/,/<\/div>/{//!p;}' | sed 's/<[^>]*>//g' | sed 's/^ *//;s/ *$//')
+ _info "_message" "$_message"
+ if [ -z "$_message" ]; then
+ _err "Fail to upload certificate."
+ return 1
+ fi
+
+ for DOMAIN_ID in $DEPLOY_KEYHELP_DOMAIN_ID; do
+ _info "Apply certificate to domain id $DOMAIN_ID"
+ _response=$(_get "$DEPLOY_KEYHELP_BASEURL/index.php?page=domains&action=edit&id=$DOMAIN_ID")
+ cert_value=$(echo "$_response" | grep "$certificate_name" | sed -n 's/.*value="\([^"]*\).*/\1/p')
+ target_type=$(echo "$_response" | grep 'target_type' | grep 'checked' | sed -n 's/.*value="\([^"]*\).*/\1/p')
+ if [ "$target_type" = "directory" ]; then
+ path=$(echo "$_response" | awk '/name="path"/{getline; print}' | sed -n 's/.*value="\([^"]*\).*/\1/p')
+ fi
+ echo "$_response" | grep "is_prefer_https" | grep "checked" >/dev/null
+ if [ $? -eq 0 ]; then
+ is_prefer_https=1
+ else
+ is_prefer_https=0
+ fi
+ echo "$_response" | grep "hsts_enabled" | grep "checked" >/dev/null
+ if [ $? -eq 0 ]; then
+ hsts_enabled=1
+ else
+ hsts_enabled=0
+ fi
+ _debug "cert_value" "$cert_value"
+ if [ -z "$cert_value" ]; then
+ _err "Fail to get certificate id."
+ return 1
+ fi
+
+ _request_body="submit=1&id=$DOMAIN_ID&target_type=$target_type&path=$path&is_prefer_https=$is_prefer_https&hsts_enabled=$hsts_enabled&certificate_type=custom&certificate_id=$cert_value&enforce_https=$DEPLOY_KEYHELP_ENFORCE_HTTPS"
+ _response=$(_post "$_request_body" "$DEPLOY_KEYHELP_BASEURL/index.php?page=domains&action=edit" "" "POST")
+ _message=$(echo "$_response" | grep -A 2 'message-body' | sed -n '/
/,/<\/div>/{//!p;}' | sed 's/<[^>]*>//g' | sed 's/^ *//;s/ *$//')
+ _info "_message" "$_message"
+ if [ -z "$_message" ]; then
+ _err "Fail to apply certificate."
+ return 1
+ fi
+ done
+
+ _info "Domain $_cdomain certificate successfully deployed to KeyHelp Domain ID $DEPLOY_KEYHELP_DOMAIN_ID."
+ return 0
+}
diff --git a/deploy/keyhelp_api.sh b/deploy/keyhelp_api.sh
new file mode 100644
index 00000000..75e9d951
--- /dev/null
+++ b/deploy/keyhelp_api.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env sh
+
+keyhelp_api_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+
+ # Read config from saved values or env
+ _getdeployconf DEPLOY_KEYHELP_HOST
+ _getdeployconf DEPLOY_KEYHELP_API_KEY
+
+ _debug DEPLOY_KEYHELP_HOST "$DEPLOY_KEYHELP_HOST"
+ _secure_debug DEPLOY_KEYHELP_API_KEY "$DEPLOY_KEYHELP_API_KEY"
+
+ if [ -z "$DEPLOY_KEYHELP_HOST" ]; then
+ _err "KeyHelp host not found, please define DEPLOY_KEYHELP_HOST."
+ return 1
+ fi
+ if [ -z "$DEPLOY_KEYHELP_API_KEY" ]; then
+ _err "KeyHelp api key not found, please define DEPLOY_KEYHELP_API_KEY."
+ return 1
+ fi
+
+ # Save current values
+ _savedeployconf DEPLOY_KEYHELP_HOST "$DEPLOY_KEYHELP_HOST"
+ _savedeployconf DEPLOY_KEYHELP_API_KEY "$DEPLOY_KEYHELP_API_KEY"
+
+ _request_key="$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')"
+ _request_cert="$(tr '\n' ':' <"$_ccert" | sed 's/:/\\n/g')"
+ _request_ca="$(tr '\n' ':' <"$_cca" | sed 's/:/\\n/g')"
+
+ _request_body="{
+ \"name\": \"$_cdomain\",
+ \"components\": {
+ \"private_key\": \"$_request_key\",
+ \"certificate\": \"$_request_cert\",
+ \"ca_certificate\": \"$_request_ca\"
+ }
+ }"
+
+ _hosts="$(echo "$DEPLOY_KEYHELP_HOST" | tr "," " ")"
+ _keys="$(echo "$DEPLOY_KEYHELP_API_KEY" | tr "," " ")"
+ _i=1
+
+ for _host in $_hosts; do
+ _key="$(_getfield "$_keys" "$_i" " ")"
+ _i="$(_math "$_i" + 1)"
+
+ export _H1="X-API-Key: $_key"
+
+ _put_url="$_host/api/v2/certificates/name/$_cdomain"
+ if _post "$_request_body" "$_put_url" "" "PUT" "application/json" >/dev/null; then
+ _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
+ else
+ _err "Cannot make PUT request to $_put_url"
+ return 1
+ fi
+
+ if [ "$_code" = "404" ]; then
+ _info "$_cdomain not found, creating new entry at $_host"
+
+ _post_url="$_host/api/v2/certificates"
+ if _post "$_request_body" "$_post_url" "" "POST" "application/json" >/dev/null; then
+ _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
+ else
+ _err "Cannot make POST request to $_post_url"
+ return 1
+ fi
+ fi
+
+ if _startswith "$_code" "2"; then
+ _info "$_cdomain set at $_host"
+ else
+ _err "HTTP status code is $_code"
+ return 1
+ fi
+ done
+
+ return 0
+}
diff --git a/deploy/netlify.sh b/deploy/netlify.sh
new file mode 100644
index 00000000..8d25f74c
--- /dev/null
+++ b/deploy/netlify.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env sh
+
+# Script to deploy certificate to Netlify
+# https://docs.netlify.com/api/get-started/#authentication
+# https://open-api.netlify.com/#tag/sniCertificate
+
+# This deployment required following variables
+# export Netlify_ACCESS_TOKEN="Your Netlify Access Token"
+# export Netlify_SITE_ID="Your Netlify Site ID"
+
+# If have more than one SITE ID
+# export Netlify_SITE_ID="SITE_ID_1 SITE_ID_2"
+
+# returns 0 means success, otherwise error.
+
+######## Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+netlify_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ if [ -z "$Netlify_ACCESS_TOKEN" ]; then
+ _err "Netlify_ACCESS_TOKEN is not defined."
+ return 1
+ else
+ _savedomainconf Netlify_ACCESS_TOKEN "$Netlify_ACCESS_TOKEN"
+ fi
+ if [ -z "$Netlify_SITE_ID" ]; then
+ _err "Netlify_SITE_ID is not defined."
+ return 1
+ else
+ _savedomainconf Netlify_SITE_ID "$Netlify_SITE_ID"
+ fi
+
+ _info "Deploying certificate to Netlify..."
+
+ ## upload certificate
+ string_ccert=$(sed 's/$/\\n/' "$_ccert" | tr -d '\n')
+ string_cca=$(sed 's/$/\\n/' "$_cca" | tr -d '\n')
+ string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')
+
+ for SITE_ID in $Netlify_SITE_ID; do
+ _request_body="{\"certificate\":\"$string_ccert\",\"key\":\"$string_key\",\"ca_certificates\":\"$string_cca\"}"
+ _debug _request_body "$_request_body"
+ _debug Netlify_ACCESS_TOKEN "$Netlify_ACCESS_TOKEN"
+ export _H1="Authorization: Bearer $Netlify_ACCESS_TOKEN"
+ _response=$(_post "$_request_body" "https://api.netlify.com/api/v1/sites/$SITE_ID/ssl" "" "POST" "application/json")
+
+ if _contains "$_response" "\"error\""; then
+ _err "Error in deploying $_cdomain certificate to Netlify SITE_ID $SITE_ID."
+ _err "$_response"
+ return 1
+ fi
+ _debug response "$_response"
+ _info "Domain $_cdomain certificate successfully deployed to Netlify SITE_ID $SITE_ID."
