From 41ba9b15ca8fd68b0329cdb9065142ec1e9354c8 Mon Sep 17 00:00:00 2001 From: gaby64 Date: Wed, 30 Mar 2022 13:50:10 -0400 Subject: [PATCH] Handle many domain cert with many accounts My solution is to use dynamic variables and append the domain with the dot replaced by an underscore to the variable so you can export a set for each domain. Better yet would be to make use of the json file "/etc/letsencrypt/acmedns.json" that contains the accounts. Similar to how it is used here: https://github.com/joohoi/acme-dns-certbot-joohoi/blob/master/acme-dns-auth.py --- dnsapi/dns_acmedns.sh | 64 +++++++++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 27 deletions(-) diff --git a/dnsapi/dns_acmedns.sh b/dnsapi/dns_acmedns.sh index 057f9742..1fcd4c77 100755 --- a/dnsapi/dns_acmedns.sh +++ b/dnsapi/dns_acmedns.sh @@ -9,9 +9,10 @@ # # You can optionally define an already existing account: # -# export ACMEDNS_USERNAME="" -# export ACMEDNS_PASSWORD="" -# export ACMEDNS_SUBDOMAIN="" +# replace . in domain with _ +# export ACMEDNS_USERNAME_$domain="" +# export ACMEDNS_PASSWORD_$domain="" +# export ACMEDNS_SUBDOMAIN_$domain="" # ######## Public functions ##################### @@ -19,23 +20,31 @@ # Used to add txt record dns_acmedns_add() { fulldomain=$1 + i=2 + d=$(printf "%s" "$fulldomain" | cut -d . -f $i-100) + h="${d/./_}" txtvalue=$2 _info "Using acme-dns" _debug "fulldomain $fulldomain" + _debug "domain $d" + _debug "$h" _debug "txtvalue $txtvalue" #for compatiblity from account conf - ACMEDNS_USERNAME="${ACMEDNS_USERNAME:-$(_readaccountconf_mutable ACMEDNS_USERNAME)}" - _clearaccountconf_mutable ACMEDNS_USERNAME - ACMEDNS_PASSWORD="${ACMEDNS_PASSWORD:-$(_readaccountconf_mutable ACMEDNS_PASSWORD)}" - _clearaccountconf_mutable ACMEDNS_PASSWORD - ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN:-$(_readaccountconf_mutable ACMEDNS_SUBDOMAIN)}" - _clearaccountconf_mutable ACMEDNS_SUBDOMAIN + ACMEDNS_USERNAME="ACMEDNS_USERNAME_$h" + export ACMEDNS_USERNAME_$h="${!ACMEDNS_USERNAME:-$(_readaccountconf_mutable ACMEDNS_USERNAME)}" + _clearaccountconf_mutable $ACMEDNS_USERNAME + ACMEDNS_PASSWORD="ACMEDNS_PASSWORD_$h" + export ACMEDNS_PASSWORD_$h="${!ACMEDNS_PASSWORD:-$(_readaccountconf_mutable ACMEDNS_PASSWORD)}" + _clearaccountconf_mutable $ACMEDNS_PASSWORD + ACMEDNS_SUBDOMAIN="ACMEDNS_SUBDOMAIN_$h" + export ACMEDNS_SUBDOMAIN_$h="${!ACMEDNS_SUBDOMAIN:-$(_readaccountconf_mutable ACMEDNS_SUBDOMAIN)}" + _clearaccountconf_mutable $ACMEDNS_SUBDOMAIN ACMEDNS_BASE_URL="${ACMEDNS_BASE_URL:-$(_readdomainconf ACMEDNS_BASE_URL)}" - ACMEDNS_USERNAME="${ACMEDNS_USERNAME:-$(_readdomainconf ACMEDNS_USERNAME)}" - ACMEDNS_PASSWORD="${ACMEDNS_PASSWORD:-$(_readdomainconf ACMEDNS_PASSWORD)}" - ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN:-$(_readdomainconf ACMEDNS_SUBDOMAIN)}" + export ACMEDNS_USERNAME_$h="${!ACMEDNS_USERNAME:-$(_readdomainconf ACMEDNS_USERNAME)}" + export