Florian Pfitzer
3 years ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
34 changed files with 1868 additions and 395 deletions
-
40.github/auto-comment.yml
-
20.github/workflows/DNS.yml
-
60.github/workflows/FreeBSD.yml
-
127.github/workflows/LetsEncrypt.yml
-
40.github/workflows/Linux.yml
-
52.github/workflows/MacOS.yml
-
10.github/workflows/PebbleStrict.yml
-
58.github/workflows/Solaris.yml
-
54.github/workflows/Ubuntu.yml
-
70.github/workflows/Windows.yml
-
5.github/workflows/dockerhub.yml
-
4.github/workflows/shellcheck.yml
-
8Dockerfile
-
73README.md
-
348acme.sh
-
98deploy/consul.sh
-
25deploy/haproxy.sh
-
2deploy/kong.sh
-
280deploy/lighttpd.sh
-
27deploy/ssh.sh
-
81dnsapi/dns_1984hosting.sh
-
2dnsapi/dns_aws.sh
-
204dnsapi/dns_azion.sh
-
25dnsapi/dns_infoblox.sh
-
8dnsapi/dns_netcup.sh
-
2dnsapi/dns_nsd.sh
-
324dnsapi/dns_oci.sh
-
4dnsapi/dns_ovh.sh
-
9dnsapi/dns_pdns.sh
-
5dnsapi/dns_rackspace.sh
-
158dnsapi/dns_veesp.sh
-
6dnsapi/dns_vultr.sh
-
8notify/sendgrid.sh
-
2notify/telegram.sh
@ -1,40 +0,0 @@ |
|||||
# Comment to a new issue. |
|
||||
issuesOpened: > |
|
||||
If this is a bug report, please upgrade to the latest code and try again: |
|
||||
|
|
||||
如果有 bug, 请先更新到最新版试试: |
|
||||
|
|
||||
``` |
|
||||
acme.sh --upgrade |
|
||||
``` |
|
||||
|
|
||||
please also provide the log with `--debug 2`. |
|
||||
|
|
||||
同时请提供调试输出 `--debug 2` |
|
||||
|
|
||||
see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh |
|
||||
|
|
||||
Without `--debug 2` log, your issue will NEVER get replied. |
|
||||
|
|
||||
没有调试输出, 你的 issue 不会得到任何解答. |
|
||||
|
|
||||
|
|
||||
pullRequestOpened: > |
|
||||
First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead. |
|
||||
|
|
||||
If this is a PR to support new DNS API or new notification API, please read this guide first: |
|
||||
https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|
||||
|
|
||||
Please check the guide items one by one. |
|
||||
|
|
||||
Then add your usage here: |
|
||||
https://github.com/acmesh-official/acme.sh/wiki/dnsapi |
|
||||
|
|
||||
Or some other wiki pages: |
|
||||
|
|
||||
https://github.com/acmesh-official/acme.sh/wiki/deployhooks |
|
||||
|
|
||||
https://github.com/acmesh-official/acme.sh/wiki/notify |
|
||||
|
|
||||
|
|
||||
|
|
||||
@ -0,0 +1,60 @@ |
|||||
|
name: FreeBSD |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/FreeBSD.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/FreeBSD.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
FreeBSD: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
runs-on: macos-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- uses: vmactions/cf-tunnel@v0.0.2 |
||||
|
id: tunnel |
||||
|
with: |
||||
|
protocol: http |
||||
|
port: 8080 |
||||
|
- name: Set envs |
||||
|
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- uses: vmactions/freebsd-vm@v0.1.4 |
||||
|
with: |
||||
|
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' |
||||
|
nat: | |
||||
|
"8080": "80" |
||||
|
prepare: pkg install -y socat curl |
||||
|
usesh: true |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& ./letest.sh |
||||
|
|
||||
|
|
||||
@ -1,127 +0,0 @@ |
|||||
name: LetsEncrypt |
|
||||
on: |
|
||||
push: |
|
||||
branches: |
|
||||
- '*' |
|
||||
paths: |
|
||||
- '**.sh' |
|
||||
- '**.yml' |
|
||||
pull_request: |
|
||||
branches: |
|
||||
- dev |
|
||||
paths: |
|
||||
- '**.sh' |
|
||||
- '**.yml' |
|
||||
|
|
||||
|
|
||||
jobs: |
|
||||
Ubuntu: |
|
||||
runs-on: ubuntu-latest |
|
||||
env: |
|
||||
TEST_LOCAL: 1 |
|
||||
steps: |
|
||||
- uses: actions/checkout@v2 |
|
||||
- name: Install tools |
|
||||
run: sudo apt-get install -y socat |
|
||||
- name: Clone acmetest |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- name: Run acmetest |
|
||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|
||||
|
|
||||
MacOS: |
|
||||
runs-on: macos-latest |
|
||||
env: |
|
||||
TEST_LOCAL: 1 |
|
||||
steps: |
|
||||
- uses: actions/checkout@v2 |
|
||||
- name: Install tools |
|
||||
run: brew install socat |
|
||||
- name: Clone acmetest |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- name: Run acmetest |
|
||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|
||||
|
|
||||
Windows: |
|
||||
runs-on: windows-latest |
|
||||
env: |
|
||||
TEST_LOCAL: 1 |
|
||||
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. |
|
||||
Le_HTTPPort: 8888 |
|
||||
steps: |
|
||||
- name: Set git to use LF |
|
||||
run: | |
|
||||
git config --global core.autocrlf false |
|
||||
- uses: actions/checkout@v2 |
|
||||
- name: Install cygwin base packages with chocolatey |
|
||||
run: | |
|
||||
choco config get cacheLocation |
|
||||
choco install --no-progress cygwin |
|
||||
shell: cmd |
|
||||
- name: Install cygwin additional packages |
|
||||
run: | |
|
||||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|
||||
shell: cmd |
|
||||
- name: Set ENV |
|
||||
shell: cmd |
|
||||
run: | |
|
||||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% |
|
||||
- name: Check ENV |
|
||||
shell: cmd |
|
||||
run: | |
|
||||
echo "PATH=%PATH%" |
|
||||
- name: Clone acmetest |
