From 603301418968da0550c191700e1b46b615160d71 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Thu, 6 Oct 2016 16:16:51 +0200 Subject: [PATCH 01/11] remove dns rr when finished --- acme.sh | 59 +++++++++++++++++++++++++++ dnsapi/dns_cf.sh | 5 +++ dnsapi/dns_cx.sh | 5 +++ dnsapi/dns_dp.sh | 5 +++ dnsapi/dns_gd.sh | 5 +++ dnsapi/dns_lexicon.sh | 5 +++ dnsapi/dns_myapi.sh | 7 +++- dnsapi/dns_nsupdate.sh | 92 ++++++++++++++++++++++++++++++++++++++++++ dnsapi/dns_ovh.sh | 5 +++ 9 files changed, 187 insertions(+), 1 deletion(-) create mode 100755 dnsapi/dns_nsupdate.sh diff --git a/acme.sh b/acme.sh index c385beb3..58cec499 100755 --- a/acme.sh +++ b/acme.sh @@ -1746,6 +1746,58 @@ _clearupwebbroot() { } +_clearupdnsrr() { + _debug "_clearupdnsrr {$@}" + [ "$1" -eq "1" ] || return 0 + [ -n "$2" ] || return 0 + txtdomain="_acme-challenge.$2" + + d_api="" + if [ -f "$LE_WORKING_DIR/$d/$_currentRoot" ] ; then + d_api="$LE_WORKING_DIR/$d/$_currentRoot" + elif [ -f "$LE_WORKING_DIR/$d/$_currentRoot.sh" ] ; then + d_api="$LE_WORKING_DIR/$d/$_currentRoot.sh" + elif [ -f "$LE_WORKING_DIR/$_currentRoot" ] ; then + d_api="$LE_WORKING_DIR/$_currentRoot" + elif [ -f "$LE_WORKING_DIR/$_currentRoot.sh" ] ; then + d_api="$LE_WORKING_DIR/$_currentRoot.sh" + elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot" ] ; then + d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot" + elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot.sh" ] ; then + d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot.sh" + fi + _debug d_api "$d_api" + + if [ "$d_api" ] ; then + _info "Found domain api file: $d_api" + else + _err "Remove the following TXT record:" + _err "Domain: '$(__green $txtdomain)'" + _err "Please be aware that you prepend _acme-challenge. before your domain" + _err "so the resulting subdomain will be: $txtdomain" + return 0 + fi + + if ! . $d_api ; then + _err "Load file $d_api error. Please check your api file and try again." + return 1 + fi + + delcommand="${_currentRoot}_del" + + if ! _exists $delcommand ; then + _err "It seems that your api file is not correct, it must have a function named: $delcommand" + return 1 + fi + + if ! $delcommand $txtdomain ; then + _err "Error del txt for domain:$txtdomain" + return 1 + fi + + return 0 +} + _on_before_issue() { _debug _on_before_issue if _hasfield "$Le_Webroot" "$NO_VALUE" ; then @@ -2381,6 +2433,7 @@ issue() { if ! _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}" ; then _err "$d:Can not get challenge: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearupdnsrr $dnsadded $d _clearup _on_issue_err return 1 @@ -2389,6 +2442,7 @@ issue() { if [ ! -z "$code" ] && [ ! "$code" = '202' ] ; then _err "$d:Challenge error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearupdnsrr $dnsadded $d _clearup _on_issue_err return 1 @@ -2404,6 +2458,7 @@ issue() { if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ] ; then _err "$d:Timeout" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearupdnsrr $dnsadded $d _clearup _on_issue_err return 1 @@ -2416,6 +2471,7 @@ issue() { if [ "$?" != "0" ] ; then _err "$d:Verify error:$response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearupdnsrr $dnsadded $d _clearup _on_issue_err return 1 @@ -2431,6 +2487,7 @@ issue() { _stopserver $serverproc serverproc="" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearupdnsrr $dnsadded $d break; fi @@ -2451,6 +2508,7 @@ issue() { fi fi _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearupdnsrr $dnsadded $d _clearup _on_issue_err return 1; @@ -2461,6 +2519,7 @@ issue() { else _err "$d:Verify error:$response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearupdnsrr $dnsadded $d _clearup _on_issue_err return 1 diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index 19d95c1a..67c7c7e5 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -11,6 +11,11 @@ CF_Api="https://api.cloudflare.com/client/v4" ######## Public