mirror of
https://github.com/acmesh-official/acme.sh.git
synced 2025-06-01 06:12:45 +00:00
Compare commits
25 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
42bbd1b44a | ||
|
fdeaf861e3 | ||
|
8e032a27c4 | ||
|
5bfd43b718 | ||
|
ce7f4cb9a8 | ||
|
99a4cf9e07 | ||
|
184cb0b9a8 | ||
|
c2ccc1f980 | ||
|
8a4b436314 | ||
|
42aaf7c2a0 | ||
|
eb00852a71 | ||
|
b0535d8b40 | ||
|
8b4d93cc14 | ||
|
e2d0923122 | ||
|
2928d84339 | ||
|
b5e3883891 | ||
|
d01aefd1eb | ||
|
e1d447847f | ||
|
bed1c311e3 | ||
|
1ce8d3ae9b | ||
|
827315e059 | ||
|
e55a54f3d4 | ||
|
5e8b40faf6 | ||
|
45b9982172 | ||
|
dd29f970a2 |
14
.github/workflows/pr_dns.yml
vendored
14
.github/workflows/pr_dns.yml
vendored
@ -20,12 +20,14 @@ jobs:
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
body: `**Welcome**
|
||||
First thing: don't send PR to the master branch, please send to the dev branch instead.
|
||||
Please make sure you've read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test).
|
||||
Then reply on this message, otherwise, your code will not be reviewed or merged.
|
||||
Please also make sure to add/update the usage here: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2
|
||||
We look forward to reviewing your Pull request shortly ✨
|
||||
注意: 必须通过了 [DNS-API-Test](../wiki/DNS-API-Test) 才会被 review. 无论是修改, 还是新加的 dns api, 都必须确保通过这个测试.
|
||||
READ ME !!!!!
|
||||
Read me !!!!!!
|
||||
First thing: don't send PR to the master branch, please send to the dev branch instead.
|
||||
Please read the [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide).
|
||||
You MUST pass the [DNS-API-Test](../wiki/DNS-API-Test).
|
||||
Then reply on this message, otherwise, your code will not be reviewed or merged.
|
||||
Please also make sure to add/update the usage here: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2
|
||||
注意: 必须通过了 [DNS-API-Test](../wiki/DNS-API-Test) 才会被 review. 无论是修改, 还是新加的 dns api, 都必须确保通过这个测试.
|
||||
`
|
||||
})
|
||||
|
||||
|
9
acme.sh
9
acme.sh
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
VER=3.1.1
|
||||
VER=3.1.2
|
||||
|
||||
PROJECT_NAME="acme.sh"
|
||||
|
||||
@ -5504,6 +5504,13 @@ renew() {
|
||||
if [ -z "$Le_Keylength" ]; then
|
||||
Le_Keylength=2048
|
||||
fi
|
||||
if [ "$CA_LETSENCRYPT_V2" = "$Le_API" ]; then
|
||||
#letsencrypt doesn't support ocsp anymore
|
||||
if [ "$Le_OCSP_Staple" ]; then
|
||||
export Le_OCSP_Staple=""
|
||||
_cleardomainconf Le_OCSP_Staple
|
||||
fi
|
||||
fi
|
||||
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To"
|
||||
res="$?"
|
||||
if [ "$res" != "0" ]; then
|
||||
|
@ -52,6 +52,39 @@ _ws_call() {
|
||||
return 0
|
||||
}
|
||||
|
||||
# Upload certificate with webclient api
|
||||
_ws_upload_cert() {
|
||||
|
||||
/usr/bin/env python - <<EOF
|
||||
|
||||
import sys
|
||||
|
||||
from truenas_api_client import Client
|
||||
with Client() as c:
|
||||
|
||||
### Login with API key
|
||||
print("I:Trying to upload new certificate...")
|
||||
ret = c.call("auth.login_with_api_key", "${DEPLOY_TRUENAS_APIKEY}")
|
||||
if ret:
|
||||
### upload certificate
|
||||
with open('$1', 'r') as file:
|
||||
fullchain = file.read()
|
||||
with open('$2', 'r') as file:
|
||||
privatekey = file.read()
|
||||
ret = c.call("certificate.create", {"name": "$3", "create_type": "CERTIFICATE_CREATE_IMPORTED", "certificate": fullchain, "privatekey": privatekey, "passphrase": ""}, job=True)
|
||||
print("R:" + str(ret["id"]))
|
||||
sys.exit(0)
|
||||
else:
|
||||
print("R:0")
|
||||
print("E:_ws_upload_cert error!")
