This commit is contained in:
Mike Barnes 2019-01-08 15:29:47 +11:00
commit 3617115c73
20 changed files with 1505 additions and 188 deletions

View File

@ -4,6 +4,7 @@ RUN apk update -f \
&& apk --no-cache add -f \ && apk --no-cache add -f \
openssl \ openssl \
coreutils \ coreutils \
bind-tools \
curl \ curl \
socat \ socat \
&& rm -rf /var/cache/apk/* && rm -rf /var/cache/apk/*

View File

@ -35,7 +35,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
- [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709) - [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709)
- [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html) - [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html)
- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
- [archlinux](https://aur.archlinux.org/packages/acme.sh-git/) - [archlinux](https://www.archlinux.org/packages/community/any/acme.sh)
- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient) - [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
- [CentOS Web Panel](http://centos-webpanel.com/) - [CentOS Web Panel](http://centos-webpanel.com/)
- [lnmp.org](https://lnmp.org/) - [lnmp.org](https://lnmp.org/)
@ -70,11 +70,16 @@ For all build statuses, check our [weekly build project](https://github.com/Neil
https://github.com/Neilpang/acmetest https://github.com/Neilpang/acmetest
# Supported CA
- Letsencrypt.org CA(default)
- [BuyPass.com CA](https://github.com/Neilpang/acme.sh/wiki/BuyPass.com-CA)
# Supported modes # Supported modes
- Webroot mode - Webroot mode
- Standalone mode - Standalone mode
- Standalone tls-alpn mode
- Apache mode - Apache mode
- Nginx mode - Nginx mode
- DNS mode - DNS mode
@ -221,8 +226,20 @@ acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
# 5. Use Standalone ssl server to issue cert
# 5. Use Apache mode **(requires you to be root/sudoer or have permission to listen on port 443 (TCP))**
Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again.
```bash
acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com
```
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
# 6. Use Apache mode
**(requires you to be root/sudoer, since it is required to interact with Apache server)** **(requires you to be root/sudoer, since it is required to interact with Apache server)**
@ -242,7 +259,7 @@ We don't want to mess your apache server, don't worry.**
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
# 6. Use Nginx mode # 7. Use Nginx mode
**(requires you to be root/sudoer, since it is required to interact with Nginx server)** **(requires you to be root/sudoer, since it is required to interact with Nginx server)**
@ -266,7 +283,7 @@ We don't want to mess your nginx server, don't worry.**
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
# 7. Automatic DNS API integration # 8. Automatic DNS API integration
If your DNS provider supports API access, we can use that API to automatically issue the certs. If your DNS provider supports API access, we can use that API to automatically issue the certs.
@ -327,6 +344,10 @@ You don't have to do anything manually!
1. netcup DNS API (https://www.netcup.de) 1. netcup DNS API (https://www.netcup.de)
1. GratisDNS.dk (https://gratisdns.dk) 1. GratisDNS.dk (https://gratisdns.dk)
1. Namecheap API (https://www.namecheap.com/) 1. Namecheap API (https://www.namecheap.com/)
1. MyDNS.JP API (https://www.mydns.jp/)
1. hosting.de (https://www.hosting.de)
1. Neodigit.net API (https://www.neodigit.net)
1. Exoscale.com API (https://www.exoscale.com/)
And: And:
@ -340,7 +361,7 @@ If your DNS provider is not on the supported list above, you can write your own
For more details: [How to use DNS API](dnsapi) For more details: [How to use DNS API](dnsapi)
# 8. Use DNS manual mode: # 9. Use DNS manual mode:
See: https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode first. See: https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode first.
@ -376,7 +397,7 @@ Ok, it's done.
**Please use dns api mode instead.** **Please use dns api mode instead.**
# 9. Issue ECC certificates # 10. Issue ECC certificates
`Let's Encrypt` can now issue **ECDSA** certificates. `Let's Encrypt` can now issue **ECDSA** certificates.
@ -408,7 +429,7 @@ Valid values are:
# 10. Issue Wildcard certificates # 11. Issue Wildcard certificates
It's simple, just give a wildcard domain as the `-d` parameter. It's simple, just give a wildcard domain as the `-d` parameter.
@ -418,7 +439,7 @@ acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf
# 11. How to renew the certs # 12. How to renew the certs
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days. No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
@ -435,7 +456,7 @@ acme.sh --renew -d example.com --force --ecc
``` ```
# 12. How to stop cert renewal # 13. How to stop cert renewal
To stop renewal of a cert, you can execute the following to remove the cert from the renewal list: To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:
@ -448,7 +469,7 @@ The cert/key file is not removed from the disk.
You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself. You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself.
# 13. How to upgrade `acme.sh` # 14. How to upgrade `acme.sh`
acme.sh is in constant development, so it's strongly recommended to use the latest code. acme.sh is in constant development, so it's strongly recommended to use the latest code.
@ -473,25 +494,25 @@ acme.sh --upgrade --auto-upgrade 0
``` ```
# 14. Issue a cert from an existing CSR # 15. Issue a cert from an existing CSR
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
# 15. Under the Hood # 16. Under the Hood
Speak ACME language using shell, directly to "Let's Encrypt". Speak ACME language using shell, directly to "Let's Encrypt".
TODO: TODO:
# 16. Acknowledgments # 17. Acknowledgments
1. Acme-tiny: https://github.com/diafygi/acme-tiny 1. Acme-tiny: https://github.com/diafygi/acme-tiny
2. ACME protocol: https://github.com/ietf-wg-acme/acme 2. ACME protocol: https://github.com/ietf-wg-acme/acme
# 17. License & Others # 18. License & Others
License is GPLv3 License is GPLv3
@ -500,7 +521,7 @@ Please Star and Fork me.
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome. [Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.
# 18. Donate # 19. Donate
Your donation makes **acme.sh** better: Your donation makes **acme.sh** better:
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/) 1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)