+ done
+
+ return 0
+}
diff --git a/deploy/panos.sh b/deploy/panos.sh
index 0dc1b2f0..c54d21fe 100644
--- a/deploy/panos.sh
+++ b/deploy/panos.sh
@@ -7,20 +7,27 @@
#
# Firewall admin with superuser and IP address is required.
#
-# REQURED:
+# REQUIRED:
# export PANOS_HOST=""
# export PANOS_USER="" #User *MUST* have Commit and Import Permissions in XML API for Admin Role
# export PANOS_PASS=""
#
# OPTIONAL
-# export PANOS_TEMPLATE="" #Template Name of panorama managed devices
+# export PANOS_TEMPLATE="" # Template Name of panorama managed devices
+# export PANOS_TEMPLATE_STACK="" # set a Template Stack if certificate should also be pushed automatically
+# export PANOS_VSYS="Shared" # name of the vsys to import the certificate
+# export PANOS_CERTNAME="" # use a custom certificate name to work around Panorama's 31-character limit
#
# The script will automatically generate a new API key if
# no key is found, or if a saved key has expired or is invalid.
+_COMMIT_WAIT_INTERVAL=30 # query commit status every 30 seconds
+_COMMIT_WAIT_ITERATIONS=20 # query commit status 20 times (20*30 = 600 seconds = 10 minutes)
+
# This function is to parse the XML response from the firewall
parse_response() {
type=$2
+ _debug "API Response: $1"
if [ "$type" = 'keygen' ]; then
status=$(echo "$1" | sed 's/^.*\(['\'']\)\([a-z]*\)'\''.*/\2/g')
if [ "$status" = "success" ]; then
@@ -30,6 +37,13 @@ parse_response() {
message="PAN-OS Key could not be set."
fi
else
+ if [ "$type" = 'commit' ]; then
+ job_id=$(echo "$1" | sed 's/^.*\(
\)\(.*\)<\/job>.*/\2/g')
+ _commit_job_id=$job_id
+ elif [ "$type" = 'job_status' ]; then
+ job_status=$(echo "$1" | tr -d '\n' | sed 's/^.*\([^<]*\)<\/result>.*/\1/g')
+ _commit_job_status=$job_status
+ fi
status=$(echo "$1" | tr -d '\n' | sed 's/^.*"\([a-z]*\)".*/\1/g')
message=$(echo "$1" | tr -d '\n' | sed 's/.*\(\|\|\)\([^<]*\).*/\2/g')
_debug "Firewall message: $message"
@@ -44,13 +58,13 @@ parse_response() {
#This function is used to deploy to the firewall
deployer() {
content=""
- type=$1 # Types are keytest, keygen, cert, key, commit
+ type=$1 # Types are keytest, keygen, cert, key, commit, job_status, push
panos_url="https://$_panos_host/api/"
+ export _H1="Content-Type: application/x-www-form-urlencoded"
#Test API Key by performing a lookup
if [ "$type" = 'keytest' ]; then
_debug "**** Testing saved API Key ****"
- _H1="Content-Type: application/x-www-form-urlencoded"
# Get Version Info to test key
content="type=version&key=$_panos_key"
## Exclude all scopes for the empty commit
@@ -61,7 +75,6 @@ deployer() {
# Generate API Key
if [ "$type" = 'keygen' ]; then
_debug "**** Generating new API Key ****"
- _H1="Content-Type: application/x-www-form-urlencoded"
content="type=keygen&user=$_panos_user&password=$_panos_pass"
# content="$content${nl}--$delim${nl}Content-Disposition: form-data; type=\"keygen\"; user=\"$_panos_user\"; password=\"$_panos_pass\"${nl}Content-Type: application/octet-stream${nl}${nl}"
fi
@@ -77,25 +90,31 @@ deployer() {
if [ "$type" = 'cert' ]; then
panos_url="${panos_url}?type=import"
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\ncertificate"
- content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
+ content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_panos_certname"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
if [ "$_panos_template" ]; then
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
fi
+ if [ "$_panos_vsys" ]; then
+ content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl-vsys\"\r\n\r\n$_panos_vsys"
+ fi
fi
if [ "$type" = 'key' ]; then
panos_url="${panos_url}?type=import"
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\nprivate-key"
- content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
+ content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_panos_certname"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
- content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cdomain.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
+ content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_panos_certname.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
if [ "$_panos_template" ]; then
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
fi
+ if [ "$_panos_vsys" ]; then
+ content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl-vsys\"\r\n\r\n$_panos_vsys"
+ fi
fi
#Close multipart
content="$content${nl}--$delim--${nl}${nl}"
@@ -106,7 +125,6 @@ deployer() {
# Commit changes
if [ "$type" = 'commit' ]; then
_debug "**** Committing changes ****"
- export _H1="Content-Type: application/x-www-form-urlencoded"
#Check for force commit - will commit ALL uncommited changes to the firewall. Use with caution!
if [ "$FORCE" ]; then
_debug "Force switch detected. Committing ALL changes to the firewall."
@@ -118,6 +136,20 @@ deployer() {
content="type=commit&action=partial&key=$_panos_key&cmd=$cmd"
fi
+ # Query job status
+ if [ "$type" = 'job_status' ]; then
+ echo "**** Querying job $_commit_job_id status ****"
+ cmd=$(printf "%s" "$_commit_job_id" | _url_encode)
+ content="type=op&key=$_panos_key&cmd=$cmd"
+ fi
+
+ # Push changes
+ if [ "$type" = 'push' ]; then
+ echo "**** Pushing changes ****"
+ cmd=$(printf "%s" "$_panos_template_stack$_panos_user" | _url_encode)
+ content="type=commit&action=all&key=$_panos_key&cmd=$cmd"
+ fi
+
response=$(_post "$content" "$panos_url" "" "POST")
parse_response "$response" "$type"
# Saving response to variables
@@ -126,6 +158,8 @@ deployer() {
if [ "$response_status" = "success" ]; then
_debug "Successfully deployed $type"
return 0
+ elif [ "$_commit_job_status" ]; then
+ _debug "Commit Job Status = $_commit_job_status"
else
_err "Deploy of type $type failed. Try deploying with --debug to troubleshoot."
_debug "$message"
@@ -191,11 +225,41 @@ panos_deploy() {
_getdeployconf PANOS_TEMPLATE
fi
+ # PANOS_TEMPLATE_STACK
+ if [ "$PANOS_TEMPLATE_STACK" ]; then
+ _debug "Detected ENV variable PANOS_TEMPLATE_STACK. Saving to file."
+ _savedeployconf PANOS_TEMPLATE_STACK "$PANOS_TEMPLATE_STACK" 1
+ else
+ _debug "Attempting to load variable PANOS_TEMPLATE_STACK from file."
+ _getdeployconf PANOS_TEMPLATE_STACK
+ fi
+
+ # PANOS_TEMPLATE_STACK
+ if [ "$PANOS_VSYS" ]; then
+ _debug "Detected ENV variable PANOS_VSYS. Saving to file."
+ _savedeployconf PANOS_VSYS "$PANOS_VSYS" 1
+ else
+ _debug "Attempting to load variable PANOS_VSYS from file."
+ _getdeployconf PANOS_VSYS
+ fi
+
+ # PANOS_CERTNAME
+ if [ "$PANOS_CERTNAME" ]; then
+ _debug "Detected ENV variable PANOS_CERTNAME. Saving to file."
+ _savedeployconf PANOS_CERTNAME "$PANOS_CERTNAME" 1
+ else
+ _debug "Attempting to load variable PANOS_CERTNAME from file."
+ _getdeployconf PANOS_CERTNAME
+ fi
+
#Store variables
_panos_host=$PANOS_HOST
_panos_user=$PANOS_USER
_panos_pass=$PANOS_PASS
_panos_template=$PANOS_TEMPLATE
+ _panos_template_stack=$PANOS_TEMPLATE_STACK
+ _panos_vsys=$PANOS_VSYS
+ _panos_certname=$PANOS_CERTNAME
#Test API Key if found. If the key is invalid, the variable _panos_key will be unset.
if [ "$_panos_host" ] && [ "$_panos_key" ]; then
@@ -214,6 +278,12 @@ panos_deploy() {
_err "No password found. If this is your first time deploying, please set PANOS_PASS in ENV variables. You can delete it after you have successfully deployed the certs."
return 1
else
+ # Use certificate name based on the first domain on the certificate if no custom certificate name is set
+ if [ -z "$_panos_certname" ]; then
+ _panos_certname="$_cdomain"
+ _savedeployconf PANOS_CERTNAME "$_panos_certname" 1
+ fi
+
# Generate a new API key if no valid API key is found
if [ -z "$_panos_key" ]; then
_debug "**** Generating new PANOS API KEY ****"
@@ -229,6 +299,20 @@ panos_deploy() {
deployer cert
deployer key
deployer commit
+ if [ "$_panos_template_stack" ]; then
+ # try to get job status for 20 times in 30 sec interval
+ i=0
+ while [ "$i" -lt $_COMMIT_WAIT_ITERATIONS ]; do
+ deployer job_status
+ if [ "$_commit_job_status" = "OK" ]; then
+ echo "Commit finished!"
