From 691b5730913d1c0b118c90451075e99b29c98c0f Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Tue, 27 Feb 2018 16:33:06 -0600
Subject: [PATCH 01/17] Rough work in progress
Attempting to handle multiple vhosts across multiple unknown domains.
Make edits to each conf file and roll back as necessary.
---
deploy/apache.sh | 252 +++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 242 insertions(+), 10 deletions(-)
diff --git a/deploy/apache.sh b/deploy/apache.sh
index 7b34bd5f..97779367 100644
--- a/deploy/apache.sh
+++ b/deploy/apache.sh
@@ -1,12 +1,218 @@
#!/usr/bin/env sh
-
+# TESTING!!! #
#Here is a script to deploy cert to apache server.
#returns 0 means success, otherwise error.
-
+#acme.sh --install-cert -d example.com \
+#--cert-file /path/to/certfile/in/apache/cert.pem \
+#--key-file /path/to/keyfile/in/apache/key.pem \
+#--fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \
+#--reloadcmd "service apache2 force-reload"
######## Public functions #####################
+set -x
+# get rid of _APACHECTL, and _exec after testing
+_APACHECTL='httpd'
+
+_exec() {
+ eval "$@"
+}
+
+## $1 : new cert location $2: cp to location
+_cpCert() {
+ #return 0
+ if cp -f ${1} ${2} && chmod 600 ${2}; then
+ return 0
+ fi
+ return 1
+}
+
+_vhostBackupConf() {
+ #return 0
+ if cp -f "${1}" "${1}.bak"; then
+ return 0
+ fi
+ return 1
+}
+
+_vhostRestoreConf() {
+ #return 0
+ if cp -f "${1}.bak" "${1}"; then
+ return 0
+ fi
+ return 1
+}
+
+_testConf() {
+ if ! _exec $_APACHECTL -t; then
+ return 1
+ fi
+ return 0
+}
+
+## $1 : vhost config file to check and edit. $2: domain $3: port
+_vhostConf() {
+ if ! _vhostBackupConf "$1"; then
+ # do something
+ testvar=''
+ fi
+
+ serverName=$(awk '/ServerName/,/$/' "$1")
+ serverName=$(awk -F ' ' '{print $2}' <<< ${serverName})
+ serverAlias=$(awk '/ServerAlias/,/$/' "$1")
+ serverAlias=$(awk -F ' ' '{print $2}' <<< ${serverAlias})
+ docRoot=$(awk '/DocumentRoot/,/$/' "$1")
+ docRoot=$(awk -F ' ' '{print $2}' <<< ${docRoot})
+ rootParent=$(dirname ${docRoot})
+ pri=$rootParent/ssl/private
+ pub=$rootParent/ssl/public
+ mkdir -m 700 -p ${pri:1}
+ mkdir -m 700 -p ${pub:1}
+ sslEng=$(awk '/SSLEngine/,/$/' "$1")
+ sslEng=$(awk -F ' ' '{print $2}' <<< ${sslEng})
+ sslPro=$(awk '/SSLProtocol/,/$/' "$1")
+ sslPro=$(awk -F ' ' '{print $2}' <<< ${sslPro})
+ sslCiph=$(awk '/SSLCipherSuite/,/$/' "$1")
+ sslCiph=$(awk -F ' ' '{print $2}' <<< ${sslCiph})
+ ciphOrd=$(awk '/SSLHonorCipherOrder/,/$/' "$1")
+ ciphOrd=$(awk -F ' ' '{print $2}' <<< ${ciphOrd})
+ crtFile=$(awk '/SSLCertificateFile/,/$/' "$1")
+ crtFile=$(awk -F ' ' '{print $2}' <<< ${crtFile})
+ keyFile=$(awk '/SSLCertificateKeyFile/,/$/' "$1")
+ keyFile=$(awk -F ' ' '{print $2}' <<< ${keyFile})
+ chainFile=$(awk '/SSLCertificateChainFile/,/$/' "$1")
+ chainFile=$(awk -F ' ' '{print $2}' <<< ${chainFile})
+ locSec1='
+ RewriteEngine On
+ RewriteRule .* https://${matchServerName}/%{REQUEST_URI}/ [R=301,L,QSA]
+
+EOF
+)
+ sed -i '/"${reWriteBlock}"/i ' "${confMatch}"
+ return 0
+ fi
+ return 1
+ fi
+ if grep -q 'SSLEngine' "$1"; then
+ sed -i '/SSLEngine /c\SSLEngine On' "$1"
+ sed -i '/SSLProtocol /c\SSLProtocol -all +TLSv1.2' "$1"
+ sed -i '/SSLCipherSuite /c\SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS' "$1"
+ sed -i '/SSLHonorCipherOrder /c\SSLHonorCipherOrder on' "$1"
+ sed -i '/SSLCertificateFile /c\SSLCertificateFile ${rootParent}/ssl/public/${serverName}.crt' "$1"
+ sed -i '/SSLCertificateChainFile /c\SSLCertificateChainFile ${rootParent}/ssl/public/${serverName}.chain.crt' "$1"
+ sed -i '/SSLCertificateKeyFile /c\SSLCertificateKeyFile ${rootParent}/ssl/private/${serverName}.key' "$1"
+ testvar=''
+ else
+ sslBlock=$(cat <
+ ServerName ${serverName}
+ DocumentRoot ${docRoot}
+ SSLEngine On
+ SSLProtocol -all +TLSv1.2
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
+ SSLHonorCipherOrder on
+ SSLCertificateFile ${rootParent}/ssl/public/${serverName}.crt
+ SSLCertificateChainFile ${rootParent}/ssl/public/${serverName}.chain.crt
+ SSLCertificateKeyFile ${rootParent}/ssl/private/${serverName}.key
+
+ ${locSec}
+ DirectorySlash On
+
+
+EOF
+)
+ echo "${sslBlock}" >> "$1"
+ fi
+
+ #look for a location section eg.
+
+ if grep -q ${locSec} "$1"; then
+ if grep -q ${dirSlash} "$1"; then
+ #set dir slash on
+ sed -i '/DirectorySlash /c\DirectorySlash On' "$1"
+ testvar=''
+ else
+ #append dir slash here
+ sed -i '/${locSec}/a DirectorySlash On' "$1"
+ testvar=''
+ fi
+ else
+ locBlock=$(cat <
+EOF
+)
+ # insert the new block here...