148
acme.sh
View File

@ -36,11 +36,11 @@ _OLD_STAGE_CA_HOST="https://acme-staging.api.letsencrypt.org"
VTYPE_HTTP="http-01" VTYPE_HTTP="http-01"
VTYPE_DNS="dns-01" VTYPE_DNS="dns-01"
VTYPE_TLS="tls-sni-01" VTYPE_TLS="tls-sni-01"
VTYPE_TLS2="tls-sni-02" VTYPE_ALPN="tls-alpn-01"
LOCAL_ANY_ADDRESS="0.0.0.0" LOCAL_ANY_ADDRESS="0.0.0.0"
MAX_RENEW=60 DEFAULT_RENEW=60
DEFAULT_DNS_SLEEP=120 DEFAULT_DNS_SLEEP=120
@ -48,6 +48,7 @@ NO_VALUE="no"
W_TLS="tls" W_TLS="tls"
W_DNS="dns" W_DNS="dns"
W_ALPN="alpn"
DNS_ALIAS_PREFIX="=" DNS_ALIAS_PREFIX="="
MODE_STATELESS="stateless" MODE_STATELESS="stateless"
@ -124,23 +125,19 @@ if [ -t 1 ]; then
fi fi
__green() { __green() {
if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then if [ "${__INTERACTIVE}${ACME_NO_COLOR:-0}" = "10" -o "${ACME_FORCE_COLOR}" = "1" ]; then
printf '\033[1;31;32m' printf '\033[1;31;32m%b\033[0m' "$1"
return
fi fi
printf -- "%b" "$1" printf -- "%b" "$1"
if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
printf '\033[0m'
fi
} }
__red() { __red() {
if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then if [ "${__INTERACTIVE}${ACME_NO_COLOR:-0}" = "10" -o "${ACME_FORCE_COLOR}" = "1" ]; then
printf '\033[1;31;40m' printf '\033[1;31;40m%b\033[0m' "$1"
return
fi fi
printf -- "%b" "$1" printf -- "%b" "$1"
if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
printf '\033[0m'
fi
} }
_printargs() { _printargs() {
@ -1050,7 +1047,7 @@ _idn() {
fi fi
} }
#_createcsr cn san_list keyfile csrfile conf #_createcsr cn san_list keyfile csrfile conf acmeValidationv1
_createcsr() { _createcsr() {
_debug _createcsr _debug _createcsr
domain="$1" domain="$1"
@ -1058,6 +1055,7 @@ _createcsr() {
csrkey="$3" csrkey="$3"
csr="$4" csr="$4"
csrconf="$5" csrconf="$5"
acmeValidationv1="$6"
_debug2 domain "$domain" _debug2 domain "$domain"
_debug2 domainlist "$domainlist" _debug2 domainlist "$domainlist"
_debug2 csrkey "$csrkey" _debug2 csrkey "$csrkey"
@ -1066,7 +1064,9 @@ _createcsr() {
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" >"$csrconf" printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" >"$csrconf"
if [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then if [ "$acmeValidationv1" ]; then
printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf"
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
#single domain #single domain
_info "Single domain" "$domain" _info "Single domain" "$domain"
printf -- "\nsubjectAltName=DNS:$domain" >>"$csrconf" printf -- "\nsubjectAltName=DNS:$domain" >>"$csrconf"
@ -1088,6 +1088,10 @@ _createcsr() {
printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >>"$csrconf" printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >>"$csrconf"
fi fi
if [ "$acmeValidationv1" ]; then
printf "\n1.3.6.1.5.5.7.1.31=critical,DER:04:20:${acmeValidationv1}" >>"${csrconf}"
fi
_csr_cn="$(_idn "$domain")" _csr_cn="$(_idn "$domain")"
_debug2 _csr_cn "$_csr_cn" _debug2 _csr_cn "$_csr_cn"
if _contains "$(uname -a)" "MINGW"; then if _contains "$(uname -a)" "MINGW"; then
@ -1138,12 +1142,17 @@ _readSubjectAltNamesFromCSR() {
if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then
_debug "AltNames contains subject" _debug "AltNames contains subject"
_dnsAltnames="$(printf "%s" "$_dnsAltnames," | sed "s/DNS:$_csrsubj,//g")" _excapedAlgnames="$(echo "$_dnsAltnames" | tr '*' '#')"
_debug _excapedAlgnames "$_excapedAlgnames"
_escapedSubject="$(echo "$_csrsubj" | tr '*' '#')"
_debug _escapedSubject "$_escapedSubject"
_dnsAltnames="$(echo "$_excapedAlgnames," | sed "s/DNS:$_escapedSubject,//g" | tr '#' '*' | sed "s/,\$//g")"
_debug _dnsAltnames "$_dnsAltnames"
else else
_debug "AltNames doesn't contain subject" _debug "AltNames doesn't contain subject"
fi fi
printf "%s" "$_dnsAltnames" | sed "s/DNS://g" echo "$_dnsAltnames" | sed "s/DNS://g"
} }
#_csrfile #_csrfile
@ -1520,7 +1529,8 @@ _calcjwk() {
JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART1='{"nonce": "'
JWK_HEADERPLACE_PART2='", "alg": "ES'$__ECC_KEY_LEN'"' JWK_HEADERPLACE_PART2='", "alg": "ES'$__ECC_KEY_LEN'"'
else else
_err "Only RSA or EC key is supported." _err "Only RSA or EC key is supported. keyfile=$keyfile"
_debug2 "$(cat "$keyfile")"
return 1 return 1
fi fi
@ -1864,11 +1874,7 @@ _send_signed_request() {
sig="$(printf "%s" "$_sig_t" | _url_replace)" sig="$(printf "%s" "$_sig_t" | _url_replace)"
_debug3 sig "$sig" _debug3 sig "$sig"
if [ "$ACME_VERSION" = "2" ]; then body="{\"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
body="{\"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
else
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
fi
_debug3 body "$body" _debug3 body "$body"
response="$(_post "$body" "$url" "$needbase64" "POST" "$__request_conent_type")" response="$(_post "$body" "$url" "$needbase64" "POST" "$__request_conent_type")"
@ -2105,7 +2111,7 @@ _sleep() {
fi fi
} }
# _starttlsserver san_a san_b port content _ncaddr # _starttlsserver san_a san_b port content _ncaddr acmeValidationv1
_starttlsserver() { _starttlsserver() {
_info "Starting tls server." _info "Starting tls server."
san_a="$1" san_a="$1"
@ -2113,10 +2119,12 @@ _starttlsserver() {
port="$3" port="$3"
content="$4" content="$4"
opaddr="$5" opaddr="$5"
acmeValidationv1="$6"
_debug san_a "$san_a" _debug san_a "$san_a"
_debug san_b "$san_b" _debug san_b "$san_b"
_debug port "$port" _debug port "$port"
_debug acmeValidationv1 "$acmeValidationv1"
#create key TLS_KEY #create key TLS_KEY
if ! _createkey "2048" "$TLS_KEY"; then if ! _createkey "2048" "$TLS_KEY"; then
@ -2129,7 +2137,7 @@ _starttlsserver() {
if [ "$san_b" ]; then if [ "$san_b" ]; then
alt="$alt,$san_b" alt="$alt,$san_b"
fi fi
if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF"; then if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$acmeValidationv1"; then
_err "Create tls validation csr error." _err "Create tls validation csr error."
return 1 return 1
fi fi
@ -2155,6 +2163,10 @@ _starttlsserver() {
__S_OPENSSL="$__S_OPENSSL -6" __S_OPENSSL="$__S_OPENSSL -6"
fi fi
if [ "$acmeValidationv1" ]; then
__S_OPENSSL="$__S_OPENSSL -alpn acme-tls/1"
fi
_debug "$__S_OPENSSL" _debug "$__S_OPENSSL"
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
$__S_OPENSSL -tlsextdebug & $__S_OPENSSL -tlsextdebug &
@ -2843,7 +2855,7 @@ _isRealNginxConf() {
_skip_ssl=1 _skip_ssl=1
for _listen_i in $(echo "$_seg_n" | tr "\t" ' ' | grep "^ *listen" | tr -d " "); do for _listen_i in $(echo "$_seg_n" | tr "\t" ' ' | grep "^ *listen" | tr -d " "); do
if [ "$_listen_i" ]; then if [ "$_listen_i" ]; then
if [ "$(echo "$_listen_i" | _egrep_o "listen.*ssl[ |;]")" ]; then if [ "$(echo "$_listen_i" | _egrep_o "listen.*ssl")" ]; then
_debug2 "$_listen_i is ssl" _debug2 "$_listen_i is ssl"
else else
_debug2 "$_listen_i is plain text" _debug2 "$_listen_i is plain text"
@ -2925,6 +2937,7 @@ _clearupdns() {
_debug txt "$txt" _debug txt "$txt"
if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then
_debug "$d is already verified, skip $vtype." _debug "$d is already verified, skip $vtype."
_alias_index="$(_math "$_alias_index" + 1)"
continue continue
fi fi
@ -3064,8 +3077,8 @@ _on_before_issue() {
_savedomainconf "Le_HTTPPort" "$Le_HTTPPort" _savedomainconf "Le_HTTPPort" "$Le_HTTPPort"
fi fi
_checkport="$Le_HTTPPort" _checkport="$Le_HTTPPort"
elif [ "$_currentRoot" = "$W_TLS" ]; then elif [ "$_currentRoot" = "$W_TLS" ] || [ "$_currentRoot" = "$W_ALPN" ]; then
_info "Standalone tls mode." _info "Standalone tls/alpn mode."
if [ -z "$Le_TLSPort" ]; then if [ -z "$Le_TLSPort" ]; then
Le_TLSPort=443 Le_TLSPort=443
else else
@ -3425,15 +3438,17 @@ __get_domain_new_authz() {
#uri keyAuthorization #uri keyAuthorization
__trigger_validation() { __trigger_validation() {
_debug2 "tigger domain validation." _debug2 "Trigger domain validation."
_t_url="$1" _t_url="$1"
_debug2 _t_url "$_t_url" _debug2 _t_url "$_t_url"
_t_key_authz="$2" _t_key_authz="$2"
_debug2 _t_key_authz "$_t_key_authz" _debug2 _t_key_authz "$_t_key_authz"
_t_vtype="$3"
_debug2 _t_vtype "$_t_vtype"
if [ "$ACME_VERSION" = "2" ]; then if [ "$ACME_VERSION" = "2" ]; then
_send_signed_request "$_t_url" "{\"keyAuthorization\": \"$_t_key_authz\"}" _send_signed_request "$_t_url" "{\"keyAuthorization\": \"$_t_key_authz\"}"
else else
_send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}" _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"type\": \"$_t_vtype\", \"keyAuthorization\": \"$_t_key_authz\"}"
fi fi
} }
@ -3636,7 +3651,7 @@ issue() {
_authorizations_map="" _authorizations_map=""
for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do
_debug2 "_authz_url" "$_authz_url" _debug2 "_authz_url" "$_authz_url"
if ! response="$(_get "$_authz_url")"; then if ! _send_signed_request "$_authz_url"; then
_err "get to authz error." _err "get to authz error."
_err "_authorizations_seg" "$_authorizations_seg" _err "_authorizations_seg" "$_authorizations_seg"
_err "_authz_url" "$_authz_url" _err "_authz_url" "$_authz_url"
@ -3684,11 +3699,11 @@ $_authorizations_map"
fi fi
if [ "$_currentRoot" = "$W_TLS" ]; then if [ "$_currentRoot" = "$W_TLS" ]; then
if [ "$ACME_VERSION" = "2" ]; then vtype="$VTYPE_TLS"
vtype="$VTYPE_TLS2" fi
else
vtype="$VTYPE_TLS" if [ "$_currentRoot" = "$W_ALPN" ]; then
fi vtype="$VTYPE_ALPN"
fi fi
if [ "$ACME_VERSION" = "2" ]; then if [ "$ACME_VERSION" = "2" ]; then
@ -3775,6 +3790,7 @@ $_authorizations_map"
_debug d "$d" _debug d "$d"
if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then
_debug "$d is already verified, skip $vtype." _debug "$d is already verified, skip $vtype."
_alias_index="$(_math "$_alias_index" + 1)"
continue continue
fi fi
@ -4003,9 +4019,19 @@ $_authorizations_map"
_on_issue_err "$_post_hook" "$vlist" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
elif [ "$vtype" = "$VTYPE_ALPN" ]; then
acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")"
_debug acmevalidationv1 "$acmevalidationv1"
if ! _starttlsserver "$d" "" "$Le_TLSPort" "$keyauthorization" "$_ncaddr" "$acmevalidationv1"; then
_err "Start tls server error."
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
return 1
fi
fi fi
if ! __trigger_validation "$uri" "$keyauthorization"; then if ! __trigger_validation "$uri" "$keyauthorization" "$vtype"; then
_err "$d:Can not get challenge: $response" _err "$d:Can not get challenge: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
@ -4014,7 +4040,7 @@ $_authorizations_map"
fi fi
if [ "$code" ] && [ "$code" != '202' ]; then if [ "$code" ] && [ "$code" != '202' ]; then
if [ "$ACME_VERSION" = "2" ] && [ "$code" = '200' ]; then if [ "$code" = '200' ]; then
_debug "trigger validation code: $code" _debug "trigger validation code: $code"
else else
_err "$d:Challenge error: $response" _err "$d:Challenge error: $response"
@ -4043,7 +4069,11 @@ $_authorizations_map"
_debug "sleep 2 secs to verify" _debug "sleep 2 secs to verify"
sleep 2 sleep 2
_debug "checking" _debug "checking"
response="$(_get "$uri")" if [ "$ACME_VERSION" = "2" ]; then
_send_signed_request "$uri"
else
response="$(_get "$uri")"
fi
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
_err "$d:Verify error:$response" _err "$d:Verify error:$response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
@ -4119,13 +4149,16 @@ $_authorizations_map"
fi fi
Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)" Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
if ! _get "$Le_LinkCert" >"$CERT_PATH"; then _tempSignedResponse="$response"
if ! _send_signed_request "$Le_LinkCert" "" "needbase64"; then
_err "Sign failed, can not download cert:$Le_LinkCert." _err "Sign failed, can not download cert:$Le_LinkCert."
_err "$response" _err "$response"
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook"
return 1 return 1
fi fi
echo "$response" | _dbase64 "multiline" >"$CERT_PATH"
if [ "$(grep -- "$BEGIN_CERT" "$CERT_PATH" | wc -l)" -gt "1" ]; then if [ "$(grep -- "$BEGIN_CERT" "$CERT_PATH" | wc -l)" -gt "1" ]; then
_debug "Found cert chain" _debug "Found cert chain"
cat "$CERT_PATH" >"$CERT_FULLCHAIN_PATH" cat "$CERT_PATH" >"$CERT_FULLCHAIN_PATH"
@ -4135,6 +4168,7 @@ $_authorizations_map"
_end_n="$(_math $_end_n + 1)" _end_n="$(_math $_end_n + 1)"
sed -n "${_end_n},9999p" "$CERT_FULLCHAIN_PATH" >"$CA_CERT_PATH" sed -n "${_end_n},9999p" "$CERT_FULLCHAIN_PATH" >"$CA_CERT_PATH"
fi fi
response="$_tempSignedResponse"
else else
if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then
_err "Sign failed. $response" _err "Sign failed. $response"
@ -4205,7 +4239,8 @@ $_authorizations_map"
while [ "$_link_issuer_retry" -lt "$_MAX_ISSUER_RETRY" ]; do while [ "$_link_issuer_retry" -lt "$_MAX_ISSUER_RETRY" ]; do
_debug _link_issuer_retry "$_link_issuer_retry" _debug _link_issuer_retry "$_link_issuer_retry"
if [ "$ACME_VERSION" = "2" ]; then if [ "$ACME_VERSION" = "2" ]; then
if _get "$Le_LinkIssuer" >"$CA_CERT_PATH"; then if _send_signed_request "$Le_LinkIssuer"; then
echo "$response" >"$CA_CERT_PATH"
break break
fi fi
else else
@ -4241,8 +4276,8 @@ $_authorizations_map"
Le_CertCreateTimeStr=$(date -u) Le_CertCreateTimeStr=$(date -u)
_savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr" _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr"
if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "$MAX_RENEW" ]; then if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ]; then
Le_RenewalDays="$MAX_RENEW" Le_RenewalDays="$DEFAULT_RENEW"
else else
_savedomainconf "Le_RenewalDays" "$Le_RenewalDays" _savedomainconf "Le_RenewalDays" "$Le_RenewalDays"
fi fi
@ -4602,7 +4637,8 @@ deploy() {
_initpath "$_d" "$_isEcc" _initpath "$_d" "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ]; then if [ ! -d "$DOMAIN_PATH" ]; then
_err "Domain is not valid:'$_d'" _err "The domain '$_d' is not a cert name. You must use the cert name to specify the cert to install."
_err "Can not find path:'$DOMAIN_PATH'"
return 1 return 1
fi fi
@ -4629,7 +4665,8 @@ installcert() {
_initpath "$_main_domain" "$_isEcc" _initpath "$_main_domain" "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ]; then if [ ! -d "$DOMAIN_PATH" ]; then
_err "Domain is not valid:'$_main_domain'" _err "The domain '$_main_domain' is not a cert name. You must use the cert name to specify the cert to install."
_err "Can not find path:'$DOMAIN_PATH'"
return 1 return 1
fi fi
@ -4929,7 +4966,7 @@ _deactivate() {
authzUri="$_authorizations_seg" authzUri="$_authorizations_seg"
_debug2 "authzUri" "$authzUri" _debug2 "authzUri" "$authzUri"
if ! response="$(_get "$authzUri")"; then if ! _send_signed_request "$authzUri"; then
_err "get to authz error." _err "get to authz error."
_err "_authorizations_seg" "$_authorizations_seg" _err "_authorizations_seg" "$_authorizations_seg"
_err "authzUri" "$authzUri" _err "authzUri" "$authzUri"
@ -5463,6 +5500,7 @@ Parameters:
--output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for secure. --output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for secure.
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode. --webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
--standalone Use standalone mode. --standalone Use standalone mode.
--alpn Use standalone alpn mode.
--stateless Use stateless mode, see: $_STATELESS_WIKI --stateless Use stateless mode, see: $_STATELESS_WIKI
--apache Use apache mode. --apache Use apache mode.
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api. --dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
@ -5474,7 +5512,7 @@ Parameters:
--log-level 1|2 Specifies the log level, default is 1. --log-level 1|2 Specifies the log level, default is 1.
--syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug. --syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert: These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file After issue/renew, the cert will be copied to this path. --cert-file After issue/renew, the cert will be copied to this path.
--key-file After issue/renew, the key will be copied to this path. --key-file After issue/renew, the key will be copied to this path.
@ -5485,14 +5523,15 @@ Parameters:
--server SERVER ACME Directory Resource URI. (default: https://acme-v01.api.letsencrypt.org/directory) --server SERVER ACME Directory Resource URI. (default: https://acme-v01.api.letsencrypt.org/directory)
--accountconf Specifies a customized account config file. --accountconf Specifies a customized account config file.
--home Specifies the home dir for $PROJECT_NAME . --home Specifies the home dir for $PROJECT_NAME.
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command. --cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home Specifies the home dir to save all the configurations. --config-home Specifies the home dir to save all the configurations.
--useragent Specifies the user agent string. it will be saved for future use too. --useragent Specifies the user agent string. it will be saved for future use too.
--accountemail Specifies the account email, only valid for the '--install' and '--update-account' command. --accountemail Specifies the account email, only valid for the '--install' and '--update-account' command.
--accountkey Specifies the account key path, only valid for the '--install' command. --accountkey Specifies the account key path, only valid for the '--install' command.
--days Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days. --days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer. --httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses. --local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--listraw Only used for '--list' command, list the certs in raw format. --listraw Only used for '--list' command, list the certs in raw format.
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal. --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
@ -5817,6 +5856,14 @@ _process() {
_webroot="$_webroot,$wvalue" _webroot="$_webroot,$wvalue"
fi fi
;; ;;
--alpn)
wvalue="$W_ALPN"
if [ -z "$_webroot" ]; then
_webroot="$wvalue"
else
_webroot="$_webroot,$wvalue"
fi
;;
--stateless) --stateless)
wvalue="$MODE_STATELESS" wvalue="$MODE_STATELESS"
if [ -z "$_webroot" ]; then if [ -z "$_webroot" ]; then
@ -5941,6 +5988,11 @@ _process() {
Le_HTTPPort="$_httpport" Le_HTTPPort="$_httpport"
shift shift
;; ;;
--tlsport)
_tlsport="$2"
Le_TLSPort="$_tlsport"
shift
;;
--listraw) --listraw)
_listraw="raw" _listraw="raw"
;; ;;

