Hossy
1 year ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
83 changed files with 5079 additions and 1228 deletions
-
804.github/workflows/DNS.yml
-
71.github/workflows/DragonFlyBSD.yml
-
25.github/workflows/FreeBSD.yml
-
10.github/workflows/Linux.yml
-
9.github/workflows/MacOS.yml
-
16.github/workflows/NetBSD.yml
-
25.github/workflows/OpenBSD.yml
-
24.github/workflows/PebbleStrict.yml
-
25.github/workflows/Solaris.yml
-
27.github/workflows/Ubuntu.yml
-
11.github/workflows/Windows.yml
-
16.github/workflows/dockerhub.yml
-
19.github/workflows/issue.yml
-
30.github/workflows/pr_dns.yml
-
30.github/workflows/pr_notify.yml
-
11.github/workflows/shellcheck.yml
-
13Dockerfile
-
47README.md
-
486acme.sh
-
185deploy/cpanel_uapi.sh
-
27deploy/docker.sh
-
15deploy/gcore_cdn.sh
-
2deploy/gitlab.sh
-
16deploy/mailcow.sh
-
158deploy/panos.sh
-
132deploy/proxmoxve.sh
-
409deploy/ssh.sh
-
160deploy/synology_dsm.sh
-
21deploy/truenas.sh
-
79deploy/vault.sh
-
47deploy/vault_cli.sh
-
156dnsapi/dns_1984hosting.sh
-
2dnsapi/dns_acmeproxy.sh
-
2dnsapi/dns_ali.sh
-
180dnsapi/dns_artfiles.sh
-
13dnsapi/dns_arvan.sh
-
89dnsapi/dns_bookmyname.sh
-
248dnsapi/dns_bunny.sh
-
2dnsapi/dns_cloudns.sh
-
9dnsapi/dns_cpanel.sh
-
5dnsapi/dns_dgon.sh
-
185dnsapi/dns_dnsexit.sh
-
248dnsapi/dns_dnsservices.sh
-
8dnsapi/dns_dynv6.sh
-
2dnsapi/dns_edgedns.sh
-
2dnsapi/dns_gandi_livedns.sh
-
2dnsapi/dns_gcloud.sh
-
187dnsapi/dns_gcore.sh
-
62dnsapi/dns_gd.sh
-
173dnsapi/dns_googledomains.sh
-
98dnsapi/dns_huaweicloud.sh
-
4dnsapi/dns_infomaniak.sh
-
2dnsapi/dns_inwx.sh
-
157dnsapi/dns_ipv64.sh
-
12dnsapi/dns_ispconfig.sh
-
4dnsapi/dns_kappernet.sh
-
303dnsapi/dns_kas.sh
-
2dnsapi/dns_kinghost.sh
-
147dnsapi/dns_la.sh
-
4dnsapi/dns_leaseweb.sh
-
2dnsapi/dns_loopia.sh
-
1dnsapi/dns_miab.sh
-
16dnsapi/dns_mydnsjp.sh
-
2dnsapi/dns_namecheap.sh
-
2dnsapi/dns_namesilo.sh
-
59dnsapi/dns_nanelo.sh
-
10dnsapi/dns_netlify.sh
-
1dnsapi/dns_oci.sh
-
12dnsapi/dns_openstack.sh
-
4dnsapi/dns_opnsense.sh
-
25dnsapi/dns_ovh.sh
-
60dnsapi/dns_pleskxml.sh
-
115dnsapi/dns_rage4.sh
-
4dnsapi/dns_regru.sh
-
94dnsapi/dns_selfhost.sh
-
2dnsapi/dns_servercow.sh
-
25dnsapi/dns_transip.sh
-
24dnsapi/dns_vultr.sh
-
52dnsapi/dns_world4you.sh
-
264dnsapi/dns_yc.sh
-
226notify/aws_ses.sh
-
45notify/slack_app.sh
-
4notify/smtp.sh
@ -1,339 +1,465 @@ |
|||
name: DNS |
|||
on: |
|||
push: |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
- '.github/workflows/DNS.yml' |
|||
pull_request: |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
- '.github/workflows/DNS.yml' |
|||
|
|||
|
|||
jobs: |
|||
CheckToken: |
|||
runs-on: ubuntu-latest |
|||
outputs: |
|||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|||
steps: |
|||
- name: Set the value |
|||
id: step_one |
|||
run: | |
|||
if [ "${{secrets.TokenName1}}" ] ; then |
|||
echo "::set-output name=hasToken::true" |
|||
else |
|||
echo "::set-output name=hasToken::false" |
|||
fi |
|||
- name: Check the value |
|||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|||
|
|||
Fail: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'false')" |
|||
steps: |
|||
- name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
|||
run: | |
|||
echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
|||
if [ "${{github.repository_owner}}" != "acmesh-official" ]; then |
|||
false |
|||
fi |
|||
|
|||
Docker: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Set env file |
|||
run: | |
|||
cd ../acmetest |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env |
|||
fi |
|||
echo "TEST_DNS_NO_WILDCARD" >> docker.env |
|||
echo "TEST_DNS_SLEEP" >> docker.env |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && ./rundocker.sh testall |
|||
|
|||
MacOS: |
|||
runs-on: macos-latest |
|||
needs: Docker |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: brew install socat |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
Windows: |
|||
runs-on: windows-latest |
|||
needs: MacOS |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v2 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|||
shell: cmd |
|||
- name: Set ENV |
|||
shell: cmd |
|||
run: | |
|||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: bash |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
FreeBSD: |
|||
runs-on: macos-12 |
|||
needs: Windows |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/freebsd-vm@v0.1.4 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: pkg install -y socat curl |
|||
usesh: true |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
Solaris: |
|||
runs-on: macos-12 |
|||
needs: FreeBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/solaris-vm@v0.0.5 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: pkgutil -y -i socat |
|||
run: | |
|||
pkg set-mediator -v -I default@1.1 openssl |
|||
export PATH=/usr/gnu/bin:$PATH |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
OpenBSD: |
|||
runs-on: macos-12 |
|||
needs: Solaris |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/openbsd-vm@v0.0.1 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: pkg_add socat curl |
|||
usesh: true |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
NetBSD: |
|||
runs-on: macos-12 |
|||
needs: OpenBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/netbsd-vm@v0.0.1 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: | |
|||
export PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/$(uname -r|cut -f '1 2' -d.)/All/" |
|||
pkg_add curl socat |
|||
usesh: true |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
name: DNS |
|||
on: |
|||
push: |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
- '.github/workflows/DNS.yml' |
|||
pull_request: |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
- '.github/workflows/DNS.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
jobs: |
|||
CheckToken: |
|||
runs-on: ubuntu-latest |
|||
outputs: |
|||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|||
steps: |
|||
- name: Set the value |
|||
id: step_one |
|||
run: | |
|||
if [ "${{secrets.TokenName1}}" ] ; then |
|||
echo "::set-output name=hasToken::true" |
|||
else |
|||
echo "::set-output name=hasToken::false" |
|||
fi |
|||
- name: Check the value |
|||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|||
|
|||
Fail: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'false')" |
|||
steps: |
|||
- name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
|||
run: | |
|||
echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
|||
if [ "${{github.repository_owner}}" != "acmesh-official" ]; then |
|||
false |
|||
fi |
|||
|
|||
Docker: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Set env file |
|||
run: | |
|||
cd ../acmetest |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env |
|||
fi |
|||
|
|||
- name: Run acmetest |
|||
run: cd ../acmetest && ./rundocker.sh testall |
|||
|
|||
|
|||
|
|||
|
|||
MacOS: |
|||
runs-on: macos-latest |
|||
needs: Docker |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Install tools |
|||
run: brew install socat |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
Windows: |
|||
runs-on: windows-latest |
|||
needs: MacOS |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v3 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s https://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|||
shell: cmd |
|||
- name: Set ENV |
|||
shell: cmd |
|||
run: | |
|||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: bash |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
FreeBSD: |
|||
runs-on: macos-12 |
|||
needs: Windows |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/freebsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: pkg install -y socat curl |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
OpenBSD: |
|||
runs-on: macos-12 |
|||
needs: FreeBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/openbsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: pkg_add socat curl |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
NetBSD: |
|||
runs-on: macos-12 |
|||
needs: OpenBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/netbsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: | |
|||
pkg_add curl socat |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
DragonFlyBSD: |
|||
runs-on: macos-12 |
|||
needs: NetBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/dragonflybsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: | |
|||
pkg install -y curl socat libnghttp2 |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Solaris: |
|||
runs-on: macos-12 |
|||
needs: DragonFlyBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Solaris doesn't accept the expired ISRG X1 root |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/solaris-vm@v0 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
copyback: false |
|||
prepare: pkgutil -y -i socat |
|||
run: | |
|||
pkg set-mediator -v -I default@1.1 openssl |
|||
export PATH=/usr/gnu/bin:$PATH |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
@ -0,0 +1,71 @@ |
|||
name: DragonFlyBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/DragonFlyBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/DragonFlyBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
|
|||
jobs: |
|||
DragonFlyBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: macos-12 |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/dragonflybsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' |
|||
copyback: "false" |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: | |
|||
pkg install -y curl socat libnghttp2 |
|||
usesh: true |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
|||
@ -0,0 +1,19 @@ |
|||
name: "Update issues" |
|||
on: |
|||
issues: |
|||
types: [opened] |
|||
|
|||
jobs: |
|||
comment: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: "Please upgrade to the latest code and try again first. Maybe it's already fixed. ```acme.sh --upgrade``` If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you." |
|||
|
|||
}) |
|||
@ -0,0 +1,30 @@ |
|||
name: Check dns api |
|||
|
|||
on: |
|||
pull_request_target: |
|||
types: |
|||
- opened |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
|
|||
|
|||
jobs: |
|||
welcome: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
await github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: `**Welcome** |
|||
Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). |
|||
Then reply on this message, otherwise, your code will not be reviewed or merged. |
|||
We look forward to reviewing your Pull request shortly ✨ |
|||
` |
|||
}) |
|||
|
|||
@ -0,0 +1,30 @@ |
|||
name: Check dns api |
|||
|
|||
on: |
|||
pull_request_target: |
|||
types: |
|||
- opened |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'notify/*.sh' |
|||
|
|||
|
|||
jobs: |
|||