|
||||
sys.exit(7)
|
||||
|
||||
EOF
|
||||
|
||||
return $?
|
||||
|
||||
}
|
||||
|
||||
# Check argument is a number
|
||||
# Usage:
|
||||
#
|
||||
@ -129,7 +162,6 @@ _ws_get_job_result() {
|
||||
# 5: WebUI cert error
|
||||
# 6: Job error
|
||||
# 7: WS call error
|
||||
# 10: No CORE or SCALE detected
|
||||
#
|
||||
truenas_ws_deploy() {
|
||||
_domain="$1"
|
||||
@ -179,14 +211,8 @@ truenas_ws_deploy() {
|
||||
|
||||
_info "Gather system info..."
|
||||
_ws_response=$(_ws_call "system.info")
|
||||
_truenas_system=$(printf "%s" "$_ws_response" | jq -r '."version"' | cut -d '-' -f 2 | tr '[:lower:]' '[:upper:]')
|
||||
_truenas_version=$(printf "%s" "$_ws_response" | jq -r '."version"' | cut -d '-' -f 3)
|
||||
_info "TrueNAS system: $_truenas_system"
|
||||
_truenas_version=$(printf "%s" "$_ws_response" | jq -r '."version"')
|
||||
_info "TrueNAS version: $_truenas_version"
|
||||
if [ "$_truenas_system" != "SCALE" ] && [ "$_truenas_system" != "CORE" ]; then
|
||||
_err "Cannot gather TrueNAS system. Nor CORE oder SCALE detected."
|
||||
return 10
|
||||
fi
|
||||
|
||||
########## Gather current certificate
|
||||
|
||||
@ -203,19 +229,26 @@ truenas_ws_deploy() {
|
||||
_certname="acme_$(_utc_date | tr -d '\-\:' | tr ' ' '_')"
|
||||
_info "New WebUI certificate name: $_certname"
|
||||
_debug _certname "$_certname"
|
||||
_ws_jobid=$(_ws_call "certificate.create" "{\"name\": \"${_certname}\", \"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"certificate\": \"$(_json_encode <"$_file_fullchain")\", \"privatekey\": \"$(_json_encode <"$_file_key")\", \"passphrase\": \"\"}")
|
||||
_debug "_ws_jobid" "$_ws_jobid"
|
||||
if ! _ws_check_jobid "$_ws_jobid"; then
|
||||
_err "No JobID returned from websocket method."
|
||||
return 3
|
||||
fi
|
||||
_ws_result=$(_ws_get_job_result "$_ws_jobid")
|
||||
_ws_ret=$?
|
||||
if [ $_ws_ret -gt 0 ]; then
|
||||
return $_ws_ret
|
||||
fi
|
||||
_debug "_ws_result" "$_ws_result"
|
||||
_new_certid=$(printf "%s" "$_ws_result" | jq -r '."id"')
|
||||
_ws_out=$(_ws_upload_cert "$_file_fullchain" "$_file_key" "$_certname")
|
||||
|
||||
echo "$_ws_out" | while IFS= read -r LINE; do
|
||||
case "$LINE" in
|
||||
I:*)
|
||||
_info "${LINE#I:}"
|
||||
;;
|
||||
D:*)
|
||||
_debug "${LINE#D:}"
|
||||
;;
|
||||
E*)
|
||||
_err "${LINE#E:}"
|
||||
;;
|
||||
*) ;;
|
||||
|
||||
esac
|
||||
done
|
||||
|
||||
_new_certid=$(echo "$_ws_out" | grep 'R:' | cut -d ':' -f 2)
|
||||
|
||||
_info "New certificate ID: $_new_certid"
|
||||
|
||||
########## FTP
|
||||
@ -231,33 +264,31 @@ truenas_ws_deploy() {
|
||||
|
||||
########## ix Apps (SCALE only)
|
||||
|
||||
if [ "$_truenas_system" = "SCALE" ]; then
|
||||
_info "Replace app certificates..."