View File

@ -296,3 +296,39 @@ You can then deploy the certificate as follows
```sh ```sh
acme.sh --deploy -d www.mydomain.com --deploy-hook gitlab acme.sh --deploy -d www.mydomain.com --deploy-hook gitlab
``` ```
## 12. Deploy your cert to Hashicorp Vault
```sh
export VAULT_PREFIX="acme"
```
You can then deploy the certificate as follows
```sh
acme.sh --deploy -d www.mydomain.com --deploy-hook vault_cli
```
Your certs will be saved in Vault using this structure:
```sh
vault write "${VAULT_PREFIX}/${domain}/cert.pem" value=@"..."
vault write "${VAULT_PREFIX}/${domain}/cert.key" value=@"..."
vault write "${VAULT_PREFIX}/${domain}/chain.pem" value=@"..."
vault write "${VAULT_PREFIX}/${domain}/fullchain.pem" value=@"..."
```
You might be using Fabio load balancer (which can get certs from
Vault). It needs a bit different structure of your certs in Vault. It
gets certs only from keys that were saved in `prefix/domain`, like this:
```bash
vault write <PREFIX>/www.domain.com cert=@cert.pem key=@key.pem
```
If you want to save certs in Vault this way just set "FABIO" env
variable to anything (ex: "1") before running `acme.sh`:
```sh
export FABIO="1"
```

View File

@ -49,9 +49,13 @@ vault_cli_deploy() {
return 1 return 1
fi fi
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 if [ -n "$FABIO" ]; then
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 else
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
fi
} }