welcome: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
await github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: `**Welcome** |
|||
Please make sure you're read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify). |
|||
Then reply on this message, otherwise, your code will not be reviewed or merged. |
|||
We look forward to reviewing your Pull request shortly ✨ |
|||
` |
|||
}) |
|||
|
|||
486
acme.sh
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,132 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Deploy certificates to a proxmox virtual environment node using the API. |
|||
# |
|||
# Environment variables that can be set are: |
|||
# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to |
|||
# _cdomain. |
|||
# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on. |
|||
# Defaults to 8006. |
|||
# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to. |
|||
# Defaults to the host portion of the server |
|||
# domain name. |
|||
# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root. |
|||
# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates |
|||
# with. Defaults to pam. |
|||
# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the |
|||
# user account. Defaults to acme. |
|||
# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. |
|||
|
|||
proxmoxve_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug2 _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# "Sane" defaults. |
|||
_getdeployconf DEPLOY_PROXMOXVE_SERVER |
|||
if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then |
|||
_target_hostname="$_cdomain" |
|||
else |
|||
_target_hostname="$DEPLOY_PROXMOXVE_SERVER" |
|||
_savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT |
|||
if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then |
|||
_target_port="8006" |
|||
else |
|||
_target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" |
|||
_savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_NODE_NAME |
|||
if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then |
|||
_node_name=$(echo "$_target_hostname" | cut -d. -f1) |
|||
else |
|||
_node_name="$DEPLOY_PROXMOXVE_NODE_NAME" |
|||
_savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" |
|||
|
|||
# Complete URL. |
|||
_target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" |
|||
_debug TARGET_URL "$_target_url" |
|||
|
|||
# More "sane" defaults. |
|||
_getdeployconf DEPLOY_PROXMOXVE_USER |
|||
if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then |
|||
_proxmoxve_user="root" |
|||
else |
|||
_proxmoxve_user="$DEPLOY_PROXMOXVE_USER" |
|||
_savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_USER_REALM |
|||
if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then |
|||
_proxmoxve_user_realm="pam" |
|||
else |
|||
_proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" |
|||
_savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME |
|||
if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then |
|||
_proxmoxve_api_token_name="acme" |
|||
else |
|||
_proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" |
|||
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" |
|||
|
|||
# This is required. |
|||
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY |
|||
if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then |
|||
_err "API key not provided." |
|||
return 1 |
|||
else |
|||
_proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" |
|||
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key |
|||
|
|||
# PVE API Token header value. Used in "Authorization: PVEAPIToken". |
|||
_proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" |
|||
_debug2 "Auth Header" _proxmoxve_header_api_token |
|||
|
|||
# Ugly. I hate putting heredocs inside functions because heredocs don't |
|||
# account for whitespace correctly but it _does_ work and is several times |
|||
# cleaner than anything else I had here. |
|||
# |
|||
# This dumps the json payload to a variable that should be passable to the |
|||
# _psot function. |
|||
_json_payload=$( |
|||
cat <<HEREDOC |
|||
{ |
|||
"certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')", |
|||
"key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')", |
|||
"node":"$_node_name", |
|||
"restart":"1", |
|||
"force":"1" |
|||
} |
|||
HEREDOC |
|||
) |
|||
_debug2 Payload "$_json_payload" |
|||
|
|||
# Push certificates to server. |
|||
export _HTTPS_INSECURE=1 |
|||
export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" |
|||
_post "$_json_payload" "$_target_url" "" POST "application/json" |
|||
|
|||
} |
|||
@ -0,0 +1,180 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
################################################################################ |
|||
# ACME.sh 3rd party DNS API plugin for ArtFiles.de |
|||
################################################################################ |
|||
# Author: Martin Arndt, https://troublezone.net/ |
|||
# Released: 2022-02-27 |
|||
# Issues: https://github.com/acmesh-official/acme.sh/issues/4718 |
|||
################################################################################ |
|||
# Usage: |
|||
# 1. export AF_API_USERNAME='api12345678' |
|||
# 2. export AF_API_PASSWORD='apiPassword' |
|||
# 3. acme.sh --issue -d example.com --dns dns_artfiles |
|||
################################################################################ |
|||
|
|||
########## API configuration ################################################### |
|||
|
|||
AF_API_SUCCESS='status":"OK' |
|||
AF_URL_DCP='https://dcp.c.artfiles.de/api/' |
|||
AF_URL_DNS=${AF_URL_DCP}'dns/{*}_dns.html?domain=' |
|||
AF_URL_DOMAINS=${AF_URL_DCP}'domain/get_domains.html' |
|||
|
|||
########## Public functions #################################################### |
|||
|
|||
# Adds a new TXT record for given ACME challenge value & domain. |
|||
# Usage: dns_artfiles_add _acme-challenge.www.example.com "ACME challenge value" |
|||
dns_artfiles_add() { |
|||
domain="$1" |
|||
txtValue="$2" |
|||
_info 'Using ArtFiles.de DNS addition API…' |
|||
_debug 'Domain' "$domain" |
|||
_debug 'txtValue' "$txtValue" |
|||
|
|||
_set_credentials |
|||
_saveaccountconf_mutable 'AF_API_USERNAME' "$AF_API_USERNAME" |
|||
_saveaccountconf_mutable 'AF_API_PASSWORD' "$AF_API_PASSWORD" |
|||
|
|||
_set_headers |
|||
_get_zone "$domain" |
|||
_dns 'GET' |
|||
if ! _contains "$response" 'TXT'; then |
|||
_err 'Retrieving TXT records failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_clean_records |
|||
_dns 'SET' "$(printf -- '%s\n_acme-challenge "%s"' "$response" "$txtValue")" |
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err 'Adding ACME challenge value failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Removes the existing TXT record for given ACME challenge value & domain. |
|||
# Usage: dns_artfiles_rm _acme-challenge.www.example.com "ACME challenge value" |
|||
dns_artfiles_rm() { |
|||
domain="$1" |
|||
txtValue="$2" |
|||
_info 'Using ArtFiles.de DNS removal API…' |
|||
_debug 'Domain' "$domain" |
|||
_debug 'txtValue' "$txtValue" |
|||
|
|||
_set_credentials |
|||
_set_headers |
|||
_get_zone "$domain" |
|||
if ! _dns 'GET'; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "$txtValue"; then |
|||
_err 'Retrieved TXT records are missing given ACME challenge value.' |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_clean_records |
|||
response="$(printf -- '%s' "$response" | sed '/_acme-challenge "'"$txtValue"'"/d')" |
|||
_dns 'SET' "$response" |
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err 'Removing ACME challenge value failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
########## Private functions ################################################### |
|||
|
|||
# Cleans awful TXT records response of ArtFiles's API & pretty prints it. |
|||
# Usage: _clean_records |
|||
_clean_records() { |
|||
_info 'Cleaning TXT records…' |
|||
# Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid |
|||
# usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\' |
|||
# from '\"' & turn '\n' into real LF characters. |
|||
# Yup, awful API to use - but that's all we got to get this working, so… ;) |
|||
_debug2 'Raw ' "$response" |
|||
response="$(printf -- '%s' "$response" | sed 's/^.*TXT":"\([^}]*\).*$/\1/;s/,".*$//;s/.$//;s/\\"/"/g;s/\\n/\n/g')" |
|||
_debug2 'Clean' "$response" |
|||
} |
|||
|
|||
# Executes an HTTP GET or POST request for getting or setting DNS records, |
|||
# containing given payload upon POST. |
|||
# Usage: _dns [GET | SET] [payload] |
|||
_dns() { |
|||
_info 'Executing HTTP request…' |
|||
action="$1" |
|||
payload="$(printf -- '%s' "$2" | _url_encode)" |
|||
url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" |
|||
|
|||
if [ "$action" = 'SET' ]; then |
|||
_debug2 'Payload' "$payload" |
|||
response="$(_post '' "$url&TXT=$payload" '' 'POST' 'application/x-www-form-urlencoded')" |
|||
else |
|||
response="$(_get "$url" '' 10)" |
|||
fi |
|||
|
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err "DNS API error: $response" |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'Response' "$response" |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# Gets the root domain zone for given domain. |
|||
# Usage: _get_zone _acme-challenge.www.example.com |
|||
_get_zone() { |
|||
fqdn="$1" |
|||
domains="$(_get "$AF_URL_DOMAINS" '' 10)" |
|||
_info 'Getting domain zone…' |
|||
_debug2 'FQDN' "$fqdn" |
|||
_debug2 'Domains' "$domains" |
|||
|
|||
while _contains "$fqdn" "."; do |
|||
if _contains "$domains" "$fqdn"; then |
|||
domain="$fqdn" |
|||
_info "Found root domain zone: $domain" |
|||
break |
|||
else |
|||
fqdn="${fqdn#*.}" |
|||
_debug2 'FQDN' "$fqdn" |
|||
fi |
|||
done |
|||
|
|||
if [ "$domain" = "$fqdn" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
_err 'Couldn'\''t find root domain zone.' |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
# Sets the credentials for accessing ArtFiles's API |
|||
# Usage: _set_credentials |
|||
_set_credentials() { |
|||
_info 'Setting credentials…' |
|||
AF_API_USERNAME="${AF_API_USERNAME:-$(_readaccountconf_mutable AF_API_USERNAME)}" |
|||
AF_API_PASSWORD="${AF_API_PASSWORD:-$(_readaccountconf_mutable AF_API_PASSWORD)}" |
|||
if [ -z "$AF_API_USERNAME" ] || [ -z "$AF_API_PASSWORD" ]; then |
|||
_err 'Missing ArtFiles.de username and/or password.' |
|||
_err 'Please ensure both are set via export command & try again.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Adds the HTTP Authorization & Content-Type headers to a follow-up request. |
|||
# Usage: _set_headers |
|||
_set_headers() { |
|||
_info 'Setting headers…' |
|||
encoded="$(printf -- '%s:%s' "$AF_API_USERNAME" "$AF_API_PASSWORD" | _base64)" |
|||
export _H1="Authorization: Basic $encoded" |
|||
export _H2='Content-Type: application/json' |