+ break
+ fi
+ sleep $_COMMIT_WAIT_INTERVAL
+ i=$((i + 1))
+ done
+ deployer push
+ fi
fi
fi
}
diff --git a/deploy/proxmoxbs.sh b/deploy/proxmoxbs.sh
index d1146454..e8528e8f 100644
--- a/deploy/proxmoxbs.sh
+++ b/deploy/proxmoxbs.sh
@@ -115,6 +115,16 @@ HEREDOC
_info "Push certificates to server"
export HTTPS_INSECURE=1
export _H1="Authorization: PBSAPIToken=${_proxmoxbs_header_api_token}"
- _post "$_json_payload" "$_target_url" "" POST "application/json"
+ response=$(_post "$_json_payload" "$_target_url" "" POST "application/json")
+ _retval=$?
+ if [ "${_retval}" -eq 0 ]; then
+ _debug3 response "$response"
+ _info "Certificate successfully deployed"
+ return 0
+ else
+ _err "Certificate deployment failed"
+ _debug "Response" "$response"
+ return 1
+ fi
}
diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh
index f9de590c..8c67f7de 100644
--- a/deploy/proxmoxve.sh
+++ b/deploy/proxmoxve.sh
@@ -127,6 +127,16 @@ HEREDOC
_info "Push certificates to server"
export HTTPS_INSECURE=1
export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
- _post "$_json_payload" "$_target_url" "" POST "application/json"
+ response=$(_post "$_json_payload" "$_target_url" "" POST "application/json")
+ _retval=$?
+ if [ "${_retval}" -eq 0 ]; then
+ _debug3 response "$response"
+ _info "Certificate successfully deployed"
+ return 0
+ else
+ _err "Certificate deployment failed"
+ _debug "Response" "$response"
+ return 1
+ fi
}
diff --git a/deploy/truenas_ws.sh b/deploy/truenas_ws.sh
index bdc1b846..df34f927 100644
--- a/deploy/truenas_ws.sh
+++ b/deploy/truenas_ws.sh
@@ -39,13 +39,13 @@ _ws_call() {
_debug "_ws_call arg2" "$2"
_debug "_ws_call arg3" "$3"
if [ $# -eq 3 ]; then
- _ws_response=$(midclt -K "$DEPLOY_TRUENAS_APIKEY" call "$1" "$2" "$3")
+ _ws_response=$(midclt --uri "$_ws_uri" -K "$DEPLOY_TRUENAS_APIKEY" call "$1" "$2" "$3")
fi
if [ $# -eq 2 ]; then
- _ws_response=$(midclt -K "$DEPLOY_TRUENAS_APIKEY" call "$1" "$2")
+ _ws_response=$(midclt --uri "$_ws_uri" -K "$DEPLOY_TRUENAS_APIKEY" call "$1" "$2")
fi
if [ $# -eq 1 ]; then
- _ws_response=$(midclt -K "$DEPLOY_TRUENAS_APIKEY" call "$1")
+ _ws_response=$(midclt --uri "$_ws_uri" -K "$DEPLOY_TRUENAS_APIKEY" call "$1")
fi
_debug "_ws_response" "$_ws_response"
printf "%s" "$_ws_response"
@@ -60,7 +60,7 @@ _ws_upload_cert() {
import sys
from truenas_api_client import Client
-with Client() as c:
+with Client(uri="$_ws_uri") as c:
### Login with API key
print("I:Trying to upload new certificate...")
@@ -71,7 +71,7 @@ with Client() as c:
fullchain = file.read()
with open('$2', 'r') as file:
privatekey = file.read()
- ret = c.call("certificate.create", {"name": "$3", "create_type": "CERTIFICATE_CREATE_IMPORTED", "certificate": fullchain, "privatekey": privatekey, "passphrase": ""}, job=True)
+ ret = c.call("certificate.create", {"name": "$3", "create_type": "CERTIFICATE_CREATE_IMPORTED", "certificate": fullchain, "privatekey": privatekey}, job=True)
print("R:" + str(ret["id"]))
sys.exit(0)
else:
@@ -121,7 +121,7 @@ _ws_check_jobid() {
# n/a
_ws_get_job_result() {
while true; do
- sleep 2
+ _sleep 2
_ws_response=$(_ws_call "core.get_jobs" "[[\"id\", \"=\", $1]]")
if [ "$(printf "%s" "$_ws_response" | jq -r '.[]."state"')" != "RUNNING" ]; then
_ws_result="$(printf "%s" "$_ws_response" | jq '.[]."result"')"
@@ -179,11 +179,27 @@ truenas_ws_deploy() {
_info "Checking environment variables..."
_getdeployconf DEPLOY_TRUENAS_APIKEY
+ _getdeployconf DEPLOY_TRUENAS_HOSTNAME
+ _getdeployconf DEPLOY_TRUENAS_PROTOCOL
# Check API Key
if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then
_err "TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable."
return 1
fi
+ # Check Hostname, default to localhost if not set
+ if [ -z "$DEPLOY_TRUENAS_HOSTNAME" ]; then
+ _info "TrueNAS hostname not set. Using 'localhost'."
+ DEPLOY_TRUENAS_HOSTNAME="localhost"
+ fi
+ # Check protocol, default to ws if not set
+ if [ -z "$DEPLOY_TRUENAS_PROTOCOL" ]; then
+ _info "TrueNAS protocol not set. Using 'ws'."
+ DEPLOY_TRUENAS_PROTOCOL="ws"
+ fi
+ _ws_uri="$DEPLOY_TRUENAS_PROTOCOL://$DEPLOY_TRUENAS_HOSTNAME/websocket"
+ _debug2 DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME"
+ _debug2 DEPLOY_TRUENAS_PROTOCOL "$DEPLOY_TRUENAS_PROTOCOL"
+ _debug _ws_uri "$_ws_uri"
_secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY"
_info "Environment variables: OK"
@@ -205,6 +221,8 @@ truenas_ws_deploy() {
return 2
fi
_savedeployconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY"
+ _savedeployconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME"
+ _savedeployconf DEPLOY_TRUENAS_PROTOCOL "$DEPLOY_TRUENAS_PROTOCOL"
_info "TrueNAS health: OK"
########## System info
@@ -304,7 +322,7 @@ truenas_ws_deploy() {
_info "Restarting WebUI..."
_ws_response=$(_ws_call "system.general.ui_restart")
_info "Waiting for UI restart..."
