @PluginArgs





    <#
    .SYNOPSIS
        Unpublish the TXT record for a dns-01 authorization challenge.
 
    .DESCRIPTION
        Uses one of the DNS plugins and its associated parameters to remove a TXT record from DNS that satisfies the dns-01 authorization challenge in an ACME order.
 
        Depending on the plugin, calling Save-DnsChallenge may be required to commit changes to the DNS server. If multiple challenges are being unpublished, make all Unpublish-DnsChallenge calls first. Then, Save-DnsChallenge once to commit them all.
 
    .PARAMETER Domain
        The domain name that the TXT record will be removed from.
 
    .PARAMETER Account
        The account object associated with the order that required the challenge.
 
    .PARAMETER Token
        The DNS01Token value from the authorization object in the order.
 
    .PARAMETER Plugin
        The name of the DNS plugin to use. Use Get-DnsPlugins to display a list of available plugins.
 
    .PARAMETER PluginArgs
        A hashtable containing the plugin arguments to use with the specified DnsPlugin list. So if a plugin has a -MyText string and -MyNumber integer parameter, you could specify them as @{MyText='text';MyNumber=1234}.
 
    .PARAMETER NoPrefix
        If specified, '_acme-challenge.' will not be added to record name being written in DNS. This normally only used when using challenge aliases.
 
    .EXAMPLE
        $auths = Get-PAOrder | Get-PAAuthorizations
        PS C:\>Unpublish-DnsChallenge $auths[0].fqdn (Get-PAAccount) $auths[0].DNS01Token Manual @{}
 
        Unpublish the DNS challenge for the first authorization in the current order using the Manual DNS plugin.
 
    .EXAMPLE
        $auths = Get-PAOrder | Get-PAAuthorizations
        PS C:\>$acct = Get-PAAccount
        PS C:\>$auths | %{ Unpublish-DnsChallenge $_.fqdn $acct $_.DNS01Token Flurbog @{FBServer='127.0.0.1';FBToken='abc123'} }
 
        Unpublish all DNS challenges for the current order using the Flurbog DNS plugin.
 
    .LINK
        Project: https://github.com/rmbolger/Posh-ACME
 
    .LINK
        Publish-DnsChallenge
 
    .LINK
        Save-DnsChallenge
 
    .LINK
        Get-DnsPlugins
 
    .LINK
        Get-DnsPluginHelp
 
    #>

}