Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4659 Commits
8 Branches
42 Tags
22 MiB
Tree: e717c9dba2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e717c9dba2'
${ noResults }
acme.sh/dnsapi/dns_cf.sh

240 lines
6.7 KiB
Raw Normal View History

modify shebang to bash after install if bash is installed.
9 years ago
init dnsapi
9 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
add support for using a Zone ID
5 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
fix wget support in dns api
8 years ago
init dnsapi
9 years ago
fix bugs
9 years ago
Add shfmt to format source code
8 years ago
init dnsapi
9 years ago
Add shfmt to format source code
8 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
add support for using a Zone ID
5 years ago
fix format
8 years ago
Add shfmt to format source code
8 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
Update dns_cf.sh if CF_Zone_ID is used, save it to domain conf instead.
3 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
fix format
8 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
Add shfmt to format source code
8 years ago
minor fix
9 years ago
fix shellcheck warnings
8 years ago
init dnsapi
9 years ago
minor, add debug info
9 years ago
Add shfmt to format source code
8 years ago
minor fix
9 years ago
fix wget support in dns api
8 years ago
Add shfmt to format source code
8 years ago
fix https://github.com/acmesh-official/acme.sh/issues/2888
4 years ago
init dnsapi
9 years ago
Add shfmt to format source code
8 years ago
fix format
7 years ago
support ACME v2 wildcard cert
7 years ago
fix https://github.com/Neilpang/acme.sh/issues/2195
5 years ago
support ACME v2 wildcard cert
7 years ago
Add shfmt to format source code
8 years ago
fix https://github.com/Neilpang/acme.sh/issues/1941 cache dns zones response
6 years ago
support ACME v2 wildcard cert
7 years ago
init dnsapi
9 years ago
support ACME v2 wildcard cert
7 years ago
init dnsapi
9 years ago
Add shfmt to format source code
8 years ago
init dnsapi
9 years ago
support cloudflare rm function
8 years ago
add dns_xxx_rm function https://github.com/Neilpang/acme.sh/issues/79
8 years ago
support cloudflare rm function
8 years ago
fix https://github.com/Neilpang/acme.sh/issues/794#issuecomment-294314606
8 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
Fix invalid domain error on dns_cf update When dns_cf used with Zone ID it fails on removal of the entry. This pull request adds the missing CF_Zone_ID loading.
5 years ago
fix https://github.com/Neilpang/acme.sh/issues/794#issuecomment-294314606
8 years ago
support cloudflare rm function
8 years ago
fix https://github.com/acmesh-official/acme.sh/issues/2888
4 years ago
show response when unable to retrieve DNS records for a zone
5 years ago
support cloudflare rm function
8 years ago
fix format
8 years ago
fix https://github.com/acmesh-official/acme.sh/issues/2888
4 years ago
support cloudflare rm function
8 years ago
fix https://github.com/acmesh-official/acme.sh/issues/2888
4 years ago
support cloudflare rm function
8 years ago
fix https://github.com/acmesh-official/acme.sh/issues/2888
4 years ago
support cloudflare rm function
8 years ago
fix bugs
9 years ago
add dns_xxx_rm function https://github.com/Neilpang/acme.sh/issues/79
8 years ago
fix bugs
9 years ago
spelling fixes
8 years ago
init dnsapi
9 years ago
minor fix
9 years ago
init dnsapi
9 years ago
root domain as dns alias mode
6 years ago
init dnsapi
9 years ago
add support for using a Zone ID
5 years ago
fix https://github.com/acmesh-official/acme.sh/issues/2888
4 years ago
fix https://github.com/acmesh-official/acme.sh/issues/2888
4 years ago
add support for using a Zone ID
5 years ago
fix shellcheck issues
5 years ago
add support for using a Zone ID
5 years ago
fix shellcheck warnings
8 years ago
fix https://github.com/Neilpang/acme.sh/issues/490
8 years ago
Add shfmt to format source code
8 years ago
init dnsapi
9 years ago
Add shfmt to format source code
8 years ago
init dnsapi
9 years ago
Add shfmt to format source code
8 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
revert fix for https://github.com/Neilpang/acme.sh/issues/1941 1. fix https://github.com/Neilpang/acme.sh/issues/1977 2. The cache is too long to as a line to save in the conf
6 years ago
fix punycode domain
5 years ago
fix https://github.com/acmesh-official/acme.sh/issues/2888
4 years ago
Add shfmt to format source code
8 years ago
fix shellcheck warnings
8 years ago
init dnsapi
9 years ago
fix shellcheck warnings
8 years ago
init dnsapi
9 years ago
fix wget support in dns api
8 years ago
fix shellcheck warnings
8 years ago
Add shfmt to format source code
8 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
Trim double quotes for email and key Currently dns_cf generates headers like this: 'X-Auth-Email: "sample@mail.com"'. Cloudflare API responses 400 BadRequest for quoted headers with message "Invalid format for X-Auth-Email header".