- sleep 6
+ _sleep 15
########## Certificates
diff --git a/deploy/unifi.sh b/deploy/unifi.sh
index 1f274236..1d13e04f 100644
--- a/deploy/unifi.sh
+++ b/deploy/unifi.sh
@@ -143,8 +143,10 @@ unifi_deploy() {
# correct file ownership according to the directory, the keystore is placed in
_unifi_keystore_dir=$(dirname "${_unifi_keystore}")
- _unifi_keystore_dir_owner=$(find "${_unifi_keystore_dir}" -maxdepth 0 -printf '%u\n')
- _unifi_keystore_owner=$(find "${_unifi_keystore}" -maxdepth 0 -printf '%u\n')
+ # shellcheck disable=SC2012
+ _unifi_keystore_dir_owner=$(ls -ld "${_unifi_keystore_dir}" | awk '{print $3}')
+ # shellcheck disable=SC2012
+ _unifi_keystore_owner=$(ls -l "${_unifi_keystore}" | awk '{print $3}')
if ! [ "${_unifi_keystore_owner}" = "${_unifi_keystore_dir_owner}" ]; then
_debug "Changing keystore owner to ${_unifi_keystore_dir_owner}"
chown "$_unifi_keystore_dir_owner" "${_unifi_keystore}" >/dev/null 2>&1 # fail quietly if we're not running as root
diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh
index c88c9d9c..b76d69c2 100755
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@@ -161,7 +161,7 @@ _get_root() {
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100 | sed 's/\./\\./g')
_debug "Checking domain: $h"
if [ -z "$h" ]; then
- _error "invalid domain"
+ _err "invalid domain"
return 1
fi
diff --git a/dnsapi/dns_beget.sh b/dnsapi/dns_beget.sh
index aa43caed..5f3b1eb1 100755
--- a/dnsapi/dns_beget.sh
+++ b/dnsapi/dns_beget.sh
@@ -7,7 +7,7 @@ Options:
BEGET_User API user
BEGET_Password API password
Issues: github.com/acmesh-official/acme.sh/issues/6200
-Author: ARNik arnik@arnik.ru
+Author: ARNik
'
Beget_Api="https://api.beget.com/api"
diff --git a/dnsapi/dns_bookmyname.sh b/dnsapi/dns_bookmyname.sh
index 668cf074..cf3f1e3e 100644
--- a/dnsapi/dns_bookmyname.sh
+++ b/dnsapi/dns_bookmyname.sh
@@ -7,7 +7,7 @@ Options:
BOOKMYNAME_USERNAME Username
BOOKMYNAME_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/3209
-Author: Neilpang
+Author: @Neilpang
'
######## Public functions #####################
diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh
index 736742f3..7b383c43 100755
--- a/dnsapi/dns_cf.sh
+++ b/dnsapi/dns_cf.sh
@@ -92,7 +92,9 @@ dns_cf_add() {
if _contains "$response" "$txtvalue"; then
_info "Added, OK"
return 0
- elif _contains "$response" "The record already exists"; then
+ elif _contains "$response" "The record already exists" ||
+ _contains "$response" "An identical record already exists." ||
+ _contains "$response" '"code":81058'; then
_info "Already exists, OK"
return 0
else
diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh
index 8bb0e00d..23a219da 100755
--- a/dnsapi/dns_cloudns.sh
+++ b/dnsapi/dns_cloudns.sh
@@ -197,10 +197,11 @@ _dns_cloudns_http_api_call() {
auth_user="auth-id=$CLOUDNS_AUTH_ID"
fi
+ encoded_password=$(echo "$CLOUDNS_AUTH_PASSWORD" | tr -d "\n\r" | _url_encode)
if [ -z "$2" ]; then
- data="$auth_user&auth-password=$CLOUDNS_AUTH_PASSWORD"
+ data="$auth_user&auth-password=$encoded_password"
else
- data="$auth_user&auth-password=$CLOUDNS_AUTH_PASSWORD&$2"
+ data="$auth_user&auth-password=$encoded_password&$2"
fi
response="$(_get "$CLOUDNS_API/$method?$data")"
diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh
index 6a50e199..7251f8b2 100644
--- a/dnsapi/dns_constellix.sh
+++ b/dnsapi/dns_constellix.sh
@@ -117,7 +117,7 @@ dns_constellix_rm() {
#################### Private functions below ##################################
_get_root() {
- domain=$1
+ domain=$(echo "$1" | _lower_case)
i=2
p=1
_debug "Detecting root zone"
@@ -156,6 +156,9 @@ _constellix_rest() {
data="$3"
_debug "$ep"
+ # Prevent rate limit
+ _sleep 2
+
rdate=$(date +"%s")"000"
hmac=$(printf "%s" "$rdate" | _hmac sha1 "$(printf "%s" "$CONSTELLIX_Secret" | _hex_dump | tr -d ' ')" | _base64)
diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh
index f57afa1f..0ef03fea 100644
--- a/dnsapi/dns_curanet.sh
+++ b/dnsapi/dns_curanet.sh
@@ -15,7 +15,7 @@ CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains"
CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token"
CURANET_ACCESS_TOKEN=""
-######## Public functions #####################
+######## Public functions ####################
#Usage: dns_curanet_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_curanet_add() {
@@ -154,7 +154,7 @@ _get_root() {
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN"
response="$(_get "$CURANET_REST_URL/$h/Records" "" "")"
- if [ ! "$(echo "$response" | _egrep_o "Entity not found")" ]; then
+ if [ ! "$(echo "$response" | _egrep_o "Entity not found|Bad Request")" ]; then
_domain=$h
return 0
fi
diff --git a/dnsapi/dns_ddnss.sh b/dnsapi/dns_ddnss.sh
index 118b148b..0ac353d4 100644
--- a/dnsapi/dns_ddnss.sh
+++ b/dnsapi/dns_ddnss.sh
@@ -6,7 +6,7 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ddnss
Options:
DDNSS_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2230
-Author: RaidenII, helbgd, mod242
+Author: @helbgd, @mod242
'
DDNSS_DNS_API="https://ddnss.de/upd.php"
diff --git a/dnsapi/dns_dnshome.sh b/dnsapi/dns_dnshome.sh
index 59828796..6d583246 100755
--- a/dnsapi/dns_dnshome.sh
+++ b/dnsapi/dns_dnshome.sh
@@ -7,7 +7,7 @@ Options:
DNSHOME_Subdomain Subdomain
DNSHOME_SubdomainPassword Subdomain Password
Issues: github.com/acmesh-official/acme.sh/issues/3819
-Author: dnsHome.de https://github.com/dnsHome-de
+Author: @dnsHome-de
'
# Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh
index 71594873..33d401b0 100755
--- a/dnsapi/dns_duckdns.sh
+++ b/dnsapi/dns_duckdns.sh
@@ -5,7 +5,7 @@ Site: www.DuckDNS.org
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns
Options:
DuckDNS_Token API Token
-Author: RaidenII
+Author: @RaidenII
'
DuckDNS_API="https://www.duckdns.org/update"
diff --git a/dnsapi/dns_dyn.sh b/dnsapi/dns_dyn.sh
index 94201923..9b1a97a2 100644
--- a/dnsapi/dns_dyn.sh
+++ b/dnsapi/dns_dyn.sh
@@ -8,7 +8,7 @@ Options:
DYN_Customer Customer
DYN_Username API Username
DYN_Password Secret
-Author: Gerd Naschenweng
+Author: Gerd Naschenweng <@magicdude4eva>
'
# Dyn Managed DNS API
diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh
index 76af17f5..0c9491f8 100644
--- a/dnsapi/dns_dynv6.sh
+++ b/dnsapi/dns_dynv6.sh
@@ -8,7 +8,7 @@ Options:
OptionsAlt:
KEY Path to SSH private key file. E.g. "/root/.ssh/dynv6"
Issues: github.com/acmesh-official/acme.sh/issues/2702
-Author: StefanAbl
+Author: @StefanAbl
'
dynv6_api="https://dynv6.com/api/v2"
diff --git a/dnsapi/dns_easydns.sh b/dnsapi/dns_easydns.sh
index 1c96ac8f..423def2b 100644
--- a/dnsapi/dns_easydns.sh
+++ b/dnsapi/dns_easydns.sh
@@ -7,7 +7,7 @@ Options:
EASYDNS_Token API Token
EASYDNS_Key API Key
Issues: github.com/acmesh-official/acme.sh/issues/2647
-Author: Neilpang, wurzelpanzer
+Author: @Neilpang, wurzelpanzer
'
# API Documentation: https://sandbox.rest.easydns.net:3001/
diff --git a/dnsapi/dns_fornex.sh b/dnsapi/dns_fornex.sh
index 91e5491b..dcaa2297 100644
--- a/dnsapi/dns_fornex.sh
+++ b/dnsapi/dns_fornex.sh
@@ -95,7 +95,7 @@ _get_root() {
return 1
fi
- if ! _rest GET "dns/domain/"; then
+ if ! _rest GET "dns/domain/?q=$h"; then
return 1
fi
diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh
index 114f30e0..13d9f68b 100755
--- a/dnsapi/dns_freedns.sh
+++ b/dnsapi/dns_freedns.sh
@@ -7,7 +7,7 @@ Options:
FREEDNS_User Username
FREEDNS_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/2305
-Author: David Kerr
+Author: David Kerr <@dkerr64>
'
######## Public functions #####################
diff --git a/dnsapi/dns_he_ddns.sh b/dnsapi/dns_he_ddns.sh
index cd7d1ec2..1fe9a7fd 100644
--- a/dnsapi/dns_he_ddns.sh
+++ b/dnsapi/dns_he_ddns.sh
@@ -5,6 +5,7 @@ Site: dns.he.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_he_ddns
Options:
HE_DDNS_KEY The DDNS key
+Issues: https://github.com/acmesh-official/acme.sh/issues/5238
Author: Markku Leiniö
'
diff --git a/dnsapi/dns_hetznercloud.sh b/dnsapi/dns_hetznercloud.sh
new file mode 100644
index 00000000..4a7eea90
--- /dev/null
+++ b/dnsapi/dns_hetznercloud.sh
@@ -0,0 +1,593 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC2034
+dns_hetznercloud_info='Hetzner Cloud DNS
+Site: Hetzner.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_hetznercloud
+Options:
+ HETZNER_TOKEN API token for the Hetzner Cloud DNS API
+Optional:
+ HETZNER_TTL Custom TTL for new TXT rrsets (default 120)
+ HETZNER_API Override API endpoint (default https://api.hetzner.cloud/v1)
+ HETZNER_MAX_ATTEMPTS Number of 1s polls to wait for async actions (default 120)
+Issues: github.com/acmesh-official/acme.sh/issues
+'
+
+HETZNERCLOUD_API_DEFAULT="https://api.hetzner.cloud/v1"
+HETZNERCLOUD_TTL_DEFAULT=120
+HETZNER_MAX_ATTEMPTS_DEFAULT=120
+
+######## Public functions #####################
+
+dns_hetznercloud_add() {
+ fulldomain="$(_idn "${1}")"
+ txtvalue="${2}"
+
+ _info "Using Hetzner Cloud DNS API to add record"
+
+ if ! _hetznercloud_init; then
+ return 1
+ fi
+
+ if ! _hetznercloud_prepare_zone "${fulldomain}"; then
+ _err "Unable to determine Hetzner Cloud zone for ${fulldomain}"
+ return 1
+ fi
+
+ if ! _hetznercloud_get_rrset; then
+ return 1
+ fi
+
+ if [ "${_hetznercloud_last_http_code}" = "200" ]; then
+ if _hetznercloud_rrset_contains_value "${txtvalue}"; then
+ _info "TXT record already present; nothing to do."
