mirror of
https://github.com/acmesh-official/acme.sh.git
synced 2025-04-30 04:02:45 +00:00
d8637b2c0f
Ubiquiti removed keytool (and java) from recent releases of Unifi OS. This moves from keytool to openssl's native pkcs12. Tested on Unifi Dream Machine which runs Unifi OS and a built-in Unifi controller. Also added backup of existing files prior to change in case anything goes wrong, and update system configuration with compatible ciphers.
201 lines
5.1 KiB
Bash
Executable File
201 lines
5.1 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
# shellcheck disable=SC2034
|
|
dns_gd_info='GoDaddy.com
|
|
Site: GoDaddy.com
|
|
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gd
|
|
Options:
|
|
GD_Key API Key
|
|
GD_Secret API Secret
|
|
'
|
|
|
|
GD_Api="https://api.godaddy.com/v1"
|
|
|
|
######## Public functions #####################
|
|
|
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
|
dns_gd_add() {
|
|
fulldomain=$1
|
|
txtvalue=$2
|
|
|
|
GD_Key="${GD_Key:-$(_readaccountconf_mutable GD_Key)}"
|
|
GD_Secret="${GD_Secret:-$(_readaccountconf_mutable GD_Secret)}"
|
|
if [ -z "$GD_Key" ] || [ -z "$GD_Secret" ]; then
|
|
GD_Key=""
|
|
GD_Secret=""
|
|
_err "You didn't specify godaddy api key and secret yet."
|
|
_err "Please create your key and try again."
|
|
return 1
|
|
fi
|
|
|
|
#save the api key and email to the account conf file.
|
|
_saveaccountconf_mutable GD_Key "$GD_Key"
|
|
_saveaccountconf_mutable GD_Secret "$GD_Secret"
|
|
|
|
_debug "First detect the root zone"
|
|
if ! _get_root "$fulldomain"; then
|
|
_err "invalid domain"
|
|
return 1
|
|
fi
|
|
|
|
_debug _sub_domain "$_sub_domain"
|
|
_debug _domain "$_domain"
|
|
|
|
_debug "Getting existing records"
|
|
if ! _gd_rest GET "domains/$_domain/records/TXT/$_sub_domain"; then
|
|
return 1
|
|
fi
|
|
|
|
if _contains "$response" "$txtvalue"; then
|
|
_info "This record already exists, skipping"
|
|
return 0
|
|
fi
|
|
|
|
_add_data="{\"data\":\"$txtvalue\"}"
|
|
for t in $(echo "$response" | tr '{' "\n" | grep "\"name\":\"$_sub_domain\"" | tr ',' "\n" | grep '"data"' | cut -d : -f 2); do
|
|
_debug2 t "$t"
|
|
# ignore empty (previously removed) records, to prevent useless _acme-challenge TXT entries
|
|
if [ "$t" ] && [ "$t" != '""' ]; then
|
|
_add_data="$_add_data,{\"data\":$t}"
|
|
fi
|
|
done
|
|
_debug2 _add_data "$_add_data"
|
|
|
|
_info "Adding record"
|
|
if _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[$_add_data]"; then
|
|
_debug "Checking updated records of '${fulldomain}'"
|
|
|
|
if ! _gd_rest GET "domains/$_domain/records/TXT/$_sub_domain"; then
|
|
_err "Validating TXT record for '${fulldomain}' with rest error [$?]." "$response"
|
|
return 1
|
|
fi
|
|
|
|
if ! _contains "$response" "$txtvalue"; then
|
|
_err "TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!"
|
|
return 1
|
|
fi
|
|
else
|
|
_err "Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set."
|
|
return 1
|
|
fi
|
|
|
|
_sleep 10
|
|
_info "Added TXT record '${txtvalue}' for '${fulldomain}'."