|||
} |
|||
@ -0,0 +1,89 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Here is a sample custom api script. |
|||
#This file name is "dns_bookmyname.sh" |
|||
#So, here must be a method dns_bookmyname_add() |
|||
#Which will be called by acme.sh to add the txt record to your api system. |
|||
#returns 0 means success, otherwise error. |
|||
# |
|||
#Author: Neilpang |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
|||
# |
|||
######## Public functions ##################### |
|||
|
|||
# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|||
|
|||
# BookMyName urls: |
|||
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' |
|||
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' |
|||
|
|||
# Output: |
|||
#good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX |
|||
#good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX |
|||
|
|||
# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised. |
|||
|
|||
# Usage: |
|||
# export BOOKMYNAME_USERNAME="ABCDE-FREE" |
|||
# export BOOKMYNAME_PASSWORD="MyPassword" |
|||
# /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld |
|||
|
|||
#Usage: dns_bookmyname_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_bookmyname_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using bookmyname" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
|||
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
|||
|
|||
if [ -z "$BOOKMYNAME_USERNAME" ] || [ -z "$BOOKMYNAME_PASSWORD" ]; then |
|||
BOOKMYNAME_USERNAME="" |
|||
BOOKMYNAME_PASSWORD="" |
|||
_err "You didn't specify BookMyName username and password yet." |
|||
_err "Please specify them and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable BOOKMYNAME_USERNAME "$BOOKMYNAME_USERNAME" |
|||
_saveaccountconf_mutable BOOKMYNAME_PASSWORD "$BOOKMYNAME_PASSWORD" |
|||
|
|||
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
|||
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}" |
|||
result="$(_get "${uri}${data}")" |
|||
_debug "Result: $result" |
|||
|
|||
if ! _startswith "$result" 'good: update done, cid '; then |
|||
_err "Can't add $fulldomain" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_bookmyname_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using bookmyname" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
|||
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
|||
|
|||
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
|||
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}" |
|||
result="$(_get "${uri}${data}")" |
|||
_debug "Result: $result" |
|||
|
|||
if ! _startswith "$result" 'good: remove done 1, cid '; then |
|||
_info "Can't remove $fulldomain" |
|||
fi |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
@ -0,0 +1,248 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
## Will be called by acme.sh to add the TXT record via the Bunny DNS API. |
|||
## returns 0 means success, otherwise error. |
|||
|
|||
## Author: nosilver4u <nosilver4u at ewww.io> |
|||
## GitHub: https://github.com/nosilver4u/acme.sh |
|||
|
|||
## |
|||
## Environment Variables Required: |
|||
## |
|||
## BUNNY_API_KEY="75310dc4-ca77-9ac3-9a19-f6355db573b49ce92ae1-2655-3ebd-61ac-3a3ae34834cc" |
|||
## |
|||
|
|||
##################### Public functions ##################### |
|||
|
|||
## Create the text record for validation. |
|||
## Usage: fulldomain txtvalue |
|||
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" |
|||
dns_bunny_add() { |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
txtvalue=$2 |
|||
|
|||
BUNNY_API_KEY="${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}" |
|||
# Check if API Key is set |
|||
if [ -z "$BUNNY_API_KEY" ]; then |
|||
BUNNY_API_KEY="" |
|||
_err "You did not specify Bunny.net API key." |
|||
_err "Please export BUNNY_API_KEY and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Using Bunny.net dns validation - add record" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## save the env vars (key and domain split location) for later automated use |
|||
_saveaccountconf_mutable BUNNY_API_KEY "$BUNNY_API_KEY" |
|||
|
|||
## split the domain for Bunny API |
|||
if ! _get_base_domain "$fulldomain"; then |
|||
_err "domain not found in your account for addition" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
## Set the header with our post type and auth key |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
export _H3="Content-Type: application/json" |
|||
PURL="https://api.bunny.net/dnszone/$_domain_id/records" |
|||
PBODY='{"Id":'$_domain_id',"Type":3,"Name":"'$_sub_domain'","Value":"'$txtvalue'","ttl":120}' |
|||
|
|||
_debug PURL "$PURL" |
|||
_debug PBODY "$PBODY" |
|||
|
|||
## the create request - POST |
|||
## args: BODY, URL, [need64, httpmethod] |
|||
response="$(_post "$PBODY" "$PURL" "" "PUT")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in response: $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
## finished correctly |
|||
return 0 |
|||
} |
|||
|
|||
## Remove the txt record after validation. |
|||
## Usage: fulldomain txtvalue |
|||
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" |
|||
dns_bunny_rm() { |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
txtvalue=$2 |
|||
|
|||
BUNNY_API_KEY="${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}" |
|||
# Check if API Key Exists |
|||
if [ -z "$BUNNY_API_KEY" ]; then |
|||
BUNNY_API_KEY="" |
|||
_err "You did not specify Bunny.net API key." |
|||
_err "Please export BUNNY_API_KEY and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Using Bunny.net dns validation - remove record" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## split the domain for Bunny API |
|||
if ! _get_base_domain "$fulldomain"; then |
|||
_err "Domain not found in your account for TXT record removal" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
## Set the header with our post type and key auth key |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
## get URL for the list of DNS records |
|||
GURL="https://api.bunny.net/dnszone/$_domain_id" |
|||
|
|||
## 1) Get the domain/zone records |
|||
## the fetch request - GET |
|||
## args: URL, [onlyheader, timeout] |
|||
domain_list="$(_get "$GURL")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in domain_list response: $domain_list" |
|||
return 1 |
|||
fi |
|||
_debug2 domain_list "$domain_list" |
|||
|
|||
## 2) search through records |
|||
## check for what we are looking for: "Type":3,"Value":"$txtvalue","Name":"$_sub_domain" |
|||
record="$(echo "$domain_list" | _egrep_o "\"Id\"\s*\:\s*\"*[0-9]+\"*,\s*\"Type\"[^}]*\"Value\"\s*\:\s*\"$txtvalue\"[^}]*\"Name\"\s*\:\s*\"$_sub_domain\"")" |
|||
|
|||
if [ -n "$record" ]; then |
|||
|
|||
## We found records |
|||
rec_ids="$(echo "$record" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug rec_ids "$rec_ids" |
|||
if [ -n "$rec_ids" ]; then |
|||
echo "$rec_ids" | while IFS= read -r rec_id; do |
|||
## delete the record |
|||
## delete URL for removing the one we dont want |
|||
DURL="https://api.bunny.net/dnszone/$_domain_id/records/$rec_id" |
|||
|
|||
## the removal request - DELETE |
|||
## args: BODY, URL, [need64, httpmethod] |
|||
response="$(_post "" "$DURL" "" "DELETE")" |
|||
|
|||
## check response (sort of) |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in remove response: $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
done |
|||
fi |
|||
fi |
|||
|
|||
## finished correctly |
|||
return 0 |
|||
} |
|||
|
|||
##################### Private functions below ##################### |
|||
|
|||
## Split the domain provided into the "base domain" and the "start prefix". |
|||
## This function searches for the longest subdomain in your account |
|||
## for the full domain given and splits it into the base domain (zone) |
|||
## and the prefix/record to be added/removed |
|||
## USAGE: fulldomain |
|||
## EG: "_acme-challenge.two.three.four.domain.com" |
|||
## returns |
|||
## _sub_domain="_acme-challenge.two" |
|||
## _domain="three.four.domain.com" *IF* zone "three.four.domain.com" exists |
|||
## _domain_id=234 |
|||
## if only "domain.com" exists it will return |
|||
## _sub_domain="_acme-challenge.two.three.four" |
|||
## _domain="domain.com" |
|||
## _domain_id=234 |
|||
_get_base_domain() { |
|||
# args |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
_debug fulldomain "$fulldomain" |
|||
|
|||
# domain max legal length = 253 |
|||
MAX_DOM=255 |
|||
page=1 |
|||
|
|||
## get a list of domains for the account to check thru |
|||
## Set the headers |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
_debug BUNNY_API_KEY "$BUNNY_API_KEY" |
|||
## get URL for the list of domains |
|||
## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}} |
|||
DOMURL="https://api.bunny.net/dnszone" |
|||
|
|||
## while we dont have a matching domain we keep going |
|||
while [ -z "$found" ]; do |
|||
## get the domain list (current page) |
|||
domain_list="$(_get "$DOMURL")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in domain_list response: $domain_list" |
|||
return 1 |
|||
fi |
|||
_debug2 domain_list "$domain_list" |
|||
|
|||
i=1 |
|||
while [ $i -gt 0 ]; do |
|||
## get next longest domain |
|||
_domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM") |
|||
## check we got something back from our cut (or are we at the end) |
|||
if [ -z "$_domain" ]; then |
|||
break |
|||
fi |
|||
## we got part of a domain back - grep it out |
|||
found="$(echo "$domain_list" | _egrep_o "\"Id\"\s*:\s*\"*[0-9]+\"*,\s*\"Domain\"\s*\:\s*\"$_domain\"")" |
|||
## check if it exists |
|||
if [ -n "$found" ]; then |
|||
## exists - exit loop returning the parts |
|||
sub_point=$(_math $i - 1) |
|||
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") |
|||
_domain_id="$(echo "$found" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _domain "$_domain" |
|||
_debug _sub_domain "$_sub_domain" |
|||
found="" |
|||
return 0 |
|||
fi |
|||
## increment cut point $i |
|||
i=$(_math $i + 1) |
|||
done |
|||
|
|||
if [ -z "$found" ]; then |
|||
page=$(_math $page + 1) |
|||
nextpage="https://api.bunny.net/dnszone?page=$page" |
|||
## Find the next page if we don't have a match. |
|||
hasnextpage="$(echo "$domain_list" | _egrep_o "\"HasMoreItems\"\s*:\s*true")" |
|||
if [ -z "$hasnextpage" ]; then |
|||
_err "No record and no nextpage in Bunny.net domain search." |
|||
found="" |
|||
return 1 |
|||
fi |
|||
_debug2 nextpage "$nextpage" |
|||
DOMURL="$nextpage" |
|||
fi |
|||
|
|||
done |
|||
|
|||
## We went through the entire domain zone list and didn't find one that matched. |
|||
## If we ever get here, something is broken in the code... |
|||
_err "Domain not found in Bunny.net account, but we should never get here!" |
|||
found="" |
|||
return 1 |
|||
} |
|||