|
||||
shell: cmd |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- name: Run acmetest |
|
||||
shell: cmd |
|
||||
run: cd ../acmetest && bash.exe -c ./letest.sh |
|
||||
|
|
||||
FreeBSD: |
|
||||
runs-on: macos-latest |
|
||||
env: |
|
||||
TEST_LOCAL: 1 |
|
||||
steps: |
|
||||
- uses: actions/checkout@v2 |
|
||||
- uses: vmactions/cf-tunnel@v0.0.2 |
|
||||
id: tunnel |
|
||||
with: |
|
||||
protocol: http |
|
||||
port: 8080 |
|
||||
- name: Set envs |
|
||||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|
||||
- name: Clone acmetest |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- uses: vmactions/freebsd-vm@v0.1.4 |
|
||||
with: |
|
||||
envs: 'TEST_LOCAL TestingDomain' |
|
||||
nat: | |
|
||||
"8080": "80" |
|
||||
prepare: pkg install -y socat curl |
|
||||
usesh: true |
|
||||
run: | |
|
||||
cd ../acmetest && ./letest.sh |
|
||||
|
|
||||
Solaris: |
|
||||
runs-on: macos-latest |
|
||||
env: |
|
||||
TEST_LOCAL: 1 |
|
||||
steps: |
|
||||
- uses: actions/checkout@v2 |
|
||||
- uses: vmactions/cf-tunnel@v0.0.2 |
|
||||
id: tunnel |
|
||||
with: |
|
||||
protocol: http |
|
||||
port: 8080 |
|
||||
- name: Set envs |
|
||||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|
||||
- name: Clone acmetest |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- uses: vmactions/solaris-vm@v0.0.3 |
|
||||
with: |
|
||||
envs: 'TEST_LOCAL TestingDomain' |
|
||||
nat: | |
|
||||
"8080": "80" |
|
||||
prepare: pkgutil -y -i socat curl |
|
||||
run: | |
|
||||
cd ../acmetest && ./letest.sh |
|
||||
|
|
||||
@ -0,0 +1,40 @@ |
|||||
|
name: Linux |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Linux.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Linux.yml' |
||||
|
|
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Linux: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3-amd64"] |
||||
|
runs-on: ubuntu-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Clone acmetest |
||||
|
run: | |
||||
|
cd .. \ |
||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \ |
||||
|
&& cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& ./rundocker.sh testplat ${{ matrix.os }} |
||||
|
|
||||
|
|
||||
|
|
||||
@ -0,0 +1,52 @@ |
|||||
|
name: MacOS |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/MacOS.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/MacOS.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
MacOS: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
runs-on: macos-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Install tools |
||||
|
run: brew install socat |
||||
|
- name: Clone acmetest |
||||
|
run: | |
||||
|
cd .. \ |
||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \ |
||||
|
&& cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& sudo --preserve-env ./letest.sh |
||||
|
|
||||
|
|
||||
@ -0,0 +1,58 @@ |
|||||
|
name: Solaris |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Solaris.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Solaris.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Solaris: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
runs-on: macos-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- uses: vmactions/cf-tunnel@v0.0.2 |
||||
|
id: tunnel |
||||
|
with: |
||||
|
protocol: http |
||||
|
port: 8080 |
||||
|
- name: Set envs |
||||
|
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- uses: vmactions/solaris-vm@v0.0.3 |
||||
|
with: |
||||
|
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' |
||||
|
nat: | |
||||
|
"8080": "80" |
||||
|
prepare: pkgutil -y -i socat curl |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& ./letest.sh |
||||
|
|
||||
@ -0,0 +1,54 @@ |
|||||
|
name: Ubuntu |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Ubuntu.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Ubuntu.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Ubuntu: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
|
||||
|
runs-on: ubuntu-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
NO_ECC_384: ${{ matrix.NO_ECC_384 }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Install tools |
||||
|
run: sudo apt-get install -y socat |
||||
|
- name: Clone acmetest |
||||
|
run: | |
||||
|
cd .. \ |
||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \ |
||||
|
&& cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& sudo --preserve-env ./letest.sh |
||||
|
|
||||
|
|
||||
@ -0,0 +1,70 @@ |
|||||
|
name: Windows |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Windows.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Windows.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Windows: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
runs-on: windows-latest |
||||
|
env: |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
TEST_LOCAL: 1 |
||||
|
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. |
||||
|
Le_HTTPPort: 8888 |
||||
|
steps: |
||||
|
- name: Set git to use LF |
||||
|
run: | |
||||
|
git config --global core.autocrlf false |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Install cygwin base packages with chocolatey |
||||
|
run: | |
||||
|