|
||||
_ws_response=$(_ws_call "app.query")
|
||||
for _app_name in $(printf "%s" "$_ws_response" | jq -r '.[]."name"'); do
|
||||
_info "Checking app $_app_name..."
|
||||
_ws_response=$(_ws_call "app.config" "$_app_name")
|
||||
if [ "$(printf "%s" "$_ws_response" | jq -r '."network" | has("certificate_id")')" = "true" ]; then
|
||||
_info "App has certificate option, setup new certificate..."
|
||||
_info "App will be redeployed after updating the certificate."
|
||||
_ws_jobid=$(_ws_call "app.update" "$_app_name" "{\"values\": {\"network\": {\"certificate_id\": $_new_certid}}}")
|
||||
_debug "_ws_jobid" "$_ws_jobid"
|
||||
if ! _ws_check_jobid "$_ws_jobid"; then
|
||||
_err "No JobID returned from websocket method."
|
||||
return 3
|
||||
fi
|
||||
_ws_result=$(_ws_get_job_result "$_ws_jobid")
|
||||
_ws_ret=$?
|
||||
if [ $_ws_ret -gt 0 ]; then
|
||||
return $_ws_ret
|
||||
fi
|
||||
_debug "_ws_result" "$_ws_result"
|
||||
_info "App certificate replaced."
|
||||
else
|
||||
_info "App has no certificate option, skipping..."
|
||||
_info "Replace app certificates..."
|
||||
_ws_response=$(_ws_call "app.query")
|
||||
for _app_name in $(printf "%s" "$_ws_response" | jq -r '.[]."name"'); do
|
||||
_info "Checking app $_app_name..."
|
||||
_ws_response=$(_ws_call "app.config" "$_app_name")
|
||||
if [ "$(printf "%s" "$_ws_response" | jq -r '."network" | has("certificate_id")')" = "true" ]; then
|
||||
_info "App has certificate option, setup new certificate..."
|
||||
_info "App will be redeployed after updating the certificate."
|
||||
_ws_jobid=$(_ws_call "app.update" "$_app_name" "{\"values\": {\"network\": {\"certificate_id\": $_new_certid}}}")
|
||||
_debug "_ws_jobid" "$_ws_jobid"
|
||||
if ! _ws_check_jobid "$_ws_jobid"; then
|
||||
_err "No JobID returned from websocket method."
|
||||
return 3
|
||||
fi
|
||||
done
|
||||
fi
|
||||
_ws_result=$(_ws_get_job_result "$_ws_jobid")
|
||||
_ws_ret=$?
|
||||
if [ $_ws_ret -gt 0 ]; then
|
||||
return $_ws_ret
|
||||
fi
|
||||
_debug "_ws_result" "$_ws_result"
|
||||
_info "App certificate replaced."
|
||||
else
|
||||
_info "App has no certificate option, skipping..."
|
||||
fi
|
||||
done
|
||||
|
||||
########## WebUI
|
||||
|
||||
|
@ -128,7 +128,7 @@ _1984hosting_login() {
|
||||
|
||||
_get "https://1984.hosting/accounts/login/" | grep "csrfmiddlewaretoken"
|
||||
csrftoken="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')"
|
||||
sessionid="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
|
||||
sessionid="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'cookie1984nammnamm=[^;]*;' | tr -d ';')"
|
||||
|
||||
if [ -z "$csrftoken" ] || [ -z "$sessionid" ]; then
|
||||
_err "One or more cookies are empty: '$csrftoken', '$sessionid'."