+ sed -i '/<\/virtualhost>/i ${locBlock}' "$1"
+ fi
+
+ #look for mod_rewrite section
+ modReWrite=''
+ if grep -q ${modReWrite} "$1"; then
+ if grep -q "RewriteEngine On" "$1"; then
+ #set rewrite rules for ssl
+ # too many ways to redirect ssl for me to check....
+ testvar=''
+ else
+ #append rewrite rules for ssl
+ sed -i '/${modReWrite}/a RewriteEngine On' "$1"
+ sed -i '/RewriteEngine On/a RewriteCond %{HTTPS} !on [OR]' "$1"
+ sed -i '/RewriteCond %{HTTPS} !on [OR]/a RewriteCond %{HTTP_HOST} ^www\. [NC] [OR]' "$1"
+ sed -i '/RewriteCond %{HTTP_HOST} ^www\. [NC] [OR]/a RewriteCond %{REQUEST_URI} !(.*)/$' "$1"
+ sed -i '/RewriteCond %{REQUEST_URI} !(.*)/$/a ${newRwRuleSsl}' "$1"
+ testvar=''
+ fi
+ else
+ reWriteBlock=$(cat <
+ RewriteEngine On
+ RewriteCond %{HTTPS} !on [OR]
+ RewriteCond %{HTTP_HOST} ^www\. [NC] [OR]
+ RewriteCond %{REQUEST_URI} !(.*)/$
+ ${newRwRuleSsl}
+
+EOF
+)
+ # insert the new block here...
+ sed -i '/<\/virtualhost>/i ${reWriteBlock}' "$1"
+ fi
+ return
+}
+
-#domain keyfile certfile cafile fullchain
apache_deploy() {
_cdomain="$1"
_ckey="$2"
@@ -14,13 +220,39 @@ apache_deploy() {
_cca="$4"
_cfullchain="$5"
- _debug _cdomain "$_cdomain"
- _debug _ckey "$_ckey"
- _debug _ccert "$_ccert"
- _debug _cca "$_cca"
- _debug _cfullchain "$_cfullchain"
+ all_hosts=$(eval "$_APACHECTL -S" | awk '/namevhost/,/\)/')
+ #echo "$all_hosts"
+ oldIFS=$IFS
+ IFS='
+'
+ loopLog=''
+ for h in $all_hosts; do
+ d=$(awk -F ' ' '{print $4}' <<< "${h}")
+ c=$(awk -F ' ' '{print $5}' <<< "${h}")
+ c=$(echo "$c" | awk -v FS="(\\\\(|\\\\:)" '{print $2}')
+ p=$(awk -F ' ' '{print $2}' <<< "${h}")
+ #echo "$d $p $c"
+ if echo ${d} | grep -q ${_cdomain}; then
+ if _vhostConf "$c" "$d" "$p"; then
+ c1='/ssl/public/'
+ c2='/ssl/private/'
+ k='.key'
+ k1=$rootParent$c2$d$k
+ c3='.crt'
+ c4='.chain.crt'
+ c5=$rootParent$c1$d$c3
+ c6=$rootParent$c1$d$c4
+ cp -f $_ckey ${k1:1}
+ cp -f $_ccert ${c5:1}
+ cp -f $_cfullchain ${c6:1}
- _err "Deploy cert to apache server, Not implemented yet"
- return 1
+ fi
+ fi
+ done
+ IFS=$oldIFS
}
+
+apache_deploy idragonfly.net /path/to/test.key /path/to/test.crt /path/to/test.cacert.crt /path/to/test.chain.crt
+#echo "$testLog" >> test.log
+set +x
From 666b37cd4a43ecdb09cfd8caad340116f39315ce Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Wed, 28 Feb 2018 15:26:00 -0600
Subject: [PATCH 02/17] Create dns_pdns-mysql.sh
Uses mysql backend instead of api.
---
dnsapi/dns_pdns-mysql.sh | 184 +++++++++++++++++++++++++++++++++++++++
1 file changed, 184 insertions(+)
create mode 100644 dnsapi/dns_pdns-mysql.sh
diff --git a/dnsapi/dns_pdns-mysql.sh b/dnsapi/dns_pdns-mysql.sh
new file mode 100644
index 00000000..1fa2b4b5
--- /dev/null
+++ b/dnsapi/dns_pdns-mysql.sh
@@ -0,0 +1,184 @@
+#!/usr/bin/env sh
+
+#PowerDNS Embedded API
+#https://doc.powerdns.com/md/httpapi/api_spec/
+#
+PDNS_Url="http://idragonfly.net:3306"
+PDNS_ServerId="admin"
+PDNS_Token="dc32asd#"
+PDNS_Ttl=60
+
+DEFAULT_PDNS_TTL=60
+
+######## Public functions #####################
+#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
+#fulldomain
+#txtvalue
+dns_pdns_add() {
+ fulldomain=$1
+ txtvalue=$2
+
+ if [ -z "$PDNS_Url" ]; then
+ PDNS_Url=""
+ _err "You don't specify PowerDNS address."
+ _err "Please set PDNS_Url and try again."
+ return 1
+ fi
+
+ if [ -z "$PDNS_ServerId" ]; then
+ PDNS_ServerId=""
+ _err "You don't specify PowerDNS server id."
+ _err "Please set you PDNS_ServerId and try again."
+ return 1
+ fi
+
+ if [ -z "$PDNS_Token" ]; then
+ PDNS_Token=""
+ _err "You don't specify PowerDNS token."
+ _err "Please create you PDNS_Token and try again."
+ return 1
+ fi
+
+ if [ -z "$PDNS_Ttl" ]; then
+ PDNS_Ttl="$DEFAULT_PDNS_TTL"
+ fi
+
+ #save the api addr and key to the account conf file.