ACMEDNS_PASSWORD_$h="${!ACMEDNS_PASSWORD:-$(_readdomainconf ACMEDNS_PASSWORD)}" + export ACMEDNS_SUBDOMAIN_$h="${!ACMEDNS_SUBDOMAIN:-$(_readdomainconf ACMEDNS_SUBDOMAIN)}" if [ "$ACMEDNS_BASE_URL" = "" ]; then ACMEDNS_BASE_URL="https://auth.acme-dns.io" @@ -44,31 +53,32 @@ dns_acmedns_add() { ACMEDNS_UPDATE_URL="$ACMEDNS_BASE_URL/update" ACMEDNS_REGISTER_URL="$ACMEDNS_BASE_URL/register" - if [ -z "$ACMEDNS_USERNAME" ] || [ -z "$ACMEDNS_PASSWORD" ]; then + if [ -z "${!ACMEDNS_USERNAME}" ] || [ -z "${!ACMEDNS_PASSWORD}" ]; then response="$(_post "" "$ACMEDNS_REGISTER_URL" "" "POST")" _debug response "$response" - ACMEDNS_USERNAME=$(echo "$response" | sed -n 's/^{.*\"username\":[ ]*\"\([^\"]*\)\".*}/\1/p') - _debug "received username: $ACMEDNS_USERNAME" - ACMEDNS_PASSWORD=$(echo "$response" | sed -n 's/^{.*\"password\":[ ]*\"\([^\"]*\)\".*}/\1/p') - _debug "received password: $ACMEDNS_PASSWORD" - ACMEDNS_SUBDOMAIN=$(echo "$response" | sed -n 's/^{.*\"subdomain\":[ ]*\"\([^\"]*\)\".*}/\1/p') - _debug "received subdomain: $ACMEDNS_SUBDOMAIN" - ACMEDNS_FULLDOMAIN=$(echo "$response" | sed -n 's/^{.*\"fulldomain\":[ ]*\"\([^\"]*\)\".*}/\1/p') + export ACMEDNS_USERNAME_$h=$(echo "$response" | sed -n 's/^{.*\"username\":[ ]*\"\([^\"]*\)\".*}/\1/p') + _debug "received username: ${!ACMEDNS_USERNAME}" + export ACMEDNS_PASSWORD_$h=$(echo "$response" | sed -n 's/^{.*\"password\":[ ]*\"\([^\"]*\)\".*}/\1/p') + _debug "received password: ${!ACMEDNS_PASSWORD}" + export ACMEDNS_SUBDOMAIN_$h=$(echo "$response" | sed -n 's/^{.*\"subdomain\":[ ]*\"\([^\"]*\)\".*}/\1/p') + _debug "received subdomain: ${!ACMEDNS_SUBDOMAIN}" + ACMEDNS_FULLDOMAIN="ACMEDNS_FULLDOMAIN_$h" + export ACMEDNS_FULLDOMAIN_$h=$(echo "$response" | sed -n 's/^{.*\"fulldomain\":[ ]*\"\([^\"]*\)\".*}/\1/p') _info "##########################################################" - _info "# Create $fulldomain CNAME $ACMEDNS_FULLDOMAIN DNS entry #" + _info "# Create $fulldomain CNAME ${!ACMEDNS_FULLDOMAIN} DNS entry #" _info "##########################################################" _info "Press enter to continue... " read -r _ fi _savedomainconf ACMEDNS_BASE_URL "$ACMEDNS_BASE_URL" - _savedomainconf ACMEDNS_USERNAME "$ACMEDNS_USERNAME" - _savedomainconf ACMEDNS_PASSWORD "$ACMEDNS_PASSWORD" - _savedomainconf ACMEDNS_SUBDOMAIN "$ACMEDNS_SUBDOMAIN" + _savedomainconf $ACMEDNS_USERNAME "${!ACMEDNS_USERNAME}" + _savedomainconf $ACMEDNS_PASSWORD "${!ACMEDNS_PASSWORD}" + _savedomainconf $ACMEDNS_SUBDOMAIN "${!ACMEDNS_SUBDOMAIN}" - export _H1="X-Api-User: $ACMEDNS_USERNAME" - export _H2="X-Api-Key: $ACMEDNS_PASSWORD" - data="{\"subdomain\":\"$ACMEDNS_SUBDOMAIN\", \"txt\": \"$txtvalue\"}" + export _H1="X-Api-User: ${!ACMEDNS_USERNAME}" + export _H2="X-Api-Key: ${!ACMEDNS_PASSWORD}" + data="{\"subdomain\":\"${!ACMEDNS_SUBDOMAIN}\", \"txt\": \"$txtvalue\"}" _debug data "$data" response="$(_post "$data" "$ACMEDNS_UPDATE_URL" "" "POST")"