@ -0,0 +1,185 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#use dns-01 at DNSExit.com |
|||
|
|||
#Author: Samuel Jimenez |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
|||
|
|||
#DNSEXIT_API_KEY=ABCDEFGHIJ0123456789abcdefghij |
|||
#DNSEXIT_AUTH_USER=login@email.address |
|||
#DNSEXIT_AUTH_PASS=aStrongPassword |
|||
DNSEXIT_API_URL="https://api.dnsexit.com/dns/" |
|||
DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp" |
|||
|
|||
######## Public functions ##################### |
|||
#Usage: dns_dnsexit_add _acme-challenge.*.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dnsexit_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using DNSExit.com" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug 'Load account auth' |
|||
if ! get_account_info; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"add\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":0,\"overwrite\":false}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_dnsexit_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using DNSExit.com" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug 'Load account auth' |
|||
if ! get_account_info; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"delete\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\"}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
while true; do |
|||
_domain=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$_domain" |
|||
if [ -z "$_domain" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug login "$DNSEXIT_AUTH_USER" |
|||
_debug password "$DNSEXIT_AUTH_PASS" |
|||
_debug domain "$_domain" |
|||
|
|||
_dnsexit_http "login=$DNSEXIT_AUTH_USER&password=$DNSEXIT_AUTH_PASS&domain=$_domain" |
|||
|
|||
if _contains "$response" "0=$_domain"; then |
|||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" |
|||
return 0 |
|||
else |
|||
_debug "Go to next level of $_domain" |
|||
fi |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_dnsexit_rest() { |
|||
m=POST |
|||
ep="" |
|||
data="$1" |
|||
_debug _dnsexit_rest "$ep" |
|||
_debug data "$data" |
|||
|
|||
api_key_trimmed=$(echo "$DNSEXIT_API_KEY" | tr -d '"') |
|||
|
|||
export _H1="apikey: $api_key_trimmed" |
|||
export _H2='Content-Type: application/json' |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$DNSEXIT_API_URL/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$DNSEXIT_API_URL/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $ep" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_dnsexit_http() { |
|||
m=GET |
|||
param="$1" |
|||
_debug param "$param" |
|||
_debug get "$DNSEXIT_HOSTS_URL?$param" |
|||
|
|||
response="$(_get "$DNSEXIT_HOSTS_URL?$param")" |
|||
|
|||
_debug response "$response" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $param" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
get_account_info() { |
|||
|
|||
DNSEXIT_API_KEY="${DNSEXIT_API_KEY:-$(_readaccountconf_mutable DNSEXIT_API_KEY)}" |
|||
if test -z "$DNSEXIT_API_KEY"; then |
|||
DNSEXIT_API_KEY='' |
|||
_err 'DNSEXIT_API_KEY was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_API_KEY "$DNSEXIT_API_KEY" |
|||
|
|||
DNSEXIT_AUTH_USER="${DNSEXIT_AUTH_USER:-$(_readaccountconf_mutable DNSEXIT_AUTH_USER)}" |
|||
if test -z "$DNSEXIT_AUTH_USER"; then |
|||
DNSEXIT_AUTH_USER="" |
|||
_err 'DNSEXIT_AUTH_USER was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_AUTH_USER "$DNSEXIT_AUTH_USER" |
|||
|
|||
DNSEXIT_AUTH_PASS="${DNSEXIT_AUTH_PASS:-$(_readaccountconf_mutable DNSEXIT_AUTH_PASS)}" |
|||
if test -z "$DNSEXIT_AUTH_PASS"; then |
|||
DNSEXIT_AUTH_PASS="" |
|||
_err 'DNSEXIT_AUTH_PASS was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_AUTH_PASS "$DNSEXIT_AUTH_PASS" |
|||
|
|||
return 0 |
|||
} |
|||
@ -0,0 +1,248 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#This file name is "dns_dnsservices.sh" |
|||
#Script for Danish DNS registra and DNS hosting provider https://dns.services |
|||
|
|||
#Author: Bjarke Bruun <bbruun@gmail.com> |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 |
|||
|
|||
# Global variable to connect to the DNS.Services API |
|||
DNSServices_API=https://dns.services/api |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dnsservices_add() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_info "Using dns.services to create ACME DNS challenge" |
|||
_debug2 add_fulldomain "$fulldomain" |
|||
_debug2 add_txtvalue "$txtvalue" |
|||
|
|||
# Read username/password from environment or .acme.sh/accounts.conf |
|||
DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" |
|||
DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" |
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
DnsServices_Username="" |
|||
DnsServices_Password="" |
|||
_err "You didn't specify dns.services api username and password yet." |
|||
_err "Set environment variables DnsServices_Username and DnsServices_Password" |
|||
return 1 |
|||
fi |
|||
|
|||
# Setup GET/POST/DELETE headers |
|||
_setup_headers |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" |
|||
_saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" |
|||
|
|||
if ! _contains "$DnsServices_Username" "@"; then |
|||
_err "It seems that the username variable DnsServices_Username has not been set/left blank" |
|||
_err "or is not a valid email. Please correct and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "${fulldomain}"; then |
|||
_err "Invalid domain ${fulldomain}" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! createRecord "$fulldomain" "${txtvalue}"; then |
|||
_err "Error creating TXT record in domain $fulldomain in $rootZoneName" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 challenge-created "Created $fulldomain" |
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Description: Remove the txt record after validation. |
|||
dns_dnsservices_rm() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_info "Using dns.services to remove DNS record $fulldomain TXT $txtvalue" |
|||
_debug rm_fulldomain "$fulldomain" |
|||
_debug rm_txtvalue "$txtvalue" |
|||
|
|||
# Read username/password from environment or .acme.sh/accounts.conf |
|||
DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" |
|||
DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" |
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
DnsServices_Username="" |
|||
DnsServices_Password="" |
|||
_err "You didn't specify dns.services api username and password yet." |
|||
_err "Set environment variables DnsServices_Username and DnsServices_Password" |
|||
return 1 |
|||
fi |
|||
|
|||
# Setup GET/POST/DELETE headers |
|||
_setup_headers |
|||
|
|||
if ! _get_root "${fulldomain}"; then |
|||
_err "Invalid domain ${fulldomain}" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" |
|||
|
|||
if ! deleteRecord "${fulldomain}" "${txtvalue}"; then |
|||
_err "Error removing record: $fulldomain TXT ${txtvalue}" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_setup_headers() { |
|||
# Set up API Headers for _get() and _post() |
|||
# The <function>_add or <function>_rm must have been called before to work |
|||
|
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
_err "Could not setup BASIC authentication headers, they are missing" |
|||
return 1 |
|||
fi |
|||
|
|||
DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" |
|||
export _H1="Authorization: Basic $DnsServiceCredentials" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
# Just return if headers are set |
|||
return 0 |
|||
} |
|||
|
|||
_get_root() { |
|||
domain="$1" |
|||
_debug2 _get_root "Get the root domain of ${domain} for DNS API" |
|||
|
|||
# Setup _get() and _post() headers |
|||
#_setup_headers |
|||
|
|||
result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") |
|||
result2="$(printf "%s\n" "$result" | tr '[' '\n' | grep '"name"')" |
|||
result3="$(printf "%s\n" "$result2" | tr '}' '\n' | grep '"name"' | sed "s,^\,,,g" | sed "s,$,},g")" |
|||
useResult="" |
|||
_debug2 _get_root "Got the following root domain(s) $result" |
|||
_debug2 _get_root "- JSON: $result" |
|||
|
|||
if [ "$(printf "%s\n" "$result" | tr '}' '\n' | grep -c '"name"')" -gt "1" ]; then |
|||
checkMultiZones="true" |
|||
_debug2 _get_root "- multiple zones found" |
|||
else |
|||
checkMultiZones="false" |
|||
_debug2 _get_root "- single zone found" |
|||
fi |
|||
|
|||
# Find/isolate the root zone to work with in createRecord() and deleteRecord() |
|||
rootZone="" |
|||
if [ "$checkMultiZones" = "true" ]; then |
|||
#rootZone=$(for x in $(printf "%s" "${result3}" | tr ',' '\n' | sed -n 's/.*"name":"\(.*\)",.*/\1/p'); do if [ "$(echo "$domain" | grep "$x")" != "" ]; then echo "$x"; fi; done) |
|||
rootZone=$(for x in $(printf "%s\n" "${result3}" | tr ',' '\n' | grep name | cut -d'"' -f4); do if [ "$(echo "$domain" | grep "$x")" != "" ]; then echo "$x"; fi; done) |
|||
if [ "$rootZone" != "" ]; then |
|||
_debug2 _rootZone "- root zone for $domain is $rootZone" |
|||
else |
|||
_err "Could not find root zone for $domain, is it correctly typed?" |
|||
return 1 |
|||
fi |
|||
else |
|||
rootZone=$(echo "$result" | tr '}' '\n' | _egrep_o '"name":"[^"]*' | cut -d'"' -f4) |
|||
_debug2 _get_root "- only found 1 domain in API: $rootZone" |
|||
fi |
|||
|
|||
if [ -z "$rootZone" ]; then |
|||
_err "Could not find root domain for $domain - is it correctly typed?" |
|||
return 1 |
|||
fi |
|||
|
|||
# Make sure we use the correct API zone data |
|||
useResult="$(printf "%s\n" "${result3}" tr ',' '\n' | grep "$rootZone")" |
|||
_debug2 _useResult "useResult=$useResult" |
|||
|
|||
# Setup variables used by other functions to communicate with DNS.Services API |
|||
#zoneInfo=$(printf "%s\n" "$useResult" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g') |
|||
zoneInfo=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep '"name"' | cut -d'"' -f4) |
|||
rootZoneName="$rootZone" |
|||
subDomainName="$(printf "%s\n" "$domain" | sed "s,\.$rootZone,,g")" |
|||
subDomainNameClean="$(printf "%s\n" "$domain" | sed "s,_acme-challenge.,,g")" |
|||
rootZoneDomainID=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) |
|||
rootZoneServiceID=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep service_id | cut -d'"' -f4) |
|||
|
|||
_debug2 _zoneInfo "Zone info from API : $zoneInfo" |
|||
_debug2 _get_root "Root zone name : $rootZoneName" |
|||
_debug2 _get_root "Root zone domain ID : $rootZoneDomainID" |
|||
_debug2 _get_root "Root zone service ID: $rootZoneServiceID" |
|||
_debug2 _get_root "Sub domain : $subDomainName" |
|||
|
|||
_debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" |
|||
return 0 |
|||
} |
|||
|
|||
createRecord() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
# Get root domain information - needed for DNS.Services API communication |
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_get_root "$fulldomain" |