+ _saveaccountconf PDNS_Url "$PDNS_Url"
+ _saveaccountconf PDNS_ServerId "$PDNS_ServerId"
+ _saveaccountconf PDNS_Token "$PDNS_Token"
+
+ if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ]; then
+ _saveaccountconf PDNS_Ttl "$PDNS_Ttl"
+ fi
+
+ _debug "Detect root zone"
+ if ! _get_root "$fulldomain"; then
+ _err "invalid domain"
+ return 1
+ fi
+ _debug _domain "$_domain"
+
+ if ! set_record "$_domain" "$fulldomain" "$txtvalue"; then
+ return 1
+ fi
+
+ return 0
+}
+
+#fulldomain
+dns_pdns_rm() {
+ fulldomain=$1
+
+ _debug "Detect root zone"
+ if ! _get_root "$fulldomain"; then
+ _err "invalid domain"
+ return 1
+ fi
+ _debug _domain "$_domain"
+
+ if ! rm_record "$_domain" "$fulldomain"; then
+ return 1
+ fi
+
+ return 0
+}
+
+set_record() {
+ _info "Adding record"
+ root=$1
+ full=$2
+ txtvalue=$3
+
+ if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}"; then
+ _err "Set txt record error."
+ return 1
+ fi
+
+ if ! notify_slaves "$root"; then
+ return 1
+ fi
+
+ return 0
+}
+
+rm_record() {
+ _info "Remove record"
+ root=$1
+ full=$2
+
+ if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
+ _err "Delete txt record error."
+ return 1
+ fi
+
+ if ! notify_slaves "$root"; then
+ return 1
+ fi
+
+ return 0
+}
+
+notify_slaves() {
+ root=$1
+
+ if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root./notify"; then
+ _err "Notify slaves error."
+ return 1
+ fi
+
+ return 0
+}
+
+#################### Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _domain=domain.com
+_get_root() {
+ domain=$1
+ i=1
+
+ if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then
+ _zones_response="$response"
+ fi
+
+ while true; do
+ h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+ if [ -z "$h" ]; then
+ return 1
+ fi
+
+ if _contains "$_zones_response" "\"name\": \"$h.\""; then
+ _domain="$h"
+ return 0
+ fi
+
+ i=$(_math $i + 1)
+ done
+ _debug "$domain not found"
+
+ return 1
+}
+
+_pdns_rest() {
+ method=$1
+ ep=$2
+ data=$3
+
+ export _H1="X-API-Key: $PDNS_Token"
+
+ if [ ! "$method" = "GET" ]; then
+ _debug data "$data"
+ response="$(_post "$data" "$PDNS_Url$ep" "" "$method")"
+ else
+ response="$(_get "$PDNS_Url$ep")"
+ fi
+
+ if [ "$?" != "0" ]; then
+ _err "error $ep"
+ return 1
+ fi
+ _debug2 response "$response"
+
+ return 0
+}
From cc97c84013e4e8bdcbf49d22bdb5f373f47a8e08 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Wed, 28 Feb 2018 15:30:56 -0600
Subject: [PATCH 03/17] Added section 5a for pdns using mysql backend.
---
dnsapi/README.md | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/dnsapi/README.md b/dnsapi/README.md
index 8c43806c..ba36b897 100644
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@@ -92,6 +92,22 @@ acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
+## 5a. Use PowerDNS mysql backend to automatically issue cert
+
+First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration.
+
+https://doc.powerdns.com/md/httpapi/README/
+
+```
+export PDNS_Url="http://ns.example.com:8081"
+export PDNS_ServerId="localhost"
+export PDNS_Token="0123456789ABCDEF"
+export PDNS_Ttl=60
+```
+
+Ok, let's issue a cert now:
+```
+acme.sh --issue --dns dns_pdns-mysql -d example.com -d www.example.com
## 6. Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert
From cf67eb83019ae244a92bdea3ae9c87944a14136b Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Wed, 28 Feb 2018 15:33:39 -0600
Subject: [PATCH 04/17] update instructions for 5a
---
dnsapi/README.md | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/dnsapi/README.md b/dnsapi/README.md
index ba36b897..7a9ec334 100644
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@@ -94,21 +94,13 @@ The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~
## 5a. Use PowerDNS mysql backend to automatically issue cert
-First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration.
-
-https://doc.powerdns.com/md/httpapi/README/
-
-```
-export PDNS_Url="http://ns.example.com:8081"
-export PDNS_ServerId="localhost"
-export PDNS_Token="0123456789ABCDEF"
-export PDNS_Ttl=60
-```
+First you need to set your user:pass:database in the configuration.
Ok, let's issue a cert now:
```
acme.sh --issue --dns dns_pdns-mysql -d example.com -d www.example.com
+
## 6. Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
From bcab7ac1f5190947b25027b3b87da3103f5fdf2f Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Wed, 28 Feb 2018 15:37:28 -0600
Subject: [PATCH 05/17] Update README.md
---
dnsapi/README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/dnsapi/README.md b/dnsapi/README.md
index 7a9ec334..0eeeab7a 100644
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@@ -99,6 +99,7 @@ First you need to set your user:pass:database in the configuration.
Ok, let's issue a cert now:
```
acme.sh --issue --dns dns_pdns-mysql -d example.com -d www.example.com
+```
## 6. Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert
From af30af6dff104bc6dcb9049703031eaf7f4754c5 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Wed, 28 Feb 2018 15:39:09 -0600
Subject: [PATCH 06/17] edited 5a example
---
dnsapi/README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnsapi/README.md b/dnsapi/README.md
index 0eeeab7a..f27202ca 100644
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@@ -98,7 +98,7 @@ First you need to set your user:pass:database in the configuration.
Ok, let's issue a cert now:
```
-acme.sh --issue --dns dns_pdns-mysql -d example.com -d www.example.com
+acme.sh --issue --dns dns_pdns-mysql -d example.com -d *.example.com
```
From 88cccabe0835db54f60883526cf3f77d2eb895fe Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Wed, 28 Feb 2018 17:04:43 -0600
Subject: [PATCH 07/17] Work in progress
Use PDNS Mysql backend
---
dnsapi/dns_pdns-mysql.sh | 95 +++++++++++++++++++---------------------
1 file changed, 45 insertions(+), 50 deletions(-)
diff --git a/dnsapi/dns_pdns-mysql.sh b/dnsapi/dns_pdns-mysql.sh
index 1fa2b4b5..77869a14 100644
--- a/dnsapi/dns_pdns-mysql.sh
+++ b/dnsapi/dns_pdns-mysql.sh
@@ -1,11 +1,13 @@
#!/usr/bin/env sh
-#PowerDNS Embedded API
-#https://doc.powerdns.com/md/httpapi/api_spec/
+#PowerDNS Mysql backend
#
-PDNS_Url="http://idragonfly.net:3306"
-PDNS_ServerId="admin"
-PDNS_Token="dc32asd#"
+#
+PDNS_Host="example.com"
+PDNS_Port=3306
+PDNS_User="username"
+PDNS_Pass="password"
+PDNS_Database="powerdns"
PDNS_Ttl=60
DEFAULT_PDNS_TTL=60
@@ -14,28 +16,42 @@ DEFAULT_PDNS_TTL=60
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
#fulldomain
#txtvalue
-dns_pdns_add() {
+dns_pdns-mysql_add() {
fulldomain=$1
txtvalue=$2
- if [ -z "$PDNS_Url" ]; then
+ if [ -z "$PDNS_Host" ]; then
PDNS_Url=""
- _err "You don't specify PowerDNS address."