6 years ago
sync (#2404) * support jdcloud.com * fix format * ttl 3000 * Escape slashes (#2375) * Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330) As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server. * check empty id * fix error * Add dnsapi for Vultr (#2370) * Add Vultr dns api * PushOver notifications (#2325) * PushOver notifications, using AppToken, UserKey, and optional sounds * fix errors * added dns api support for hexonet (#1776) * update * minor * support new Cloudflare Token format fix https://github.com/Neilpang/acme.sh/issues/2398 * fix wildcard domain name * add more info * fix https://github.com/Neilpang/acme.sh/issues/2377 * fix format * fix format
5 years ago
Add shfmt to format source code
8 years ago
support cloudflare rm function
8 years ago
minor fix
9 years ago
fix shellcheck warnings
8 years ago
fix bugs
9 years ago
fix wget support in dns api
8 years ago
init dnsapi
9 years ago
Add shfmt to format source code
8 years ago
fix bugs
9 years ago
init dnsapi
9 years ago
le.sh v2.0.0 1. Unix-like command api 2. 100% compatible with le.sh 1.x command api. 3. Support different webroot for each domain in the same cert. ``` le.sh --issue -d a.com -w /wwwroot/a.com -d b.com -w /wwwroot/b.com ``` 4. Support different authentication methods for each domain in the same cert. Hybrid usage: ``` le.sh --issue -d a.com -w /wwwroot/a.com -d b.com -dns dns-cf ``` 5. Two different debug levels to provide useful debug info. `--debug` or `--debug 2` 6. Support to install `fullchain.cer` after renewal. 7. Better performance.
9 years ago
init dnsapi
9 years ago
  1. #!/usr/bin/env sh
  3. #
  4. #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  5. #
  6. #CF_Email="xxxx@sss.com"
  8. #CF_Token="xxxx"
  9. #CF_Account_ID="xxxx"
  10. #CF_Zone_ID="xxxx"
  12. CF_Api="https://api.cloudflare.com/client/v4"
  14. ######## Public functions #####################
  16. #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  17. dns_cf_add() {
  18. fulldomain=$1
  19. txtvalue=$2
  21. CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  22. CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  23. CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
  24. CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  25. CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  27. if [ "$CF_Token" ]; then
  28. if [ "$CF_Zone_ID" ]; then
  29. _savedomainconf CF_Token "$CF_Token"
  30. _savedomainconf CF_Account_ID "$CF_Account_ID"
  31. _savedomainconf CF_Zone_ID "$CF_Zone_ID"
  32. else
  33. _saveaccountconf_mutable CF_Token "$CF_Token"
  34. _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
  35. _saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID"
  36. fi
  37. else
  38. if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
  39. CF_Key=""
  40. CF_Email=""
  41. _err "You didn't specify a Cloudflare api key and email yet."
  42. _err "You can get yours from here https://dash.cloudflare.com/profile."
  43. return 1
  44. fi
  46. if ! _contains "$CF_Email" "@"; then
  47. _err "It seems that the CF_Email=$CF_Email is not a valid email address."
  48. _err "Please check and retry."
  49. return 1
  50. fi
  51. #save the api key and email to the account conf file.
  52. _saveaccountconf_mutable CF_Key "$CF_Key"
  53. _saveaccountconf_mutable CF_Email "$CF_Email"
  54. fi
  56. _debug "First detect the root zone"
  57. if ! _get_root "$fulldomain"; then
  58. _err "invalid domain"
  59. return 1
  60. fi
  61. _debug _domain_id "$_domain_id"
  62. _debug _sub_domain "$_sub_domain"
  63. _debug _domain "$_domain"
  65. _debug "Getting txt records"
  66. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
  68. if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
  69. _err "Error"
  70. return 1
  71. fi
  73. # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
  74. # we can not use updating anymore.