|||
fi |
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_err "Something happend - could not get the API zone information" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 createRecord "CNAME TXT value is: $txtvalue" |
|||
|
|||
# Prepare data to send to API |
|||
data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" |
|||
|
|||
_debug2 createRecord "data to API: $data" |
|||
result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") |
|||
_debug2 createRecord "result from API: $result" |
|||
|
|||
if [ "$(echo "$result" | _egrep_o "\"success\":true")" = "" ]; then |
|||
_err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" |
|||
_err "$result" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Record \"$fulldomain TXT $txtvalue\" has been created" |
|||
return 0 |
|||
} |
|||
|
|||
deleteRecord() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_log deleteRecord "Deleting $fulldomain TXT $txtvalue record" |
|||
|
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_get_root "$fulldomain" |
|||
fi |
|||
|
|||
result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" |
|||
#recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" |
|||
#recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" |
|||
recordID="$(printf "%s\n" "$result" | tr '}' '\n' | grep -- "$txtvalue" | tr ',' '\n' | grep '"id"' | cut -d'"' -f4)" |
|||
_debug2 _recordID "recordID used for deletion of record: $recordID" |
|||
|
|||
if [ -z "$recordID" ]; then |
|||
_info "Record $fulldomain TXT $txtvalue not found or already deleted" |
|||
return 0 |
|||
else |
|||
_debug2 deleteRecord "Found recordID=$recordID" |
|||
fi |
|||
|
|||
_debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" |
|||
_log "curl DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" |
|||
result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" |
|||
_debug2 deleteRecord "API Delete result \"$result\"" |
|||
_log "curl API Delete result \"$result\"" |
|||
|
|||
# Return OK regardless |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,187 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#GCORE_Key='773$7b7adaf2a2b32bfb1b83787b4ff32a67eb178e3ada1af733e47b1411f2461f7f4fa7ed7138e2772a46124377bad7384b3bb8d87748f87b3f23db4b8bbe41b2bb' |
|||
# |
|||
|
|||
GCORE_Api="https://api.gcorelabs.com/dns/v2" |
|||
GCORE_Doc="https://apidocs.gcore.com/dns" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_gcore_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
GCORE_Key="${GCORE_Key:-$(_readaccountconf_mutable GCORE_Key)}" |
|||
|
|||
if [ -z "$GCORE_Key" ]; then |
|||
GCORE_Key="" |
|||
_err "You didn't specify a Gcore api key yet." |
|||
_err "You can get yours from here $GCORE_Doc" |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key to the account conf file. |
|||
_saveaccountconf_mutable GCORE_Key "$GCORE_Key" |
|||
|
|||
_debug "First detect the zone name" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _zone_name "$_zone_name" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_gcore_rest GET "zones/$_zone_name/$fulldomain/TXT" |
|||
payload="" |
|||
|
|||
if echo "$response" | grep "record is not found" >/dev/null; then |
|||
_info "Record doesn't exists" |
|||
payload="{\"resource_records\":[{\"content\":[\"$txtvalue\"],\"enabled\":true}],\"ttl\":120}" |
|||
elif echo "$response" | grep "$txtvalue" >/dev/null; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
elif echo "$response" | tr -d " " | grep \"name\":\""$fulldomain"\",\"type\":\"TXT\" >/dev/null; then |
|||
_info "Record with mismatch txtvalue, try update it" |
|||
payload=$(echo "$response" | tr -d " " | sed 's/"updated_at":[0-9]\+,//g' | sed 's/"meta":{}}]}/"meta":{}},{"content":['\""$txtvalue"\"'],"enabled":true}]}/') |
|||
fi |
|||
|
|||
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so |
|||
# we can not use updating anymore. |
|||
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
|||
# _debug count "$count" |
|||
# if [ "$count" = "0" ]; then |
|||
_info "Adding record" |
|||
if _gcore_rest PUT "zones/$_zone_name/$fulldomain/TXT" "$payload"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
elif _contains "$response" "rrset is already exists"; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_gcore_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
GCORE_Key="${GCORE_Key:-$(_readaccountconf_mutable GCORE_Key)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _zone_name "$_zone_name" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_gcore_rest GET "zones/$_zone_name/$fulldomain/TXT" |
|||
|
|||
if echo "$response" | grep "record is not found" >/dev/null; then |
|||
_info "No such txt recrod" |
|||
return 0 |
|||
fi |
|||
|
|||
if ! echo "$response" | tr -d " " | grep \"name\":\""$fulldomain"\",\"type\":\"TXT\" >/dev/null; then |
|||
_err "Error: $response" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! echo "$response" | tr -d " " | grep \""$txtvalue"\" >/dev/null; then |
|||
_info "No such txt recrod" |
|||
return 0 |
|||
fi |
|||
|
|||
count="$(echo "$response" | grep -o "content" | wc -l)" |
|||
|
|||
if [ "$count" = "1" ]; then |
|||
if ! _gcore_rest DELETE "zones/$_zone_name/$fulldomain/TXT"; then |
|||
_err "Delete record error. $response" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
fi |
|||
|
|||
payload="$(echo "$response" | tr -d " " | sed 's/"updated_at":[0-9]\+,//g' | sed 's/{"id":[0-9]\+,"content":\["'"$txtvalue"'"\],"enabled":true,"meta":{}}//' | sed 's/\[,/\[/' | sed 's/,,/,/' | sed 's/,\]/\]/')" |
|||
if ! _gcore_rest PUT "zones/$_zone_name/$fulldomain/TXT" "$payload"; then |
|||
_err "Delete record error. $response" |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.sub.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.sub or _acme-challenge |
|||
# _domain=domain.com |
|||
# _zone_name=domain.com or sub.domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _gcore_rest GET "zones/$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\":\"$h\""; then |
|||
_zone_name=$h |
|||
if [ "$_zone_name" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_gcore_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
key_trimmed=$(echo "$GCORE_Key" | tr -d '"') |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: APIKey $key_trimmed" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$GCORE_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$GCORE_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,173 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Author: Alex Leigh <leigh at alexleigh dot me> |
|||
# Created: 2023-03-02 |
|||
|
|||
#GOOGLEDOMAINS_ACCESS_TOKEN="xxxx" |
|||
#GOOGLEDOMAINS_ZONE="xxxx" |
|||
GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets" |
|||
|
|||
######## Public functions ######## |
|||
|
|||
#Usage: dns_googledomains_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_googledomains_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Invoking Google Domains ACME DNS API." |
|||
|
|||
if ! _dns_googledomains_setup; then |
|||
return 1 |
|||
fi |
|||
|
|||
zone="$(_dns_googledomains_get_zone "$fulldomain")" |
|||
if [ -z "$zone" ]; then |
|||
_err "Could not find a Google Domains-managed zone containing the requested domain." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug zone "$zone" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_info "Adding TXT record for $fulldomain." |
|||
if _dns_googledomains_api "$zone" ":rotateChallenges" "{\"accessToken\":\"$GOOGLEDOMAINS_ACCESS_TOKEN\",\"recordsToAdd\":[{\"fqdn\":\"$fulldomain\",\"digest\":\"$txtvalue\"}],\"keepExpiredRecords\":true}"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "TXT record added." |
|||
return 0 |
|||
else |
|||
_err "Error adding TXT record." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_err "Error adding TXT record." |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: dns_googledomains_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_googledomains_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Invoking Google Domains ACME DNS API." |
|||
|
|||
if ! _dns_googledomains_setup; then |
|||
return 1 |
|||
fi |
|||
|
|||
zone="$(_dns_googledomains_get_zone "$fulldomain")" |
|||
if [ -z "$zone" ]; then |
|||
_err "Could not find a Google Domains-managed domain based on request." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug zone "$zone" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_info "Removing TXT record for $fulldomain." |
|||
if _dns_googledomains_api "$zone" ":rotateChallenges" "{\"accessToken\":\"$GOOGLEDOMAINS_ACCESS_TOKEN\",\"recordsToRemove\":[{\"fqdn\":\"$fulldomain\",\"digest\":\"$txtvalue\"}],\"keepExpiredRecords\":true}"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_err "Error removing TXT record." |
|||
return 1 |
|||
else |
|||
_info "TXT record removed." |
|||
return 0 |
|||
fi |
|||
fi |
|||
|
|||
_err "Error removing TXT record." |
|||
return 1 |
|||
} |
|||
|
|||
######## Private functions ######## |
|||
|
|||
_dns_googledomains_setup() { |
|||
if [ -n "$GOOGLEDOMAINS_SETUP_COMPLETED" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
GOOGLEDOMAINS_ACCESS_TOKEN="${GOOGLEDOMAINS_ACCESS_TOKEN:-$(_readaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN)}" |
|||
GOOGLEDOMAINS_ZONE="${GOOGLEDOMAINS_ZONE:-$(_readaccountconf_mutable GOOGLEDOMAINS_ZONE)}" |
|||
|
|||
if [ -z "$GOOGLEDOMAINS_ACCESS_TOKEN" ]; then |
|||
GOOGLEDOMAINS_ACCESS_TOKEN="" |
|||
_err "Google Domains access token was not specified." |
|||
_err "Please visit Google Domains Security settings to provision an ACME DNS API access token." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ "$GOOGLEDOMAINS_ZONE" ]; then |
|||
_savedomainconf GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN" |
|||
_savedomainconf GOOGLEDOMAINS_ZONE "$GOOGLEDOMAINS_ZONE" |
|||
else |
|||
_saveaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN" |
|||
_clearaccountconf_mutable GOOGLEDOMAINS_ZONE |
|||
_clearaccountconf GOOGLEDOMAINS_ZONE |
|||
fi |
|||
|
|||
_debug GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN" |
|||
_debug GOOGLEDOMAINS_ZONE "$GOOGLEDOMAINS_ZONE" |
|||
|
|||
GOOGLEDOMAINS_SETUP_COMPLETED=1 |
|||
return 0 |
|||
} |
|||
|
|||
_dns_googledomains_get_zone() { |
|||
domain=$1 |
|||
|
|||
# Use zone directly if provided |
|||
if [ "$GOOGLEDOMAINS_ZONE" ]; then |
|||
if ! _dns_googledomains_api "$GOOGLEDOMAINS_ZONE"; then |
|||
return 1 |
|||
fi |
|||
|
|||
echo "$GOOGLEDOMAINS_ZONE" |
|||
return 0 |
|||
fi |
|||
|
|||
i=2 |
|||
while true; do |
|||
curr=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug curr "$curr" |
|||
|
|||
if [ -z "$curr" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _dns_googledomains_api "$curr"; then |
|||
echo "$curr" |
|||
return 0 |
|||
fi |
|||
|