|
|
return 0
|
|
}
|
|
|
|
#fulldomain
|
|
dns_gd_rm() {
|
|
fulldomain=$1
|
|
txtvalue=$2
|
|
|
|
GD_Key="${GD_Key:-$(_readaccountconf_mutable GD_Key)}"
|
|
GD_Secret="${GD_Secret:-$(_readaccountconf_mutable GD_Secret)}"
|
|
|
|
_debug "First detect the root zone"
|
|
if ! _get_root "$fulldomain"; then
|
|
_err "invalid domain"
|
|
return 1
|
|
fi
|
|
|
|
_debug _sub_domain "$_sub_domain"
|
|
_debug _domain "$_domain"
|
|
|
|
_debug "Getting existing records"
|
|
if ! _gd_rest GET "domains/$_domain/records/TXT/$_sub_domain"; then
|
|
return 1
|
|
fi
|
|
|
|
if ! _contains "$response" "$txtvalue"; then
|
|
_info "The record does not exist, skip"
|
|
return 0
|
|
fi
|
|
|
|
_add_data=""
|
|
for t in $(echo "$response" | tr '{' "\n" | grep "\"name\":\"$_sub_domain\"" | tr ',' "\n" | grep '"data"' | cut -d : -f 2); do
|
|
_debug2 t "$t"
|
|
if [ "$t" ] && [ "$t" != "\"$txtvalue\"" ]; then
|
|
if [ "$_add_data" ]; then
|
|
_add_data="$_add_data,{\"data\":$t}"
|
|
else
|
|
_add_data="{\"data\":$t}"
|
|
fi
|
|
fi
|
|
done
|
|
if [ -z "$_add_data" ]; then
|
|
# delete empty record
|
|
_debug "Delete last record for '${fulldomain}'"
|
|
if ! _gd_rest DELETE "domains/$_domain/records/TXT/$_sub_domain"; then
|
|
_err "Cannot delete empty TXT record for '$fulldomain'"
|
|
return 1
|
|
fi
|
|
else
|
|
# remove specific TXT value, keeping other entries
|
|
_debug2 _add_data "$_add_data"
|
|
if ! _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[$_add_data]"; then
|
|
_err "Cannot update TXT record for '$fulldomain'"
|
|
return 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
#################### Private functions below ##################################
|
|
#_acme-challenge.www.domain.com
|
|
#returns
|
|
# _sub_domain=_acme-challenge.www
|
|
# _domain=domain.com
|
|
_get_root() {
|
|
domain=$1
|
|
i=2
|
|
p=1
|
|
while true; do
|
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
|
if [ -z "$h" ]; then
|
|
#not valid
|
|
return 1
|
|
fi
|
|
|
|
if ! _gd_rest GET "domains/$h"; then
|
|
return 1
|
|
fi
|
|
|
|
if _contains "$response" '"code":"NOT_FOUND"'; then
|
|
_debug "$h not found"
|
|
else
|
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
|
_domain="$h"
|
|
return 0
|
|
fi
|
|
p="$i"
|
|
i=$(_math "$i" + 1)
|
|
done
|
|
return 1
|
|
}
|
|
|
|
_gd_rest() {
|
|
m=$1
|
|
ep="$2"
|
|
data="$3"
|
|
_debug "$ep"
|
|
|
|
export _H1="Authorization: sso-key $GD_Key:$GD_Secret"
|
|
export _H2="Content-Type: application/json"
|
|
|
|
if [ "$data" ] || [ "$m" = "DELETE" ]; then
|
|
_debug "data ($m): " "$data"
|
|
response="$(_post "$data" "$GD_Api/$ep" "" "$m")"
|
|
else
|
|
response="$(_get "$GD_Api/$ep")"
|
|
fi
|
|
|
|
if [ "$?" != "0" ]; then
|
|
_err "error on rest call ($m): $ep"
|
|
return 1
|
|
fi
|
|
_debug2 response "$response"
|
|
if _contains "$response" "UNABLE_TO_AUTHENTICATE"; then
|
|
_err "It seems that your api key or secret is not correct."
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|