functions ##################### +dns_cf_del(){ + _err "Not implemented!" + return 1 +} + #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_cf_add(){ fulldomain=$1 diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh index 1a2e04e7..6069207c 100755 --- a/dnsapi/dns_cx.sh +++ b/dnsapi/dns_cx.sh @@ -13,6 +13,11 @@ CX_Api="https://www.cloudxns.net/api2" #REST_API ######## Public functions ##################### +dns_cx_del(){ + _err "Not implemented!" + return 1 +} + #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_cx_add() { fulldomain=$1 diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 49e8c77f..397ae9a9 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -13,6 +13,11 @@ DP_Api="https://dnsapi.cn" #REST_API ######## Public functions ##################### +dns_dp_del(){ + _err "Not implemented!" + return 1 +} + #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dp_add() { fulldomain=$1 diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index c25de32d..58787643 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -11,6 +11,11 @@ GD_Api="https://api.godaddy.com/v1" ######## Public functions ##################### +dns_gd_del(){ + _err "Not implemented!" + return 1 +} + #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_gd_add(){ fulldomain=$1 diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 5e78a2d9..88311ca0 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -9,6 +9,11 @@ wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api" ######## Public functions ##################### +dns_lexicon_del(){ + _err "Not implemented!" + return 1 +} + #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_lexicon_add() { fulldomain=$1 diff --git a/dnsapi/dns_myapi.sh b/dnsapi/dns_myapi.sh index a29b9ff1..86f0de8c 100755 --- a/dnsapi/dns_myapi.sh +++ b/dnsapi/dns_myapi.sh @@ -18,6 +18,11 @@ dns_myapi_add() { return 1; } +#Usage: dns_myapi_del _acme-challenge.www.domain.com +dns_myapi_del(){ + _err "Not implemented!" + return 1 +} @@ -49,4 +54,4 @@ _debug2() { _debug "$@" fi return -} \ No newline at end of file +} diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh new file mode 100755 index 00000000..ef110776 --- /dev/null +++ b/dnsapi/dns_nsupdate.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash + + +######## Public functions ##################### + +#Usage: dns_nsupdate_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_nsupdate_add() { + fulldomain=$1 + txtvalue=$2 + _checkKeyFile || return 1 + NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost} + tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX) + cat > ${tmp} <> ${NSUPDATE_LOG} + + return 0 +} + +#Usage: dns_nsupdate_del _acme-challenge.www.domain.com +dns_nsupdate_del() { + fulldomain=$1 + _checkKeyFile || return 1 + NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost} + tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX) + cat > ${tmp} <&2 + return 1 +} + +_debug() { + if [ -z "$DEBUG" ] ; then + return + fi + _err "$@" + return 0 +} + +_debug2() { + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + _debug "$@" + fi + return +} diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index 443aec6f..66435b56 100644 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -86,6 +86,11 @@ _ovh_get_api() { ######## Public functions ##################### +dns_ovh_del(){ + _err "Not implemented!" + return 1 +} + #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_ovh_add(){ fulldomain=$1 From 065229e6bec48723275041da483d71b83677a902 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Thu, 6 Oct 2016 16:20:21 +0200 Subject: [PATCH 02/11] remove experimental nsupdate log --- dnsapi/dns_nsupdate.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh index ef110776..76637de5 100755 --- a/dnsapi/dns_nsupdate.sh +++ b/dnsapi/dns_nsupdate.sh @@ -22,7 +22,6 @@ EOF return 1 fi rm -f ${tmp} - [ -n "${NSUPDATE_LOG}" ] && echo "${fulldomain}" >> ${NSUPDATE_LOG} return 0 } From d9189a3b4d8732374e4d3c5da3f93c0570843b4b Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Thu, 6 Oct 2016 16:20:43 +0200 Subject: [PATCH 03/11] documentation; remove useless debug line --- acme.