+ return 0
+ fi
+ elif [ "${_hetznercloud_last_http_code}" != "404" ]; then
+ _hetznercloud_log_http_error "Failed to query existing TXT rrset" "${_hetznercloud_last_http_code}"
+ return 1
+ fi
+
+ add_payload="$(_hetznercloud_build_add_payload "${txtvalue}")"
+ if [ -z "${add_payload}" ]; then
+ _err "Failed to build request payload."
+ return 1
+ fi
+
+ if ! _hetznercloud_api POST "${_hetznercloud_rrset_action_add}" "${add_payload}"; then
+ return 1
+ fi
+
+ case "${_hetznercloud_last_http_code}" in
+ 200 | 201 | 202 | 204)
+ if ! _hetznercloud_handle_action_response "TXT record add"; then
+ return 1
+ fi
+ _info "Hetzner Cloud TXT record added."
+ return 0
+ ;;
+ 401 | 403)
+ _err "Hetzner Cloud DNS API authentication failed (HTTP ${_hetznercloud_last_http_code}). Check HETZNER_TOKEN for the new API."
+ _hetznercloud_log_http_error "" "${_hetznercloud_last_http_code}"
+ return 1
+ ;;
+ 409 | 422)
+ _hetznercloud_log_http_error "Hetzner Cloud DNS rejected the add_records request" "${_hetznercloud_last_http_code}"
+ return 1
+ ;;
+ *)
+ _hetznercloud_log_http_error "Hetzner Cloud DNS add_records request failed" "${_hetznercloud_last_http_code}"
+ return 1
+ ;;
+ esac
+}
+
+dns_hetznercloud_rm() {
+ fulldomain="$(_idn "${1}")"
+ txtvalue="${2}"
+
+ _info "Using Hetzner Cloud DNS API to remove record"
+
+ if ! _hetznercloud_init; then
+ return 1
+ fi
+
+ if ! _hetznercloud_prepare_zone "${fulldomain}"; then
+ _err "Unable to determine Hetzner Cloud zone for ${fulldomain}"
+ return 1
+ fi
+
+ if ! _hetznercloud_get_rrset; then
+ return 1
+ fi
+
+ if [ "${_hetznercloud_last_http_code}" = "404" ]; then
+ _info "TXT rrset does not exist; nothing to remove."
+ return 0
+ fi
+
+ if [ "${_hetznercloud_last_http_code}" != "200" ]; then
+ _hetznercloud_log_http_error "Failed to query existing TXT rrset" "${_hetznercloud_last_http_code}"
+ return 1
+ fi
+
+ if _hetznercloud_rrset_contains_value "${txtvalue}"; then
+ remove_payload="$(_hetznercloud_build_remove_payload "${txtvalue}")"
+ if [ -z "${remove_payload}" ]; then
+ _err "Failed to build remove_records payload."
+ return 1
+ fi
+ if ! _hetznercloud_api POST "${_hetznercloud_rrset_action_remove}" "${remove_payload}"; then
+ return 1
+ fi
+ case "${_hetznercloud_last_http_code}" in
+ 200 | 201 | 202 | 204)
+ if ! _hetznercloud_handle_action_response "TXT record remove"; then
+ return 1
+ fi
+ _info "Hetzner Cloud TXT record removed."
+ return 0
+ ;;
+ 401 | 403)
+ _err "Hetzner Cloud DNS API authentication failed (HTTP ${_hetznercloud_last_http_code}). Check HETZNER_TOKEN for the new API."
+ _hetznercloud_log_http_error "" "${_hetznercloud_last_http_code}"
+ return 1
+ ;;
+ 404)
+ _info "TXT rrset already absent after remove action."
+ return 0
+ ;;
+ 409 | 422)
+ _hetznercloud_log_http_error "Hetzner Cloud DNS rejected the remove_records request" "${_hetznercloud_last_http_code}"
+ return 1
+ ;;
+ *)
+ _hetznercloud_log_http_error "Hetzner Cloud DNS remove_records request failed" "${_hetznercloud_last_http_code}"
+ return 1
+ ;;
+ esac
+ else
+ _info "TXT value not present; nothing to remove."
+ return 0
+ fi
+}
+
+#################### Private functions ##################################
+
+_hetznercloud_init() {
+ HETZNER_TOKEN="${HETZNER_TOKEN:-$(_readaccountconf_mutable HETZNER_TOKEN)}"
+ if [ -z "${HETZNER_TOKEN}" ]; then
+ _err "The environment variable HETZNER_TOKEN must be set for the Hetzner Cloud DNS API."
+ return 1
+ fi
+ HETZNER_TOKEN=$(echo "${HETZNER_TOKEN}" | tr -d '"')
+ _saveaccountconf_mutable HETZNER_TOKEN "${HETZNER_TOKEN}"
+
+ HETZNER_API="${HETZNER_API:-$(_readaccountconf_mutable HETZNER_API)}"
+ if [ -z "${HETZNER_API}" ]; then
+ HETZNER_API="${HETZNERCLOUD_API_DEFAULT}"
+ fi
+ _saveaccountconf_mutable HETZNER_API "${HETZNER_API}"
+
+ HETZNER_TTL="${HETZNER_TTL:-$(_readaccountconf_mutable HETZNER_TTL)}"
+ if [ -z "${HETZNER_TTL}" ]; then
+ HETZNER_TTL="${HETZNERCLOUD_TTL_DEFAULT}"
+ fi
+ ttl_check=$(printf "%s" "${HETZNER_TTL}" | tr -d '0-9')
+ if [ -n "${ttl_check}" ]; then
+ _err "HETZNER_TTL must be an integer value."
+ return 1
+ fi
+ _saveaccountconf_mutable HETZNER_TTL "${HETZNER_TTL}"
+
+ HETZNER_MAX_ATTEMPTS="${HETZNER_MAX_ATTEMPTS:-$(_readaccountconf_mutable HETZNER_MAX_ATTEMPTS)}"
+ if [ -z "${HETZNER_MAX_ATTEMPTS}" ]; then
+ HETZNER_MAX_ATTEMPTS="${HETZNER_MAX_ATTEMPTS_DEFAULT}"
+ fi
+ attempts_check=$(printf "%s" "${HETZNER_MAX_ATTEMPTS}" | tr -d '0-9')
+ if [ -n "${attempts_check}" ]; then
+ _err "HETZNER_MAX_ATTEMPTS must be an integer value."