choco config get cacheLocation |
||||
|
choco install --no-progress cygwin |
||||
|
shell: cmd |
||||
|
- name: Install cygwin additional packages |
||||
|
run: | |
||||
|
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
||||
|
shell: cmd |
||||
|
- name: Set ENV |
||||
|
shell: cmd |
||||
|
run: | |
||||
|
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin;%PATH% >> %GITHUB_ENV% |
||||
|
- name: Check ENV |
||||
|
shell: cmd |
||||
|
run: | |
||||
|
echo "PATH=%PATH%" |
||||
|
- name: Clone acmetest |
||||
|
shell: cmd |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
shell: cmd |
||||
|
run: cd ../acmetest && bash.exe -c ./letest.sh |
||||
|
|
||||
|
|
||||
|
|
||||
@ -0,0 +1,98 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Here is a script to deploy cert to hashicorp consul using curl |
||||
|
# (https://www.consul.io/) |
||||
|
# |
||||
|
# it requires following environment variables: |
||||
|
# |
||||
|
# CONSUL_PREFIX - this contains the prefix path in consul |
||||
|
# CONSUL_HTTP_ADDR - consul requires this to find your consul server |
||||
|
# |
||||
|
# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available |
||||
|
# to access the consul server |
||||
|
|
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
consul_deploy() { |
||||
|
|
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
# validate required env vars |
||||
|
_getdeployconf CONSUL_PREFIX |
||||
|
if [ -z "$CONSUL_PREFIX" ]; then |
||||
|
_err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX" |
||||
|
|
||||
|
_getdeployconf CONSUL_HTTP_ADDR |
||||
|
if [ -z "$CONSUL_HTTP_ADDR" ]; then |
||||
|
_err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR" |
||||
|
|
||||
|
CONSUL_CMD=$(command -v consul) |
||||
|
|
||||
|
# force CLI, but the binary does not exist => error |
||||
|
if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then |
||||
|
_err "Cannot find the consul binary!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# use the CLI first |
||||
|
if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then |
||||
|
_info "Found consul binary, deploying with CLI" |
||||
|
consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX" |
||||
|
else |
||||
|
_info "Did not find consul binary, deploying with API" |
||||
|
consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
consul_deploy_api() { |
||||
|
CONSUL_HTTP_ADDR="$1" |
||||
|
CONSUL_PREFIX="$2" |
||||
|
CONSUL_HTTP_TOKEN="$3" |
||||
|
|
||||
|
URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX" |
||||
|
export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN" |
||||
|
|
||||
|
if [ -n "$FABIO" ]; then |
||||
|
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1 |
||||
|
else |
||||
|
_post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
consul_deploy_cli() { |
||||
|
CONSUL_CMD="$1" |
||||
|
CONSUL_PREFIX="$2" |
||||
|
|
||||
|
if [ -n "$FABIO" ]; then |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1 |
||||
|
else |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 |
||||
|
fi |
||||
|
} |
||||
@ -0,0 +1,280 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Script for acme.sh to deploy certificates to lighttpd |
||||
|
# |
||||
|
# The following variables can be exported: |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem" |
||||
|
# |
||||
|
# Defines the name of the PEM file. |
||||
|
# Defaults to "<domain>.pem" |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd" |
||||
|
# |
||||
|
# Defines location of PEM file for Lighttpd. |
||||
|
# Defaults to /etc/lighttpd |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd" |
||||
|
# |
||||
|
# OPTIONAL: Reload command used post deploy |
||||
|
# This defaults to be a no-op (ie "true"). |
||||
|
# It is strongly recommended to set this something that makes sense |
||||
|
# for your distro. |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_ISSUER="yes" |
||||
|
# |
||||
|
# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer" |
||||
|
# Note: Required for OCSP stapling to work |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_BUNDLE="no" |
||||
|
# |
||||
|
# OPTIONAL: Deploy this certificate as part of a multi-cert bundle |
||||
|
# This adds a suffix to the certificate based on the certificate type |
||||
|
# eg RSA certificates will have .rsa as a suffix to the file name |
||||
|
# Lighttpd will load all certificates and provide one or the other |
||||
|
# depending on client capabilities |
||||
|
# Note: This functionality requires Lighttpd was compiled against |
||||
|
# a version of OpenSSL that supports this. |
||||
|
# |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
lighttpd_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
# Some defaults |
||||
|
DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd" |
||||
|
DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem" |
||||
|
DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no" |
||||
|
DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes" |
||||
|
DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true" |
||||
|
|
||||
|
_debug _cdomain "${_cdomain}" |