- _err "Please set PDNS_Url and try again."
+ _err "You didn't specify PowerDNS Mysql address."
+ _err "Please set PDNS_Host and try again."
return 1
fi
- if [ -z "$PDNS_ServerId" ]; then
- PDNS_ServerId=""
- _err "You don't specify PowerDNS server id."
- _err "Please set you PDNS_ServerId and try again."
+ if [ -z "$PDNS_Port" ]; then
+ PDNS_Url=""
+ _err "You didn't specify PowerDNS Mysql Port."
+ _err "Please set PDNS_Port and try again."
return 1
fi
- if [ -z "$PDNS_Token" ]; then
- PDNS_Token=""
- _err "You don't specify PowerDNS token."
- _err "Please create you PDNS_Token and try again."
+ if [ -z "$PDNS_User" ]; then
+ PDNS_User=""
+ _err "You didn't specify PowerDNS Mysql username."
+ _err "Please set PDNS_User and try again."
+ return 1
+ fi
+
+ if [ -z "$PDNS_Pass" ]; then
+ PDNS_Pass=""
+ _err "You didn't specify PowerDNS Mysql password."
+ _err "Please set PDNS_Pass and try again."
+ return 1
+ fi
+
+ if [ -z "$PDNS_Database" ]; then
+ PDNS_Database=""
+ _err "You didn't specify PowerDNS Mysql database."
+ _err "Please set PDNS_Database and try again."
return 1
fi
@@ -44,10 +60,12 @@ dns_pdns_add() {
fi
#save the api addr and key to the account conf file.
- _saveaccountconf PDNS_Url "$PDNS_Url"
- _saveaccountconf PDNS_ServerId "$PDNS_ServerId"
- _saveaccountconf PDNS_Token "$PDNS_Token"
-
+ _saveaccountconf PDNS_Host "$PDNS_Host"
+ _saveaccountconf PDNS_Port "$PDNS_Port"
+ _saveaccountconf PDNS_User "$PDNS_User"
+ _saveaccountconf PDNS_Pass "$PDNS_Pass"
+ _saveaccountconf PDNS_Database "$PDNS_Database"
+
if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ]; then
_saveaccountconf PDNS_Ttl "$PDNS_Ttl"
fi
@@ -67,7 +85,7 @@ dns_pdns_add() {
}
#fulldomain
-dns_pdns_rm() {
+dns_pdns-mysql_rm() {
fulldomain=$1
_debug "Detect root zone"
@@ -90,7 +108,7 @@ set_record() {
full=$2
txtvalue=$3
- if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}"; then
+ if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_User/zones/$root." "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}"; then
_err "Set txt record error."
return 1
fi
@@ -107,7 +125,7 @@ rm_record() {
root=$1
full=$2
- if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
+ if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_User/zones/$root." "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
_err "Delete txt record error."
return 1
fi
@@ -122,7 +140,7 @@ rm_record() {
notify_slaves() {
root=$1
- if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root./notify"; then
+ if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_User/zones/$root./notify"; then
_err "Notify slaves error."
return 1
fi
@@ -137,8 +155,8 @@ notify_slaves() {
_get_root() {
domain=$1
i=1
-
- if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then
+ _pdns_domains=$(mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "SELECT name FROM ${PDNS_Database}.domains")
+ if _pdns_rest "GET" "/api/v1/servers/$PDNS_User/zones"; then
_zones_response="$response"
fi
@@ -159,26 +177,3 @@ _get_root() {
return 1
}
-
-_pdns_rest() {
- method=$1
- ep=$2
- data=$3
-
- export _H1="X-API-Key: $PDNS_Token"
-
- if [ ! "$method" = "GET" ]; then
- _debug data "$data"
- response="$(_post "$data" "$PDNS_Url$ep" "" "$method")"
- else
- response="$(_get "$PDNS_Url$ep")"
- fi
-
- if [ "$?" != "0" ]; then
- _err "error $ep"
- return 1
- fi
- _debug2 response "$response"
-
- return 0
-}
From 89d3ac81cc83e678175c9889591fe6a02b3ed208 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Wed, 28 Feb 2018 18:28:35 -0600
Subject: [PATCH 08/17] Update dns_pdns-mysql.sh
---
dnsapi/dns_pdns-mysql.sh | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/dnsapi/dns_pdns-mysql.sh b/dnsapi/dns_pdns-mysql.sh
index 77869a14..67314358 100644
--- a/dnsapi/dns_pdns-mysql.sh
+++ b/dnsapi/dns_pdns-mysql.sh
@@ -108,9 +108,15 @@ set_record() {
full=$2
txtvalue=$3
- if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_User/zones/$root." "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}"; then
- _err "Set txt record error."
- return 1
+ # check if challenge exists update if so else insert.
+ UNIQUE_ID=$(mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "SELECT id FROM ${PDNS_Database}.records WHERE name='${full}' AND type='TXT'")
+ if [[ -z "${UNIQUE_ID}" ]]; then
+ mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "INSERT INTO ${PDNS_Database}.records \
+ (name, content, type,ttl,prio) VALUES \
+ ('${full}','${txtvalue}','TXT',120,NULL);"
+ else
+ mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "UPDATE ${PDNS_Database}.records SET content='${txtvalue}' \
+ WHERE id='${UNIQUE_ID}' AND name='${full}' AND type='TXT' LIMIT 1;"
fi
if ! notify_slaves "$root"; then
@@ -125,7 +131,8 @@ rm_record() {
root=$1
full=$2
- if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_User/zones/$root." "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
+ _delete_challenge=$(mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "DELETE FROM ${PDNS_Database}.records WHERE name='${full}'")
+ if [ -z "$_delete_challenge" ]; then
_err "Delete txt record error."
return 1
fi
@@ -140,10 +147,7 @@ rm_record() {
notify_slaves() {
root=$1
- if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_User/zones/$root./notify"; then
- _err "Notify slaves error."