+ return 1
+ fi
+ _saveaccountconf_mutable HETZNER_MAX_ATTEMPTS "${HETZNER_MAX_ATTEMPTS}"
+
+ return 0
+}
+
+_hetznercloud_prepare_zone() {
+ _hetznercloud_zone_id=""
+ _hetznercloud_zone_name=""
+ _hetznercloud_zone_name_lc=""
+ _hetznercloud_rr_name=""
+ _hetznercloud_rrset_path=""
+ _hetznercloud_rrset_action_add=""
+ _hetznercloud_rrset_action_remove=""
+ fulldomain_lc=$(printf "%s" "${1}" | sed 's/\.$//' | _lower_case)
+
+ i=2
+ p=1
+ while true; do
+ candidate=$(printf "%s" "${fulldomain_lc}" | cut -d . -f "${i}"-100)
+ if [ -z "${candidate}" ]; then
+ return 1
+ fi
+
+ if _hetznercloud_get_zone_by_candidate "${candidate}"; then
+ zone_name_lc="${_hetznercloud_zone_name_lc}"
+ if [ "${fulldomain_lc}" = "${zone_name_lc}" ]; then
+ _hetznercloud_rr_name="@"
+ else
+ suffix=".${zone_name_lc}"
+ if _endswith "${fulldomain_lc}" "${suffix}"; then
+ _hetznercloud_rr_name="${fulldomain_lc%"${suffix}"}"
+ else
+ _hetznercloud_rr_name="${fulldomain_lc}"
+ fi
+ fi
+ _hetznercloud_rrset_path=$(printf "%s" "${_hetznercloud_rr_name}" | _url_encode)
+ _hetznercloud_rrset_action_add="/zones/${_hetznercloud_zone_id}/rrsets/${_hetznercloud_rrset_path}/TXT/actions/add_records"
+ _hetznercloud_rrset_action_remove="/zones/${_hetznercloud_zone_id}/rrsets/${_hetznercloud_rrset_path}/TXT/actions/remove_records"
+ return 0
+ fi
+ p=${i}
+ i=$(_math "${i}" + 1)
+ done
+}
+
+_hetznercloud_get_zone_by_candidate() {
+ candidate="${1}"
+ zone_key=$(printf "%s" "${candidate}" | sed 's/[^A-Za-z0-9]/_/g')
+ zone_conf_key="HETZNERCLOUD_ZONE_ID_for_${zone_key}"
+
+ cached_zone_id=$(_readdomainconf "${zone_conf_key}")
+ if [ -n "${cached_zone_id}" ]; then
+ if _hetznercloud_api GET "/zones/${cached_zone_id}"; then
+ if [ "${_hetznercloud_last_http_code}" = "200" ]; then
+ zone_data=$(printf "%s" "${response}" | _normalizeJson | sed 's/^{"zone"://' | sed 's/}$//')
+ if _hetznercloud_parse_zone_fields "${zone_data}"; then
+ zone_name_lc=$(printf "%s" "${_hetznercloud_zone_name}" | _lower_case)
+ if [ "${zone_name_lc}" = "${candidate}" ]; then
+ return 0
+ fi
+ fi
+ elif [ "${_hetznercloud_last_http_code}" = "404" ]; then
+ _cleardomainconf "${zone_conf_key}"
+ fi
+ else
+ return 1
+ fi
+ fi
+
+ if _hetznercloud_api GET "/zones/${candidate}"; then
+ if [ "${_hetznercloud_last_http_code}" = "200" ]; then
+ zone_data=$(printf "%s" "${response}" | _normalizeJson | sed 's/^{"zone"://' | sed 's/}$//')
+ if _hetznercloud_parse_zone_fields "${zone_data}"; then
+ zone_name_lc=$(printf "%s" "${_hetznercloud_zone_name}" | _lower_case)
+ if [ "${zone_name_lc}" = "${candidate}" ]; then
+ _savedomainconf "${zone_conf_key}" "${_hetznercloud_zone_id}"
+ return 0
+ fi
+ fi
+ elif [ "${_hetznercloud_last_http_code}" != "404" ]; then
+ _hetznercloud_log_http_error "Hetzner Cloud zone lookup failed" "${_hetznercloud_last_http_code}"
+ return 1
+ fi
+ else
+ return 1
+ fi
+
+ encoded_candidate=$(printf "%s" "${candidate}" | _url_encode)
+ if ! _hetznercloud_api GET "/zones?name=${encoded_candidate}"; then
+ return 1
+ fi
+ if [ "${_hetznercloud_last_http_code}" != "200" ]; then
+ if [ "${_hetznercloud_last_http_code}" = "404" ]; then
+ return 1
+ fi
+ _hetznercloud_log_http_error "Hetzner Cloud zone search failed" "${_hetznercloud_last_http_code}"
+ return 1
+ fi
+
+ zone_data=$(_hetznercloud_extract_zone_from_list "${response}" "${candidate}")
+ if [ -z "${zone_data}" ]; then
+ return 1
+ fi
+ if ! _hetznercloud_parse_zone_fields "${zone_data}"; then
+ return 1
+ fi
+ _savedomainconf "${zone_conf_key}" "${_hetznercloud_zone_id}"
+ return 0
+}
+
+_hetznercloud_parse_zone_fields() {
+ zone_json="${1}"
+ if [ -z "${zone_json}" ]; then
+ return 1
+ fi
+ normalized=$(printf "%s" "${zone_json}" | _normalizeJson)
+ zone_id=$(printf "%s" "${normalized}" | _egrep_o '"id":[^,}]*' | _head_n 1 | cut -d : -f 2 | tr -d ' "')
+ zone_name=$(printf "%s" "${normalized}" | _egrep_o '"name":"[^"]*"' | _head_n 1 | cut -d : -f 2 | tr -d '"')
+ if [ -z "${zone_id}" ] || [ -z "${zone_name}" ]; then
+ return 1
+ fi
+ zone_name_trimmed=$(printf "%s" "${zone_name}" | sed 's/\.$//')
+ if zone_name_ascii=$(_idn "${zone_name_trimmed}"); then
+ zone_name="${zone_name_ascii}"
+ else
+ zone_name="${zone_name_trimmed}"
+ fi
+ _hetznercloud_zone_id="${zone_id}"
+ _hetznercloud_zone_name="${zone_name}"
+ _hetznercloud_zone_name_lc=$(printf "%s" "${zone_name}" | _lower_case)
+ return 0
+}
+
+_hetznercloud_extract_zone_from_list() {
+ list_response=$(printf "%s" "${1}" | _normalizeJson)
+ candidate="${2}"
+ escaped_candidate=$(_hetznercloud_escape_regex "${candidate}")
+ printf "%s" "${list_response}" | _egrep_o "{[^{}]*\"name\":\"${escaped_candidate}\"[^{}]*}" | _head_n 1
+}
+
+_hetznercloud_escape_regex() {
+ printf "%s" "${1}" | sed 's/\\/\\\\/g' | sed 's/\./\\./g' | sed 's/-/\\-/g'
+}
+
+_hetznercloud_get_rrset() {
+ if [ -z "${_hetznercloud_zone_id}" ] || [ -z "${_hetznercloud_rrset_path}" ]; then
+ return 1
+ fi
+ if ! _hetznercloud_api GET "/zones/${_hetznercloud_zone_id}/rrsets/${_hetznercloud_rrset_path}/TXT"; then
+ return 1
+ fi
+ return 0
+}
+
+_hetznercloud_rrset_contains_value() {
+ wanted_value="${1}"
+ normalized=$(printf "%s" "${response}" | _normalizeJson)
+ escaped_value=$(_hetznercloud_escape_value "${wanted_value}")
+ search_pattern="\"value\":\"\\\\\"${escaped_value}\\\\\"\""
+ if _contains "${normalized}" "${search_pattern}"; then
+ return 0
+ fi
+ return 1
+}
+
+_hetznercloud_build_add_payload() {
+ value="${1}"
+ escaped_value=$(_hetznercloud_escape_value "${value}")
+ printf '{"ttl":%s,"records":[{"value":"\\"%s\\""}]}' "${HETZNER_TTL}" "${escaped_value}"
+}
+
+_hetznercloud_build_remove_payload() {
+ value="${1}"
+ escaped_value=$(_hetznercloud_escape_value "${value}")
+ printf '{"records":[{"value":"\\"%s\\""}]}' "${escaped_value}"
+}
+
+_hetznercloud_escape_value() {
+ printf "%s" "${1}" | sed 's/\\/\\\\/g' | sed 's/"/\\"/g'
+}
+
+_hetznercloud_error_message() {
+ if [ -z "${response}" ]; then
+ return 1
+ fi
+ message=$(printf "%s" "${response}" | _normalizeJson | _egrep_o '"message":"[^"]*"' | _head_n 1 | cut -d : -f 2 | tr -d '"')
+ if [ -n "${message}" ]; then
+ printf "%s" "${message}"
+ return 0
+ fi
+ return 1
+}
+
+_hetznercloud_log_http_error() {
+ context="${1}"
+ code="${2}"
+ message="$(_hetznercloud_error_message)"
+ if [ -n "${context}" ]; then
+ if [ -n "${message}" ]; then
+ _err "${context} (HTTP ${code}): ${message}"
+ else
+ _err "${context} (HTTP ${code})"
+ fi
+ else
+ if [ -n "${message}" ]; then
+ _err "Hetzner Cloud DNS API error (HTTP ${code}): ${message}"
+ else
+ _err "Hetzner Cloud DNS API error (HTTP ${code})"
+ fi
+ fi
+}
+
+_hetznercloud_api() {
+ method="${1}"
+ ep="${2}"
+ data="${3}"
+ retried="${4}"
+
+ if [ -z "${method}" ]; then
+ method="GET"
+ fi
+
+ if ! _startswith "${ep}" "/"; then
+ ep="/${ep}"
+ fi
+ url="${HETZNER_API}${ep}"
+
+ export _H1="Authorization: Bearer ${HETZNER_TOKEN}"
+ export _H2="Accept: application/json"
+ export _H3=""
+ export _H4=""
+ export _H5=""
+
+ : >"${HTTP_HEADER}"
+
+ if [ "${method}" = "GET" ]; then
+ response="$(_get "${url}")"
+ else
+ if [ -z "${data}" ]; then
+ data="{}"
+ fi
+ response="$(_post "${data}" "${url}" "" "${method}" "application/json")"
+ fi
+ ret="${?}"
+
+ _hetznercloud_last_http_code=$(grep "^HTTP" "${HTTP_HEADER}" | _tail_n 1 | cut -d " " -f 2 | tr -d '\r\n')
+
+ if [ "${ret}" != "0" ]; then
+ return 1
+ fi
+
+ if [ "${_hetznercloud_last_http_code}" = "429" ] && [ "${retried}" != "retried" ]; then
+ retry_after=$(grep -i "^Retry-After" "${HTTP_HEADER}" | _tail_n 1 | cut -d : -f 2 | tr -d ' \r')
+ if [ -z "${retry_after}" ]; then
+ retry_after=1
+ fi
+ _info "Hetzner Cloud DNS API rate limit hit; retrying in ${retry_after} seconds."
