acme.sh/deploy/directadmin.sh

#!/usr/bin/env sh

# DirectAdmin 1.58.2 API
# This script can be used to deploy certificates to DirectAdmin
#
# User must provide login data and URL (incl. port) to DirectAdmin.
# You can create login key, by using the Login Keys function
# ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to
# - CMD_API_SSL
#
# Report bugs to https://github.com/Eddict/acme.sh/issues
#
# Values to export:
# export DA_Api="https://remoteUser:remotePassword@da.example.com:8443"
# export DA_Api_Insecure=1
#
# Set DA_Api_Insecure to 1 for insecure and 0 for secure -> difference is
# whether ssl cert is checked for validity (0) or whether it is just accepted (1)
#
# Thanks to https://github.com/TigerP, creator of dnsapi/dns_da.sh
# That script helped a lot to create this one

########  Public functions #####################
directadmin_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"

  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

  _DA_credentials && _DA_setSSL
  return 0
}

####################  Private functions below ##################################
# Usage: _DA_credentials
# It will check if the needed settings are available
_DA_credentials() {
  DA_Api="${DA_Api:-$(_readaccountconf_mutable DA_Api)}"
  DA_Api_Insecure="${DA_Api_Insecure:-$(_readaccountconf_mutable DA_Api_Insecure)}"
  if [ -z "${DA_Api}" ] || [ -z "${DA_Api_Insecure}" ]; then
    DA_Api=""
    DA_Api_Insecure=""
    _err "You haven't specified the DirectAdmin Login data, URL and whether you want check the DirectAdmin SSL cert. Please try again."
    return 1
  else
    _saveaccountconf_mutable DA_Api "${DA_Api}"
    _saveaccountconf_mutable DA_Api_Insecure "${DA_Api_Insecure}"
    # Set whether curl should use secure or insecure mode
    export HTTPS_INSECURE="${DA_Api_Insecure}"
  fi
}

# Usage: _da_get_api CMD_API_* data example.com
# Use the DirectAdmin API and check the result
# returns
#  response="error=0&text=Result text&details="
_da_get_api() {
  cmd=$1
  data=$2
  domain=$3
  _debug "$domain; $data"

  if ! response=$(_get "$DA_Api/$cmd?$data"); then
    _err "error $cmd"
    return 1
  fi
  _secure_debug2 response "$response"
  return 0
}

# Usage: _DA_setSSL
# Use the API to set the certificates
_DA_setSSL() {
  curData="domain=${_cdomain}&json=yes"
  _debug "Calling _da_get_api: '${curData}' '${DA_Api}/CMD_API_SSL'"
  _da_get_api CMD_API_SSL "${curData}" "${domain}"
  _secure_debug2 "response" "$response"
  cert_response=$response

  name="ssl_on"
  if ! _contains "$cert_response" "$name"; then
    _err "'${name}' was not found in response."
    return 1
  fi
  ssl_on="$(echo "$cert_response" | jq -r .$name)"
  _debug2 "$name" "$ssl_on"

  if [ "$ssl_on" = "yes" ]; then
    _debug "Domain '${_cdomain}' has SSL enabled: $(__green "$ssl_on")"
  else
    _err "Domain '${_cdomain}' does not has SSL enabled: $ssl_on"
    if [ -z "$FORCE" ]; then
      _info "Add '$(__red '--force')' to force to deploy."
      return 1
    fi
  fi

  name="server"
  if ! _contains "$cert_response" "$name"; then
    _err "'${name}' was not found in response."
    return 1
  fi
  server="$(echo "$cert_response" | jq -r .$name)"
  _debug "$name" "$server"

  if [ "$server" = "no" ]; then
    _debug "Domain '${_cdomain}' is using a custom/pasted certificate."
  else
    _err "Domain '${_cdomain}' is using the server certificate."
    if [ -z "$FORCE" ]; then
      _info "Add '$(__red '--force')' to force to deploy."
      return 1
    fi
  fi

  curData="domain=${_cdomain}&view=cacert&json=yes"
  _debug "Calling _DA_da_get_api_getSSL: '${curData}' '${DA_Api}/CMD_API_SSL'"
  _da_get_api CMD_API_SSL "${curData}" "${_cdomain}"
  _secure_debug2 "response" "$response"
  cacert_response=$response

  name="enabled"
  if ! _contains "$cacert_response" "$name"; then
    _err "'${name}' was not found in response."
    return 1
  fi
  enabled="$(echo "$cacert_response" | jq -r .$name)"
  _debug "$name" "$enabled"

  cca=$(cat -v "$_cca")
  cca_flat="$(echo "$cca" | tr -d '\r' | tr -d '\n')"
  ckey=$(cat -v "$_ckey")
  ckey_flat="$(echo "$ckey" | tr -d '\r' | tr -d '\n')"
  ccert=$(cat -v "$_ccert")
  ccert_flat="$(echo "$ccert" | tr -d '\r' | tr -d '\n')"

  name="cacert"
  sameCaCert=1
  if [ "$enabled" = "yes" ]; then
    _debug "Domain '${_cdomain}' is using a CA certificate."