||||
|
_debug _ckey "${_ckey}" |
||||
|
_debug _ccert "${_ccert}" |
||||
|
_debug _cca "${_cca}" |
||||
|
_debug _cfullchain "${_cfullchain}" |
||||
|
|
||||
|
# PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_PEM_PATH |
||||
|
_debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# Ensure PEM_PATH exists |
||||
|
if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then |
||||
|
_debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists" |
||||
|
else |
||||
|
_err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_PEM_NAME |
||||
|
_debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_BUNDLE |
||||
|
_debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then |
||||
|
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then |
||||
|
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_ISSUER |
||||
|
_debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then |
||||
|
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then |
||||
|
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_RELOAD |
||||
|
_debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then |
||||
|
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then |
||||
|
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# Set the suffix depending if we are creating a bundle or not |
||||
|
if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then |
||||
|
_info "Bundle creation requested" |
||||
|
# Initialise $Le_Keylength if its not already set |
||||
|
if [ -z "${Le_Keylength}" ]; then |
||||
|
Le_Keylength="" |
||||
|
fi |
||||
|
if _isEccKey "${Le_Keylength}"; then |
||||
|
_info "ECC key type detected" |
||||
|
_suffix=".ecdsa" |
||||
|
else |
||||
|
_info "RSA key type detected" |
||||
|
_suffix=".rsa" |
||||
|
fi |
||||
|
else |
||||
|
_suffix="" |
||||
|
fi |
||||
|
_debug _suffix "${_suffix}" |
||||
|
|
||||
|
# Set variables for later |
||||
|
_pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}" |
||||
|
_issuer="${_pem}.issuer" |
||||
|
_ocsp="${_pem}.ocsp" |
||||
|
_reload="${Le_Deploy_lighttpd_reload}" |
||||
|
|
||||
|
_info "Deploying PEM file" |
||||
|
# Create a temporary PEM file |
||||
|
_temppem="$(_mktemp)" |
||||
|
_debug _temppem "${_temppem}" |
||||
|
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}" |
||||
|
_ret="$?" |
||||
|
|
||||
|
# Check that we could create the temporary file |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned during PEM file creation" |
||||
|
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
|
||||
|
# Move PEM file into place |
||||
|
_info "Moving new certificate into place" |
||||
|
_debug _pem "${_pem}" |
||||
|
cat "${_temppem}" >"${_pem}" |
||||
|
_ret=$? |
||||
|
|
||||
|
# Clean up temp file |
||||
|
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
||||
|
|
||||
|
# Deal with any failure of moving PEM file into place |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned while moving new certificate into place" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
|
||||
|
# Update .issuer file if requested |
||||
|
if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then |
||||
|
_info "Updating .issuer file" |
||||
|
_debug _issuer "${_issuer}" |
||||
|
cat "${_cca}" >"${_issuer}" |
||||
|
_ret="$?" |
||||
|
|
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned while copying issuer/CA certificate into place" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
else |
||||
|
[ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists" |
||||
|
fi |
||||
|
|
||||
|
# Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option |
||||
|
if [ -z "${Le_OCSP_Staple}" ]; then |
||||
|
Le_OCSP_Staple="0" |
||||
|
fi |
||||
|
if [ "${Le_OCSP_Staple}" = "1" ]; then |
||||
|
_info "Updating OCSP stapling info" |
||||
|
_debug _ocsp "${_ocsp}" |
||||
|
_info "Extracting OCSP URL" |
||||
|
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}") |
||||
|
_debug _ocsp_url "${_ocsp_url}" |
||||
|
|
||||
|
# Only process OCSP if URL was present |
||||
|
if [ "${_ocsp_url}" != "" ]; then |
||||
|
# Extract the hostname from the OCSP URL |
||||
|
_info "Extracting OCSP URL" |
||||
|
_ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3) |
||||
|
_debug _ocsp_host "${_ocsp_host}" |
||||
|
|
||||
|
# Only process the certificate if we have a .issuer file |
||||
|
if [ -r "${_issuer}" ]; then |
||||
|
# Check if issuer cert is also a root CA cert |
||||
|
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
||||
|
_debug _subjectdn "${_subjectdn}" |
||||
|
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
||||
|
_debug _issuerdn "${_issuerdn}" |
||||
|
_info "Requesting OCSP response" |
||||
|
# If the issuer is a CA cert then our command line has "-CAfile" added |
||||
|
if [ "${_subjectdn}" = "${_issuerdn}" ]; then |
||||
|
_cafile_argument="-CAfile \"${_issuer}\"" |
||||
|
else |
||||
|
_cafile_argument="" |
||||
|
fi |
||||
|
_debug _cafile_argument "${_cafile_argument}" |
||||
|
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed |
||||
|
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2) |
||||
|