|
||||
@ -145,7 +145,7 @@ _1984hosting_login() {
|
||||
_debug2 response "$response"
|
||||
|
||||
if _contains "$response" '"loggedin": true'; then
|
||||
One984HOSTING_SESSIONID_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
|
||||
One984HOSTING_SESSIONID_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'cookie1984nammnamm=[^;]*;' | tr -d ';')"
|
||||
One984HOSTING_CSRFTOKEN_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')"
|
||||
export One984HOSTING_SESSIONID_COOKIE
|
||||
export One984HOSTING_CSRFTOKEN_COOKIE
|
||||
|
@ -1,17 +1,17 @@
|
||||
#!/usr/bin/env sh
|
||||
# shellcheck disable=SC2034
|
||||
dns_active24_info='Active24.com
|
||||
Site: Active24.com
|
||||
dns_active24_info='Active24.cz
|
||||
Site: Active24.cz
|
||||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_active24
|
||||
Options:
|
||||
ACTIVE24_Token API Token
|
||||
Active24_ApiKey API Key. Called "Identifier" in the Active24 Admin
|
||||
Active24_ApiSecret API Secret. Called "Secret key" in the Active24 Admin
|
||||
Issues: github.com/acmesh-official/acme.sh/issues/2059
|
||||
Author: Milan Pála
|
||||
'
|
||||
|
||||
ACTIVE24_Api="https://api.active24.com"
|
||||
|
||||
######## Public functions #####################
|
||||
Active24_Api="https://rest.active24.cz"
|
||||
# export Active24_ApiKey=ak48l3h7-ak5d-qn4t-p8gc-b6fs8c3l
|
||||
# export Active24_ApiSecret=ajvkeo3y82ndsu2smvxy3o36496dcascksldncsq
|
||||
|
||||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
# Used to add txt record
|
||||
@ -22,8 +22,8 @@ dns_active24_add() {
|
||||
_active24_init
|
||||
|
||||
_info "Adding txt record"
|
||||
if _active24_rest POST "dns/$_domain/txt/v1" "{\"name\":\"$_sub_domain\",\"text\":\"$txtvalue\",\"ttl\":0}"; then
|
||||
if _contains "$response" "errors"; then
|
||||
if _active24_rest POST "/v2/service/$_service_id/dns/record" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":300}"; then
|
||||
if _contains "$response" "error"; then
|
||||
_err "Add txt record error."
|
||||
return 1
|
||||
else
|
||||
@ -31,6 +31,7 @@ dns_active24_add() {
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
_err "Add txt record error."
|
||||
return 1
|
||||
}
|
||||
@ -44,19 +45,25 @@ dns_active24_rm() {
|
||||
_active24_init
|
||||
|
||||
_debug "Getting txt records"
|
||||
_active24_rest GET "dns/$_domain/records/v1"
|
||||
# The API needs to send data in body in order the filter to work
|
||||
# TODO: web can also add content $txtvalue to filter and then get the id from response
|
||||
_active24_rest GET "/v2/service/$_service_id/dns/record" "{\"page\":1,\"descending\":true,\"sortBy\":\"name\",\"rowsPerPage\":100,\"totalRecords\":0,\"filters\":{\"type\":[\"TXT\"],\"name\":\"${_sub_domain}\"}}"
|
||||
#_active24_rest GET "/v2/service/$_service_id/dns/record?rowsPerPage=100"
|
||||
|
||||
if _contains "$response" "errors"; then
|
||||
if _contains "$response" "error"; then
|
||||
_err "Error"
|
||||
return 1
|
||||
fi
|
||||
|
||||
hash_ids=$(echo "$response" | _egrep_o "[^{]+${txtvalue}[^}]+" | _egrep_o "hashId\":\"[^\"]+" | cut -c10-)
|
||||
# Note: it might never be more than one record actually, NEEDS more INVESTIGATION
|
||||
record_ids=$(printf "%s" "$response" | _egrep_o "[^{]+${txtvalue}[^}]+" | _egrep_o '"id" *: *[^,]+' | cut -d ':' -f 2)
|
||||
_debug2 record_ids "$record_ids"
|
||||
|
||||
for hash_id in $hash_ids; do
|
||||
_debug "Removing hash_id" "$hash_id"
|
||||
if _active24_rest DELETE "dns/$_domain/$hash_id/v1" ""; then
|
||||
if _contains "$response" "errors"; then
|
||||
for redord_id in $record_ids; do
|
||||
_debug "Removing record_id" "$redord_id"
|
||||
_debug "txtvalue" "$txtvalue"
|
||||
if _active24_rest DELETE "/v2/service/$_service_id/dns/record/$redord_id" ""; then
|
||||
if _contains "$response" "error"; then
|
||||
_err "Unable to remove txt record."