View File

@ -6,7 +6,7 @@ https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
## 1. Use CloudFlare domain API to automatically issue cert ## 1. Use CloudFlare domain API to automatically issue cert
First you need to login to your CloudFlare account to get your API key. First you need to login to your CloudFlare account to get your [API key](https://dash.cloudflare.com/profile).
``` ```
export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
@ -146,13 +146,17 @@ Finally, make the DNS server and update Key available to `acme.sh`
export NSUPDATE_SERVER="dns.example.com" export NSUPDATE_SERVER="dns.example.com"
export NSUPDATE_KEY="/path/to/your/nsupdate.key" export NSUPDATE_KEY="/path/to/your/nsupdate.key"
``` ```
and optionally (depending on DNS server)
```
export NSUPDATE_ZONE="example.com"
```
Ok, let's issue a cert now: Ok, let's issue a cert now:
``` ```
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
``` ```
The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. The `NSUPDATE_SERVER`, `NSUPDATE_KEY`, and `NSUPDATE_ZONE` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
## 8. Use LuaDNS domain API ## 8. Use LuaDNS domain API
@ -263,16 +267,26 @@ when needed.
## 14. Use Linode domain API ## 14. Use Linode domain API
First you need to login to your Linode account to get your API Key. The tokens created in the classic manager and cloud manager are incompatible
[https://manager.linode.com/profile/api](https://manager.linode.com/profile/api) with one another. While the classic manager makes an all or nothing API, the
newer cloud manager interface promises to produce API keys with a finer
permission system. However, either way works just fine.
Then add an API key with label *ACME* and copy the new key. ### Classic Manager ###
Classic Manager: https://manager.linode.com/profile/api
First you need to login to your Linode account to get your API Key.
Then add an API key with label *ACME* and copy the new key into the following
command.
```sh ```sh
export LINODE_API_KEY="..." export LINODE_API_KEY="..."
``` ```
Due to the reload time of any changes in the DNS records, we have to use the `dnssleep` option to wait at least 15 minutes for the changes to take effect. Due to the reload time of any changes in the DNS records, we have to use the
`dnssleep` option to wait at least 15 minutes for the changes to take effect.
Ok, let's issue a cert now: Ok, let's issue a cert now:
@ -280,7 +294,35 @@ Ok, let's issue a cert now:
acme.sh --issue --dns dns_linode --dnssleep 900 -d example.com -d www.example.com acme.sh --issue --dns dns_linode --dnssleep 900 -d example.com -d www.example.com
``` ```
The `LINODE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. The `LINODE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be
reused when needed.
### Cloud Manager ###
Cloud Manager: https://cloud.linode.com/profile/tokens
First you need to login to your Linode account to get your API Key.
1. Click on "Add a Personal Access Token".
2. Give the new key a "Label" (we recommend *ACME*)
3. Give it Read/Write access to "Domains"
4. "Submit" and copy the new key into the `LINODE_V4_API_KEY` command below.
```sh
export LINODE_V4_API_KEY="..."
```
Due to the reload time of any changes in the DNS records, we have to use the
`dnssleep` option to wait at least 15 minutes for the changes to take effect.
Ok, let's issue a cert now:
```sh
acme.sh --issue --dns dns_linode_v4 --dnssleep 900 -d example.com -d www.example.com
```
The `LINODE_V4_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be
reused when needed.
## 15. Use FreeDNS ## 15. Use FreeDNS
@ -454,7 +496,7 @@ The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.
First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/). First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/).
``` ```
VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" export VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
``` ```
Ok, let's issue a cert now: Ok, let's issue a cert now:
@ -1014,6 +1056,77 @@ Now you can issue a certificate.
acme.sh --issue --dns dns_namecheap -d example.com -d *.example.com acme.sh --issue --dns dns_namecheap -d example.com -d *.example.com
``` ```
## 54. Use MyDNS.JP API
First, register to MyDNS.JP and get MasterID and Password.
```
export MYDNSJP_MasterID=MasterID
export MYDNSJP_Password=Password
```
To issue a certificate:
```
acme.sh --issue --dns dns_mydnsjp -d example.com -d www.example.com
```
The `MYDNSJP_MasterID` and `MYDNSJP_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
## 55. Use hosting.de API
Create an API key in your hosting.de account here: https://secure.hosting.de
The key needs the following rights:
- DNS_ZONES_EDIT
- DNS_ZONES_LIST
Set your API Key and endpoint:
```
export HOSTINGDE_APIKEY='xxx'
export HOSTINGDE_ENDPOINT='https://secure.hosting.de'
```
The plugin can also be used for the http.net API. http.net customers have to set endpoint to https://partner.http.net.
Ok, let's issue a cert now:
```
acme.sh --issue --dns dns_hostingde -d example.com -d *.example.com
```
The hosting.de API key and endpoint will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
## 56. Use Neodigit.net API
```
export NEODIGIT_API_TOKEN="eXJxTkdUVUZmcHQ3QWJackQ4ZGlMejRDSklRYmo5VG5zcFFKK2thYnE0WnVnNnMy"
```
Ok, let's issue a cert now:
```
acme.sh --issue --dns dns_neodigit -d example.com -d www.example.com
```
Neodigit API Token will be saved in `~/.acme.sh/account.conf` and will be used when needed.
## 57. Use Exoscale API
Create an API key and secret key in the Exoscale account section
Set your API and secret key:
```
export EXOSCALE_API_KEY='xxx'
export EXOSCALE_SECRET_KEY='xxx'
```
Now, let's issue a cert:
```
acme.sh --issue --dns dns_exoscale -d example.com -d www.example.com
```
The `EXOSCALE_API_KEY` and `EXOSCALE_SECRET_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
# Use custom API # Use custom API
If your API is not supported yet, you can write your own DNS API. If your API is not supported yet, you can write your own DNS API.

View File

@ -316,7 +316,7 @@ _get_root() {
## (ZoneListResult with continuation token for the next page of results) ## (ZoneListResult with continuation token for the next page of results)
## Per https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#dns-limits you are limited to 100 Zone/subscriptions anyways ## Per https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#dns-limits you are limited to 100 Zone/subscriptions anyways
## ##
_azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?api-version=2017-09-01" "" "$accesstoken" _azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\$top=500&api-version=2017-09-01" "" "$accesstoken"
# Find matching domain name is Json response # Find matching domain name is Json response
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f $i-100)

View File

@ -19,8 +19,8 @@ dns_cf_add() {
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
CF_Key="" CF_Key=""
CF_Email="" CF_Email=""
_err "You didn't specify a cloudflare api key and email yet." _err "You didn't specify a Cloudflare api key and email yet."
_err "Please create the key and try again." _err "You can get yours from here https://dash.cloudflare.com/profile."
return 1 return 1
fi fi
@ -58,9 +58,12 @@ dns_cf_add() {
# if [ "$count" = "0" ]; then # if [ "$count" = "0" ]; then
_info "Adding record" _info "Adding record"
if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then if _contains "$response" "$fulldomain"; then
_info "Added, OK" _info "Added, OK"
return 0 return 0
elif _contains "$response" "The record already exists"; then
_info "Already exists, OK"
return 0
else else
_err "Add txt record error." _err "Add txt record error."
return 1 return 1
@ -94,8 +97,8 @@ dns_cf_rm() {
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
CF_Key="" CF_Key=""
CF_Email="" CF_Email=""
_err "You didn't specify a cloudflare api key and email yet." _err "You didn't specify a Cloudflare api key and email yet."
_err "Please create the key and try again." _err "You can get yours from here https://dash.cloudflare.com/profile."
return 1 return 1
fi fi
@ -159,7 +162,7 @@ _get_root() {
fi fi
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
if [ "$_domain_id" ]; then if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h _domain=$h

View File

@ -104,48 +104,60 @@ dns_dgon_rm() {
## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}} ## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}}
GURL="https://api.digitalocean.com/v2/domains/$_domain/records" GURL="https://api.digitalocean.com/v2/domains/$_domain/records"
## while we dont have a record ID we keep going ## Get all the matching records
while [ -z "$record" ]; do while true; do
## 1) get the URL ## 1) get the URL
## the create request - get ## the create request - get
## args: URL, [onlyheader, timeout] ## args: URL, [onlyheader, timeout]
domain_list="$(_get "$GURL")" domain_list="$(_get "$GURL")"
## 2) find record
## check for what we are looing for: "type":"A","name":"$_sub_domain" ## check response
record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")" if [ "$?" != "0" ]; then
## 3) check record and get next page _err "error in domain_list response: $domain_list"
if [ -z "$record" ]; then return 1
## find the next page if we dont have a match
nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=[0-9]+")"
if [ -z "$nextpage" ]; then
_err "no record and no nextpage in digital ocean DNS removal"
return 1
fi
_debug2 nextpage "$nextpage"
GURL="$nextpage"
fi fi
## we break out of the loop when we have a record _debug2 domain_list "$domain_list"
## 2) find records
## check for what we are looking for: "type":"A","name":"$_sub_domain"
record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
if [ ! -z "$record" ]; then
## we found records
rec_ids="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
_debug rec_ids "$rec_ids"
if [ ! -z "$rec_ids" ]; then
echo "$rec_ids" | while IFS= read -r rec_id; do
## delete the record
## delete URL for removing the one we dont want
DURL="https://api.digitalocean.com/v2/domains/$_domain/records/$rec_id"
## the create request - delete
## args: BODY, URL, [need64, httpmethod]
response="$(_post "" "$DURL" "" "DELETE")"
## check response (sort of)
if [ "$?" != "0" ]; then
_err "error in remove response: $response"
return 1
fi
_debug2 response "$response"
done
fi
fi
## 3) find the next page
nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=[0-9]+")"
if [ -z "$nextpage" ]; then
break
fi
_debug2 nextpage "$nextpage"
GURL="$nextpage"
done done
## we found the record
rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
_debug rec_id "$rec_id"
## delete the record
## delete URL for removing the one we dont want
DURL="https://api.digitalocean.com/v2/domains/$_domain/records/$rec_id"
## the create request - delete
## args: BODY, URL, [need64, httpmethod]
response="$(_post "" "$DURL" "" "DELETE")"
## check response (sort of)
if [ "$?" != "0" ]; then
_err "error in remove response: $response"
return 1
fi
_debug2 response "$response"
## finished correctly ## finished correctly
return 0 return 0
} }
@ -178,44 +190,57 @@ _get_base_domain() {
export _H2="Authorization: Bearer $DO_API_KEY" export _H2="Authorization: Bearer $DO_API_KEY"
_debug DO_API_KEY "$DO_API_KEY" _debug DO_API_KEY "$DO_API_KEY"
## get URL for the list of domains ## get URL for the list of domains
## havent seen this request paginated, tested with 18 domains (more requires manual requests with DO) ## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}}
DOMURL="https://api.digitalocean.com/v2/domains" DOMURL="https://api.digitalocean.com/v2/domains"
## get the domain list (DO gives basically a full XFER!) ## while we dont have a matching domain we keep going
domain_list="$(_get "$DOMURL")" while [ -z "$found" ]; do
## get the domain list (current page)
domain_list="$(_get "$DOMURL")"
## check response ## check response
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
_err "error in domain_list response: $domain_list" _err "error in domain_list response: $domain_list"
return 1
fi
_debug2 domain_list "$domain_list"
## for each shortening of our $fulldomain, check if it exists in the $domain_list
## can never start on 1 (aka whole $fulldomain) as $fulldomain starts with "_acme-challenge"
i=2
while [ $i -gt 0 ]; do
## get next longest domain
_domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM")
## check we got something back from our cut (or are we at the end)
if [ -z "$_domain" ]; then
## we got to the end of the domain - invalid domain
_err "domain not found in DigitalOcean account"
return 1 return 1
fi fi
## we got part of a domain back - grep it out _debug2 domain_list "$domain_list"
found="$(echo "$domain_list" | _egrep_o "\"name\"\s*\:\s*\"$_domain\"")"
## check if it exists ## for each shortening of our $fulldomain, check if it exists in the $domain_list
if [ ! -z "$found" ]; then ## can never start on 1 (aka whole $fulldomain) as $fulldomain starts with "_acme-challenge"
## exists - exit loop returning the parts i=2
sub_point=$(_math $i - 1) while [ $i -gt 0 ]; do
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") ## get next longest domain
_debug _domain "$_domain" _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM")
_debug _sub_domain "$_sub_domain" ## check we got something back from our cut (or are we at the end)
return 0 if [ -z "$_domain" ]; then
break
fi
## we got part of a domain back - grep it out
found="$(echo "$domain_list" | _egrep_o "\"name\"\s*\:\s*\"$_domain\"")"
## check if it exists
if [ ! -z "$found" ]; then
## exists - exit loop returning the parts
sub_point=$(_math $i - 1)
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point")
_debug _domain "$_domain"
_debug _sub_domain "$_sub_domain"
return 0
fi
## increment cut point $i
i=$(_math $i + 1)
done
if [ -z "$found" ]; then
## find the next page if we dont have a match
nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=[0-9]+")"
if [ -z "$nextpage" ]; then
_err "no record and no nextpage in digital ocean DNS removal"
return 1
fi
_debug2 nextpage "$nextpage"
DOMURL="$nextpage"
fi fi
## increment cut point $i
i=$(_math $i + 1)
done done
## we went through the entire domain zone list and dint find one that matched ## we went through the entire domain zone list and dint find one that matched