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_dns_googledomains_api() { |
|||
zone=$1 |
|||
apimethod=$2 |
|||
data="$3" |
|||
|
|||
if [ -z "$data" ]; then |
|||
response="$(_get "$GOOGLEDOMAINS_API/$zone$apimethod")" |
|||
else |
|||
_debug data "$data" |
|||
export _H1="Content-Type: application/json" |
|||
response="$(_post "$data" "$GOOGLEDOMAINS_API/$zone$apimethod")" |
|||
fi |
|||
|
|||
_debug response "$response" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error" |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"error\": {"; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
@ -0,0 +1,157 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Created by Roman Lumetsberger, to use ipv64.net's API to add/remove text records |
|||
#2022/11/29 |
|||
|
|||
# Pass credentials before "acme.sh --issue --dns dns_ipv64 ..." |
|||
# -- |
|||
# export IPv64_Token="aaaaaaaaaaaaaaaaaaaaaaaaaa" |
|||
# -- |
|||
# |
|||
|
|||
IPv64_API="https://ipv64.net/api" |
|||
|
|||
######## Public functions ###################### |
|||
|
|||
#Usage: dns_ipv64_add _acme-challenge.domain.ipv64.net "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_ipv64_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
IPv64_Token="${IPv64_Token:-$(_readaccountconf_mutable IPv64_Token)}" |
|||
if [ -z "$IPv64_Token" ]; then |
|||
_err "You must export variable: IPv64_Token" |
|||
_err "The API Key for your IPv64 account is necessary." |
|||
_err "You can look it up in your IPv64 account." |
|||
return 1 |
|||
fi |
|||
|
|||
# Now save the credentials. |
|||
_saveaccountconf_mutable IPv64_Token "$IPv64_Token" |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" "$fulldomain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
# convert to lower case |
|||
_domain="$(echo "$_domain" | _lower_case)" |
|||
_sub_domain="$(echo "$_sub_domain" | _lower_case)" |
|||
# Now add the TXT record |
|||
_info "Trying to add TXT record" |
|||
if _ipv64_rest "POST" "add_record=$_domain&praefix=$_sub_domain&type=TXT&content=$txtvalue"; then |
|||
_info "TXT record has been successfully added." |
|||
return 0 |
|||
else |
|||
_err "Errors happened during adding the TXT record, response=$_response" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Usage: dns_ipv64_rm _acme-challenge.domain.ipv64.net "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
#Remove the txt record after validation. |
|||
dns_ipv64_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
IPv64_Token="${IPv64_Token:-$(_readaccountconf_mutable IPv64_Token)}" |
|||
if [ -z "$IPv64_Token" ]; then |
|||
_err "You must export variable: IPv64_Token" |
|||
_err "The API Key for your IPv64 account is necessary." |
|||
_err "You can look it up in your IPv64 account." |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" "$fulldomain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
# convert to lower case |
|||
_domain="$(echo "$_domain" | _lower_case)" |
|||
_sub_domain="$(echo "$_sub_domain" | _lower_case)" |
|||
# Now delete the TXT record |
|||
_info "Trying to delete TXT record" |
|||
if _ipv64_rest "DELETE" "del_record=$_domain&praefix=$_sub_domain&type=TXT&content=$txtvalue"; then |
|||
_info "TXT record has been successfully deleted." |
|||
return 0 |
|||
else |
|||
_err "Errors happened during deleting the TXT record, response=$_response" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain="$1" |
|||
i=1 |
|||
p=1 |
|||
|
|||
_ipv64_get "get_domains" |
|||
domain_data=$_response |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
#if _contains "$domain_data" "\""$h"\"\:"; then |
|||
if _contains "$domain_data" "\"""$h""\"\:"; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
#send get request to api |
|||
# $1 has to set the api-function |
|||
_ipv64_get() { |
|||
url="$IPv64_API?$1" |
|||
export _H1="Authorization: Bearer $IPv64_Token" |
|||
|
|||
_response=$(_get "$url") |
|||
_response="$(echo "$_response" | _normalizeJson)" |
|||
|
|||
if _contains "$_response" "429 Too Many Requests"; then |
|||
_info "API throttled, sleeping to reset the limit" |
|||
_sleep 10 |
|||
_response=$(_get "$url") |
|||
_response="$(echo "$_response" | _normalizeJson)" |
|||
fi |
|||
} |
|||
|
|||
_ipv64_rest() { |
|||
url="$IPv64_API" |
|||
export _H1="Authorization: Bearer $IPv64_Token" |
|||
export _H2="Content-Type: application/x-www-form-urlencoded" |
|||
_response=$(_post "$2" "$url" "" "$1") |
|||
|
|||
if _contains "$_response" "429 Too Many Requests"; then |
|||
_info "API throttled, sleeping to reset the limit" |
|||
_sleep 10 |
|||
_response=$(_post "$2" "$url" "" "$1") |
|||
fi |
|||
|
|||
if ! _contains "$_response" "\"info\":\"success\""; then |
|||
return 1 |
|||
fi |
|||
_debug2 response "$_response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,147 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#LA_Id="test123" |
|||
#LA_Key="d1j2fdo4dee3948" |
|||
|
|||
LA_Api="https://api.dns.la/api" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_la_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" |
|||
LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" |
|||
|
|||
if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then |
|||
LA_Id="" |
|||
LA_Key="" |
|||
_err "You didn't specify a dnsla api id and key yet." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable LA_Id "$LA_Id" |
|||
_saveaccountconf_mutable LA_Key "$LA_Key" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_info "Adding record" |
|||
if _la_rest "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then |
|||
if _contains "$response" '"resultid":'; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
elif _contains "$response" '"code":532'; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
|
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_la_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" |
|||
LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
if ! _la_rest "record.ashx?cmd=listn&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue"; then |
|||
_err "Error" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" '"recordid":'; then |
|||
_info "Don't need to remove." |
|||
return 0 |
|||
fi |
|||
|
|||
record_id=$(printf "%s" "$response" | grep '"recordid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') |
|||
_debug "record_id" "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id to remove." |
|||
return 1 |
|||
fi |
|||
if ! _la_rest "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$record_id"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
_contains "$response" '"code":300' |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _la_rest "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" '"domainid":'; then |
|||
_domain_id=$(printf "%s" "$response" | grep '"domainid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: URI |
|||
_la_rest() { |
|||
url="$LA_Api/$1" |
|||
_debug "$url" |
|||
|
|||
if ! response="$(_get "$url" | tr -d ' ' | tr "}" ",")"; then |
|||
_err "Error: $url" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,59 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Official DNS API for Nanelo.com |
|||
|
|||
# Provide the required API Key like this: |
|||
# NANELO_TOKEN="FmD408PdqT1E269gUK57" |
|||
|
|||
NANELO_API="https://api.nanelo.com/v1/" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_nanelo_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
NANELO_TOKEN="${NANELO_TOKEN:-$(_readaccountconf_mutable NANELO_TOKEN)}" |
|||
if [ -z "$NANELO_TOKEN" ]; then |
|||
NANELO_TOKEN="" |
|||
_err "You didn't configure a Nanelo API Key yet." |
|||
_err "Please set NANELO_TOKEN and try again." |
|||
_err "Login to Nanelo.com and go to Settings > API Keys to get a Key" |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN" |
|||
|
|||
_info "Adding TXT record to ${fulldomain}" |
|||
response="$(_get "$NANELO_API$NANELO_TOKEN/dns/addrecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")" |
|||
if _contains "${response}" 'success'; then |
|||
return 0 |
|||
fi |
|||
_err "Could not create resource record, please check the logs" |
|||
_err "${response}" |
|||
return 1 |
|||
} |
|||
|
|||
dns_nanelo_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
NANELO_TOKEN="${NANELO_TOKEN:-$(_readaccountconf_mutable NANELO_TOKEN)}" |
|||
if [ -z "$NANELO_TOKEN" ]; then |
|||
NANELO_TOKEN="" |
|||
_err "You didn't configure a Nanelo API Key yet." |
|||
_err "Please set NANELO_TOKEN and try again." |
|||
_err "Login to Nanelo.com and go to Settings > API Keys to get a Key" |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN" |
|||
|
|||
_info "Deleting resource record $fulldomain" |
|||
response="$(_get "$NANELO_API$NANELO_TOKEN/dns/deleterecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")" |
|||
if _contains "${response}" 'success'; then |
|||
return 0 |
|||
fi |
|||
_err "Could not delete resource record, please check the logs" |
|||
_err "${response}" |
|||
return 1 |
|||
} |
|||
@ -0,0 +1,115 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#RAGE4_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
# |
|||
#RAGE4_USERNAME="xxxx@sss.com" |
|||
|
|||
RAGE4_Api="https://rage4.com/rapi/" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_rage4_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
unquotedtxtvalue=$(echo "$txtvalue" | tr -d \") |
|||
|
|||
RAGE4_USERNAME="${RAGE4_USERNAME:-$(_readaccountconf_mutable RAGE4_USERNAME)}" |
|||
RAGE4_TOKEN="${RAGE4_TOKEN:-$(_readaccountconf_mutable RAGE4_TOKEN)}" |
|||
|
|||
if [ -z "$RAGE4_USERNAME" ] || [ -z "$RAGE4_TOKEN" ]; then |
|||
RAGE4_USERNAME="" |
|||
RAGE4_TOKEN="" |
|||
_err "You didn't specify a Rage4 api token and username yet." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable RAGE4_USERNAME "$RAGE4_USERNAME" |
|||
_saveaccountconf_mutable RAGE4_TOKEN "$RAGE4_TOKEN" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
_rage4_rest "createrecord/?id=$_domain_id&name=$fulldomain&content=$unquotedtxtvalue&type=TXT&active=true&ttl=1" |
|||
return 0 |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_rage4_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
RAGE4_USERNAME="${RAGE4_USERNAME:-$(_readaccountconf_mutable RAGE4_USERNAME)}" |
|||
RAGE4_TOKEN="${RAGE4_TOKEN:-$(_readaccountconf_mutable RAGE4_TOKEN)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
_debug "Getting txt records" |
|||
_rage4_rest "getrecords/?id=${_domain_id}" |
|||
|
|||
_record_id=$(echo "$response" | sed -rn 's/.*"id":([[:digit:]]+)[^\}]*'"$txtvalue"'.*/\1/p') |
|||
_rage4_rest "deleterecord/?id=${_record_id}" |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
|
|||
if ! _rage4_rest "getdomains"; then |
|||
return 1 |
|||
fi |
|||
_debug _get_root_domain "$domain" |
|||
|
|||
for line in $(echo "$response" | tr '}' '\n'); do |