|
||||
return 1
|
||||
else
|
||||
@ -70,21 +77,15 @@ dns_active24_rm() {
|
||||
return 1
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
#_acme-challenge.www.domain.com
|
||||
#returns
|
||||
# _sub_domain=_acme-challenge.www
|
||||
# _domain=domain.com
|
||||
# _domain_id=sdjkglgdfewsdfg
|
||||
_get_root() {
|
||||
domain=$1
|
||||
i=1
|
||||
p=1
|
||||
|
||||
if ! _active24_rest GET "dns/domains/v1"; then
|
||||
if ! _active24_rest GET "/v1/user/self/service"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
i=1
|
||||
p=1
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
|
||||
_debug "h" "$h"
|
||||
@ -104,21 +105,98 @@ _get_root() {
|
||||
return 1
|
||||
}
|
||||
|
||||
_active24_rest() {
|
||||
m=$1
|
||||
ep="$2"
|
||||
data="$3"
|
||||
_debug "$ep"
|
||||
_active24_init() {
|
||||
Active24_ApiKey="${Active24_ApiKey:-$(_readaccountconf_mutable Active24_ApiKey)}"
|
||||
Active24_ApiSecret="${Active24_ApiSecret:-$(_readaccountconf_mutable Active24_ApiSecret)}"
|
||||
#Active24_ServiceId="${Active24_ServiceId:-$(_readaccountconf_mutable Active24_ServiceId)}"
|
||||
|
||||
export _H1="Authorization: Bearer $ACTIVE24_Token"
|
||||
|
||||
if [ "$m" != "GET" ]; then
|
||||
_debug "data" "$data"
|
||||
response="$(_post "$data" "$ACTIVE24_Api/$ep" "" "$m" "application/json")"
|
||||
else
|
||||
response="$(_get "$ACTIVE24_Api/$ep")"
|
||||
if [ -z "$Active24_ApiKey" ] || [ -z "$Active24_ApiSecret" ]; then
|
||||
Active24_ApiKey=""
|
||||
Active24_ApiSecret=""
|
||||
_err "You don't specify Active24 api key and ApiSecret yet."
|
||||
_err "Please create your key and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
#save the credentials to the account conf file.
|
||||
_saveaccountconf_mutable Active24_ApiKey "$Active24_ApiKey"
|
||||
_saveaccountconf_mutable Active24_ApiSecret "$Active24_ApiSecret"
|
||||
|
||||
_debug "A24 API CHECK"
|
||||
if ! _active24_rest GET "/v2/check"; then
|
||||
_err "A24 API check failed with: $response"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! echo "$response" | tr -d " " | grep \"verified\":true >/dev/null; then
|
||||
_err "A24 API check failed with: $response"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug "First detect the root zone"
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _domain "$_domain"
|
||||
_active24_get_service_id "$_domain"
|
||||
_debug _service_id "$_service_id"
|
||||
}
|
||||
|
||||
_active24_get_service_id() {
|
||||
_d=$1
|
||||
if ! _active24_rest GET "/v1/user/self/zone/${_d}"; then
|
||||
return 1
|
||||
else
|
||||
response=$(echo "$response" | _json_decode)
|
||||
_service_id=$(echo "$response" | _egrep_o '"id" *: *[^,]+' | cut -d ':' -f 2)
|
||||
fi
|
||||
}
|
||||
|
||||
_active24_rest() {
|
||||
m=$1
|
||||
ep_qs=$2 # with query string
|
||||
# ep=$2
|
||||
ep=$(printf "%s" "$ep_qs" | cut -d '?' -f1) # no query string
|
||||
data="$3"
|
||||
|
||||
_debug "A24 $ep"
|
||||
_debug "A24 $Active24_ApiKey"
|
||||
_debug "A24 $Active24_ApiSecret"
|
||||
|
||||
timestamp=$(_time)
|
||||
datez=$(date -u +"%Y%m%dT%H%M%SZ")
|
||||
canonicalRequest="${m} ${ep} ${timestamp}"
|
||||
signature=$(printf "%s" "$canonicalRequest" | _hmac sha1 "$(printf "%s" "$Active24_ApiSecret" | _hex_dump | tr -d " ")" hex)
|
||||
authorization64="$(printf "%s:%s" "$Active24_ApiKey" "$signature" | _base64)"
|
||||
|
||||
export _H1="Date: ${datez}"
|
||||
export _H2="Accept: application/json"
|
||||
export _H3="Content-Type: application/json"
|
||||
export _H4="Authorization: Basic ${authorization64}"
|
||||
