You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

211 lines
7.5 KiB

8 years ago
7 years ago
8 years ago
8 years ago
7 years ago
7 years ago
7 years ago
7 years ago
2 years ago
8 years ago
8 years ago
  1. #!/usr/bin/env sh
  2. # Here is the script to deploy the cert to your cpanel using the cpanel API.
  3. # Uses command line uapi. --user option is needed only if run as root.
  4. # Returns 0 when success.
  5. #
  6. # Configure DEPLOY_CPANEL_AUTO_<...> options to enable or restrict automatic
  7. # detection of deployment targets through UAPI (if not set, defaults below are used.)
  8. # - ENABLED : 'true' for multi-site / wildcard capability; otherwise single-site mode.
  9. # - NOMATCH : 'true' to allow deployment to sites that do not match the certificate.
  10. # - INCLUDE : Comma-separated list - sites must match this field.
  11. # - EXCLUDE : Comma-separated list - sites must NOT match this field.
  12. # INCLUDE/EXCLUDE both support non-lexical, glob-style matches using '*'
  13. #
  14. # Please note that I am no longer using Github. If you want to report an issue
  15. # or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
  16. #
  17. # Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
  18. # Public domain, 2017-2018
  19. #
  20. # export DEPLOY_CPANEL_USER=myusername
  21. # export DEPLOY_CPANEL_AUTO_ENABLED='true'
  22. # export DEPLOY_CPANEL_AUTO_NOMATCH='false'
  23. # export DEPLOY_CPANEL_AUTO_INCLUDE='*'
  24. # export DEPLOY_CPANEL_AUTO_EXCLUDE=''
  25. ######## Public functions #####################
  26. #domain keyfile certfile cafile fullchain
  27. cpanel_uapi_deploy() {
  28. _cdomain="$1"
  29. _ckey="$2"
  30. _ccert="$3"
  31. _cca="$4"
  32. _cfullchain="$5"
  33. # re-declare vars inherited from acme.sh but not passed to make ShellCheck happy
  34. : "${Le_Alt:=""}"
  35. _debug _cdomain "$_cdomain"
  36. _debug _ckey "$_ckey"
  37. _debug _ccert "$_ccert"
  38. _debug _cca "$_cca"
  39. _debug _cfullchain "$_cfullchain"
  40. if ! _exists uapi; then
  41. _err "The command uapi is not found."
  42. return 1
  43. fi
  44. # declare useful constants
  45. uapi_error_response='status: 0'
  46. # read cert and key files and urlencode both
  47. _cert=$(_url_encode <"$_ccert")
  48. _key=$(_url_encode <"$_ckey")
  49. _debug2 _cert "$_cert"
  50. _debug2 _key "$_key"
  51. if [ "$(id -u)" = 0 ]; then
  52. _getdeployconf DEPLOY_CPANEL_USER
  53. # fallback to _readdomainconf for old installs
  54. if [ -z "${DEPLOY_CPANEL_USER:=$(_readdomainconf DEPLOY_CPANEL_USER)}" ]; then
  55. _err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
  56. return 1
  57. fi
  58. _debug DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
  59. _savedeployconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
  60. _uapi_user="$DEPLOY_CPANEL_USER"
  61. fi
  62. # Load all AUTO envars and set defaults - see above for usage
  63. __cpanel_initautoparam ENABLED 'true'
  64. __cpanel_initautoparam NOMATCH 'false'
  65. __cpanel_initautoparam INCLUDE '*'
  66. __cpanel_initautoparam EXCLUDE ''
  67. # Auto mode
  68. if [ "$DEPLOY_CPANEL_AUTO_ENABLED" = "true" ]; then
  69. # call API for site config
  70. _response=$(uapi DomainInfo list_domains)
  71. # exit if error in response
  72. if [ -z "$_response" ] || [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
  73. _err "Error in deploying certificate - cannot retrieve sitelist:"
  74. _err "\n$_response"
  75. return 1
  76. fi
  77. # parse response to create site list
  78. sitelist=$(__cpanel_parse_response "$_response")
  79. _debug "UAPI sites found: $sitelist"
  80. # filter sitelist using configured domains
  81. # skip if NOMATCH is "true"
  82. if [ "$DEPLOY_CPANEL_AUTO_NOMATCH" = "true" ]; then
  83. _debug "DEPLOY_CPANEL_AUTO_NOMATCH is true"
  84. _info "UAPI nomatch mode is enabled - Will not validate sites are valid for the certificate"
  85. else
  86. _debug "DEPLOY_CPANEL_AUTO_NOMATCH is false"
  87. d="$(echo "${Le_Alt}," | sed -e "s/^$_cdomain,//" -e "s/,$_cdomain,/,/")"