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 58cec499..70f5f593 100755 --- a/acme.sh +++ b/acme.sh @@ -1747,7 +1747,6 @@ _clearupwebbroot() { } _clearupdnsrr() { - _debug "_clearupdnsrr {$@}" [ "$1" -eq "1" ] || return 0 [ -n "$2" ] || return 0 txtdomain="_acme-challenge.$2" @@ -3232,6 +3231,11 @@ _initconf() { # #GD_Secret=\"sADDsdasdfsdfdssdgdsf\" +####################### +#nsupdate: +#NSUPDATE_KEY=\"/path/to/update.key\" +#NSUPDATE_SERVER=\"192.168.0.1\" + " > $ACCOUNT_CONF_PATH fi } From 797d7a27330c69d63ceaac5c2ddcc014a261ab1b Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Fri, 7 Oct 2016 10:44:59 +0200 Subject: [PATCH 04/11] acme.sh fails if the target path does not exist --- acme.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 70f5f593..6f6fd80d 100755 --- a/acme.sh +++ b/acme.sh @@ -2897,7 +2897,7 @@ _installcert() { if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ] ; then cp "$Le_RealCertPath" "$Le_RealCertPath".bak fi - cat "$CERT_PATH" > "$Le_RealCertPath" + install -D "$CERT_PATH" "$Le_RealCertPath" fi if [ "$Le_RealCACertPath" ] ; then @@ -2910,7 +2910,7 @@ _installcert() { if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ] ; then cp "$Le_RealCACertPath" "$Le_RealCACertPath".bak fi - cat "$CA_CERT_PATH" > "$Le_RealCACertPath" + install -D "$CA_CERT_PATH" "$Le_RealCACertPath" fi fi @@ -2921,7 +2921,7 @@ _installcert() { if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ] ; then cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak fi - cat "$CERT_KEY_PATH" > "$Le_RealKeyPath" + install -D "$CERT_KEY_PATH" "$Le_RealKeyPath" fi if [ "$Le_RealFullChainPath" ] ; then @@ -2930,7 +2930,7 @@ _installcert() { if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ] ; then cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak fi - cat "$CERT_FULLCHAIN_PATH" > "$Le_RealFullChainPath" + install -D "$CERT_FULLCHAIN_PATH" "$Le_RealFullChainPath" fi if [ "$Le_ReloadCmd" ] ; then From 31f3ac857e35d4918f2dbebd71c2917caa8bd5eb Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Fri, 7 Oct 2016 10:48:17 +0200 Subject: [PATCH 05/11] spooky --- acme.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 6f6fd80d..848138fc 100755 --- a/acme.sh +++ b/acme.sh @@ -3295,9 +3295,7 @@ _installalias() { _envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env" if [ "$_upgrading" ] && [ "$_upgrading" = "1" ] ; then - echo "$(cat $_envfile)" | sed "s|^LE_WORKING_DIR.*$||" > "$_envfile" - echo "$(cat $_envfile)" | sed "s|^alias le.*$||" > "$_envfile" - echo "$(cat $_envfile)" | sed "s|^alias le.sh.*$||" > "$_envfile" + sed -i '/^LE_WORKING_DIR/d;/^alias le/d' "$_envfile" fi _setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\"" From 88c4d15c7701978f813ae2d408667bc96035f131 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Fri, 7 Oct 2016 10:55:59 +0200 Subject: [PATCH 06/11] that's a one-liner.. --- acme.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index 848138fc..e65861c3 100755 --- a/acme.sh +++ b/acme.sh @@ -3440,20 +3440,17 @@ uninstall() { _profile="$(_detect_profile)" if [ "$_profile" ] ; then - text="$(cat $_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.env\"$||" > "$_profile" + sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.env/d" "$_profile" fi _csh_profile="$HOME/.cshrc" if [ -f "$_csh_profile" ] ; then - text="$(cat $_csh_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" > "$_csh_profile" + sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.csh/d" "$_csh_profile" fi _tcsh_profile="$HOME/.tcshrc" if [ -f "$_tcsh_profile" ] ; then - text="$(cat $_tcsh_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" > "$_tcsh_profile" + sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.csh/d" "$_tcsh_profile" fi rm -f $LE_WORKING_DIR/$PROJECT_ENTRY From e3365baf4cf85dd56cbfcc4ef2707c167c55144d Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Fri, 7 Oct 2016 11:10:20 +0200 Subject: [PATCH 07/11] name conflict (install is a common binary) --- acme.