+ _sleep "${retry_after}"
+ if ! _hetznercloud_api "${method}" "${ep}" "${data}" "retried"; then
+ return 1
+ fi
+ return 0
+ fi
+
+ return 0
+}
+
+_hetznercloud_handle_action_response() {
+ context="${1}"
+ if [ -z "${response}" ]; then
+ return 0
+ fi
+
+ normalized=$(printf "%s" "${response}" | _normalizeJson)
+
+ failed_message=""
+ if failed_message=$(_hetznercloud_extract_failed_action_message "${normalized}"); then
+ if [ -n "${failed_message}" ]; then
+ _err "Hetzner Cloud DNS ${context} failed: ${failed_message}"
+ else
+ _err "Hetzner Cloud DNS ${context} failed."
+ fi
+ return 1
+ fi
+
+ action_ids=""
+ if action_ids=$(_hetznercloud_extract_action_ids "${normalized}"); then
+ for action_id in ${action_ids}; do
+ if [ -z "${action_id}" ]; then
+ continue
+ fi
+ if ! _hetznercloud_wait_for_action "${action_id}" "${context}"; then
+ return 1
+ fi
+ done
+ fi
+
+ return 0
+}
+
+_hetznercloud_extract_failed_action_message() {
+ normalized="${1}"
+ failed_section=$(printf "%s" "${normalized}" | _egrep_o '"failed_actions":\[[^]]*\]')
+ if [ -z "${failed_section}" ]; then
+ return 1
+ fi
+ if _contains "${failed_section}" '"failed_actions":[]'; then
+ return 1
+ fi
+ message=$(printf "%s" "${failed_section}" | _egrep_o '"message":"[^"]*"' | _head_n 1 | cut -d : -f 2 | tr -d '"')
+ if [ -n "${message}" ]; then
+ printf "%s" "${message}"
+ else
+ printf "%s" "${failed_section}"
+ fi
+ return 0
+}
+
+_hetznercloud_extract_action_ids() {
+ normalized="${1}"
+ actions_section=$(printf "%s" "${normalized}" | _egrep_o '"actions":\[[^]]*\]')
+ if [ -z "${actions_section}" ]; then
+ return 1
+ fi
+ action_ids=$(printf "%s" "${actions_section}" | _egrep_o '"id":[0-9]*' | cut -d : -f 2 | tr -d '"' | tr '\n' ' ')
+ action_ids=$(printf "%s" "${action_ids}" | tr -s ' ')
+ action_ids=$(printf "%s" "${action_ids}" | sed 's/^ //;s/ $//')
+ if [ -z "${action_ids}" ]; then
+ return 1
+ fi
+ printf "%s" "${action_ids}"
+ return 0
+}
+
+_hetznercloud_wait_for_action() {
+ action_id="${1}"
+ context="${2}"
+ attempts="0"
+
+ while true; do
+ if ! _hetznercloud_api GET "/actions/${action_id}"; then
+ return 1
+ fi
+ if [ "${_hetznercloud_last_http_code}" != "200" ]; then
+ _hetznercloud_log_http_error "Hetzner Cloud DNS action ${action_id} query failed" "${_hetznercloud_last_http_code}"
+ return 1
+ fi
+
+ normalized=$(printf "%s" "${response}" | _normalizeJson)
+ action_status=$(_hetznercloud_action_status_from_normalized "${normalized}")
+
+ if [ -z "${action_status}" ]; then
+ _err "Hetzner Cloud DNS ${context} action ${action_id} returned no status."
+ return 1
+ fi
+
+ if [ "${action_status}" = "success" ]; then
+ return 0
+ fi
+
+ if [ "${action_status}" = "error" ]; then
+ if action_error=$(_hetznercloud_action_error_from_normalized "${normalized}"); then
+ _err "Hetzner Cloud DNS ${context} action ${action_id} failed: ${action_error}"
+ else
+ _err "Hetzner Cloud DNS ${context} action ${action_id} failed."
+ fi
+ return 1
+ fi
+
+ attempts=$(_math "${attempts}" + 1)
+ if [ "${attempts}" -ge "${HETZNER_MAX_ATTEMPTS}" ]; then
+ _err "Hetzner Cloud DNS ${context} action ${action_id} did not complete after ${HETZNER_MAX_ATTEMPTS} attempts."
+ return 1
+ fi
+
+ _sleep 1
+ done
+}
+
+_hetznercloud_action_status_from_normalized() {
+ normalized="${1}"
+ status=$(printf "%s" "${normalized}" | _egrep_o '"status":"[^"]*"' | _head_n 1 | cut -d : -f 2 | tr -d '"')
+ printf "%s" "${status}"
+}
+
+_hetznercloud_action_error_from_normalized() {
+ normalized="${1}"
+ error_section=$(printf "%s" "${normalized}" | _egrep_o '"error":{[^}]*}')
+ if [ -z "${error_section}" ]; then
+ return 1
+ fi
+ message=$(printf "%s" "${error_section}" | _egrep_o '"message":"[^"]*"' | _head_n 1 | cut -d : -f 2 | tr -d '"')
+ if [ -n "${message}" ]; then
+ printf "%s" "${message}"
+ return 0
+ fi
+ code=$(printf "%s" "${error_section}" | _egrep_o '"code":"[^"]*"' | _head_n 1 | cut -d : -f 2 | tr -d '"')
+ if [ -n "${code}" ]; then
+ printf "%s" "${code}"
+ return 0
+ fi
+ return 1
+}
diff --git a/dnsapi/dns_infoblox_uddi.sh b/dnsapi/dns_infoblox_uddi.sh
new file mode 100644
index 00000000..4b15088a
--- /dev/null
+++ b/dnsapi/dns_infoblox_uddi.sh
@@ -0,0 +1,244 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC2034
+dns_infoblox_uddi_info='Infoblox UDDI
+Site: Infoblox.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infoblox_uddi
+Options:
+ Infoblox_UDDI_Key API Key for Infoblox UDDI
+ Infoblox_Portal URL, e.g. "csp.infoblox.com" or "csp.eu.infoblox.com"
+Issues: github.com/acmesh-official/acme.sh/issues
+Author: Stefan Riegel
+'
+
+Infoblox_UDDI_Api="https://"
+
+######## Public functions #####################
+
+#Usage: dns_infoblox_uddi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_infoblox_uddi_add() {
+ fulldomain=$1
+ txtvalue=$2
+
+ Infoblox_UDDI_Key="${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}"
+ Infoblox_Portal="${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}"
+
+ _info "Using Infoblox UDDI API"
+ _debug fulldomain "$fulldomain"
+ _debug txtvalue "$txtvalue"
+
+ if [ -z "$Infoblox_UDDI_Key" ] || [ -z "$Infoblox_Portal" ]; then
+ Infoblox_UDDI_Key=""
+ Infoblox_Portal=""
+ _err "You didn't specify the Infoblox UDDI key or server (Infoblox_UDDI_Key; Infoblox_Portal)."
+ _err "Please set them via EXPORT Infoblox_UDDI_Key=your_key, EXPORT Infoblox_Portal=csp.infoblox.com and try again."