|
||||
_debug2 H1 "$_H1"
|
||||
_debug2 H2 "$_H2"
|
||||
_debug2 H3 "$_H3"
|
||||
_debug2 H4 "$_H4"
|
||||
|
||||
# _sleep 1
|
||||
|
||||
if [ "$m" != "GET" ]; then
|
||||
_debug2 "${m} $Active24_Api${ep_qs}"
|
||||
_debug "data" "$data"
|
||||
response="$(_post "$data" "$Active24_Api${ep_qs}" "" "$m" "application/json")"
|
||||
else
|
||||
if [ -z "$data" ]; then
|
||||
_debug2 "GET $Active24_Api${ep_qs}"
|
||||
response="$(_get "$Active24_Api${ep_qs}")"
|
||||
else
|
||||
_debug2 "GET $Active24_Api${ep_qs} with data: ${data}"
|
||||
response="$(_post "$data" "$Active24_Api${ep_qs}" "" "$m" "application/json")"
|
||||
fi
|
||||
fi
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "error $ep"
|
||||
return 1
|
||||
@ -126,23 +204,3 @@ _active24_rest() {
|
||||
_debug2 response "$response"
|
||||
return 0
|
||||
}
|
||||
|
||||
_active24_init() {
|
||||
ACTIVE24_Token="${ACTIVE24_Token:-$(_readaccountconf_mutable ACTIVE24_Token)}"
|
||||
if [ -z "$ACTIVE24_Token" ]; then
|
||||
ACTIVE24_Token=""
|
||||
_err "You didn't specify a Active24 api token yet."
|
||||
_err "Please create the token and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_saveaccountconf_mutable ACTIVE24_Token "$ACTIVE24_Token"
|
||||
|
||||
_debug "First detect the root zone"
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _domain "$_domain"
|
||||
}
|
||||
|
@ -340,8 +340,17 @@ _azure_getaccess_token() {
|
||||
|
||||
if [ "$managedIdentity" = true ]; then
|
||||
# https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http
|
||||
export _H1="Metadata: true"
|
||||
response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)"
|
||||
if [ -n "$IDENTITY_ENDPOINT" ]; then
|
||||
# Some Azure environments may set IDENTITY_ENDPOINT (formerly MSI_ENDPOINT) to have an alternative metadata endpoint
|
||||
url="$IDENTITY_ENDPOINT?api-version=2019-08-01&resource=https://management.azure.com/"
|
||||
headers="X-IDENTITY-HEADER: $IDENTITY_HEADER"
|
||||
else
|
||||
url="http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/"
|
||||
headers="Metadata: true"
|
||||
fi
|
||||
|
||||
export _H1="$headers"
|
||||
response="$(_get "$url")"
|
||||
response="$(echo "$response" | _normalizeJson)"
|
||||
accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
|
||||
expires_on=$(echo "$response" | _egrep_o "\"expires_on\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
|
||||
|
212
dnsapi/dns_spaceship.sh
Normal file
212
dnsapi/dns_spaceship.sh
Normal file
@ -0,0 +1,212 @@
|
||||
#!/usr/bin/env sh
|
||||
# shellcheck disable=SC2034
|
||||
dns_spaceship_info='Spaceship.com
|
||||
Site: Spaceship.com
|
||||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_spaceship
|
||||
Options:
|
||||
SPACESHIP_API_KEY Spaceship API Key
|
||||
SPACESHIP_API_SECRET Spaceship API Secret
|
||||
SPACESHIP_ROOT_DOMAIN (Optional) Manually specify the root domain if auto-detection fails
|
||||
Issues: github.com/acmesh-official/acme.sh/issues/6304
|
||||
Author: Meow <https://github.com/Meo597>
|
||||
'
|
||||
|
||||
# Spaceship API
|
||||
# https://docs.spaceship.dev/
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
SPACESHIP_API_BASE="https://spaceship.dev/api/v1"
|
||||
|
||||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
# Used to add txt record
|
||||
dns_spaceship_add() {
|
||||
fulldomain="$1"
|
||||
txtvalue="$2"
|
||||
|
||||
_info "Adding TXT record for $fulldomain with value $txtvalue"
|
||||
|
||||
# Initialize API credentials and headers
|
||||
if ! _spaceship_init; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Detect root zone