- return 1
- fi
+ ### Need finished ###
return 0
}
@@ -156,8 +160,8 @@ _get_root() {
domain=$1
i=1
_pdns_domains=$(mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "SELECT name FROM ${PDNS_Database}.domains")
- if _pdns_rest "GET" "/api/v1/servers/$PDNS_User/zones"; then
- _zones_response="$response"
+ if [ -z "$_pdns_domains" ]; then
+ return 1
fi
while true; do
@@ -166,7 +170,7 @@ _get_root() {
return 1
fi
- if _contains "$_zones_response" "\"name\": \"$h.\""; then
+ if _contains "$_pdns_domains" "$h."; then
_domain="$h"
return 0
fi
From afbe11ef406732a5a8cc81578eff0d80db3bd847 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Thu, 1 Mar 2018 22:30:24 -0600
Subject: [PATCH 09/17] various updates
Upgraded pdns to 4.1.1
---
.../{dns_pdns-mysql.sh => dns_pdnsMysql.sh} | 27 ++++++-------------
1 file changed, 8 insertions(+), 19 deletions(-)
rename dnsapi/{dns_pdns-mysql.sh => dns_pdnsMysql.sh} (74%)
diff --git a/dnsapi/dns_pdns-mysql.sh b/dnsapi/dns_pdnsMysql.sh
similarity index 74%
rename from dnsapi/dns_pdns-mysql.sh
rename to dnsapi/dns_pdnsMysql.sh
index 67314358..766a4c6a 100644
--- a/dnsapi/dns_pdns-mysql.sh
+++ b/dnsapi/dns_pdnsMysql.sh
@@ -16,7 +16,7 @@ DEFAULT_PDNS_TTL=60
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
#fulldomain
#txtvalue
-dns_pdns-mysql_add() {
+dns_pdnsMysql_add() {
fulldomain=$1
txtvalue=$2
@@ -85,7 +85,7 @@ dns_pdns-mysql_add() {
}
#fulldomain
-dns_pdns-mysql_rm() {
+dns_pdnsMysql_rm() {
fulldomain=$1
_debug "Detect root zone"
@@ -107,17 +107,10 @@ set_record() {
root=$1
full=$2
txtvalue=$3
-
- # check if challenge exists update if so else insert.
- UNIQUE_ID=$(mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "SELECT id FROM ${PDNS_Database}.records WHERE name='${full}' AND type='TXT'")
- if [[ -z "${UNIQUE_ID}" ]]; then
- mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "INSERT INTO ${PDNS_Database}.records \
- (name, content, type,ttl,prio) VALUES \
- ('${full}','${txtvalue}','TXT',120,NULL);"
- else
- mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "UPDATE ${PDNS_Database}.records SET content='${txtvalue}' \
- WHERE id='${UNIQUE_ID}' AND name='${full}' AND type='TXT' LIMIT 1;"
- fi
+ _domain_id=$(mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "SELECT id FROM ${PDNS_Database}.domains WHERE name='${root}'")
+ # insert challenge.
+ mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "INSERT INTO ${PDNS_Database}.records (domain_id,name, content, type,ttl,prio) VALUES \
+ (${_domain_id},'${full}','${txtvalue}','TXT',60,NULL);"
if ! notify_slaves "$root"; then
return 1
@@ -131,11 +124,7 @@ rm_record() {
root=$1
full=$2
- _delete_challenge=$(mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "DELETE FROM ${PDNS_Database}.records WHERE name='${full}'")
- if [ -z "$_delete_challenge" ]; then
- _err "Delete txt record error."
- return 1
- fi
+ mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "DELETE FROM ${PDNS_Database}.records WHERE name='${full}' AND type='TXT';"
if ! notify_slaves "$root"; then
return 1
@@ -170,7 +159,7 @@ _get_root() {
return 1
fi
- if _contains "$_pdns_domains" "$h."; then
+ if _contains "$_pdns_domains" "$h"; then
_domain="$h"
return 0
fi
From 8b41b1e601ad3882c0b75f6e057e81c2b693e6d9 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Thu, 1 Mar 2018 22:40:59 -0600
Subject: [PATCH 10/17] added httpd and apache2 commands
---
acme.sh | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/acme.sh b/acme.sh
index 56d10f88..e494096c 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2452,8 +2452,13 @@ _apachePath() {
if ! _exists apachectl; then
if _exists apache2ctl; then
_APACHECTL="apache2ctl"
+ elif _exists apache2; then #added
+ _APACHECTL="apache2" #added
+ elif _exists httpd; then #added
+ _APACHECTL="httpd" #added
else
- _err "'apachectl not found. It seems that apache is not installed, or you are not root user.'"
+ _err "'apachectl (or apache2 or httpd) not found. It seems that apache is not installed, or you are not root user.'"
+ #_err "'apachectl not found. It seems that apache is not installed, or you are not root user.'"
_err "Please use webroot mode to try again."
return 1
fi
From e22ca63bea0b14b3ad5c9a78800949a12ebff835 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Fri, 2 Mar 2018 11:24:17 -0600
Subject: [PATCH 11/17] added notify query
just sets last_check column in domains table to NULL to force an update to slaves.
---
dnsapi/dns_pdnsMysql.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnsapi/dns_pdnsMysql.sh b/dnsapi/dns_pdnsMysql.sh
index 766a4c6a..f04a40c3 100644
--- a/dnsapi/dns_pdnsMysql.sh
+++ b/dnsapi/dns_pdnsMysql.sh
@@ -136,7 +136,7 @@ rm_record() {
notify_slaves() {
root=$1
- ### Need finished ###
+ mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "UPDATE ${PDNS_Database}.domains SET last_check=NULL WHERE name='${root}';"
return 0
}
From 33b81eb9fd0bae87ba0605d9a22d4c86d41f80fe Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Fri, 2 Mar 2018 12:03:34 -0600
Subject: [PATCH 12/17] testing
Apache/2.4.6 (CentOS 7.x)
---
deploy/apache.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/deploy/apache.sh b/deploy/apache.sh
index 97779367..6d9c98d5 100644
--- a/deploy/apache.sh
+++ b/deploy/apache.sh
@@ -1,5 +1,5 @@
#!/usr/bin/env sh
-# TESTING!!! #
+# TESTING!!! #
#Here is a script to deploy cert to apache server.