_debug _openssl_version "${_openssl_version}" |
||||
|
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) |
||||
|
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) |
||||
|
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then |
||||
|
_header_sep="=" |
||||
|
else |
||||
|
_header_sep=" " |
||||
|
fi |
||||
|
# Request the OCSP response from the issuer and store it |
||||
|
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \ |
||||
|
-issuer \"${_issuer}\" \ |
||||
|
-cert \"${_pem}\" \ |
||||
|
-url \"${_ocsp_url}\" \ |
||||
|
-header Host${_header_sep}\"${_ocsp_host}\" \ |
||||
|
-respout \"${_ocsp}\" \ |
||||
|
-verify_other \"${_issuer}\" \ |
||||
|
${_cafile_argument} \ |
||||
|
| grep -q \"${_pem}: good\"" |
||||
|
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}" |
||||
|
eval "${_openssl_ocsp_cmd}" |
||||
|
_ret=$? |
||||
|
else |
||||
|
# Non fatal: No issuer file was present so no OCSP stapling file created |
||||
|
_err "OCSP stapling in use but no .issuer file was present" |
||||
|
fi |
||||
|
else |
||||
|
# Non fatal: No OCSP url was found int the certificate |
||||
|
_err "OCSP update requested but no OCSP URL was found in certificate" |
||||
|
fi |
||||
|
|
||||
|
# Non fatal: Check return code of openssl command |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Updating OCSP stapling failed with return code ${_ret}" |
||||
|
fi |
||||
|
else |
||||
|
# An OCSP file was already present but certificate did not have OCSP extension |
||||
|
if [ -f "${_ocsp}" ]; then |
||||
|
_err "OCSP was not requested but .ocsp file exists." |
||||
|
# Could remove the file at this step, although Lighttpd just ignores it in this case |
||||
|
# rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file" |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
# Reload Lighttpd |
||||
|
_debug _reload "${_reload}" |
||||
|
eval "${_reload}" |
||||
|
_ret=$? |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} during reload" |
||||
|
return ${_ret} |
||||
|
else |
||||
|
_info "Reload successful" |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
@ -0,0 +1,204 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#AZION_Email="" |
||||
|
#AZION_Password="" |
||||
|
# |
||||
|
|
||||
|
AZION_Api="https://api.azionapi.net" |
||||
|
|
||||
|
######## Public functions ######## |
||||
|
|
||||
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
dns_azion_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug "Detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Domain not found" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
|
||||
|
_info "Add or update record" |
||||
|
_get_record "$_domain_id" "$_sub_domain" |
||||
|
if [ "$record_id" ]; then |
||||
|
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}" |
||||
|
if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Record updated." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
else |
||||
|
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}" |
||||
|
if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Record added." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
fi |
||||
|
_err "Failed to add or update record." |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_azion_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug "Detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Domain not found" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
|
||||
|
_info "Removing record" |
||||
|
_get_record "$_domain_id" "$_sub_domain" |
||||
|
if [ "$record_id" ]; then |
||||
|
if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then |
||||
|
_info "Record removed." |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Failed to remove record." |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_info "Record not found or already removed." |
||||
|
return 0 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
# Usage: _acme-challenge.www.domain.com |
||||
|
# returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
if ! _azion_rest GET "intelligent_dns"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
# not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"domain\":\"$h\""; then |
||||
|
_domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_record() { |
||||
|
_domain_id=$1 |
||||
|
_record=$2 |
||||
|
|
||||
|
if ! _azion_rest GET "intelligent_dns/$_domain_id/records"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"entry\":\"$_record\""; then |
||||
|
_json_record=$(echo "$response" | tr '{' "\n" | grep "\"entry\":\"$_record\"") |
||||
|
if [ "$_json_record" ]; then |
||||
|
record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
||||
|
answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\]) |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_token() { |
||||
|
AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}" |
||||
|
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}" |
||||
|
|
||||
|
if ! _contains "$AZION_Email" "@"; then |
||||
|
_err "It seems that the AZION_Email is not a valid email address. Revalidate your environments." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then |