|
||||
if ! _get_root "$fulldomain"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Extract subdomain part relative to root domain
|
||||
subdomain=$(echo "$fulldomain" | sed "s/\.$_domain$//")
|
||||
if [ "$subdomain" = "$fulldomain" ]; then
|
||||
_err "Failed to extract subdomain from $fulldomain relative to root domain $_domain"
|
||||
return 1
|
||||
fi
|
||||
_debug "Extracted subdomain: $subdomain for root domain: $_domain"
|
||||
|
||||
# Escape txtvalue to prevent JSON injection (e.g., quotes in txtvalue)
|
||||
escaped_txtvalue=$(echo "$txtvalue" | sed 's/"/\\"/g')
|
||||
|
||||
# Prepare payload and URL for adding TXT record
|
||||
# Note: 'name' in payload uses subdomain (e.g., _acme-challenge.sub) as required by Spaceship API
|
||||
payload="{\"force\": true, \"items\": [{\"type\": \"TXT\", \"name\": \"$subdomain\", \"value\": \"$escaped_txtvalue\", \"ttl\": 600}]}"
|
||||
url="$SPACESHIP_API_BASE/dns/records/$_domain"
|
||||
|
||||
# Send API request
|
||||
if _spaceship_api_request "PUT" "$url" "$payload"; then
|
||||
_info "Successfully added TXT record for $fulldomain"
|
||||
return 0
|
||||
else
|
||||
_err "Failed to add TXT record. If the domain $_domain is incorrect, set SPACESHIP_ROOT_DOMAIN to the correct root domain."
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Usage: fulldomain txtvalue
|
||||
# Used to remove the txt record after validation
|
||||
dns_spaceship_rm() {
|
||||
fulldomain="$1"
|
||||
txtvalue="$2"
|
||||
|
||||
_info "Removing TXT record for $fulldomain with value $txtvalue"
|
||||
|
||||
# Initialize API credentials and headers
|
||||
if ! _spaceship_init; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Detect root zone
|
||||
if ! _get_root "$fulldomain"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Extract subdomain part relative to root domain
|
||||
subdomain=$(echo "$fulldomain" | sed "s/\.$_domain$//")
|
||||
if [ "$subdomain" = "$fulldomain" ]; then
|
||||
_err "Failed to extract subdomain from $fulldomain relative to root domain $_domain"
|
||||
return 1
|
||||
fi
|
||||
_debug "Extracted subdomain: $subdomain for root domain: $_domain"
|
||||
|
||||
# Escape txtvalue to prevent JSON injection
|
||||
escaped_txtvalue=$(echo "$txtvalue" | sed 's/"/\\"/g')
|
||||
|
||||
# Prepare payload and URL for deleting TXT record
|
||||
# Note: 'name' in payload uses subdomain (e.g., _acme-challenge.sub) as required by Spaceship API
|
||||
payload="[{\"type\": \"TXT\", \"name\": \"$subdomain\", \"value\": \"$escaped_txtvalue\"}]"
|
||||
url="$SPACESHIP_API_BASE/dns/records/$_domain"
|
||||
|
||||
# Send API request
|
||||
if _spaceship_api_request "DELETE" "$url" "$payload"; then
|
||||
_info "Successfully deleted TXT record for $fulldomain"
|
||||
return 0
|
||||
else
|
||||
_err "Failed to delete TXT record. If the domain $_domain is incorrect, set SPACESHIP_ROOT_DOMAIN to the correct root domain."
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
|
||||
_spaceship_init() {
|
||||
SPACESHIP_API_KEY="${SPACESHIP_API_KEY:-$(_readaccountconf_mutable SPACESHIP_API_KEY)}"
|
||||
SPACESHIP_API_SECRET="${SPACESHIP_API_SECRET:-$(_readaccountconf_mutable SPACESHIP_API_SECRET)}"
|
||||
|
||||
if [ -z "$SPACESHIP_API_KEY" ] || [ -z "$SPACESHIP_API_SECRET" ]; then
|
||||
_err "Spaceship API credentials are not set. Please set SPACESHIP_API_KEY and SPACESHIP_API_SECRET."
|
||||
_err "Ensure \"$LE_CONFIG_HOME\" directory has restricted permissions (chmod 700 \"$LE_CONFIG_HOME\") to protect credentials."