View File

@ -10,7 +10,7 @@
Dynu_Token="" Dynu_Token=""
# #
#Endpoint #Endpoint
Dynu_EndPoint="https://api.dynu.com/v1" Dynu_EndPoint="https://api.dynu.com/v2"
# #
#Author: Dynu Systems, Inc. #Author: Dynu Systems, Inc.
#Report Bugs here: https://github.com/shar0119/acme.sh #Report Bugs here: https://github.com/shar0119/acme.sh
@ -51,11 +51,11 @@ dns_dynu_add() {
_debug _domain_name "$_domain_name" _debug _domain_name "$_domain_name"
_info "Creating TXT record." _info "Creating TXT record."
if ! _dynu_rest POST "dns/record/add" "{\"domain_name\":\"$_domain_name\",\"node_name\":\"$_node\",\"record_type\":\"TXT\",\"text_data\":\"$txtvalue\",\"state\":true,\"ttl\":90}"; then if ! _dynu_rest POST "dns/$dnsId/record" "{\"domainId\":\"$dnsId\",\"nodeName\":\"$_node\",\"recordType\":\"TXT\",\"textData\":\"$txtvalue\",\"state\":true,\"ttl\":90}"; then
return 1 return 1
fi fi
if ! _contains "$response" "text_data"; then if ! _contains "$response" "200"; then
_err "Could not add TXT record." _err "Could not add TXT record."
return 1 return 1
fi fi
@ -132,11 +132,12 @@ _get_root() {
return 1 return 1
fi fi
if ! _dynu_rest GET "dns/get/$h"; then if ! _dynu_rest GET "dns/getroot/$h"; then
return 1 return 1
fi fi
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then if _contains "$response" "\"domainName\":\"$h\"" >/dev/null; then
dnsId=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 2 | cut -d : -f 2)
_domain_name=$h _domain_name=$h
_node=$(printf "%s" "$domain" | cut -d . -f 1-$p) _node=$(printf "%s" "$domain" | cut -d . -f 1-$p)
return 0 return 0
@ -152,7 +153,7 @@ _get_recordid() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
if ! _dynu_rest GET "dns/record/get?hostname=$fulldomain&rrtype=TXT"; then if ! _dynu_rest GET "dns/$dnsId/record"; then
return 1 return 1
fi fi
@ -161,19 +162,18 @@ _get_recordid() {
return 0 return 0
fi fi
_dns_record_id=$(printf "%s" "$response" | _egrep_o "{[^}]*}" | grep "\"text_data\":\"$txtvalue\"" | _egrep_o ",[^,]*," | grep ',"id":' | tr -d ",," | cut -d : -f 2) _dns_record_id=$(printf "%s" "$response" | sed -e 's/[^{]*\({[^}]*}\)[^{]*/\1\n/g' | grep "\"textData\":\"$txtvalue\"" | sed -e 's/.*"id":\([^,]*\).*/\1/')
return 0 return 0
} }
_delete_txt_record() { _delete_txt_record() {
_dns_record_id=$1 _dns_record_id=$1
if ! _dynu_rest GET "dns/record/delete/$_dns_record_id"; then if ! _dynu_rest DELETE "dns/$dnsId/record/$_dns_record_id"; then
return 1 return 1
fi fi
if ! _contains "$response" "true"; then if ! _contains "$response" "200"; then
return 1 return 1
fi fi
@ -189,7 +189,7 @@ _dynu_rest() {
export _H1="Authorization: Bearer $Dynu_Token" export _H1="Authorization: Bearer $Dynu_Token"
export _H2="Content-Type: application/json" export _H2="Content-Type: application/json"
if [ "$data" ]; then if [ "$data" ] || [ "$m" = "DELETE" ]; then
_debug data "$data" _debug data "$data"
response="$(_post "$data" "$Dynu_EndPoint/$ep" "" "$m")" response="$(_post "$data" "$Dynu_EndPoint/$ep" "" "$m")"
else else
@ -216,8 +216,8 @@ _dynu_authentication() {
_err "Authentication failed." _err "Authentication failed."
return 1 return 1
fi fi
if _contains "$response" "accessToken"; then if _contains "$response" "access_token"; then
Dynu_Token=$(printf "%s" "$response" | tr -d "[]" | cut -d , -f 2 | cut -d : -f 2 | cut -d '"' -f 2) Dynu_Token=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2)
fi fi
if _contains "$Dynu_Token" "null"; then if _contains "$Dynu_Token" "null"; then
Dynu_Token="" Dynu_Token=""

168
dnsapi/dns_exoscale.sh Executable file
View File

@ -0,0 +1,168 @@
#!/usr/bin/env sh
EXOSCALE_API=https://api.exoscale.com/dns/v1
######## Public functions #####################
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
dns_exoscale_add() {
fulldomain=$1
txtvalue=$2
if ! _checkAuth; then
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_info "Adding record"
if _exoscale_rest POST "domains/$_domain_id/records" "{\"record\":{\"name\":\"$_sub_domain\",\"record_type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":120}}" "$_domain_token"; then
if _contains "$response" "$txtvalue"; then
_info "Added, OK"
return 0
fi
fi
_err "Add txt record error."
return 1
}
# Usage: fulldomain txtvalue
# Used to remove the txt record after validation
dns_exoscale_rm() {
fulldomain=$1
txtvalue=$2
if ! _checkAuth; then
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Getting txt records"
_exoscale_rest GET "domains/${_domain_id}/records?type=TXT&name=$_sub_domain" "" "$_domain_token"
if _contains "$response" "\"name\":\"$_sub_domain\"" >/dev/null; then
_record_id=$(echo "$response" | tr '{' "\n" | grep "\"content\":\"$txtvalue\"" | _egrep_o "\"id\":[^,]+" | _head_n 1 | cut -d : -f 2 | tr -d \")
fi
if [ -z "$_record_id" ]; then
_err "Can not get record id to remove."
return 1
fi
_debug "Deleting record $_record_id"
if ! _exoscale_rest DELETE "domains/$_domain_id/records/$_record_id" "" "$_domain_token"; then
_err "Delete record error."
return 1
fi
return 0
}
#################### Private functions below ##################################
_checkAuth() {
EXOSCALE_API_KEY="${EXOSCALE_API_KEY:-$(_readaccountconf_mutable EXOSCALE_API_KEY)}"
EXOSCALE_SECRET_KEY="${EXOSCALE_SECRET_KEY:-$(_readaccountconf_mutable EXOSCALE_SECRET_KEY)}"
if [ -z "$EXOSCALE_API_KEY" ] || [ -z "$EXOSCALE_SECRET_KEY" ]; then
EXOSCALE_API_KEY=""
EXOSCALE_SECRET_KEY=""
_err "You don't specify Exoscale application key and application secret yet."
_err "Please create you key and try again."
return 1
fi
_saveaccountconf_mutable EXOSCALE_API_KEY "$EXOSCALE_API_KEY"
_saveaccountconf_mutable EXOSCALE_SECRET_KEY "$EXOSCALE_SECRET_KEY"
return 0
}
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
# _domain_token=sdjkglgdfewsdfg
_get_root() {
if ! _exoscale_rest GET "domains"; then
return 1
fi
domain=$1
i=2
p=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug h "$h"
if [ -z "$h" ]; then
#not valid
return 1
fi
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
_domain_id=$(echo "$response" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "\"id\":[^,]+" | _head_n 1 | cut -d : -f 2 | tr -d \")
_domain_token=$(echo "$response" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "\"token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
if [ "$_domain_token" ] && [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h
return 0
fi
return 1
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
# returns response
_exoscale_rest() {
method=$1
path="$2"
data="$3"
token="$4"
request_url="$EXOSCALE_API/$path"
_debug "$path"
export _H1="Accept: application/json"
if [ "$token" ]; then
export _H2="X-DNS-Domain-Token: $token"
else
export _H2="X-DNS-Token: $EXOSCALE_API_KEY:$EXOSCALE_SECRET_KEY"
fi
if [ "$data" ] || [ "$method" = "DELETE" ]; then
export _H3="Content-Type: application/json"
_debug data "$data"
response="$(_post "$data" "$request_url" "" "$method")"
else
response="$(_get "$request_url" "" "" "$method")"
fi
if [ "$?" != "0" ]; then
_err "error $request_url"
return 1
fi
_debug2 response "$response"
return 0
}