|||
__domain=$(echo "$line" | sed -rn 's/.*"name":"([^"]*)",.*/\1/p') |
|||
__domain_id=$(echo "$line" | sed -rn 's/.*"id":([^,]*),.*/\1/p') |
|||
if [ "$domain" != "${domain%"$__domain"*}" ]; then |
|||
_domain_id="$__domain_id" |
|||
break |
|||
fi |
|||
done |
|||
|
|||
if [ -z "$_domain_id" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_rage4_rest() { |
|||
ep="$1" |
|||
_debug "$ep" |
|||
|
|||
username_trimmed=$(echo "$RAGE4_USERNAME" | tr -d '"') |
|||
token_trimmed=$(echo "$RAGE4_TOKEN" | tr -d '"') |
|||
auth=$(printf '%s:%s' "$username_trimmed" "$token_trimmed" | _base64) |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: Basic $auth" |
|||
|
|||
response="$(_get "$RAGE4_Api$ep")" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,94 @@ |
|||
#!/usr/bin/env sh |
|||
# |
|||
# Author: Marvin Edeler |
|||
# Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 |
|||
# Last Edit: 17.02.2022 |
|||
|
|||
dns_selfhost_add() { |
|||
fulldomain=$1 |
|||
txt=$2 |
|||
_info "Calling acme-dns on selfhost" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txt" |
|||
|
|||
SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" |
|||
|
|||
# Get values, but don't save until we successfully validated |
|||
SELFHOSTDNS_USERNAME="${SELFHOSTDNS_USERNAME:-$(_readaccountconf_mutable SELFHOSTDNS_USERNAME)}" |
|||
SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" |
|||
# These values are domain dependent, so read them from there |
|||
SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readdomainconf SELFHOSTDNS_MAP)}" |
|||
# Selfhost api can't dynamically add TXT record, |
|||
# so we have to store the last used RID of the domain to support a second RID for wildcard domains |
|||
# (format: 'fulldomainA:lastRid fulldomainB:lastRid ...') |
|||
SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(_readdomainconf SELFHOSTDNS_MAP_LAST_USED_INTERNAL) |
|||
|
|||
if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then |
|||
_err "SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD must be set" |
|||
return 1 |
|||
fi |
|||
|
|||
# get the domain entry from SELFHOSTDNS_MAP |
|||
# only match full domains (at the beginning of the string or with a leading whitespace), |
|||
# e.g. don't match mytest.example.com or sub.test.example.com for test.example.com |
|||
# if the domain is defined multiple times only the last occurance will be matched |
|||
mapEntry=$(echo "$SELFHOSTDNS_MAP" | sed -n -E "s/(^|^.*[[:space:]])($fulldomain)(:[[:digit:]]+)([:]?[[:digit:]]*)(.*)/\2\3\4/p") |
|||
_debug2 mapEntry "$mapEntry" |
|||
if test -z "$mapEntry"; then |
|||
_err "SELFHOSTDNS_MAP must contain the fulldomain incl. prefix and at least one RID" |
|||
return 1 |
|||
fi |
|||
|
|||
# get the RIDs from the map entry |
|||
rid1=$(echo "$mapEntry" | cut -d: -f2) |
|||
rid2=$(echo "$mapEntry" | cut -d: -f3) |
|||
|
|||
# read last used rid domain |
|||
lastUsedRidForDomainEntry=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/(^|^.*[[:space:]])($fulldomain:[[:digit:]]+)(.*)/\2/p") |
|||
_debug2 lastUsedRidForDomainEntry "$lastUsedRidForDomainEntry" |
|||
lastUsedRidForDomain=$(echo "$lastUsedRidForDomainEntry" | cut -d: -f2) |
|||
|
|||
rid="$rid1" |
|||
if [ "$lastUsedRidForDomain" = "$rid" ] && ! test -z "$rid2"; then |
|||
rid="$rid2" |
|||
fi |
|||
|
|||
_info "Trying to add $txt on selfhost for rid: $rid" |
|||
|
|||
data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" |
|||
response="$(_get "$SELFHOSTDNS_UPDATE_URL$data")" |
|||
|
|||
if ! echo "$response" | grep "200 OK" >/dev/null; then |
|||
_err "Invalid response of acme-dns for selfhost" |
|||
return 1 |
|||
fi |
|||
|
|||
# write last used rid domain |
|||
newLastUsedRidForDomainEntry="$fulldomain:$rid" |
|||
if ! test -z "$lastUsedRidForDomainEntry"; then |
|||
# replace last used rid entry for domain |
|||
SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/$lastUsedRidForDomainEntry/$newLastUsedRidForDomainEntry/p") |
|||
else |
|||
# add last used rid entry for domain |
|||
if test -z "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL"; then |
|||
SELFHOSTDNS_MAP_LAST_USED_INTERNAL="$newLastUsedRidForDomainEntry" |
|||
else |
|||
SELFHOSTDNS_MAP_LAST_USED_INTERNAL="$SELFHOSTDNS_MAP_LAST_USED_INTERNAL $newLastUsedRidForDomainEntry" |
|||
fi |
|||
fi |
|||
|
|||
# Now that we know the values are good, save them |
|||
_saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" |
|||
_saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" |
|||
# These values are domain dependent, so store them there |
|||
_savedomainconf SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" |
|||
_savedomainconf SELFHOSTDNS_MAP_LAST_USED_INTERNAL "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" |
|||
} |
|||
|
|||
dns_selfhost_rm() { |
|||
fulldomain=$1 |
|||
txt=$2 |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txt" |
|||
_info "Creating and removing of records is not supported by selfhost API, will not delete anything." |
|||
} |
|||
@ -0,0 +1,264 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#YC_Zone_ID="" # DNS Zone ID |
|||
#YC_Folder_ID="" # YC Folder ID |
|||
#YC_SA_ID="" # Service Account ID |
|||
#YC_SA_Key_ID="" # Service Account IAM Key ID |
|||
#YC_SA_Key_File_Path="/path/to/private.key" # Path to private.key use instead of YC_SA_Key_File_PEM_b64 |
|||
#YC_SA_Key_File_PEM_b64="" # Base64 content of private.key use instead of YC_SA_Key_File_Path |
|||
YC_Api="https://dns.api.cloud.yandex.net/dns/v1" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_yc_add() { |
|||
fulldomain="$(echo "$1". | _lower_case)" # Add dot at end of domain name |
|||
txtvalue=$2 |
|||
|
|||
YC_SA_Key_File_PEM_b64="${YC_SA_Key_File_PEM_b64:-$(_readaccountconf_mutable YC_SA_Key_File_PEM_b64)}" |
|||
YC_SA_Key_File_Path="${YC_SA_Key_File_Path:-$(_readaccountconf_mutable YC_SA_Key_File_Path)}" |
|||
|
|||
if [ "$YC_SA_Key_File_PEM_b64" ]; then |
|||
echo "$YC_SA_Key_File_PEM_b64" | _dbase64 >private.key |
|||
YC_SA_Key_File="private.key" |
|||
_savedomainconf YC_SA_Key_File_PEM_b64 "$YC_SA_Key_File_PEM_b64" |
|||
else |
|||
YC_SA_Key_File="$YC_SA_Key_File_Path" |
|||
_savedomainconf YC_SA_Key_File_Path "$YC_SA_Key_File_Path" |
|||
fi |
|||
|
|||
YC_Zone_ID="${YC_Zone_ID:-$(_readaccountconf_mutable YC_Zone_ID)}" |
|||
YC_Folder_ID="${YC_Folder_ID:-$(_readaccountconf_mutable YC_Folder_ID)}" |
|||
YC_SA_ID="${YC_SA_ID:-$(_readaccountconf_mutable YC_SA_ID)}" |
|||
YC_SA_Key_ID="${YC_SA_Key_ID:-$(_readaccountconf_mutable YC_SA_Key_ID)}" |
|||
|
|||
if [ "$YC_SA_ID" ] && [ "$YC_SA_Key_ID" ] && [ "$YC_SA_Key_File" ]; then |
|||
if [ -f "$YC_SA_Key_File" ]; then |
|||
if _isRSA "$YC_SA_Key_File" >/dev/null 2>&1; then |
|||
if [ "$YC_Zone_ID" ]; then |
|||
_savedomainconf YC_Zone_ID "$YC_Zone_ID" |
|||
_savedomainconf YC_SA_ID "$YC_SA_ID" |
|||
_savedomainconf YC_SA_Key_ID "$YC_SA_Key_ID" |
|||
elif [ "$YC_Folder_ID" ]; then |
|||
_savedomainconf YC_Folder_ID "$YC_Folder_ID" |
|||
_saveaccountconf_mutable YC_SA_ID "$YC_SA_ID" |
|||
_saveaccountconf_mutable YC_SA_Key_ID "$YC_SA_Key_ID" |
|||
_clearaccountconf_mutable YC_Zone_ID |
|||
_clearaccountconf YC_Zone_ID |
|||
else |
|||
_err "You didn't specify a Yandex Cloud Zone ID or Folder ID yet." |
|||
return 1 |
|||
fi |
|||
else |
|||
_err "YC_SA_Key_File not a RSA file(_isRSA function return false)." |
|||
return 1 |
|||
fi |
|||
else |
|||
_err "YC_SA_Key_File not found in path $YC_SA_Key_File." |
|||
return 1 |
|||
fi |
|||
else |
|||
_clearaccountconf YC_Zone_ID |
|||
_clearaccountconf YC_Folder_ID |
|||
_clearaccountconf YC_SA_ID |
|||
_clearaccountconf YC_SA_Key_ID |
|||
_clearaccountconf YC_SA_Key_File_PEM_b64 |
|||
_clearaccountconf YC_SA_Key_File_Path |
|||
_err "You didn't specify a YC_SA_ID or YC_SA_Key_ID or YC_SA_Key_File." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
if ! _yc_rest GET "zones/${_domain_id}:getRecordSet?type=TXT&name=$_sub_domain"; then |
|||
_err "Error: $response" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Adding record" |
|||
if _yc_rest POST "zones/$_domain_id:upsertRecordSets" "{\"merges\": [ { \"name\":\"$_sub_domain\",\"type\":\"TXT\",\"ttl\":\"120\",\"data\":[\"$txtvalue\"]}]}"; then |
|||
if _contains "$response" "\"done\": true"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
|
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_yc_rm() { |
|||
fulldomain="$(echo "$1". | _lower_case)" # Add dot at end of domain name |
|||
txtvalue=$2 |
|||
|
|||
YC_Zone_ID="${YC_Zone_ID:-$(_readaccountconf_mutable YC_Zone_ID)}" |
|||
YC_Folder_ID="${YC_Folder_ID:-$(_readaccountconf_mutable YC_Folder_ID)}" |
|||
YC_SA_ID="${YC_SA_ID:-$(_readaccountconf_mutable YC_SA_ID)}" |
|||
YC_SA_Key_ID="${YC_SA_Key_ID:-$(_readaccountconf_mutable YC_SA_Key_ID)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
if _yc_rest GET "zones/${_domain_id}:getRecordSet?type=TXT&name=$_sub_domain"; then |
|||
exists_txtvalue=$(echo "$response" | _normalizeJson | _egrep_o "\"data\".*\][^,]*" | _egrep_o "[^:]*$") |
|||
_debug exists_txtvalue "$exists_txtvalue" |
|||
else |
|||
_err "Error: $response" |
|||
return 1 |
|||
fi |
|||
|
|||
if _yc_rest POST "zones/$_domain_id:updateRecordSets" "{\"deletions\": [ { \"name\":\"$_sub_domain\",\"type\":\"TXT\",\"ttl\":\"120\",\"data\":$exists_txtvalue}]}"; then |
|||
if _contains "$response" "\"done\": true"; then |
|||
_info "Delete, OK" |
|||
return 0 |
|||
else |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Delete record error." |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
# Use Zone ID directly if provided |
|||
if [ "$YC_Zone_ID" ]; then |
|||
if ! _yc_rest GET "zones/$YC_Zone_ID"; then |
|||
return 1 |
|||
else |
|||
if echo "$response" | tr -d " " | _egrep_o "\"id\":\"$YC_Zone_ID\"" >/dev/null; then |
|||
_domain=$(echo "$response" | _egrep_o "\"zone\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
|||
if [ "$_domain" ]; then |
|||
_cutlength=$((${#domain} - ${#_domain})) |
|||
_sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength") |
|||
_domain_id=$YC_Zone_ID |
|||
return 0 |
|||
else |
|||
return 1 |
|||
fi |
|||
else |
|||
return 1 |
|||
fi |
|||
fi |
|||
fi |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
if [ "$YC_Folder_ID" ]; then |
|||
if ! _yc_rest GET "zones?folderId=$YC_Folder_ID"; then |
|||
return 1 |
|||
fi |
|||
else |
|||
echo "You didn't specify a Yandex Cloud Folder ID." |
|||
return 1 |
|||
fi |
|||
if _contains "$response" "\"zone\": \"$h\""; then |
|||
_domain_id=$(echo "$response" | _normalizeJson | _egrep_o "[^{]*\"zone\":\"$h\"[^}]*" | _egrep_o "\"id\"[^,]*" | _egrep_o "[^:]*$" | tr -d '"') |
|||
_debug _domain_id "$_domain_id" |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_yc_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