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Save credentials to account config for future renewals
|
||||
_saveaccountconf_mutable SPACESHIP_API_KEY "$SPACESHIP_API_KEY"
|
||||
_saveaccountconf_mutable SPACESHIP_API_SECRET "$SPACESHIP_API_SECRET"
|
||||
|
||||
# Set common headers for API requests
|
||||
export _H1="X-API-Key: $SPACESHIP_API_KEY"
|
||||
export _H2="X-API-Secret: $SPACESHIP_API_SECRET"
|
||||
export _H3="Content-Type: application/json"
|
||||
return 0
|
||||
}
|
||||
|
||||
_get_root() {
|
||||
domain="$1"
|
||||
|
||||
# Check manual override
|
||||
SPACESHIP_ROOT_DOMAIN="${SPACESHIP_ROOT_DOMAIN:-$(_readdomainconf SPACESHIP_ROOT_DOMAIN)}"
|
||||
if [ -n "$SPACESHIP_ROOT_DOMAIN" ]; then
|
||||
_domain="$SPACESHIP_ROOT_DOMAIN"
|
||||
_debug "Using manually specified or saved root domain: $_domain"
|
||||
_savedomainconf SPACESHIP_ROOT_DOMAIN "$SPACESHIP_ROOT_DOMAIN"
|
||||
return 0
|
||||
fi
|
||||
|
||||
_debug "Detecting root zone for '$domain'"
|
||||
|
||||
i=1
|
||||
p=1
|
||||
while true; do
|
||||
_cutdomain=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
|
||||
|
||||
_debug "Attempt i=$i: Checking if '$_cutdomain' is root zone (cut ret=$?)"
|
||||
|
||||
if [ -z "$_cutdomain" ]; then
|
||||
_debug "Cut resulted in empty string, root zone not found."
|
||||
break
|
||||
fi
|
||||
|
||||
# Call the API to check if this _cutdomain is a manageable zone
|
||||
if _spaceship_api_request "GET" "$SPACESHIP_API_BASE/dns/records/$_cutdomain?take=1&skip=0"; then
|
||||
# API call succeeded (HTTP 200 OK for GET /dns/records)
|
||||
_domain="$_cutdomain"
|
||||
_debug "Root zone found: '$_domain'"
|
||||
|
||||
# Save the detected root domain
|
||||
_savedomainconf SPACESHIP_ROOT_DOMAIN "$_domain"
|
||||
_info "Root domain '$_domain' saved to configuration for future use."
|
||||
|
||||
return 0
|
||||
fi
|
||||
|
||||
_debug "API check failed for '$_cutdomain'. Continuing search."
|
||||
|
||||
p=$i
|
||||
i=$((i + 1))
|
||||
done
|
||||
|
||||
_err "Could not detect root zone for '$domain'. Please set SPACESHIP_ROOT_DOMAIN manually."
|
||||
return 1
|
||||
}
|
||||
|
||||
_spaceship_api_request() {
|
||||
method="$1"
|
||||
url="$2"
|
||||
payload="$3"
|
||||
|
||||
_debug2 "Sending $method request to $url with payload $payload"
|
||||
if [ "$method" = "GET" ]; then
|
||||
response="$(_get "$url")"
|
||||
else
|
||||
response="$(_post "$payload" "$url" "" "$method")"
|
||||
fi
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "API request failed. Response: $response"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug2 "API response body: $response"
|
||||
|
||||
if [ "$method" = "GET" ]; then
|
||||
if _contains "$(_head_n 1 <"$HTTP_HEADER")" '200'; then
|
||||
return 0
|
||||
fi
|
||||
else
|
||||
if _contains "$(_head_n 1 <"$HTTP_HEADER")" '204'; then
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
_debug2 "API response header: $HTTP_HEADER"
|
||||
return 1
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user