remove dns rr when finished

acme.sh

@@ -1746,6 +1746,58 @@ _clearupwebbroot() {
 
 }
 
+_clearupdnsrr() {
+  _debug "_clearupdnsrr {$@}"
+  [ "$1" -eq "1" ] || return 0
+  [ -n "$2"  ] || return 0
+  txtdomain="_acme-challenge.$2"
+
+  d_api=""
+  if [ -f "$LE_WORKING_DIR/$d/$_currentRoot" ] ; then
+    d_api="$LE_WORKING_DIR/$d/$_currentRoot"
+  elif [ -f "$LE_WORKING_DIR/$d/$_currentRoot.sh" ] ; then
+    d_api="$LE_WORKING_DIR/$d/$_currentRoot.sh"
+  elif [ -f "$LE_WORKING_DIR/$_currentRoot" ] ; then
+    d_api="$LE_WORKING_DIR/$_currentRoot"
+  elif [ -f "$LE_WORKING_DIR/$_currentRoot.sh" ] ; then
+    d_api="$LE_WORKING_DIR/$_currentRoot.sh"
+  elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot" ] ; then
+    d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot"
+  elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot.sh" ] ; then
+    d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot.sh"
+  fi
+  _debug d_api "$d_api"
+
+  if [ "$d_api" ] ; then
+    _info "Found domain api file: $d_api"
+  else
+    _err "Remove the following TXT record:"
+    _err "Domain: '$(__green $txtdomain)'"
+    _err "Please be aware that you prepend _acme-challenge. before your domain"
+    _err "so the resulting subdomain will be: $txtdomain"
+    return 0
+  fi
+
+  if ! . $d_api ; then
+    _err "Load file $d_api error. Please check your api file and try again."
+    return 1
+  fi
+
+  delcommand="${_currentRoot}_del"
+
+  if ! _exists $delcommand ; then
+    _err "It seems that your api file is not correct, it must have a function named: $delcommand"
+    return 1
+  fi
+
+  if ! $delcommand $txtdomain ; then
+    _err "Error del txt for domain:$txtdomain"
+    return 1
+  fi
+
+  return 0
+}
+
 _on_before_issue() {
   _debug _on_before_issue
   if _hasfield "$Le_Webroot" "$NO_VALUE" ; then
@@ -2381,6 +2433,7 @@ issue() {
     if ! _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}" ; then
       _err "$d:Can not get challenge: $response"
       _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+      _clearupdnsrr $dnsadded $d
       _clearup
       _on_issue_err
       return 1
@@ -2389,6 +2442,7 @@ issue() {
     if [ ! -z "$code" ] && [ ! "$code" = '202' ] ; then
       _err "$d:Challenge error: $response"
       _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+      _clearupdnsrr $dnsadded $d
       _clearup
       _on_issue_err
       return 1
@@ -2404,6 +2458,7 @@ issue() {
       if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ] ; then
         _err "$d:Timeout"
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+        _clearupdnsrr $dnsadded $d
         _clearup
         _on_issue_err
         return 1
@@ -2416,6 +2471,7 @@ issue() {
       if [ "$?" != "0" ] ; then
         _err "$d:Verify error:$response"
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+        _clearupdnsrr $dnsadded $d
         _clearup
         _on_issue_err
         return 1
@@ -2431,6 +2487,7 @@ issue() {
         _stopserver $serverproc
         serverproc=""
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+        _clearupdnsrr $dnsadded $d
         break;
       fi
       
@@ -2451,6 +2508,7 @@ issue() {
            fi
          fi
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+        _clearupdnsrr $dnsadded $d
         _clearup
         _on_issue_err
         return 1;
@@ -2461,6 +2519,7 @@ issue() {
       else
         _err "$d:Verify error:$response" 
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+        _clearupdnsrr $dnsadded $d
         _clearup
         _on_issue_err
         return 1

dnsapi/dns_cf.sh

@@ -11,6 +11,11 @@ CF_Api="https://api.cloudflare.com/client/v4"
 
 ########  Public functions #####################
 
+dns_cf_del(){
+  _err "Not implemented!"
+  return 1
+}
+
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_cf_add(){
   fulldomain=$1

dnsapi/dns_cx.sh

@@ -13,6 +13,11 @@ CX_Api="https://www.cloudxns.net/api2"
 #REST_API
 ########  Public functions #####################
 