  88. d="$(echo "$_cdomain,$d" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\[\^\.\]\*/g')"
  89. sitelist="$(echo "$sitelist" | grep -ix "$d")"
  90. _debug2 "Matched UAPI sites: $sitelist"
  91. fi
  92. # filter sites that do not match $DEPLOY_CPANEL_AUTO_INCLUDE
  93. _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: $DEPLOY_CPANEL_AUTO_INCLUDE"
  94. sitelist="$(echo "$sitelist" | grep -ix "$(echo "$DEPLOY_CPANEL_AUTO_INCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
  95. _debug2 "Remaining sites: $sitelist"
  96. # filter sites that match $DEPLOY_CPANEL_AUTO_EXCLUDE
  97. _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: $DEPLOY_CPANEL_AUTO_EXCLUDE"
  98. sitelist="$(echo "$sitelist" | grep -vix "$(echo "$DEPLOY_CPANEL_AUTO_EXCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
  99. _debug2 "Remaining sites: $sitelist"
  100. # counter for success / failure check
  101. successes=0
  102. if [ -n "$sitelist" ]; then
  103. sitetotal="$(echo "$sitelist" | wc -l)"
  104. _debug "$sitetotal sites to deploy"
  105. else
  106. sitetotal=0
  107. _debug "No sites to deploy"
  108. fi
  109. # for each site: call uapi to publish cert and log result. Only return failure if all fail
  110. for site in $sitelist; do
  111. # call uapi to publish cert, check response for errors and log them.
  112. if [ -n "$_uapi_user" ]; then
  113. _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$site" cert="$_cert" key="$_key")
  114. else
  115. _response=$(uapi SSL install_ssl domain="$site" cert="$_cert" key="$_key")
  116. fi
  117. if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
  118. _err "Error in deploying certificate to $site:"
  119. _err "$_response"
  120. else
  121. successes=$((successes + 1))
  122. _debug "$_response"
  123. _info "Succcessfully deployed to $site"
  124. fi
  125. done
  126. # Raise error if all updates fail
  127. if [ "$sitetotal" -gt 0 ] && [ "$successes" -eq 0 ]; then
  128. _err "Could not deploy to any of $sitetotal sites via UAPI"
  129. _debug "successes: $successes, sitetotal: $sitetotal"
  130. return 1
  131. fi
  132. _info "Successfully deployed certificate to $successes of $sitetotal sites via UAPI"
  133. return 0
  134. else
  135. # "classic" mode - will only try to deploy to the primary domain; will not check UAPI first
  136. if [ -n "$_uapi_user" ]; then
  137. _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
  138. else
  139. _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
  140. fi
  141. if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
  142. _err "Error in deploying certificate:"
  143. _err "$_response"
  144. return 1
  145. fi
  146. _debug response "$_response"
  147. _info "Certificate successfully deployed"
  148. return 0
  149. fi
  150. }
  151. ######## Private functions #####################
  152. # Internal utility to process YML from UAPI - only looks at main_domain and sub_domains
  153. #[response]
  154. __cpanel_parse_response() {
  155. if [ $# -gt 0 ]; then resp="$*"; else resp="$(cat)"; fi
  156. echo "$resp" |
  157. sed -En \
  158. -e 's/\r$//' \
  159. -e 's/^( *)([_.[:alnum:]]+) *: *(.*)/\1,\2,\3/p' \
  160. -e 's/^( *)- (.*)/\1,-,\2/p' |
  161. awk -F, '{
  162. level = length($1)/2;
  163. section[level] = $2;
  164. for (i in section) {if (i > level) {delete section[i]}}
  165. if (length($3) > 0) {
  166. prefix="";
  167. for (i=0; i < level; i++)
  168. { prefix = (prefix)(section[i])("/") }
  169. printf("%s%s=%s\n", prefix, $2, $3);
  170. }
  171. }' |
  172. sed -En -e 's/^result\/data\/(main_domain|sub_domains\/-|addon_domains\/-)=(.*)$/\2/p'
  173. }
  174. # Load parameter by prefix+name - fallback to default if not set, and save to config
  175. #pname pdefault
  176. __cpanel_initautoparam() {
  177. pname="$1"
  178. pdefault="$2"
  179. pkey="DEPLOY_CPANEL_AUTO_$pname"
  180. _getdeployconf "$pkey"
  181. [ -n "$(eval echo "\"\$$pkey\"")" ] || eval "$pkey=\"$pdefault\""
  182. _debug2 "$pkey" "$(eval echo "\"\$$pkey\"")"
  183. _savedeployconf "$pkey" "$(eval echo "\"\$$pkey\"")"
  184. }