||||
|
_err "You didn't specified a AZION_Email/AZION_Password to generate Azion token." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable AZION_Email "$AZION_Email" |
||||
|
_saveaccountconf_mutable AZION_Password "$AZION_Password" |
||||
|
|
||||
|
_basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64) |
||||
|
_debug _basic_auth "$_basic_auth" |
||||
|
|
||||
|
export _H1="Accept: application/json; version=3" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H3="Authorization: Basic $_basic_auth" |
||||
|
|
||||
|
response="$(_post "" "$AZION_Api/tokens" "" "POST")" |
||||
|
if _contains "$response" "\"token\":\"" >/dev/null; then |
||||
|
_azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") |
||||
|
export AZION_Token="$_azion_token" |
||||
|
else |
||||
|
_err "Failed to generate Azion token" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_azion_rest() { |
||||
|
_method=$1 |
||||
|
_uri="$2" |
||||
|
_data="$3" |
||||
|
|
||||
|
if [ -z "$AZION_Token" ]; then |
||||
|
_get_token |
||||
|
fi |
||||
|
_debug2 token "$AZION_Token" |
||||
|
|
||||
|
export _H1="Accept: application/json; version=3" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H3="Authorization: token $AZION_Token" |
||||
|
|
||||
|
if [ "$_method" != "GET" ]; then |
||||
|
_debug _data "$_data" |
||||
|
response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")" |
||||
|
else |
||||
|
response="$(_get "$AZION_Api/$_uri")" |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $_method $_uri $_data" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
@ -0,0 +1,324 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# |
||||
|
# Acme.sh DNS API plugin for Oracle Cloud Infrastructure |
||||
|
# Copyright (c) 2021, Oracle and/or its affiliates |
||||
|
# |
||||
|
# The plugin will automatically use the default profile from an OCI SDK and CLI |
||||
|
# configuration file, if it exists. |
||||
|
# |
||||
|
# Alternatively, set the following environment variables: |
||||
|
# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone |
||||
|
# - OCI_CLI_USER : OCID of user with permission to add/remove records from zones |
||||
|
# - OCI_CLI_REGION : Should point to the tenancy home region |
||||
|
# |
||||
|
# One of the following two variables is required: |
||||
|
# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or |
||||
|
# - OCI_CLI_KEY : The private API signing key in PEM format |
||||
|
# |
||||
|
# NOTE: using an encrypted private key that needs a passphrase is not supported. |
||||
|
# |
||||
|
|
||||
|
dns_oci_add() { |
||||
|
_fqdn="$1" |
||||
|
_rdata="$2" |
||||
|
|
||||
|
if _get_oci_zone; then |
||||
|
|
||||
|
_add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}" |
||||
|
response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body") |
||||
|
if [ "$response" ]; then |
||||
|
_info "Success: added TXT record for ${_sub_domain}.${_domain}." |
||||
|
else |
||||
|
_err "Error: failed to add TXT record for ${_sub_domain}.${_domain}." |
||||
|
_err "Check that the user has permission to add records to this zone." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
dns_oci_rm() { |
||||
|
_fqdn="$1" |
||||
|
_rdata="$2" |
||||
|
|
||||
|
if _get_oci_zone; then |
||||
|
|
||||
|
_remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}" |
||||
|
response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body") |
||||
|
if [ "$response" ]; then |
||||
|
_info "Success: removed TXT record for ${_sub_domain}.${_domain}." |
||||
|
else |
||||
|
_err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}." |
||||
|
_err "Check that the user has permission to remove records from this zone." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
_get_oci_zone() { |
||||
|
|
||||
|
if ! _oci_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_zone "$_fqdn"; then |
||||
|
_err "Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
_oci_config() { |
||||
|
|
||||
|
_DEFAULT_OCI_CLI_CONFIG_FILE="$HOME/.oci/config" |
||||
|
OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}" |
||||
|
|
||||
|
if [ -z "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
OCI_CLI_CONFIG_FILE="$_DEFAULT_OCI_CLI_CONFIG_FILE" |
||||
|
fi |
||||
|
|
||||
|
if [ "$_DEFAULT_OCI_CLI_CONFIG_FILE" != "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_CONFIG_FILE "$OCI_CLI_CONFIG_FILE" |
||||
|
else |
||||
|
_clearaccountconf_mutable OCI_CLI_CONFIG_FILE |
||||
|
fi |
||||
|
|
||||
|
_DEFAULT_OCI_CLI_PROFILE="DEFAULT" |
||||
|
OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}" |
||||
|
if [ "$_DEFAULT_OCI_CLI_PROFILE" != "$OCI_CLI_PROFILE" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_PROFILE "$OCI_CLI_PROFILE" |
||||
|
else |
||||
|
OCI_CLI_PROFILE="$_DEFAULT_OCI_CLI_PROFILE" |
||||
|
_clearaccountconf_mutable OCI_CLI_PROFILE |
||||
|
fi |
||||
|
|
||||
|
OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}" |
||||
|
if [ "$OCI_CLI_TENANCY" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY" |
||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