    cacert="$(echo "$cacert_response" | jq -r .$name)"
    cacert_flat="$(echo "$cacert" | tr -d '\r' | tr -d '\n')"
    _debug2 "$name" "$cacert"

    if [ "$cacert_flat" != "$cca_flat" ]; then
      sameCaCert=0
      _info "Domain '${_cdomain}' is using $(__red 'a different') CA certificate."
    else
      _info "Domain '${_cdomain}' is using the same CA certificate."
    fi
  else
    _err "Domain '${_cdomain}' is currently not using a CA certificate."
    if [ -z "$FORCE" ]; then
      _info "Add '$(__red '--force')' to force to deploy."
      return 1
    fi
  fi

  name="key"
  sameKey=1
  if _contains "$cert_response" "$name"; then
    key="$(echo "$cert_response" | jq -r .$name)"
    key_flat="$(echo "$key" | tr -d '\r' | tr -d '\n')"
    _secure_debug2 "$name" "$key"

    if [ "$key_flat" != "$ckey_flat" ]; then
      sameKey=0
      _info "Domain '${_cdomain}' is using $(__red 'a different') private key."
    else
      _info "Domain '${_cdomain}' is using the same private key."
    fi
  fi

  name="certificate"
  sameCert=1
  if _contains "$cert_response" "$name"; then
    cert="$(echo "$cert_response" | jq -r .$name)"
    cert_flat="$(echo "$cert" | tr -d '\r' | tr -d '\n')"
    _debug2 "$name" "$cert"

    if [ "$cert_flat" != "$ccert_flat" ]; then
      sameCert=0
      _info "Domain '${_cdomain}' is using $(__red 'a different') certificate."
    else
      _info "Domain '${_cdomain}' is using the same certificate."
    fi
  fi

  if [ -n "$FORCE" ] || [ $sameCaCert -eq 0 ] || [ $sameKey -eq 0 ] || [ $sameCert -eq 0 ]; then
    if [ -n "$FORCE" ] || [ $sameCaCert -eq 0 ]; then
      export _H1="Content-Type: application/x-www-form-urlencoded"

      encoded_cacert_value="$(printf "%s" "${cca}" | _url_encode)"
      _debug2 encoded_cacert_value "$encoded_cacert_value"
      curData="domain=${_cdomain}&action=save&type=cacert&active=yes&cacert=${encoded_cacert_value}"
      response="$(_post "$curData" "${DA_Api}/CMD_API_SSL")"
      if _contains "${response}" 'error=0'; then
        _info "$(__green "Setting the cacert succeeded for domain '${_cdomain}'.")"
      else
        _err "Setting the cacert failed for domain '${_cdomain}'. Check response:"
        _err "$response"
        return 1
      fi
    fi

    if [ -n "$FORCE" ] || [ $sameKey -eq 0 ] || [ $sameCert -eq 0 ]; then
      export _H1="Content-Type: application/x-www-form-urlencoded"

      encoded_keycert_value="$(printf "%s" "${ckey}$'\n'${ccert}" | _url_encode)"
      _debug2 encoded_cert_value "$encoded_keycert_value"
      curData="domain=${_cdomain}&action=save&type=paste&request=no&certificate=${encoded_keycert_value}"
      response="$(_post "$curData" "${DA_Api}/CMD_API_SSL")"
      if _contains "${response}" 'error=0'; then
        _info "$(__green "Setting the key and cert succeeded for domain '${_cdomain}'.")"
      else
        _err "Setting the key and cert failed for domain '${_cdomain}'. Check response:"
        _err "$response"
        return 1
      fi
    fi
  else
    if [ $sameCaCert -eq 1 ] && [ $sameKey -eq 1 ] && [ $sameCert -eq 1 ]; then
      _info "Nothing to do. Domain '${_cdomain}' $(__green 'has already the same certifcates active.')"
      if [ -z "$FORCE" ]; then
        _info "Add '$(__red '--force')' to force to deploy."
      fi
    fi
  fi

  return 0
}