  75. # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  76. # _debug count "$count"
  77. # if [ "$count" = "0" ]; then
  78. _info "Adding record"
  79. if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
  80. if _contains "$response" "$txtvalue"; then
  81. _info "Added, OK"
  82. return 0
  83. elif _contains "$response" "The record already exists"; then
  84. _info "Already exists, OK"
  85. return 0
  86. else
  87. _err "Add txt record error."
  88. return 1
  89. fi
  90. fi
  91. _err "Add txt record error."
  92. return 1
  94. }
  96. #fulldomain txtvalue
  97. dns_cf_rm() {
  98. fulldomain=$1
  99. txtvalue=$2
  101. CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  102. CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  103. CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
  104. CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  105. CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  107. _debug "First detect the root zone"
  108. if ! _get_root "$fulldomain"; then
  109. _err "invalid domain"
  110. return 1
  111. fi
  112. _debug _domain_id "$_domain_id"
  113. _debug _sub_domain "$_sub_domain"
  114. _debug _domain "$_domain"
  116. _debug "Getting txt records"
  117. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
  119. if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
  120. _err "Error: $response"
  121. return 1
  122. fi
  124. count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ")
  125. _debug count "$count"
  126. if [ "$count" = "0" ]; then
  127. _info "Don't need to remove."
  128. else
  129. record_id=$(echo "$response" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
  130. _debug "record_id" "$record_id"
  131. if [ -z "$record_id" ]; then
  132. _err "Can not get record id to remove."
  133. return 1
  134. fi
  135. if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
  136. _err "Delete record error."
  137. return 1
  138. fi
  139. echo "$response" | tr -d " " | grep \"success\":true >/dev/null
  140. fi
  142. }
  144. #################### Private functions below ##################################
  145. #_acme-challenge.www.domain.com
  146. #returns
  147. # _sub_domain=_acme-challenge.www
  148. # _domain=domain.com
  149. # _domain_id=sdjkglgdfewsdfg
  150. _get_root() {
  151. domain=$1
  152. i=1
  153. p=1
  155. # Use Zone ID directly if provided
  156. if [ "$CF_Zone_ID" ]; then
  157. if ! _cf_rest GET "zones/$CF_Zone_ID"; then
  158. return 1
  159. else
  160. if echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
  161. _domain=$(echo "$response" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
  162. if [ "$_domain" ]; then
  163. _cutlength=$((${#domain} - ${#_domain} - 1))
  164. _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
  165. _domain_id=$CF_Zone_ID
  166. return 0
  167. else
  168. return 1
  169. fi
  170. else
  171. return 1
  172. fi
  173. fi
  174. fi
  176. while true; do
  177. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  178. _debug h "$h"
  179. if [ -z "$h" ]; then
  180. #not valid
  181. return 1
  182. fi
  184. if [ "$CF_Account_ID" ]; then
  185. if ! _cf_rest GET "zones?name=$h&account.id=$CF_Account_ID"; then
  186. return 1
  187. fi
  188. else
  189. if ! _cf_rest GET "zones?name=$h"; then
  190. return 1
  191. fi
  192. fi
  194. if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
  195. _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
  196. if [ "$_domain_id" ]; then
  197. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  198. _domain=$h
  199. return 0
  200. fi
  201. return 1
  202. fi
  203. p=$i
  204. i=$(_math "$i" + 1)
  205. done
  206. return 1
  207. }
  209. _cf_rest() {
  210. m=$1
  211. ep="$2"
  212. data="$3"
  213. _debug "$ep"
  215. email_trimmed=$(echo "$CF_Email" | tr -d '"')
  216. key_trimmed=$(echo "$CF_Key" | tr -d '"')
  217. token_trimmed=$(echo "$CF_Token" | tr -d '"')
  219. export _H1="Content-Type: application/json"
  220. if [ "$token_trimmed" ]; then
  221. export _H2="Authorization: Bearer $token_trimmed"
  222. else
  223. export _H2="X-Auth-Email: $email_trimmed"
  224. export _H3="X-Auth-Key: $key_trimmed"
  225. fi
  227. if [ "$m" != "GET" ]; then
  228. _debug data "$data"
  229. response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
  230. else
  231. response="$(_get "$CF_Api/$ep")"
  232. fi
  234. if [ "$?" != "0" ]; then
  235. _err "error $ep"
  236. return 1
  237. fi
  238. _debug2 response "$response"
  239. return 0
  240. }