60
dnsapi/dns_gandi_livedns.sh Executable file → Normal file
View File

@ -7,6 +7,7 @@
# Requires GANDI API KEY set in GANDI_LIVEDNS_KEY set as environment variable # Requires GANDI API KEY set in GANDI_LIVEDNS_KEY set as environment variable
# #
#Author: Frédéric Crozat <fcrozat@suse.com> #Author: Frédéric Crozat <fcrozat@suse.com>
# Dominik Röttsches <drott@google.com>
#Report Bugs here: https://github.com/fcrozat/acme.sh #Report Bugs here: https://github.com/fcrozat/acme.sh
# #
######## Public functions ##################### ######## Public functions #####################
@ -36,9 +37,7 @@ dns_gandi_livedns_add() {
_debug domain "$_domain" _debug domain "$_domain"
_debug sub_domain "$_sub_domain" _debug sub_domain "$_sub_domain"
_gandi_livedns_rest PUT "domains/$_domain/records/$_sub_domain/TXT" "{\"rrset_ttl\": 300, \"rrset_values\":[\"$txtvalue\"]}" \ _dns_gandi_append_record "$_domain" "$_sub_domain" "$txtvalue"
&& _contains "$response" '{"message": "DNS Record Created"}' \
&& _info "Add $(__green "success")"
} }
#Usage: fulldomain txtvalue #Usage: fulldomain txtvalue
@ -56,9 +55,23 @@ dns_gandi_livedns_rm() {
_debug fulldomain "$fulldomain" _debug fulldomain "$fulldomain"
_debug domain "$_domain" _debug domain "$_domain"
_debug sub_domain "$_sub_domain" _debug sub_domain "$_sub_domain"
_debug txtvalue "$txtvalue"
_gandi_livedns_rest DELETE "domains/$_domain/records/$_sub_domain/TXT" "" if ! _dns_gandi_existing_rrset_values "$_domain" "$_sub_domain"; then
return 1
fi
_new_rrset_values=$(echo "$_rrset_values" | sed "s/...$txtvalue...//g")
# Cleanup dangling commata.
_new_rrset_values=$(echo "$_new_rrset_values" | sed "s/, ,/ ,/g")
_new_rrset_values=$(echo "$_new_rrset_values" | sed "s/, *\]/\]/g")
_new_rrset_values=$(echo "$_new_rrset_values" | sed "s/\[ *,/\[/g")
_debug "New rrset_values" "$_new_rrset_values"
_gandi_livedns_rest PUT \
"domains/$_domain/records/$_sub_domain/TXT" \
"{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" \
&& _contains "$response" '{"message": "DNS Record Created"}' \
&& _info "Removing record $(__green "success")"
} }
#################### Private functions below ################################## #################### Private functions below ##################################
@ -98,6 +111,45 @@ _get_root() {
return 1 return 1
} }
_dns_gandi_append_record() {
domain=$1
sub_domain=$2
txtvalue=$3
if _dns_gandi_existing_rrset_values "$domain" "$sub_domain"; then
_debug "Appending new value"
_rrset_values=$(echo "$_rrset_values" | sed "s/\"]/\",\"$txtvalue\"]/")
else
_debug "Creating new record" "$_rrset_values"
_rrset_values="[\"$txtvalue\"]"
fi
_debug new_rrset_values "$_rrset_values"
_gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
"{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" \
&& _contains "$response" '{"message": "DNS Record Created"}' \
&& _info "Adding record $(__green "success")"
}
_dns_gandi_existing_rrset_values() {
domain=$1
sub_domain=$2
if ! _gandi_livedns_rest GET "domains/$domain/records/$sub_domain"; then
return 1
fi
if ! _contains "$response" '"rrset_type": "TXT"'; then
_debug "Does not have a _acme-challenge TXT record yet."
return 1
fi
if _contains "$response" '"rrset_values": \[\]'; then
_debug "Empty rrset_values for TXT record, no previous TXT record."
return 1
fi
_debug "Already has TXT record."
_rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' \
| _egrep_o '\[".*\"]')
return 0
}
_gandi_livedns_rest() { _gandi_livedns_rest() {
m=$1 m=$1
ep="$2" ep="$2"

View File

@ -92,7 +92,9 @@ dns_he_rm() {
return 1 return 1
fi fi
# Remove the record # Remove the record
body="email=${HE_Username}&pass=${HE_Password}" username_encoded="$(printf "%s" "${HE_Username}" | _url_encode)"
password_encoded="$(printf "%s" "${HE_Password}" | _url_encode)"
body="email=${username_encoded}&pass=${password_encoded}"
body="$body&menu=edit_zone" body="$body&menu=edit_zone"
body="$body&hosted_dns_zoneid=$_zone_id" body="$body&hosted_dns_zoneid=$_zone_id"
body="$body&hosted_dns_recordid=$_record_id" body="$body&hosted_dns_recordid=$_record_id"

134
dnsapi/dns_hostingde.sh Normal file
View File

@ -0,0 +1,134 @@
#!/usr/bin/env sh
# hosting.de API
# Values to export:
# export HOSTINGDE_ENDPOINT='https://secure.hosting.de'
# export HOSTINGDE_APIKEY='xxxxx'
######## Public functions #####################
dns_hostingde_add() {
fulldomain="${1}"
txtvalue="${2}"
_debug "Calling: _hostingde_addRecord() '${fulldomain}' '${txtvalue}'"
_hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_addRecord
}
dns_hostingde_rm() {
fulldomain="${1}"
txtvalue="${2}"
_debug "Calling: _hostingde_removeRecord() '${fulldomain}' '${txtvalue}'"
_hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_removeRecord
}
#################### own Private functions below ##################################
_hostingde_apiKey() {
HOSTINGDE_APIKEY="${HOSTINGDE_APIKEY:-$(_readaccountconf_mutable HOSTINGDE_APIKEY)}"
if [ -z "$HOSTINGDE_APIKEY" ] || [ -z "$HOSTINGDE_ENDPOINT" ]; then
HOSTINGDE_APIKEY=""
HOSTINGDE_ENDPOINT=""
_err "You haven't specified hosting.de API key or endpoint yet."
_err "Please create your key and try again."
return 1
fi
_saveaccountconf_mutable HOSTINGDE_APIKEY "$HOSTINGDE_APIKEY"
_saveaccountconf_mutable HOSTINGDE_ENDPOINT "$HOSTINGDE_ENDPOINT"
}
_hostingde_getZoneConfig() {
_info "Getting ZoneConfig"
curZone="${fulldomain#*.}"
returnCode=1
while _contains "${curZone}" "\\."; do
curData="{\"filter\":{\"field\":\"zoneName\",\"value\":\"${curZone}\"},\"limit\":1,\"authToken\":\"${HOSTINGDE_APIKEY}\"}"
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneConfigsFind")"
_debug "Calling zoneConfigsFind: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneConfigsFind'"
_debug "Result of zoneConfigsFind: '$curResult'"
if _contains "${curResult}" '"status": "error"'; then
if _contains "${curResult}" '"code": 10109'; then
_err "The API-Key is invalid or could not be found"
else
_err "UNKNOWN API ERROR"
fi
returnCode=1
break
fi
if _contains "${curResult}" '"totalEntries": 1'; then
_info "Retrieved zone data."
_debug "Zone data: '${curResult}'"
# read ZoneConfigId for later update
zoneConfigId=$(echo "${curResult}" | _egrep_o '"id":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
_debug "zoneConfigId '${zoneConfigId}'"
returnCode=0
break
fi
curZone="${curZone#*.}"
done
if [ $returnCode -ne 0 ]; then
_info "ZoneEnd reached, Zone ${curZone} not found in hosting.de API"
fi
return $returnCode
}
_hostingde_getZoneStatus() {
_debug "Checking Zone status"
curData="{\"filter\":{\"field\":\"zoneConfigId\",\"value\":\"${zoneConfigId}\"},\"limit\":1,\"authToken\":\"${HOSTINGDE_APIKEY}\"}"
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zonesFind")"
_debug "Calling zonesFind '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zonesFind'"
_debug "Result of zonesFind '$curResult'"
zoneStatus=$(echo "${curResult}" | grep -v success | _egrep_o '"status":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
_debug "zoneStatus '${zoneStatus}'"
return 0
}
_hostingde_addRecord() {
_info "Adding record to zone"
_hostingde_getZoneStatus
_debug "Result of zoneStatus: '${zoneStatus}'"
while [ "${zoneStatus}" != "active" ]; do
_sleep 5
_hostingde_getZoneStatus
_debug "Result of zoneStatus: '${zoneStatus}'"
done
curData="{\"authToken\":\"${HOSTINGDE_APIKEY}\",\"zoneConfig\":{\"id\":\"${zoneConfigId}\"},\"recordsToAdd\":[{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"\\\"${txtvalue}\\\"\",\"ttl\":3600}]}"
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate")"
_debug "Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'"
_debug "Result of zoneUpdate: '$curResult'"
if _contains "${curResult}" '"status": "error"'; then
if _contains "${curResult}" '"code": 10109'; then
_err "The API-Key is invalid or could not be found"
else
_err "UNKNOWN API ERROR"
fi
return 1
fi
return 0
}
_hostingde_removeRecord() {
_info "Removing record from zone"
_hostingde_getZoneStatus
_debug "Result of zoneStatus: '$zoneStatus'"
while [ "$zoneStatus" != "active" ]; do
_sleep 5
_hostingde_getZoneStatus
_debug "Result of zoneStatus: '$zoneStatus'"
done
curData="{\"authToken\":\"${HOSTINGDE_APIKEY}\",\"zoneConfig\":{\"id\":\"${zoneConfigId}\"},\"recordsToDelete\":[{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"\\\"${txtvalue}\\\"\"}]}"
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate")"
_debug "Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'"
_debug "Result of zoneUpdate: '$curResult'"
if _contains "${curResult}" '"status": "error"'; then
if _contains "${curResult}" '"code": 10109'; then
_err "The API-Key is invalid or could not be found"
else
_err "UNKNOWN API ERROR"
fi
return 1
fi
return 0
}

