From 175c9decd7189f15f47f8175f2cad9656a4dddcf Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2016 21:00:36 +0800 Subject: [PATCH] init dnsapi --- dnsapi/dns-cf.sh | 139 +++++++++++++++++++++++++++++++++++++++++++++++ le.sh | 61 ++++++++++++++++----- 2 files changed, 187 insertions(+), 13 deletions(-) create mode 100644 dnsapi/dns-cf.sh diff --git a/dnsapi/dns-cf.sh b/dnsapi/dns-cf.sh new file mode 100644 index 00000000..40987a21 --- /dev/null +++ b/dnsapi/dns-cf.sh @@ -0,0 +1,139 @@ +#!/bin/bash + + +# +#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# +#CF_Email="xxxx@sss.com" + + +CF_Api="https://api.cloudflare.com/client/v4/" + +#Usage: _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns-cf-add() { + fulldomain=$1 + txtvalue=$2 + + _info "first detect the root zone" + if ! _get_root $fulldomain > /dev/null ; then + _err "invalid domain" + return 1 + fi + + _cf_rest GET "/zones/$_domain_id/dns_records?type=TXT&name=$fulldomain" + + if [ "$?" != "0" ] || ! printf $response | grep \"success\":true > /dev/null ; then + _err "Error" + return 1 + fi + + count=$(printf $response | grep -o \"count\":[^,]* | cut -d : -f 2) + + if [ "$count" == "0" ] ; then + _info "Adding record" + if _cf_rest GET "/zones/$_domain_id/dns_records?type=TXT&name=$fulldomain&content=$txtvalue" ; then + _info "Added, sleeping 10 seconds" + sleep 10 + return 0 + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf $response | grep -o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") + _info "record_id" $record_id + + _cf_rest PUT "/zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" + if [ "$?" == "0" ]; then + _info "Updated, sleeping 10 seconds" + sleep 10 + return 0; + fi + _err "Update error" + return 1 + fi + +} + + +#_acme-challenge.www.domain.com +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + while [ '1' ] ; do + h=$(printf $domain | cut -d . -f $i-100) + if [ -z "$h" ] ; then + #not valid + return 1; + fi + + if ! _cf_get "zones?name=$h" ; then + return 1 + fi + + if printf $response | grep \"name\":\"$h\" ; then + _domain_id=$(printf $response | grep -o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") + if [ "$_domain_id" ] ; then + _sub_domain=$(printf $domain | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + return 1 + fi + p=$i + let "i+=1" + done + return 1 +} + + +_cf_rest() { + m=$1 + ep="$2" + echo $ep + if [ "$3" ] ; then + data="--data \"$3\"" + fi + response="$(curl --silent -X $m "$CF_Api/$ep" -H "X-Auth-Email: $CF_Email" -H "X-Auth-Key: $CF_Key" -H "Content-Type: application/json" $data)" + if [ "$?" != "0" ] ; then + echo $error $ep + return 1 + fi + echo $response + return 0 +} + + +_debug() { + + if [ -z "$DEBUG" ] ; then + return + fi + + if [ -z "$2" ] ; then + echo $1 + else + echo "$1"="$2" + fi +} + +_info() { + if [ -z "$2" ] ; then + echo "$1" + else + echo "$1"="$2" + fi +} + +_err() { + if [ -z "$2" ] ; then + echo "$1" >&2 + else + echo "$1"="$2" >&2 + fi +} + + diff --git a/le.sh b/le.sh index f90ebe3e..8e70b04f 100755 --- a/le.sh +++ b/le.sh @@ -320,7 +320,6 @@ _initpath() { if [ -z "$CA_CERT_PATH" ] ; then CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer" fi - } @@ -619,12 +618,44 @@ issue() { _debug txt "$txt" #dns #1. check use api - _err "Add the following TXT record:" - _err "Domain: $txtdomain" - _err "TXT value: $txt" - _err "Please be aware that you prepend _acme-challenge. before your domain" - _err "so the resulting subdomain will be: $txtdomain" - #dnsadded='1' + d_api="" + if [ -f "$WORKING_DIR/$d/$Le_Webroot" ] ; then + d_api="$WORKING_DIR/$d/$Le_Webroot" + elif [ -f "$WORKING_DIR/$d/$Le_Webroot.sh" ] ; then + d_api="$WORKING_DIR/$d/$Le_Webroot.sh" + elif [ -f "$WORKING_DIR/$Le_Webroot" ] ; then + d_api="$WORKING_DIR/$Le_Webroot" + elif [ -f "$WORKING_DIR/$Le_Webroot.sh" ] ; then + d_api="$WORKING_DIR/$Le_Webroot.sh" + fi + + if [ "$d_api" ]; then + _info "Found domain api file: $d_api" + else + _err "Add the following TXT record:" + _err "Domain: $txtdomain" + _err "TXT value: $txt" + _err "Please be aware that you prepend _acme-challenge. before your domain" + _err "so the resulting subdomain will be: $txtdomain" + continue + fi + + if ! source $d_api ; then + _err "Load file $d_api error. Please check your api file and try again." + return 1 + fi + + addcommand="$Le_Webroot-add" + if ! command -v $addcommand ; then + _err "It seems that your api file is not correct, it must have a function named: $Le_Webroot" + return 1 + fi + + if ! $addcommand $txtdomain $txt ; then + _err "Error add txt for domain:$txtdomain" + return 1 + fi + dnsadded='1' fi done @@ -806,13 +837,17 @@ renew() { _initpath $Le_Domain - if [ -f "$DOMAIN_CONF" ] ; then - source "$DOMAIN_CONF" - if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then - _info "Skip, Next renewal time is: $Le_NextRenewTimeStr" - return 2 - fi + if [ ! -f "$DOMAIN_CONF" ] ; then + _err "$Le_Domain is not a issued domain, skip." + return 1; + fi + + source "$DOMAIN_CONF" + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then + _info "Skip, Next renewal time is: $Le_NextRenewTimeStr" + return 2 fi + IS_RENEW="1" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" IS_RENEW=""