_debug "Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE" |
||||
|
OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini "$OCI_CLI_CONFIG_FILE" tenancy "$OCI_CLI_PROFILE")}" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$OCI_CLI_TENANCY" ]; then |
||||
|
_err "Error: unable to read OCI_CLI_TENANCY from config file or environment variable." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}" |
||||
|
if [ "$OCI_CLI_USER" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER" |
||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
_debug "Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE" |
||||
|
OCI_CLI_USER="${OCI_CLI_USER:-$(_readini "$OCI_CLI_CONFIG_FILE" user "$OCI_CLI_PROFILE")}" |
||||
|
fi |
||||
|
if [ -z "$OCI_CLI_USER" ]; then |
||||
|
_err "Error: unable to read OCI_CLI_USER from config file or environment variable." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}" |
||||
|
if [ "$OCI_CLI_REGION" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION" |
||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
_debug "Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE" |
||||
|
OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini "$OCI_CLI_CONFIG_FILE" region "$OCI_CLI_PROFILE")}" |
||||
|
fi |
||||
|
if [ -z "$OCI_CLI_REGION" ]; then |
||||
|
_err "Error: unable to read OCI_CLI_REGION from config file or environment variable." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}" |
||||
|
if [ -z "$OCI_CLI_KEY" ]; then |
||||
|
_clearaccountconf_mutable OCI_CLI_KEY |
||||
|
OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini "$OCI_CLI_CONFIG_FILE" key_file "$OCI_CLI_PROFILE")}" |
||||
|
if [ "$OCI_CLI_KEY_FILE" ] && [ -f "$OCI_CLI_KEY_FILE" ]; then |
||||
|
_debug "Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE" |
||||
|
OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE") |
||||
|
_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" |
||||
|
fi |
||||
|
else |
||||
|
_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then |
||||
|
_err "Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE." |
||||
|
_err "Error: unable to load private API signing key from OCI_CLI_KEY." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then |
||||
|
OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline) |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
# _get_zone(): retrieves the Zone name and OCID |
||||
|
# |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_ociid=ocid1.dns-zone.oc1.. |
||||
|
_get_zone() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
# not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id") |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
|
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#Usage: privatekey |
||||
|
#Output MD5 fingerprint |
||||
|
_fingerprint() { |
||||
|
|
||||
|
pkey="$1" |
||||
|
if [ -z "$pkey" ]; then |
||||
|
_usage "Usage: _fingerprint privkey" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
printf "%s" "$pkey" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' ' |
||||
|
|
||||
|
} |
||||
|
|
||||
|
_signed_request() { |
||||
|
|
||||
|
_sig_method="$1" |
||||
|
_sig_target="$2" |
||||
|
_sig_body="$3" |
||||
|
_return_field="$4" |
||||
|
|
||||
|
_key_fingerprint=$(_fingerprint "$OCI_CLI_KEY") |
||||
|
_sig_host="dns.$OCI_CLI_REGION.oraclecloud.com" |
||||
|
_sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint" |
||||
|
_sig_alg="rsa-sha256" |
||||
|
_sig_version="1" |
||||
|
_sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")" |
||||
|
|
||||
|
_request_method=$(printf %s "$_sig_method" | _lower_case) |
||||
|
_curl_method=$(printf %s "$_sig_method" | _upper_case) |
||||
|
|
||||
|
_request_target="(request-target): $_request_method $_sig_target" |
||||
|
_date_header="date: $_sig_now" |
||||
|
_host_header="host: $_sig_host" |
||||
|
|
||||
|
_string_to_sign="$_request_target\n$_date_header\n$_host_header" |
||||
|
_sig_headers="(request-target) date host" |
||||
|
|
||||
|
if [ "$_sig_body" ]; then |
||||
|
_secure_debug3 _sig_body "$_sig_body" |
||||
|
_sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | _digest sha256)" |
||||
|
_sig_body_type="content-type: application/json" |
||||
|
_sig_body_length="content-length: ${#_sig_body}" |
||||
|
_string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length" |
||||
|
_sig_headers="$_sig_headers x-content-sha256 content-type content-length" |
||||
|
fi |
||||
|
|
||||
|
_tmp_file=$(_mktemp) |
||||
|
if [ -f "$_tmp_file" ]; then |
||||
|
printf '%s' "$OCI_CLI_KEY" >"$_tmp_file" |
||||
|
_signature=$(printf '%b' "$_string_to_sign" | _sign "$_tmp_file" sha256 | tr -d '\r\n') |
||||
|
rm -f "$_tmp_file" |
||||
|
fi |
||||
|
|
||||
|
_signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\"" |
||||
|
_secure_debug3 _signed_header "$_signed_header" |
||||
|
|
||||
|
if [ "$_curl_method" = "GET" ]; then |
||||
|
export _H1="$_date_header" |
||||
|
export _H2="$_signed_header" |
||||
|
_response="$(_get "https://${_sig_host}${_sig_target}")" |
||||
|
elif [ "$_curl_method" = "PATCH" ]; then |
||||
|
export _H1="$_date_header" |