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index e65861c3..8643f089 100755 --- a/acme.sh +++ b/acme.sh @@ -3331,7 +3331,7 @@ _installalias() { } # nocron -install() { +_install() { if [ -z "$LE_WORKING_DIR" ] ; then LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" @@ -3431,7 +3431,7 @@ install() { } # nocron -uninstall() { +_uninstall() { _nocron="$1" if [ -z "$_nocron" ] ; then uninstallcronjob @@ -3603,7 +3603,7 @@ _installOnline() { ) } -upgrade() { +_upgrade() { if ( _initpath export LE_WORKING_DIR @@ -4033,9 +4033,9 @@ _process() { fi case "${_CMD}" in - install) install "$_nocron" ;; - uninstall) uninstall "$_nocron" ;; - upgrade) upgrade ;; + install) _install "$_nocron" ;; + uninstall) _uninstall "$_nocron" ;; + upgrade) _upgrade ;; issue) issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" ;; From 9b9a7e15c2dc55b22e983e0c77c9c9ca7d9f07fd Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Fri, 7 Oct 2016 14:19:31 +0200 Subject: [PATCH 08/11] install with 0640 --- acme.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 8643f089..4c73cc88 100755 --- a/acme.sh +++ b/acme.sh @@ -2897,7 +2897,7 @@ _installcert() { if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ] ; then cp "$Le_RealCertPath" "$Le_RealCertPath".bak fi - install -D "$CERT_PATH" "$Le_RealCertPath" + install -D -m0640 "$CERT_PATH" "$Le_RealCertPath" fi if [ "$Le_RealCACertPath" ] ; then @@ -2910,7 +2910,7 @@ _installcert() { if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ] ; then cp "$Le_RealCACertPath" "$Le_RealCACertPath".bak fi - install -D "$CA_CERT_PATH" "$Le_RealCACertPath" + install -D -m0640 "$CA_CERT_PATH" "$Le_RealCACertPath" fi fi @@ -2921,7 +2921,7 @@ _installcert() { if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ] ; then cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak fi - install -D "$CERT_KEY_PATH" "$Le_RealKeyPath" + install -D -m0640 "$CERT_KEY_PATH" "$Le_RealKeyPath" fi if [ "$Le_RealFullChainPath" ] ; then @@ -2930,7 +2930,7 @@ _installcert() { if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ] ; then cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak fi - install -D "$CERT_FULLCHAIN_PATH" "$Le_RealFullChainPath" + install -D -m0640 "$CERT_FULLCHAIN_PATH" "$Le_RealFullChainPath" fi if [ "$Le_ReloadCmd" ] ; then From 7efdc89bbfb2938bfe79ef85b69c7c5bb8c08ec0 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Tue, 11 Oct 2016 16:49:25 +0200 Subject: [PATCH 09/11] testcommit --- foo | 1 + 1 file changed, 1 insertion(+) create mode 100644 foo diff --git a/foo b/foo new file mode 100644 index 00000000..9daeafb9 --- /dev/null +++ b/foo @@ -0,0 +1 @@ +test From fe0cb31e626de6fd9b77d6b408a92e8032bb3294 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Tue, 11 Oct 2016 16:50:37 +0200 Subject: [PATCH 10/11] testcommit 2 --- foo | 1 - 1 file changed, 1 deletion(-) delete mode 100644 foo diff --git a/foo b/foo deleted file mode 100644 index 9daeafb9..00000000 --- a/foo +++ /dev/null @@ -1 +0,0 @@ -test From f16c30baaf256fa02ba723d3d8368c5f5835ac9d Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Sun, 23 Oct 2016 17:39:56 +0200 Subject: [PATCH 11/11] add _saveaccountconf --- dnsapi/dns_nsupdate.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh index 76637de5..12313f65 100755 --- a/dnsapi/dns_nsupdate.sh +++ b/dnsapi/dns_nsupdate.sh @@ -9,6 +9,9 @@ dns_nsupdate_add() { txtvalue=$2 _checkKeyFile || return 1 NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost} + # save the dns server and key to the account conf file. + _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" + _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX) cat > ${tmp} <