Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Updated dns_nsupdate to use multiple dns update keys

pull/1882/head
Marcel Schuhbauer 7 years ago
parent
c31db83b26
commit
3955feae6d
2 changed files with 26 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      dnsapi/README.md
  2. 19
      dnsapi/dns_nsupdate.sh

8
dnsapi/README.md
View File

@ -147,6 +147,14 @@ export NSUPDATE_SERVER="dns.example.com"
export NSUPDATE_KEY="/path/to/your/nsupdate.key" export NSUPDATE_KEY="/path/to/your/nsupdate.key"
``` ```
If you want to use multiple update keys you can create a keyfolder and tell acme.sh to use it.
Acme.sh then tries to use the key file `${NSUPDATE_KEYDIR}/example.com.key`. If there is none it falls back to the default `NSUPDATE_KEY`.
```
mkdir ~/.acme.sh/keys
export NSUPDATE_KEYDIR="~/.acme.sh/keys"
```
Ok, let's issue a cert now: Ok, let's issue a cert now:
``` ```
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com

19
dnsapi/dns_nsupdate.sh
View File

@ -6,13 +6,20 @@
dns_nsupdate_add() { dns_nsupdate_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_checkKeyFile || return 1
basedomain=$(echo "$fulldomain" | sed -e 's/^.*\.\(.*\..*\)$/\1/')
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53 [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
# save the dns server and key to the account conf file.
[ -n "${NSUPDATE_KEYDIR}" ] || NSUPDATE_KEYDIR="${LE_WORKING_DIR}/keys"
# save the dns server, keydir and key to the account conf file.
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
_saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}" _saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
_saveaccountconf NSUPDATE_KEYDIR "${NSUPDATE_KEYDIR}"
if [ -r "${NSUPDATE_KEYDIR}/${basedomain}.key" ]; then
NSUPDATE_KEY="${NSUPDATE_KEYDIR}/${basedomain}.key"
_info "using non default key ${NSUPDATE_KEYDIR}/${basedomain}.key"
fi
_checkKeyFile || return 1
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\"" _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
nsupdate -k "${NSUPDATE_KEY}" <<EOF nsupdate -k "${NSUPDATE_KEY}" <<EOF
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT} server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
@ -30,9 +37,15 @@ EOF
#Usage: dns_nsupdate_rm _acme-challenge.www.domain.com #Usage: dns_nsupdate_rm _acme-challenge.www.domain.com
dns_nsupdate_rm() { dns_nsupdate_rm() {
fulldomain=$1 fulldomain=$1
_checkKeyFile || return 1
basedomain=$(echo "$fulldomain" | sed -e 's/^.*\.\(.*\..*\)$/\1/')
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53 [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
[ -n "${NSUPDATE_KEYDIR}" ] || NSUPDATE_KEYDIR="${LE_WORKING_DIR}/keys"
if [ -r "${NSUPDATE_KEYDIR}/${basedomain}.key" ]; then
NSUPDATE_KEY="${NSUPDATE_KEYDIR}/${basedomain}.key"
_info "using non default key ${NSUPDATE_KEYDIR}/${basedomain}.key"
fi
_checkKeyFile || return 1
_info "removing ${fulldomain}. txt" _info "removing ${fulldomain}. txt"
nsupdate -k "${NSUPDATE_KEY}" <<EOF nsupdate -k "${NSUPDATE_KEY}" <<EOF
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT} server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}

Write Preview
Loading…
Cancel
Save