||||
|
export _H2="$_sig_body_sha256" |
||||
|
export _H3="$_sig_body_type" |
||||
|
export _H4="$_sig_body_length" |
||||
|
export _H5="$_signed_header" |
||||
|
_response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")" |
||||
|
else |
||||
|
_err "Unable to process method: $_curl_method." |
||||
|
fi |
||||
|
|
||||
|
_ret="$?" |
||||
|
if [ "$_return_field" ]; then |
||||
|
_response="$(echo "$_response" | sed 's/\\\"//g'))" |
||||
|
_return=$(echo "${_response}" | _egrep_o "\"$_return_field\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") |
||||
|
else |
||||
|
_return="$_response" |
||||
|
fi |
||||
|
|
||||
|
printf "%s" "$_return" |
||||
|
return $_ret |
||||
|
|
||||
|
} |
||||
|
|
||||
|
# file key [section] |
||||
|
_readini() { |
||||
|
_file="$1" |
||||
|
_key="$2" |
||||
|
_section="${3:-DEFAULT}" |
||||
|
|
||||
|
_start_n=$(grep -n '\['"$_section"']' "$_file" | cut -d : -f 1) |
||||
|
_debug3 _start_n "$_start_n" |
||||
|
if [ -z "$_start_n" ]; then |
||||
|
_err "Can not find section: $_section" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_start_nn=$(_math "$_start_n" + 1) |
||||
|
_debug3 "_start_nn" "$_start_nn" |
||||
|
|
||||
|
_left="$(sed -n "${_start_nn},99999p" "$_file")" |
||||
|
_debug3 _left "$_left" |
||||
|
_end="$(echo "$_left" | grep -n "^\[" | _head_n 1)" |
||||
|
_debug3 "_end" "$_end" |
||||
|
if [ "$_end" ]; then |
||||
|
_end_n=$(echo "$_end" | cut -d : -f 1) |
||||
|
_debug3 "_end_n" "$_end_n" |
||||
|
_seg_n=$(echo "$_left" | sed -n "1,${_end_n}p") |
||||
|
else |
||||
|
_seg_n="$_left" |
||||
|
fi |
||||
|
|
||||
|
_debug3 "_seg_n" "$_seg_n" |
||||
|
_lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")" |
||||
|
_inivalue="$(printf "%b" "$(eval "echo $_lineini | sed \"s/^ *${_key} *= *//g\"")")" |
||||
|
_debug2 _inivalue "$_inivalue" |
||||
|
echo "$_inivalue" |
||||
|
|
||||
|
} |
||||
@ -0,0 +1,158 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# bug reports to stepan@plyask.in |
||||
|
|
||||
|
# |
||||
|
# export VEESP_User="username" |
||||
|
# export VEESP_Password="password" |
||||
|
|
||||
|
VEESP_Api="https://secure.veesp.com/api" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_veesp_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}" |
||||
|
VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}" |
||||
|
VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64) |
||||
|
|
||||
|
if [ -z "$VEESP_Password" ] || [ -z "$VEESP_User" ]; then |
||||
|
VEESP_Password="" |
||||
|
VEESP_User="" |
||||
|
_err "You don't specify veesp api key and email yet." |
||||
|
_err "Please create you key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api key and email to the account conf file. |
||||
|
_saveaccountconf_mutable VEESP_Password "$VEESP_Password" |
||||
|
_saveaccountconf_mutable VEESP_User "$VEESP_User" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
if VEESP_rest POST "service/$_service_id/dns/$_domain_id/records" "{\"name\":\"$fulldomain\",\"ttl\":1,\"priority\":0,\"type\":\"TXT\",\"content\":\"$txtvalue\"}"; then |
||||
|
if _contains "$response" "\"success\":true"; then |
||||
|
_info "Added" |
||||
|
#todo: check if the record takes effect |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_veesp_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}" |
||||
|
VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}" |
||||
|
VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64) |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting txt records" |
||||
|
VEESP_rest GET "service/$_service_id/dns/$_domain_id" |
||||
|
|
||||
|
count=$(printf "%s\n" "$response" | _egrep_o "\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | wc -l | tr -d " ") |
||||
|
_debug count "$count" |
||||
|
if [ "$count" = "0" ]; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
record_id=$(printf "%s\n" "$response" | _egrep_o "{\"id\":[^}]*\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | cut -d\" -f4) |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! VEESP_rest DELETE "service/$_service_id/dns/$_domain_id/records/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
_contains "$response" "\"success\":true" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
if ! VEESP_rest GET "dns"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"domain_id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1 | cut -d '"' -f 2) |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_service_id=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$h\",\"service_id\":[^}]*" | cut -d : -f 3 | cut -d '"' -f 2) |
||||
|
_debug _service_id "$_service_id" |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
VEESP_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
export _H2="Authorization: Basic $VEESP_auth" |
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
export _H3="Content-Type: application/json" |
||||
|
response="$(_post "$data" "$VEESP_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$VEESP_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
||||
Write
Preview
Loading…
Cancel
Save
Reference in new issue