在 Microsoft DNS Server 上用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script

在 DNS Server 上透過 PowerShell Script 自動建立/刪除驗證用 Record 的方式來取得 Let's Encrypt 憑證

採用工具: https://www.win-acme.com/

DNSVerification.ps1

# -Step "create" -Identifier "{Identifier}" -RecordName "{RecordName}" -Token "{Token}"
# -Step "delete" -Identifier "{Identifier}" -RecordName "{RecordName}" -Token "{Token}"

param (
[string]$Step,
[string]$Identifier,
[string]$RecordName,
[string]$Token
);

if ( ($Step.ToLower() -ne 'create') -and ($Step.ToLower() -ne 'delete') ) {
write-host "No Correct Step.";
exit;
};

foreach ($Zone in (Get-DnsServerZone | where {$_.ZoneType -eq 'Primary'}).ZoneName) {
if ($Identifier -like ('*' + $Zone)) {
$Domain = $Zone;
$Record = $Identifier -Replace ('.' + $Zone),'';
$VerificationRecord = $RecordName -Replace ('.' + $Zone),'';
$RecordIP = (Get-DnsServerResourceRecord -ZoneName $Domain -Name $Record).RecordData.IPv4Address.IPAddressToString
break;
};
};

if ($Domain -eq $Null) {
write-host "No Correct Zone Found.";
exit;
};

if ($RecordIP -eq $Null) {
write-host "No Correct A Record Found.";
exit;
};

if ($Step.ToLower() -eq 'create') {
Add-DnsServerResourceRecord -DescriptiveText $Token -Name $VerificationRecord -TXT -ZoneName $Domain;
} else {
Remove-DnsServerResourceRecord -Name $VerificationRecord -ZoneName $Domain -RRType TXT -Force;
};