if [ ! "$YC_Token" ]; then |
|||
_debug "Login" |
|||
_yc_login |
|||
else |
|||
_debug "Token already exists. Skip Login." |
|||
fi |
|||
|
|||
token_trimmed=$(echo "$YC_Token" | tr -d '"') |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: Bearer $token_trimmed" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$YC_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$YC_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_yc_login() { |
|||
header=$(echo "{\"typ\":\"JWT\",\"alg\":\"PS256\",\"kid\":\"$YC_SA_Key_ID\"}" | _normalizeJson | _base64 | _url_replace) |
|||
_debug header "$header" |
|||
|
|||
_current_timestamp=$(_time) |
|||
_expire_timestamp=$(_math "$_current_timestamp" + 1200) # 20 minutes |
|||
payload=$(echo "{\"iss\":\"$YC_SA_ID\",\"aud\":\"https://iam.api.cloud.yandex.net/iam/v1/tokens\",\"iat\":$_current_timestamp,\"exp\":$_expire_timestamp}" | _normalizeJson | _base64 | _url_replace) |
|||
_debug payload "$payload" |
|||
|
|||
#signature=$(printf "%s.%s" "$header" "$payload" | ${ACME_OPENSSL_BIN:-openssl} dgst -sign "$YC_SA_Key_File -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1" | _base64 | _url_replace ) |
|||
_signature=$(printf "%s.%s" "$header" "$payload" | _sign "$YC_SA_Key_File" "sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1" | _url_replace) |
|||
_debug2 _signature "$_signature" |
|||
|
|||
rm -rf "$YC_SA_Key_File" |
|||
|
|||
_jwt=$(printf "{\"jwt\": \"%s.%s.%s\"}" "$header" "$payload" "$_signature") |
|||
_debug2 _jwt "$_jwt" |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
_iam_response="$(_post "$_jwt" "https://iam.api.cloud.yandex.net/iam/v1/tokens" "" "POST")" |
|||
_debug3 _iam_response "$(echo "$_iam_response" | _normalizeJson)" |
|||
|
|||
YC_Token="$(echo "$_iam_response" | _normalizeJson | _egrep_o "\"iamToken\"[^,]*" | _egrep_o "[^:]*$" | tr -d '"')" |
|||
_debug3 YC_Token |
|||
|
|||
return 0 |
|||
} |
|||
@ -0,0 +1,226 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
# |
|||
#AWS_SECRET_ACCESS_KEY="xxxxxxx" |
|||
# |
|||
#AWS_SES_REGION="us-east-1" |
|||
# |
|||
#AWS_SES_TO="xxxx@xxx.com" |
|||
# |
|||
#AWS_SES_FROM="xxxx@cccc.com" |
|||
# |
|||
#AWS_SES_FROM_NAME="Something something" |
|||
#This is the Amazon SES api wrapper for acme.sh |
|||
AWS_WIKI="https://docs.aws.amazon.com/ses/latest/dg/send-email-api.html" |
|||
|
|||
aws_ses_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}" |
|||
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}" |
|||
AWS_SES_REGION="${AWS_SES_REGION:-$(_readaccountconf_mutable AWS_SES_REGION)}" |
|||
|
|||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
|||
_use_container_role || _use_instance_role |
|||
fi |
|||
|
|||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
|||
AWS_ACCESS_KEY_ID="" |
|||
AWS_SECRET_ACCESS_KEY="" |
|||
_err "You haven't specified the aws SES api key id and and api key secret yet." |
|||
_err "Please create your key and try again. see $(__green $AWS_WIKI)" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$AWS_SES_REGION" ]; then |
|||
AWS_SES_REGION="" |
|||
_err "You haven't specified the aws SES api region yet." |
|||
_err "Please specify your region and try again. see https://docs.aws.amazon.com/general/latest/gr/ses.html" |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable AWS_SES_REGION "$AWS_SES_REGION" |
|||
|
|||
#save for future use, unless using a role which will be fetched as needed |
|||
if [ -z "$_using_role" ]; then |
|||
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" |
|||
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" |
|||
fi |
|||
|
|||
AWS_SES_TO="${AWS_SES_TO:-$(_readaccountconf_mutable AWS_SES_TO)}" |
|||
if [ -z "$AWS_SES_TO" ]; then |
|||
AWS_SES_TO="" |
|||
_err "You didn't specify an email to AWS_SES_TO receive messages." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable AWS_SES_TO "$AWS_SES_TO" |
|||
|
|||
AWS_SES_FROM="${AWS_SES_FROM:-$(_readaccountconf_mutable AWS_SES_FROM)}" |
|||
if [ -z "$AWS_SES_FROM" ]; then |
|||
AWS_SES_FROM="" |
|||
_err "You didn't specify an email to AWS_SES_FROM receive messages." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable AWS_SES_FROM "$AWS_SES_FROM" |
|||
|
|||
AWS_SES_FROM_NAME="${AWS_SES_FROM_NAME:-$(_readaccountconf_mutable AWS_SES_FROM_NAME)}" |
|||
_saveaccountconf_mutable AWS_SES_FROM_NAME "$AWS_SES_FROM_NAME" |
|||
|
|||
AWS_SES_SENDFROM="$AWS_SES_FROM_NAME <$AWS_SES_FROM>" |
|||
|
|||
AWS_SES_ACTION="Action=SendEmail" |
|||
AWS_SES_SOURCE="Source=$AWS_SES_SENDFROM" |
|||
AWS_SES_TO="Destination.ToAddresses.member.1=$AWS_SES_TO" |
|||
AWS_SES_SUBJECT="Message.Subject.Data=$_subject" |
|||
AWS_SES_MESSAGE="Message.Body.Text.Data=$_content" |
|||
|
|||
_data="${AWS_SES_ACTION}&${AWS_SES_SOURCE}&${AWS_SES_TO}&${AWS_SES_SUBJECT}&${AWS_SES_MESSAGE}" |
|||
|
|||
response="$(aws_rest POST "" "" "$_data")" |
|||
} |
|||
|
|||
_use_metadata() { |
|||
_aws_creds="$( |
|||
_get "$1" "" 1 | |
|||
_normalizeJson | |
|||
tr '{,}' '\n' | |
|||
while read -r _line; do |
|||
_key="$(echo "${_line%%:*}" | tr -d '"')" |
|||
_value="${_line#*:}" |
|||
_debug3 "_key" "$_key" |
|||
_secure_debug3 "_value" "$_value" |
|||
case "$_key" in |
|||
AccessKeyId) echo "AWS_ACCESS_KEY_ID=$_value" ;; |
|||
SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;; |
|||
Token) echo "AWS_SESSION_TOKEN=$_value" ;; |
|||
esac |
|||
done | |
|||
paste -sd' ' - |
|||
)" |
|||
_secure_debug "_aws_creds" "$_aws_creds" |
|||
|
|||
if [ -z "$_aws_creds" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
eval "$_aws_creds" |
|||
_using_role=true |
|||
} |
|||
|
|||
#method uri qstr data |
|||
aws_rest() { |
|||
mtd="$1" |
|||
ep="$2" |
|||
qsr="$3" |
|||
data="$4" |
|||
|
|||
_debug mtd "$mtd" |
|||
_debug ep "$ep" |
|||
_debug qsr "$qsr" |
|||
_debug data "$data" |
|||
|
|||
CanonicalURI="/$ep" |
|||
_debug2 CanonicalURI "$CanonicalURI" |
|||
|
|||
CanonicalQueryString="$qsr" |
|||
_debug2 CanonicalQueryString "$CanonicalQueryString" |
|||
|
|||
RequestDate="$(date -u +"%Y%m%dT%H%M%SZ")" |
|||
_debug2 RequestDate "$RequestDate" |
|||
|
|||
#RequestDate="20161120T141056Z" ############## |
|||
|
|||
export _H1="x-amz-date: $RequestDate" |
|||
|
|||
aws_host="email.$AWS_SES_REGION.amazonaws.com" |
|||
CanonicalHeaders="host:$aws_host\nx-amz-date:$RequestDate\n" |
|||
SignedHeaders="host;x-amz-date" |
|||
if [ -n "$AWS_SESSION_TOKEN" ]; then |
|||
export _H3="x-amz-security-token: $AWS_SESSION_TOKEN" |
|||
CanonicalHeaders="${CanonicalHeaders}x-amz-security-token:$AWS_SESSION_TOKEN\n" |
|||
SignedHeaders="${SignedHeaders};x-amz-security-token" |
|||
fi |
|||
_debug2 CanonicalHeaders "$CanonicalHeaders" |
|||
_debug2 SignedHeaders "$SignedHeaders" |
|||
|
|||
RequestPayload="$data" |
|||
_debug2 RequestPayload "$RequestPayload" |
|||
|
|||
Hash="sha256" |
|||
|
|||
CanonicalRequest="$mtd\n$CanonicalURI\n$CanonicalQueryString\n$CanonicalHeaders\n$SignedHeaders\n$(printf "%s" "$RequestPayload" | _digest "$Hash" hex)" |
|||
_debug2 CanonicalRequest "$CanonicalRequest" |
|||
|
|||
HashedCanonicalRequest="$(printf "$CanonicalRequest%s" | _digest "$Hash" hex)" |
|||
_debug2 HashedCanonicalRequest "$HashedCanonicalRequest" |
|||
|
|||
Algorithm="AWS4-HMAC-SHA256" |
|||
_debug2 Algorithm "$Algorithm" |
|||
|
|||
RequestDateOnly="$(echo "$RequestDate" | cut -c 1-8)" |
|||
_debug2 RequestDateOnly "$RequestDateOnly" |
|||
|
|||
Region="$AWS_SES_REGION" |
|||
Service="ses" |
|||
|
|||
CredentialScope="$RequestDateOnly/$Region/$Service/aws4_request" |
|||
_debug2 CredentialScope "$CredentialScope" |
|||
|
|||
StringToSign="$Algorithm\n$RequestDate\n$CredentialScope\n$HashedCanonicalRequest" |
|||
|
|||
_debug2 StringToSign "$StringToSign" |
|||
|
|||
kSecret="AWS4$AWS_SECRET_ACCESS_KEY" |
|||
|
|||
#kSecret="wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY" ############################ |
|||
|
|||
_secure_debug2 kSecret "$kSecret" |
|||
|
|||
kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")" |
|||
_secure_debug2 kSecretH "$kSecretH" |
|||
|
|||
kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)" |
|||
_debug2 kDateH "$kDateH" |
|||
|
|||
kRegionH="$(printf "$Region%s" | _hmac "$Hash" "$kDateH" hex)" |
|||
_debug2 kRegionH "$kRegionH" |
|||
|
|||
kServiceH="$(printf "$Service%s" | _hmac "$Hash" "$kRegionH" hex)" |
|||
_debug2 kServiceH "$kServiceH" |
|||
|
|||
kSigningH="$(printf "%s" "aws4_request" | _hmac "$Hash" "$kServiceH" hex)" |
|||
_debug2 kSigningH "$kSigningH" |
|||
|
|||
signature="$(printf "$StringToSign%s" | _hmac "$Hash" "$kSigningH" hex)" |
|||
_debug2 signature "$signature" |
|||
|
|||
Authorization="$Algorithm Credential=$AWS_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature" |
|||
_debug2 Authorization "$Authorization" |
|||
|
|||
_H2="Authorization: $Authorization" |
|||
_debug _H2 "$_H2" |
|||
|
|||
url="https://$aws_host/$ep" |
|||
if [ "$qsr" ]; then |
|||
url="https://$aws_host/$ep?$qsr" |
|||
fi |
|||
|
|||
if [ "$mtd" = "GET" ]; then |
|||
response="$(_get "$url")" |
|||
else |
|||
response="$(_post "$data" "$url")" |
|||
fi |
|||
|
|||
_ret="$?" |
|||
_debug2 response "$response" |
|||
if [ "$_ret" = "0" ]; then |
|||
if _contains "$response" "<ErrorResponse"; then |
|||
_err "Response error:$response" |
|||
return 1 |
|||
fi |
|||
fi |
|||
} |
|||
@ -0,0 +1,45 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Support Slack APP notifications |
|||
|
|||
#SLACK_APP_CHANNEL="" |
|||
#SLACK_APP_TOKEN="" |
|||
|
|||
slack_app_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
SLACK_APP_CHANNEL="${SLACK_APP_CHANNEL:-$(_readaccountconf_mutable SLACK_APP_CHANNEL)}" |
|||
if [ -n "$SLACK_APP_CHANNEL" ]; then |
|||
_saveaccountconf_mutable SLACK_APP_CHANNEL "$SLACK_APP_CHANNEL" |
|||
fi |
|||
|
|||
SLACK_APP_TOKEN="${SLACK_APP_TOKEN:-$(_readaccountconf_mutable SLACK_APP_TOKEN)}" |
|||
if [ -n "$SLACK_APP_TOKEN" ]; then |
|||
_saveaccountconf_mutable SLACK_APP_TOKEN "$SLACK_APP_TOKEN" |
|||
fi |
|||
|
|||
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" |
|||
_data="{\"text\": \"$_content\", " |
|||
if [ -n "$SLACK_APP_CHANNEL" ]; then |
|||
_data="$_data\"channel\": \"$SLACK_APP_CHANNEL\", " |
|||
fi |
|||
_data="$_data\"mrkdwn\": \"true\"}" |
|||
|
|||
export _H1="Authorization: Bearer $SLACK_APP_TOKEN" |
|||
|
|||
SLACK_APP_API_URL="https://slack.com/api/chat.postMessage" |
|||
if _post "$_data" "$SLACK_APP_API_URL" "" "POST" "application/json; charset=utf-8"; then |
|||
# shellcheck disable=SC2154 |
|||
SLACK_APP_RESULT_OK=$(echo "$response" | _egrep_o 'ok" *: *true') |
|||
if [ "$?" = "0" ] && [ "$SLACK_APP_RESULT_OK" ]; then |
|||
_info "slack send success." |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "slack send error." |
|||
_err "$response" |
|||
return 1 |
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue