You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

91 lines
3.2 KiB

6 years ago
6 years ago
6 years ago
6 years ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_acmeproxy_info='AcmeProxy Server API
  4. AcmeProxy can be used to as a single host in your network to request certificates through a DNS API.
  5. Clients can connect with the one AcmeProxy host so you do not need to store DNS API credentials on every single host.
  6. Site: github.com/mdbraber/acmeproxy
  7. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_acmeproxy
  8. Options:
  9. ACMEPROXY_ENDPOINT API Endpoint
  10. ACMEPROXY_USERNAME Username
  11. ACMEPROXY_PASSWORD Password
  12. Issues: github.com/acmesh-official/acme.sh/issues/2251
  13. Author: Maarten den Braber
  14. '
  15. dns_acmeproxy_add() {
  16. fulldomain="${1}"
  17. txtvalue="${2}"
  18. action="present"
  19. _debug "Calling: _acmeproxy_request() '${fulldomain}' '${txtvalue}' '${action}'"
  20. _acmeproxy_request "$fulldomain" "$txtvalue" "$action"
  21. }
  22. dns_acmeproxy_rm() {
  23. fulldomain="${1}"
  24. txtvalue="${2}"
  25. action="cleanup"
  26. _debug "Calling: _acmeproxy_request() '${fulldomain}' '${txtvalue}' '${action}'"
  27. _acmeproxy_request "$fulldomain" "$txtvalue" "$action"
  28. }
  29. _acmeproxy_request() {
  30. ## Nothing to see here, just some housekeeping
  31. fulldomain=$1
  32. txtvalue=$2
  33. action=$3
  34. _info "Using acmeproxy"
  35. _debug fulldomain "$fulldomain"
  36. _debug txtvalue "$txtvalue"
  37. ACMEPROXY_ENDPOINT="${ACMEPROXY_ENDPOINT:-$(_readaccountconf_mutable ACMEPROXY_ENDPOINT)}"
  38. ACMEPROXY_USERNAME="${ACMEPROXY_USERNAME:-$(_readaccountconf_mutable ACMEPROXY_USERNAME)}"
  39. ACMEPROXY_PASSWORD="${ACMEPROXY_PASSWORD:-$(_readaccountconf_mutable ACMEPROXY_PASSWORD)}"
  40. ## Check for the endpoint
  41. if [ -z "$ACMEPROXY_ENDPOINT" ]; then
  42. ACMEPROXY_ENDPOINT=""
  43. _err "You didn't specify the endpoint"
  44. _err "Please set them via 'export ACMEPROXY_ENDPOINT=https://ip:port' and try again."
  45. return 1
  46. fi
  47. ## Save the credentials to the account file
  48. _saveaccountconf_mutable ACMEPROXY_ENDPOINT "$ACMEPROXY_ENDPOINT"
  49. _saveaccountconf_mutable ACMEPROXY_USERNAME "$ACMEPROXY_USERNAME"
  50. _saveaccountconf_mutable ACMEPROXY_PASSWORD "$ACMEPROXY_PASSWORD"
  51. if [ -z "$ACMEPROXY_USERNAME" ] || [ -z "$ACMEPROXY_PASSWORD" ]; then
  52. _info "ACMEPROXY_USERNAME and/or ACMEPROXY_PASSWORD not set - using without client authentication! Make sure you're using server authentication (e.g. IP-based)"
  53. export _H1="Accept: application/json"
  54. export _H2="Content-Type: application/json"
  55. else
  56. ## Base64 encode the credentials
  57. credentials=$(printf "%b" "$ACMEPROXY_USERNAME:$ACMEPROXY_PASSWORD" | _base64)
  58. ## Construct the HTTP Authorization header
  59. export _H1="Authorization: Basic $credentials"
  60. export _H2="Accept: application/json"
  61. export _H3="Content-Type: application/json"
  62. fi
  63. ## Add the challenge record to the acmeproxy grid member
  64. response="$(_post "{\"fqdn\": \"$fulldomain.\", \"value\": \"$txtvalue\"}" "$ACMEPROXY_ENDPOINT/$action" "" "POST")"
  65. ## Let's see if we get something intelligible back from the unit
  66. if echo "$response" | grep "\"$txtvalue\"" >/dev/null; then
  67. _info "Successfully updated the txt record"
  68. return 0
  69. else
  70. _err "Error encountered during record addition"
  71. _err "$response"
  72. return 1
  73. fi
  74. }
  75. #################### Private functions below ##################################