#returns 0 means success, otherwise error.
From d0b73f109eada31fdd584986da347a2ddd5adbe0 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Fri, 2 Mar 2018 12:25:11 -0600
Subject: [PATCH 13/17] added section 5a
Describes usage of dns_pdnsMysql.sh
---
dnsapi/README.md | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/dnsapi/README.md b/dnsapi/README.md
index f27202ca..d1a8bfb8 100644
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@@ -94,11 +94,17 @@ The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~
## 5a. Use PowerDNS mysql backend to automatically issue cert
-First you need to set your user:pass:database in the configuration.
+First you need to set your host:user:pass:database in the configuration.
+Make sure the following are in your records table:
+INSERT INTO `records` (`domain_id`, `name`, `type`, `content`, `ttl`, `prio`, `change_date`)
+VALUES ({your domain_id}, 'example.com', 'SOA', 'ns1.example.com.net admin.example.com 1 10800 3600 604800 3600', 120, NULL, 0),
+({your domain_id}, '_acme-challenge.example.com', 'A', '{ipv4 address}', 60, NULL, 0),
+({your domain_id}, '_acme-challenge.example.com', 'AAAA', '{ipv6 address}', 60, NULL, NULL, 'N', 0, NULL, 0),
+({your domain_id}, 'example.com', 'CAA', '0 issue "letsencrypt.org"', 60, NULL, 0);
Ok, let's issue a cert now:
```
-acme.sh --issue --dns dns_pdns-mysql -d example.com -d *.example.com
+acme.sh --issue --dns dns_pdnsMysql -d example.com -d *.example.com
```
From cbe7c0574aff2f2161db610c90e08cda2c6db6e8 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Fri, 2 Mar 2018 12:36:23 -0600
Subject: [PATCH 14/17] dns_pdnsMysql.sh
Directly manipulate pdns Mysql backend to verify with Let's Encrypt.
---
dnsapi/dns_pdnsMysql.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnsapi/dns_pdnsMysql.sh b/dnsapi/dns_pdnsMysql.sh
index f04a40c3..b4e6ff49 100644
--- a/dnsapi/dns_pdnsMysql.sh
+++ b/dnsapi/dns_pdnsMysql.sh
@@ -135,7 +135,7 @@ rm_record() {
notify_slaves() {
root=$1
-
+ # hack set last_check to null to force update. #
mysql -ss "-h${PDNS_Host}" "-P${PDNS_Port}" "-u${PDNS_User}" "-p${PDNS_Pass}" -e "UPDATE ${PDNS_Database}.domains SET last_check=NULL WHERE name='${root}';"
return 0
From dcd2d99d7906ab050b9efe4a990b99255600fdb8 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Fri, 2 Mar 2018 14:09:34 -0600
Subject: [PATCH 15/17] Delete dns_ad.sh
---
dnsapi/dns_ad.sh | 147 -----------------------------------------------
1 file changed, 147 deletions(-)
delete mode 100755 dnsapi/dns_ad.sh
diff --git a/dnsapi/dns_ad.sh b/dnsapi/dns_ad.sh
deleted file mode 100755
index fc4a664b..00000000
--- a/dnsapi/dns_ad.sh
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/usr/bin/env sh
-
-#
-#AD_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
-
-#This is the Alwaysdata api wrapper for acme.sh
-#
-#Author: Paul Koppen
-#Report Bugs here: https://github.com/wpk-/acme.sh
-
-AD_API_URL="https://$AD_API_KEY:@api.alwaysdata.com/v1"
-
-######## Public functions #####################
-
-#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
-dns_ad_add() {
- fulldomain=$1
- txtvalue=$2
-
- if [ -z "$AD_API_KEY" ]; then
- AD_API_KEY=""
- _err "You didn't specify the AD api key yet."
- _err "Please create you key and try again."
- return 1
- fi
-
- _saveaccountconf AD_API_KEY "$AD_API_KEY"
-
- _debug "First detect the root zone"
- if ! _get_root "$fulldomain"; then
- _err "invalid domain"
- return 1
- fi
- _debug _domain_id "$_domain_id"
- _debug _sub_domain "$_sub_domain"
- _debug _domain "$_domain"
-
- _ad_tmpl_json="{\"domain\":$_domain_id,\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\"}"
-
- if _ad_rest POST "record/" "$_ad_tmpl_json" && [ -z "$response" ]; then
- _info "txt record updated success."
- return 0
- fi
-
- return 1
-}
-
-#fulldomain txtvalue
-dns_ad_rm() {
- fulldomain=$1
- txtvalue=$2
-
- _debug "First detect the root zone"
- if ! _get_root "$fulldomain"; then
- _err "invalid domain"
- return 1
- fi
- _debug _domain_id "$_domain_id"
- _debug _sub_domain "$_sub_domain"
- _debug _domain "$_domain"
-
- _debug "Getting txt records"
- _ad_rest GET "record/?domain=$_domain_id&name=$_sub_domain"
-
- if [ -n "$response" ]; then
- record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\s*[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1)
- _debug record_id "$record_id"
- if [ -z "$record_id" ]; then
- _err "Can not get record id to remove."
- return 1
- fi
- if _ad_rest DELETE "record/$record_id/" && [ -z "$response" ]; then
- _info "txt record deleted success."