+dns_cx_del(){
+  _err "Not implemented!"
+  return 1
+}
+
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_cx_add() {
   fulldomain=$1

dnsapi/dns_dp.sh

@@ -13,6 +13,11 @@ DP_Api="https://dnsapi.cn"
 #REST_API
 ########  Public functions #####################
 
+dns_dp_del(){
+  _err "Not implemented!"
+  return 1
+}
+
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_dp_add() {
   fulldomain=$1

dnsapi/dns_gd.sh

@@ -11,6 +11,11 @@ GD_Api="https://api.godaddy.com/v1"
 
 ########  Public functions #####################
 
+dns_gd_del(){
+  _err "Not implemented!"
+  return 1
+}
+
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_gd_add(){
   fulldomain=$1

dnsapi/dns_lexicon.sh

@@ -9,6 +9,11 @@ wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api"
 
 ########  Public functions #####################
 
+dns_lexicon_del(){
+  _err "Not implemented!"
+  return 1
+}
+
 #Usage: add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_lexicon_add() {
   fulldomain=$1

dnsapi/dns_myapi.sh

@@ -18,6 +18,11 @@ dns_myapi_add() {
   return 1;
 }
 
+#Usage: dns_myapi_del   _acme-challenge.www.domain.com
+dns_myapi_del(){
+  _err "Not implemented!"
+  return 1
+}
 
 
 
@@ -49,4 +54,4 @@ _debug2() {
     _debug "$@"
   fi
   return
-}
+}

dnsapi/dns_nsupdate.sh

@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+
+
+########  Public functions #####################
+
+#Usage: dns_nsupdate_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_nsupdate_add() {
+  fulldomain=$1
+  txtvalue=$2
+  _checkKeyFile || return 1
+  NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost}
+  tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX)
+  cat > ${tmp} <<EOF
+server ${NSUPDATE_SERVER}
+update add ${fulldomain}. 60 in txt "${txtvalue}"
+send
+EOF
+  _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
+  nsupdate -k ${NSUPDATE_KEY} ${tmp}
+  if [ $? -ne 0 ]; then
+    _err "error updating domain, see ${tmp} for details"
+    return 1
+  fi
+  rm -f ${tmp}
+  [ -n "${NSUPDATE_LOG}" ] && echo "${fulldomain}" >> ${NSUPDATE_LOG}
+  
+  return 0
+}
+
+#Usage: dns_nsupdate_del   _acme-challenge.www.domain.com
+dns_nsupdate_del() {
+  fulldomain=$1
+  _checkKeyFile || return 1
+  NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost}
+  tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX)
+  cat > ${tmp} <<EOF
+server ${NSUPDATE_SERVER}
+update delete ${fulldomain}. txt
+send
+EOF
+  _info "removing ${fulldomain}. txt"
+  nsupdate -k ${NSUPDATE_KEY} ${tmp}
+  if [ $? -ne 0 ]; then
+    _err "error updating domain, see ${tmp} for details"
+    return 1
+  fi
+  rm -f ${tmp}
+
+  return 0
+}
+
+
+####################  Private functions bellow ##################################
+
+_checkKeyFile() {
+  if [ -z "${NSUPDATE_KEY}" ]; then
+    _err "you must specify a path to the nsupdate key file"
+    return 1
+  fi
+  if [ ! -r "${NSUPDATE_KEY}" ]; then
+    _err "key ${NSUPDATE_KEY} is unreadable"
+    return 1
+  fi
+}
+
+_info() {
+  if [ -z "$2" ] ; then
+    echo "[$(date)] $1"
+  else
+    echo "[$(date)] $1='$2'"
+  fi
+}
+
+_err() {
+  _info "$@" >&2
+  return 1
+}
+
+_debug() {
+  if [ -z "$DEBUG" ] ; then
+    return
+  fi
+  _err "$@"
+  return 0
+}
+
+_debug2() {
+  if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then
+    _debug "$@"
+  fi
+  return
+}

dnsapi/dns_ovh.sh

@@ -86,6 +86,11 @@ _ovh_get_api() {
 
 ########  Public functions #####################
 
+dns_ovh_del(){
+  _err "Not implemented!"
+  return 1
+}
+
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_ovh_add(){
   fulldomain=$1