configpolicy/roles/minio-backups-cert/files/nsupdate-auth.sh

#!/bin/sh

export KRB5CCNAME=/run/certbot.krb5_ccache
klist -s || kinit -kt /etc/krb5.keytab "$(hostname -s | tr a-z A-Z)"'$' || exit
nsupdate -g <<EOF || exit
zone $(dnsdomainname)
update add _acme-challenge.${CERTBOT_DOMAIN} 10 TXT ${CERTBOT_VALIDATION}
send
EOF

while :; do
    t=$(dig +short -t txt _acme-challenge.${CERTBOT_DOMAIN})
    case "$t" in
    *\"${CERTBOT_VALIDATION}\"*)
        break
        ;;
    esac
    sleep 1
done