- return 0
- fi
- _debug response "$response"
- return 1
- fi
-
- return 1
-}
-
-#################### Private functions below ##################################
-#_acme-challenge.www.domain.com
-#returns
-# _sub_domain=_acme-challenge.www
-# _domain=domain.com
-# _domain_id=12345
-_get_root() {
- domain=$1
- i=2
- p=1
-
- if _ad_rest GET "domain/"; then
- response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')"
- while true; do
- h=$(printf "%s" "$domain" | cut -d . -f $i-100)
- _debug h "$h"
- if [ -z "$h" ]; then
- #not valid
- return 1
- fi
-
- hostedzone="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$h\".*}")"
- if [ "$hostedzone" ]; then
- _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
- if [ "$_domain_id" ]; then
- _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
- _domain=$h
- return 0
- fi
- return 1
- fi
- p=$i
- i=$(_math "$i" + 1)
- done
- fi
- return 1
-}
-
-#method uri qstr data
-_ad_rest() {
- mtd="$1"
- ep="$2"
- data="$3"
-
- _debug mtd "$mtd"
- _debug ep "$ep"
-
- export _H1="Accept: application/json"
- export _H2="Content-Type: application/json"
-
- if [ "$mtd" != "GET" ]; then
- # both POST and DELETE.
- _debug data "$data"
- response="$(_post "$data" "$AD_API_URL/$ep" "" "$mtd")"
- else
- response="$(_get "$AD_API_URL/$ep")"
- fi
-
- if [ "$?" != "0" ]; then
- _err "error $ep"
- return 1
- fi
- _debug2 response "$response"
- return 0
-}
From bd9d498aa760f2c86fdcbca6787a5b4d03febd50 Mon Sep 17 00:00:00 2001
From: Dan <36902356+danc403@users.noreply.github.com>
Date: Fri, 2 Mar 2018 14:09:51 -0600
Subject: [PATCH 16/17] Delete dns_ali.sh
---
dnsapi/dns_ali.sh | 202 ----------------------------------------------
1 file changed, 202 deletions(-)
delete mode 100755 dnsapi/dns_ali.sh
diff --git a/dnsapi/dns_ali.sh b/dnsapi/dns_ali.sh
deleted file mode 100755
index 543a0a54..00000000
--- a/dnsapi/dns_ali.sh
+++ /dev/null
@@ -1,202 +0,0 @@
-#!/usr/bin/env sh
-
-Ali_API="https://alidns.aliyuncs.com/"
-
-#Ali_Key="LTqIA87hOKdjevsf5"
-#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"
-
-#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
-dns_ali_add() {
- fulldomain=$1
- txtvalue=$2
-
- Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
- Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
- if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
- Ali_Key=""
- Ali_Secret=""
- _err "You don't specify aliyun api key and secret yet."
- return 1
- fi
-
- #save the api key and secret to the account conf file.
- _saveaccountconf_mutable Ali_Key "$Ali_Key"
- _saveaccountconf_mutable Ali_Secret "$Ali_Secret"
-
- _debug "First detect the root zone"
- if ! _get_root "$fulldomain"; then
- return 1
- fi
-
- _debug "Add record"
- _add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _ali_rest "Add record"
-}
-
-dns_ali_rm() {
- fulldomain=$1
- txtvalue=$2
- Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
- Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
-
- _debug "First detect the root zone"
- if ! _get_root "$fulldomain"; then
- return 1
- fi
-
- _clean
-}
-
-#################### Private functions below ##################################
-
-_get_root() {
- domain=$1
- i=2
- p=1
- while true; do
- h=$(printf "%s" "$domain" | cut -d . -f $i-100)
- if [ -z "$h" ]; then
- #not valid
- return 1
- fi
-
- _describe_records_query "$h"
- if ! _ali_rest "Get root" "ignore"; then
- return 1
- fi
-
- if _contains "$response" "PageNumber"; then
- _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
- _debug _sub_domain "$_sub_domain"
- _domain="$h"
- _debug _domain "$_domain"
- return 0
- fi
- p="$i"
- i=$(_math "$i" + 1)
- done
- return 1
-}
-
-_ali_rest() {
- signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
- signature=$(_ali_urlencode "$signature")
- url="$Ali_API?$query&Signature=$signature"
-
- if ! response="$(_get "$url")"; then
- _err "Error <$1>"
- return 1
- fi
-
- _debug2 response "$response"
- if [ -z "$2" ]; then
- message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
- if [ "$message" ]; then
- _err "$message"
- return 1
- fi
- fi
-}
-
-_ali_urlencode() {
- _str="$1"
- _str_len=${#_str}
- _u_i=1
- while [ "$_u_i" -le "$_str_len" ]; do
- _str_c="$(printf "%s" "$_str" | cut -c "$_u_i")"
- case $_str_c in [a-zA-Z0-9.~_-])
- printf "%s" "$_str_c"
- ;;
- *)
- printf "%%%02X" "'$_str_c"
- ;;
- esac
- _u_i="$(_math "$_u_i" + 1)"
- done
-}
-
-_ali_nonce() {
- #_head_n 1
Date: Fri, 2 Mar 2018 14:10:06 -0600
Subject: [PATCH 17/17] Delete dns_autodns.sh
---
dnsapi/dns_autodns.sh | 264 ------------------------------------------
1 file changed, 264 deletions(-)
delete mode 100644 dnsapi/dns_autodns.sh
diff --git a/dnsapi/dns_autodns.sh b/dnsapi/dns_autodns.sh
deleted file mode 100644
index 92534489..00000000
--- a/dnsapi/dns_autodns.sh
+++ /dev/null
@@ -1,264 +0,0 @@
-#!/usr/bin/env sh
-# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*-
-
-# This is the InternetX autoDNS xml api wrapper for acme.sh
-# Author: auerswald@gmail.com
-# Created: 2018-01-14
-#
-# export AUTODNS_USER="username"
-# export AUTODNS_PASSWORD="password"
-# export AUTODNS_CONTEXT="context"
-#
-# Usage:
-# acme.sh --issue --dns dns_autodns -d example.com
-
-AUTODNS_API="https://gateway.autodns.com"
-
-# Arguments:
-# txtdomain
-# txt
-dns_autodns_add() {
- fulldomain="$1"
- txtvalue="$2"
-
- AUTODNS_USER="${AUTODNS_USER:-$(_readaccountconf_mutable AUTODNS_USER)}"
- AUTODNS_PASSWORD="${AUTODNS_PASSWORD:-$(_readaccountconf_mutable AUTODNS_PASSWORD)}"
- AUTODNS_CONTEXT="${AUTODNS_CONTEXT:-$(_readaccountconf_mutable AUTODNS_CONTEXT)}"
-
- if [ -z "$AUTODNS_USER" ] || [ -z "$AUTODNS_CONTEXT" ] || [ -z "$AUTODNS_PASSWORD" ]; then
- _err "You don't specify autodns user, password and context."