185
dnsapi/dns_linode_v4.sh Executable file
View File

@ -0,0 +1,185 @@
#!/usr/bin/env sh
#Original Author: Philipp Grosswiler <philipp.grosswiler@swiss-design.net>
#v4 Update Author: Aaron W. Swenson <aaron@grandmasfridge.org>
LINODE_V4_API_URL="https://api.linode.com/v4/domains"
######## Public functions #####################
#Usage: dns_linode_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_linode_add() {
fulldomain="${1}"
txtvalue="${2}"
if ! _Linode_API; then
return 1
fi
_info "Using Linode"
_debug "Calling: dns_linode_add() '${fulldomain}' '${txtvalue}'"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "Domain does not exist."
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_payload="{
\"type\": \"TXT\",
\"name\": \"$_sub_domain\",
\"target\": \"$txtvalue\"
}"
if _rest POST "/$_domain_id/records" "$_payload" && [ -n "$response" ]; then
_resource_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\s*[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1)
_debug _resource_id "$_resource_id"
if [ -z "$_resource_id" ]; then
_err "Error adding the domain resource."
return 1
fi
_info "Domain resource successfully added."
return 0
fi
return 1
}
#Usage: dns_linode_rm _acme-challenge.www.domain.com
dns_linode_rm() {
fulldomain="${1}"
if ! _Linode_API; then
return 1
fi
_info "Using Linode"
_debug "Calling: dns_linode_rm() '${fulldomain}'"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "Domain does not exist."
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
if _rest GET "/$_domain_id/records" && [ -n "$response" ]; then
response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")"
resource="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$_sub_domain\".*}")"
if [ "$resource" ]; then
_resource_id=$(printf "%s\n" "$resource" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
if [ "$_resource_id" ]; then
_debug _resource_id "$_resource_id"
if _rest DELETE "/$_domain_id/records/$_resource_id" && [ -n "$response" ]; then
# On 200/OK, empty set is returned. Check for error, if any.
_error_response=$(printf "%s\n" "$response" | _egrep_o "\"errors\"" | cut -d : -f 2 | tr -d " " | _head_n 1)
if [ -n "$_error_response" ]; then
_err "Error deleting the domain resource: $_error_response"
return 1
fi
_info "Domain resource successfully deleted."
return 0
fi
fi
return 1
fi
return 0
fi
return 1
}
#################### Private functions below ##################################
_Linode_API() {
if [ -z "$LINODE_V4_API_KEY" ]; then
LINODE_V4_API_KEY=""
_err "You didn't specify the Linode v4 API key yet."
_err "Please create your key and try again."
return 1
fi
_saveaccountconf LINODE_V4_API_KEY "$LINODE_V4_API_KEY"
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=12345
_get_root() {
domain=$1
i=2
p=1
if _rest GET; then
response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")"
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug h "$h"
if [ -z "$h" ]; then
#not valid
return 1
fi
hostedzone="$(echo "$response" | _egrep_o "{.*\"domain\":\s*\"$h\".*}")"
if [ "$hostedzone" ]; then
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h
return 0
fi
return 1
fi
p=$i
i=$(_math "$i" + 1)
done
fi
return 1
}
#method method action data
_rest() {
mtd="$1"
ep="$2"
data="$3"
_debug mtd "$mtd"
_debug ep "$ep"
export _H1="Accept: application/json"
export _H2="Content-Type: application/json"
export _H3="Authorization: Bearer $LINODE_V4_API_KEY"
if [ "$mtd" != "GET" ]; then
# both POST and DELETE.
_debug data "$data"
response="$(_post "$data" "$LINODE_V4_API_URL$ep" "" "$mtd")"
else
response="$(_get "$LINODE_V4_API_URL$ep$data")"
fi
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
return 0
}

View File

@ -38,8 +38,8 @@ dns_loopia_add() {
_info "Adding record" _info "Adding record"
_loopia_add_record "$_domain" "$_sub_domain" _loopia_add_sub_domain "$_domain" "$_sub_domain"
_loopia_update_record "$_domain" "$_sub_domain" "$txtvalue" _loopia_add_record "$_domain" "$_sub_domain" "$txtvalue"
} }
@ -96,6 +96,37 @@ dns_loopia_rm() {
#################### Private functions below ################################## #################### Private functions below ##################################
_loopia_get_records() {
domain=$1
sub_domain=$2
xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>getZoneRecords</methodName>
<params>
<param>
<value><string>%s</string></value>
</param>
<param>
<value><string>%s</string></value>
</param>
<param>
<value><string>%s</string></value>
</param>
<param>
<value><string>%s</string></value>
</param>
</params>
</methodCall>' $LOOPIA_User $LOOPIA_Password "$domain" "$sub_domain")
response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")"
if ! _contains "$response" "<array>"; then
_err "Error"
return 1
fi
return 0
}
_get_root() { _get_root() {
domain=$1 domain=$1
_debug "get root" _debug "get root"
@ -137,14 +168,14 @@ _get_root() {
} }
_loopia_update_record() { _loopia_add_record() {
domain=$1 domain=$1
sub_domain=$2 sub_domain=$2
txtval=$3 txtval=$3
xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?> xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
<methodCall> <methodCall>
<methodName>updateZoneRecord</methodName> <methodName>addZoneRecord</methodName>
<params> <params>
<param> <param>
<value><string>%s</string></value> <value><string>%s</string></value>
@ -176,10 +207,6 @@ _loopia_update_record() {
<name>rdata</name> <name>rdata</name>
<value><string>%s</string></value> <value><string>%s</string></value>
</member> </member>
<member>
<name>record_id</name>
<value><int>0</int></value>
</member>
</struct> </struct>
</param> </param>
</params> </params>
@ -194,10 +221,42 @@ _loopia_update_record() {
return 0 return 0
} }
_loopia_add_record() { _sub_domain_exists() {
domain=$1 domain=$1
sub_domain=$2 sub_domain=$2
xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>getSubdomains</methodName>
<params>
<param>
<value><string>%s</string></value>
</param>
<param>
<value><string>%s</string></value>
</param>
<param>
<value><string>%s</string></value>
</param>
</params>
</methodCall>' $LOOPIA_User $LOOPIA_Password "$domain")
response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")"
if _contains "$response" "$sub_domain"; then
return 0
fi
return 1
}
_loopia_add_sub_domain() {
domain=$1
sub_domain=$2
if _sub_domain_exists "$domain" "$sub_domain"; then
return 0
fi
xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?> xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
<methodCall> <methodCall>
<methodName>addSubdomain</methodName> <methodName>addSubdomain</methodName>

210
dnsapi/dns_mydnsjp.sh Executable file
View File

@ -0,0 +1,210 @@
#!/usr/bin/env sh
#Here is a api script for MyDNS.JP.
#This file name is "dns_mydnsjp.sh"
#So, here must be a method dns_mydnsjp_add()
#Which will be called by acme.sh to add the txt record to your api system.
#returns 0 means success, otherwise error.
#
#Author: epgdatacapbon
#Report Bugs here: https://github.com/epgdatacapbon/acme.sh
#
######## Public functions #####################
# Export MyDNS.JP MasterID and Password in following variables...
# MYDNSJP_MasterID=MasterID
# MYDNSJP_Password=Password
MYDNSJP_API="https://www.mydns.jp"
#Usage: dns_mydnsjp_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_mydnsjp_add() {
fulldomain=$1
txtvalue=$2
_info "Using mydnsjp"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
# Load the credentials from the account conf file
MYDNSJP_MasterID="${MYDNSJP_MasterID:-$(_readaccountconf_mutable MYDNSJP_MasterID)}"
MYDNSJP_Password="${MYDNSJP_Password:-$(_readaccountconf_mutable MYDNSJP_Password)}"
if [ -z "$MYDNSJP_MasterID" ] || [ -z "$MYDNSJP_Password" ]; then
MYDNSJP_MasterID=""
MYDNSJP_Password=""
_err "You don't specify mydnsjp api MasterID and Password yet."
_err "Please export as MYDNSJP_MasterID / MYDNSJP_Password and try again."
return 1
fi
# Save the credentials to the account conf file
_saveaccountconf_mutable MYDNSJP_MasterID "$MYDNSJP_MasterID"
_saveaccountconf_mutable MYDNSJP_Password "$MYDNSJP_Password"
_debug "First detect the root zone."
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
if _mydnsjp_api "REGIST" "$_domain" "$txtvalue"; then
if printf -- "%s" "$response" | grep "OK." >/dev/null; then
_info "Added, OK"
return 0
else
_err "Add txt record error."
return 1
fi
fi
_err "Add txt record error."
return 1
}
#Usage: fulldomain txtvalue
#Remove the txt record after validation.
dns_mydnsjp_rm() {
fulldomain=$1
txtvalue=$2
_info "Removing TXT record"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
# Load the credentials from the account conf file
MYDNSJP_MasterID="${MYDNSJP_MasterID:-$(_readaccountconf_mutable MYDNSJP_MasterID)}"
MYDNSJP_Password="${MYDNSJP_Password:-$(_readaccountconf_mutable MYDNSJP_Password)}"
if [ -z "$MYDNSJP_MasterID" ] || [ -z "$MYDNSJP_Password" ]; then
MYDNSJP_MasterID=""
MYDNSJP_Password=""
_err "You don't specify mydnsjp api MasterID and Password yet."
_err "Please export as MYDNSJP_MasterID / MYDNSJP_Password and try again."
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
if _mydnsjp_api "DELETE" "$_domain" "$txtvalue"; then
if printf -- "%s" "$response" | grep "OK." >/dev/null; then
_info "Deleted, OK"
return 0
else
_err "Delete txt record error."
return 1
fi
fi
_err "Delete txt record error."
return 1
}
#################### Private functions below ##################################
# _acme-challenge.www.domain.com
# returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
fulldomain=$1
i=2
p=1
# Get the root domain
_mydnsjp_retrieve_domain
if [ "$?" != "0" ]; then
# not valid
return 1
fi
while true; do
_domain=$(printf "%s" "$fulldomain" | cut -d . -f $i-100)
if [ -z "$_domain" ]; then
# not valid
return 1
fi
if [ "$_domain" = "$_root_domain" ]; then
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-$p)
return 0
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
# Retrieve the root domain
# returns 0 success
_mydnsjp_retrieve_domain() {
_debug "Login to MyDNS.JP"
response="$(_post "masterid=$MYDNSJP_MasterID&masterpwd=$MYDNSJP_Password" "$MYDNSJP_API/?MENU=100")"
cookie="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _head_n 1 | cut -d " " -f 2)"
# If cookies is not empty then logon successful
if [ -z "$cookie" ]; then
_err "Fail to get a cookie."
return 1
fi
_debug "Retrieve DOMAIN INFO page"
export _H1="Cookie:${cookie}"
response="$(_get "$MYDNSJP_API/?MENU=300")"
if [ "$?" != "0" ]; then
_err "Fail to retrieve DOMAIN INFO."
return 1
fi
_root_domain=$(echo "$response" | grep "DNSINFO\[domainname\]" | sed 's/^.*value="\([^"]*\)".*/\1/')
# Logout
response="$(_get "$MYDNSJP_API/?MENU=090")"
_debug _root_domain "$_root_domain"
if [ -z "$_root_domain" ]; then
_err "Fail to get the root domain."
return 1
fi
return 0
}
_mydnsjp_api() {
cmd=$1
domain=$2
txtvalue=$3
# Base64 encode the credentials
credentials=$(printf "%s:%s" "$MYDNSJP_MasterID" "$MYDNSJP_Password" | _base64)
# Construct the HTTP Authorization header
export _H1="Content-Type: application/x-www-form-urlencoded"
export _H2="Authorization: Basic ${credentials}"
response="$(_post "CERTBOT_DOMAIN=$domain&CERTBOT_VALIDATION=$txtvalue&EDIT_CMD=$cmd" "$MYDNSJP_API/directedit.html")"
if [ "$?" != "0" ]; then
_err "error $domain"
return 1
fi
_debug2 response "$response"
return 0
}