- return 1
- fi
-
- _saveaccountconf_mutable AUTODNS_USER "$AUTODNS_USER"
- _saveaccountconf_mutable AUTODNS_PASSWORD "$AUTODNS_PASSWORD"
- _saveaccountconf_mutable AUTODNS_CONTEXT "$AUTODNS_CONTEXT"
-
- _debug "First detect the root zone"
-
- if ! _get_autodns_zone "$fulldomain"; then
- _err "invalid domain"
- return 1
- fi
-
- _debug _sub_domain "$_sub_domain"
- _debug _zone "$_zone"
- _debug _system_ns "$_system_ns"
-
- _info "Adding TXT record"
-
- autodns_response="$(_autodns_zone_update "$_zone" "$_sub_domain" "$txtvalue" "$_system_ns")"
-
- if [ "$?" -eq "0" ]; then
- _info "Added, OK"
- return 0
- fi
-
- return 1
-}
-
-# Arguments:
-# txtdomain
-# txt
-dns_autodns_rm() {
- fulldomain="$1"
- txtvalue="$2"
-
- AUTODNS_USER="${AUTODNS_USER:-$(_readaccountconf_mutable AUTODNS_USER)}"
- AUTODNS_PASSWORD="${AUTODNS_PASSWORD:-$(_readaccountconf_mutable AUTODNS_PASSWORD)}"
- AUTODNS_CONTEXT="${AUTODNS_CONTEXT:-$(_readaccountconf_mutable AUTODNS_CONTEXT)}"
-
- if [ -z "$AUTODNS_USER" ] || [ -z "$AUTODNS_CONTEXT" ] || [ -z "$AUTODNS_PASSWORD" ]; then
- _err "You don't specify autodns user, password and context."
- return 1
- fi
-
- _debug "First detect the root zone"
-
- if ! _get_autodns_zone "$fulldomain"; then
- _err "zone not found"
- return 1
- fi
-
- _debug _sub_domain "$_sub_domain"
- _debug _zone "$_zone"
- _debug _system_ns "$_system_ns"
-
- _info "Delete TXT record"
-
- autodns_response="$(_autodns_zone_cleanup "$_zone" "$_sub_domain" "$txtvalue" "$_system_ns")"
-
- if [ "$?" -eq "0" ]; then
- _info "Deleted, OK"
- return 0
- fi
-
- return 1
-}
-
-#################### Private functions below ##################################
-
-# Arguments:
-# fulldomain
-# Returns:
-# _sub_domain=_acme-challenge.www
-# _zone=domain.com
-# _system_ns
-_get_autodns_zone() {
- domain="$1"
-
- i=2
- p=1
-
- while true; do
- h=$(printf "%s" "$domain" | cut -d . -f $i-100)
- _debug h "$h"
-
- if [ -z "$h" ]; then
- # not valid
- return 1
- fi
-
- autodns_response="$(_autodns_zone_inquire "$h")"
-
- if [ "$?" -ne "0" ]; then
- _err "invalid domain"
- return 1
- fi
-
- if _contains "$autodns_response" "1" >/dev/null; then
- _zone="$(echo "$autodns_response" | _egrep_o '[^<]*' | cut -d '>' -f 2 | cut -d '<' -f 1)"
- _system_ns="$(echo "$autodns_response" | _egrep_o '[^<]*' | cut -d '>' -f 2 | cut -d '<' -f 1)"
- _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
- return 0
- fi
-
- p=$i
- i=$(_math "$i" + 1)
- done
-
- return 1
-}
-
-_build_request_auth_xml() {
- printf "
- %s
- %s
- %s
- " "$AUTODNS_USER" "$AUTODNS_PASSWORD" "$AUTODNS_CONTEXT"
-}
-
-# Arguments:
-# zone
-_build_zone_inquire_xml() {
- printf "
-
- %s
-
- 0205
-
- 1
- 1
-
-
- name
- eq
- %s
-
-
- " "$(_build_request_auth_xml)" "$1"
-}
-
-# Arguments:
-# zone
-# subdomain
-# txtvalue
-# system_ns
-_build_zone_update_xml() {
- printf "
-
- %s
-
- 0202001
-
-
- %s
- 600
- TXT
- %s
-
-
-
- %s
- %s
-
-
- " "$(_build_request_auth_xml)" "$2" "$3" "$1" "$4"
-}
-
-# Arguments:
-# zone
-_autodns_zone_inquire() {
- request_data="$(_build_zone_inquire_xml "$1")"
- autodns_response="$(_autodns_api_call "$request_data")"
- ret="$?"
-
- printf "%s" "$autodns_response"
- return "$ret"
-}
-
-# Arguments:
-# zone
-# subdomain
-# txtvalue
-# system_ns
-_autodns_zone_update() {
- request_data="$(_build_zone_update_xml "$1" "$2" "$3" "$4")"
- autodns_response="$(_autodns_api_call "$request_data")"
- ret="$?"
-
- printf "%s" "$autodns_response"
- return "$ret"
-}
-
-# Arguments:
-# zone
-# subdomain
-# txtvalue
-# system_ns
-_autodns_zone_cleanup() {
- request_data="$(_build_zone_update_xml "$1" "$2" "$3" "$4")"
- # replace 'rr_add>' with 'rr_rem>' in request_data
- request_data="$(printf -- "%s" "$request_data" | sed 's/rr_add>/rr_rem>/g')"
- autodns_response="$(_autodns_api_call "$request_data")"
- ret="$?"
-
- printf "%s" "$autodns_response"
- return "$ret"
-}
-
-# Arguments:
-# request_data
-_autodns_api_call() {
- request_data="$1"
-
- _debug request_data "$request_data"
-
- autodns_response="$(_post "$request_data" "$AUTODNS_API")"
- ret="$?"
-
- _debug autodns_response "$autodns_response"
-
- if [ "$ret" -ne "0" ]; then
- _err "error"
- return 1
- fi
-
- if _contains "$autodns_response" "success" >/dev/null; then
- _info "success"
- printf "%s" "$autodns_response"
- return 0
- fi
-
- return 1
-}