View File

@ -199,9 +199,12 @@ _namecheap_check_config() {
_set_namecheap_TXT() { _set_namecheap_TXT() {
subdomain=$2 subdomain=$2
txt=$3 txt=$3
tld=$(echo "$1" | cut -d '.' -f 2)
sld=$(echo "$1" | cut -d '.' -f 1) if ! _namecheap_set_tld_sld "$1"; then
request="namecheap.domains.dns.getHosts&SLD=$sld&TLD=$tld" return 1
fi
request="namecheap.domains.dns.getHosts&SLD=${_sld}&TLD=${_tld}"
if ! _namecheap_post "$request"; then if ! _namecheap_post "$request"; then
_err "$error" _err "$error"
@ -231,7 +234,7 @@ EOT
_debug hostrequestfinal "$_hostrequest" _debug hostrequestfinal "$_hostrequest"
request="namecheap.domains.dns.setHosts&SLD=${sld}&TLD=${tld}${_hostrequest}" request="namecheap.domains.dns.setHosts&SLD=${_sld}&TLD=${_tld}${_hostrequest}"
if ! _namecheap_post "$request"; then if ! _namecheap_post "$request"; then
_err "$error" _err "$error"
@ -244,9 +247,12 @@ EOT
_del_namecheap_TXT() { _del_namecheap_TXT() {
subdomain=$2 subdomain=$2
txt=$3 txt=$3
tld=$(echo "$1" | cut -d '.' -f 2)
sld=$(echo "$1" | cut -d '.' -f 1) if ! _namecheap_set_tld_sld "$1"; then
request="namecheap.domains.dns.getHosts&SLD=$sld&TLD=$tld" return 1
fi
request="namecheap.domains.dns.getHosts&SLD=${_sld}&TLD=${_tld}"
if ! _namecheap_post "$request"; then if ! _namecheap_post "$request"; then
_err "$error" _err "$error"
@ -286,7 +292,7 @@ EOT
_debug hostrequestfinal "$_hostrequest" _debug hostrequestfinal "$_hostrequest"
request="namecheap.domains.dns.setHosts&SLD=${sld}&TLD=${tld}${_hostrequest}" request="namecheap.domains.dns.setHosts&SLD=${_sld}&TLD=${_tld}${_hostrequest}"
if ! _namecheap_post "$request"; then if ! _namecheap_post "$request"; then
_err "$error" _err "$error"
@ -306,3 +312,45 @@ _namecheap_add_host() {
_hostindex=$(_math "$_hostindex" + 1) _hostindex=$(_math "$_hostindex" + 1)
_hostrequest=$(printf '%s&HostName%d=%s&RecordType%d=%s&Address%d=%s&MXPref%d=%d&TTL%d=%d' "$_hostrequest" "$_hostindex" "$1" "$_hostindex" "$2" "$_hostindex" "$3" "$_hostindex" "$4" "$_hostindex" "$5") _hostrequest=$(printf '%s&HostName%d=%s&RecordType%d=%s&Address%d=%s&MXPref%d=%d&TTL%d=%d' "$_hostrequest" "$_hostindex" "$1" "$_hostindex" "$2" "$_hostindex" "$3" "$_hostindex" "$4" "$_hostindex" "$5")
} }
_namecheap_set_tld_sld() {
domain=$1
_tld=""
_sld=""
i=2
while true; do
_tld=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug tld "$_tld"
if [ -z "$_tld" ]; then
_debug "invalid tld"
return 1
fi
j=$(_math "$i" - 1)
_sld=$(printf "%s" "$domain" | cut -d . -f 1-"$j")
_debug sld "$_sld"
if [ -z "$_sld" ]; then
_debug "invalid sld"
return 1
fi
request="namecheap.domains.dns.getHosts&SLD=$_sld&TLD=$_tld"
if ! _namecheap_post "$request"; then
_debug "sld($_sld)/tld($_tld) not found"
else
_debug "sld($_sld)/tld($_tld) found"
return 0
fi
i=$(_math "$i" + 1)
done
}

181
dnsapi/dns_neodigit.sh Normal file
View File

@ -0,0 +1,181 @@
#!/usr/bin/env sh
#
# NEODIGIT_API_TOKEN="jasdfhklsjadhflnhsausdfas"
# This is Neodigit.net api wrapper for acme.sh
#
# Author: Adrian Almenar
# Report Bugs here: https://github.com/tecnocratica/acme.sh
#
NEODIGIT_API_URL="https://api.neodigit.net/v1"
#
######## Public functions #####################
# Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_neodigit_add() {
fulldomain=$1
txtvalue=$2
NEODIGIT_API_TOKEN="${NEODIGIT_API_TOKEN:-$(_readaccountconf_mutable NEODIGIT_API_TOKEN)}"
if [ -z "$NEODIGIT_API_TOKEN" ]; then
NEODIGIT_API_TOKEN=""
_err "You haven't specified a Token api key."
_err "Please create the key and try again."
return 1
fi
#save the api key and email to the account conf file.
_saveaccountconf_mutable NEODIGIT_API_TOKEN "$NEODIGIT_API_TOKEN"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
_debug domain "$_domain"
_debug sub_domain "$_sub_domain"
_debug "Getting txt records"
_neo_rest GET "dns/zones/${_domain_id}/records?type=TXT&name=$fulldomain"
_debug _code "$_code"
if [ "$_code" != "200" ]; then
_err "error retrieving data!"
return 1
fi
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
_debug domain "$_domain"
_debug sub_domain "$_sub_domain"
_info "Adding record"
if _neo_rest POST "dns/zones/$_domain_id/records" "{\"record\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":60}}"; then
if printf -- "%s" "$response" | grep "$_sub_domain" >/dev/null; then
_info "Added, OK"
return 0
else
_err "Add txt record error."
return 1
fi
fi
_err "Add txt record error."
return 1
}
#fulldomain txtvalue
dns_neodigit_rm() {
fulldomain=$1
txtvalue=$2
NEODIGIT_API_TOKEN="${NEODIGIT_API_TOKEN:-$(_readaccountconf_mutable NEODIGIT_API_TOKEN)}"
if [ -z "$NEODIGIT_API_TOKEN" ]; then
NEODIGIT_API_TOKEN=""
_err "You haven't specified a Token api key."
_err "Please create the key and try again."
return 1
fi
#save the api key and email to the account conf file.
_saveaccountconf_mutable NEODIGIT_API_TOKEN "$NEODIGIT_API_TOKEN"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Getting txt records"
_neo_rest GET "dns/zones/${_domain_id}/records?type=TXT&name=$fulldomain&content=$txtvalue"
if [ "$_code" != "200" ]; then
_err "error retrieving data!"
return 1
fi
record_id=$(echo "$response" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d: -f2 | cut -d, -f1)
_debug "record_id" "$record_id"
if [ -z "$record_id" ]; then
_err "Can not get record id to remove."
return 1
fi
if ! _neo_rest DELETE "dns/zones/$_domain_id/records/$record_id"; then
_err "Delete record error."
return 1
fi
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=dasfdsafsadg5ythd
_get_root() {
domain=$1
i=2
p=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug h "$h"
if [ -z "$h" ]; then
#not valid
return 1
fi
if ! _neo_rest GET "dns/zones?name=$h"; then
return 1
fi
_debug p "$p"
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
_domain_id=$(echo "$response" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d: -f2 | cut -d, -f1)
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h
return 0
fi
return 1
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
_neo_rest() {
m=$1
ep="$2"
data="$3"
_debug "$ep"
export _H1="X-TCPanel-Token: $NEODIGIT_API_TOKEN"
export _H2="Content-Type: application/json"
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$NEODIGIT_API_URL/$ep" "" "$m")"
else
response="$(_get "$NEODIGIT_API_URL/$ep")"
fi
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
return 0
}

View File

@ -13,12 +13,24 @@ dns_nsupdate_add() {
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
_saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}" _saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
_saveaccountconf NSUPDATE_ZONE "${NSUPDATE_ZONE}"
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\"" _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
nsupdate -k "${NSUPDATE_KEY}" <<EOF [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
if [ -z "${NSUPDATE_ZONE}" ]; then
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT} server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
update add ${fulldomain}. 60 in txt "${txtvalue}" update add ${fulldomain}. 60 in txt "${txtvalue}"
send send
EOF EOF
else
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
zone ${NSUPDATE_ZONE}.
update add ${fulldomain}. 60 in txt "${txtvalue}"
send
EOF
fi
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
_err "error updating domain" _err "error updating domain"
return 1 return 1
@ -34,11 +46,22 @@ dns_nsupdate_rm() {
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53 [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
_info "removing ${fulldomain}. txt" _info "removing ${fulldomain}. txt"
nsupdate -k "${NSUPDATE_KEY}" <<EOF [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
if [ -z "${NSUPDATE_ZONE}" ]; then
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT} server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
update delete ${fulldomain}. txt update delete ${fulldomain}. txt
send send
EOF EOF
else
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
zone ${NSUPDATE_ZONE}.
update delete ${fulldomain}. txt
send
EOF
fi
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
_err "error updating domain" _err "error updating domain"
return 1 return 1