+ return 1
+ fi
+
+ _saveaccountconf_mutable Infoblox_UDDI_Key "$Infoblox_UDDI_Key"
+ _saveaccountconf_mutable Infoblox_Portal "$Infoblox_Portal"
+
+ export _H1="Authorization: Token $Infoblox_UDDI_Key"
+ export _H2="Content-Type: application/json"
+
+ _debug "First detect the root zone"
+ if ! _get_root "$fulldomain"; then
+ _err "invalid domain"
+ return 1
+ fi
+ _debug _domain_id "$_domain_id"
+ _debug _sub_domain "$_sub_domain"
+ _debug _domain "$_domain"
+
+ _debug "Getting existing txt records"
+ _infoblox_rest GET "dns/record?_filter=type%20eq%20'TXT'%20and%20name_in_zone%20eq%20'$_sub_domain'%20and%20zone%20eq%20'$_domain_id'"
+
+ _info "Adding record"
+ body="{\"type\":\"TXT\",\"name_in_zone\":\"$_sub_domain\",\"zone\":\"$_domain_id\",\"ttl\":120,\"inheritance_sources\":{\"ttl\":{\"action\":\"override\"}},\"rdata\":{\"text\":\"$txtvalue\"}}"
+
+ if _infoblox_rest POST "dns/record" "$body"; then
+ if _contains "$response" "$txtvalue"; then
+ _info "Added, OK"
+ return 0
+ elif _contains "$response" '"error"'; then
+ # Check if record already exists
+ if _contains "$response" "already exists" || _contains "$response" "duplicate"; then
+ _info "Already exists, OK"
+ return 0
+ else
+ _err "Add txt record error."
+ _err "Response: $response"
+ return 1
+ fi
+ else
+ _info "Added, OK"
+ return 0
+ fi
+ fi
+ _err "Add txt record error."
+ return 1
+}
+
+#Usage: dns_infoblox_uddi_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_infoblox_uddi_rm() {
+ fulldomain=$1
+ txtvalue=$2
+
+ Infoblox_UDDI_Key="${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}"
+ Infoblox_Portal="${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}"
+
+ if [ -z "$Infoblox_UDDI_Key" ] || [ -z "$Infoblox_Portal" ]; then
+ _err "Credentials not found"
+ return 1
+ fi
+
+ _info "Using Infoblox UDDI API"
+ _debug fulldomain "$fulldomain"
+ _debug txtvalue "$txtvalue"
+
+ export _H1="Authorization: Token $Infoblox_UDDI_Key"
+ export _H2="Content-Type: application/json"
+
+ _debug "First detect the root zone"
+ if ! _get_root "$fulldomain"; then
+ _err "invalid domain"
+ return 1
+ fi
+ _debug _domain_id "$_domain_id"
+ _debug _sub_domain "$_sub_domain"
+ _debug _domain "$_domain"
+
+ _debug "Getting txt records to delete"
+ # Filter by txtvalue to support wildcard certs (multiple TXT records)
+ filter="type%20eq%20'TXT'%20and%20name_in_zone%20eq%20'$_sub_domain'%20and%20zone%20eq%20'$_domain_id'%20and%20rdata.text%20eq%20'$txtvalue'"
+ _infoblox_rest GET "dns/record?_filter=$filter"
+
+ if ! _contains "$response" '"results"'; then
+ _info "Don't need to remove, record not found."
+ return 0
+ fi
+
+ record_id=$(echo "$response" | _egrep_o '"id":[[:space:]]*"[^"]*"' | _head_n 1 | cut -d '"' -f 4)
+ _debug "record_id" "$record_id"
+
+ if [ -z "$record_id" ]; then
+ _info "Don't need to remove, record not found."
+ return 0
+ fi
+
+ # Extract UUID from the full record ID (format: dns/record/uuid)
+ record_uuid=$(echo "$record_id" | sed 's|.*/||')
+ _debug "record_uuid" "$record_uuid"
+
+ if ! _infoblox_rest DELETE "dns/record/$record_uuid"; then
+ _err "Delete record error."
+ return 1
+ fi
+
+ _info "Removed record successfully"
+ return 0
+}
+
+#################### Private functions below ##################################
+
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+# _domain_id=dns/auth_zone/xxxx-xxxx
+_get_root() {
+ domain=$1
+ i=1
+ p=1
+
+ # Remove _acme-challenge prefix if present
+ domain_no_acme=$(echo "$domain" | sed 's/^_acme-challenge\.//')
+
+ while true; do
+ h=$(printf "%s" "$domain_no_acme" | cut -d . -f "$i"-100)
+ _debug h "$h"
+ if [ -z "$h" ]; then
+ # not valid
+ return 1
+ fi
+
+ # Query for the zone with both trailing dot and without
+ filter="fqdn%20eq%20'$h.'%20or%20fqdn%20eq%20'$h'"
+ if ! _infoblox_rest GET "dns/auth_zone?_filter=$filter"; then
+ # API error - don't continue if we get auth errors
+ if _contains "$response" "401" || _contains "$response" "Authorization"; then
+ _err "Authentication failed. Please check your Infoblox_UDDI_Key."
+ return 1
+ fi
+ # For other errors, continue to parent domain
+ p=$i
+ i=$((i + 1))
+ continue
+ fi
+
+ # Check if response contains results (even if empty)
+ if _contains "$response" '"results"'; then
+ # Extract zone ID - must match the pattern dns/auth_zone/...
+ zone_id=$(echo "$response" | _egrep_o '"id":[[:space:]]*"dns/auth_zone/[^"]*"' | _head_n 1 | cut -d '"' -f 4)
+ if [ -n "$zone_id" ]; then
+ # Found the zone
+ _domain="$h"
+ _domain_id="$zone_id"
+
+ # Calculate subdomain
+ if [ "$_domain" = "$domain" ]; then
+ _sub_domain=""
+ else
+ _cutlength=$((${#domain} - ${#_domain} - 1))
+ _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
+ fi
+
+ return 0
+ fi
+ fi
+
+ p=$i
+ i=$((i + 1))
+ done
+
+ return 1
+}
+
+# _infoblox_rest GET "dns/record?_filter=..."
+# _infoblox_rest POST "dns/record" "{json body}"
+# _infoblox_rest DELETE "dns/record/uuid"
+_infoblox_rest() {
+ method=$1
+ ep="$2"
+ data="$3"
+
+ _debug "$ep"
+
+ # Ensure credentials are available (when called from _get_root)
+ Infoblox_UDDI_Key="${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}"
+ Infoblox_Portal="${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}"
+
+ Infoblox_UDDI_Api="https://$Infoblox_Portal/api/ddi/v1"
+ export _H1="Authorization: Token $Infoblox_UDDI_Key"
+ export _H2="Content-Type: application/json"
+
+ # Debug (masked)
+ _tok_len=$(printf "%s" "$Infoblox_UDDI_Key" | wc -c | tr -d ' \n')
+ _debug2 "Auth header set" "Token len=${_tok_len} on $Infoblox_Portal"
+
+ if [ "$method" != "GET" ]; then
+ _debug data "$data"
+ response="$(_post "$data" "$Infoblox_UDDI_Api/$ep" "" "$method")"
+ else
+ response="$(_get "$Infoblox_UDDI_Api/$ep")"
+ fi
+
+ _ret="$?"
+ _debug2 response "$response"
+
+ if [ "$_ret" != "0" ]; then
+ _err "Error: $ep"
+ return 1
+ fi
+
+ return 0
+}
diff --git a/dnsapi/dns_joker.sh b/dnsapi/dns_joker.sh
index 1fe33c67..401471be 100644
--- a/dnsapi/dns_joker.sh
+++ b/dnsapi/dns_joker.sh
@@ -7,7 +7,7 @@ Options:
JOKER_USERNAME Username
JOKER_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/2840
-Author:
+Author: @aattww
'
JOKER_API="https://svc.joker.com/nic/replace"
diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh
index f19333c4..9cb6327e 100644
--- a/dnsapi/dns_la.sh
+++ b/dnsapi/dns_la.sh
@@ -1,14 +1,17 @@
#!/usr/bin/env sh
+
+# LA_Id="123"
+# LA_Sk="456"
# shellcheck disable=SC2034
dns_la_info='dns.la
Site: dns.la
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_la
Options:
- LA_Id API ID
- LA_Key API key
+ LA_Id APIID
+ LA_Sk APISecret
+ LA_Token 用冒号连接 APIID APISecret 再base64生成
Issues: github.com/acmesh-official/acme.sh/issues/4257
'
-
LA_Api="https://api.dns.la/api"
######## Public functions #####################
@@ -19,18 +22,23 @@ dns_la_add() {
txtvalue=$2
LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}"
- LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}"
+ LA_Sk="${LA_Sk:-$(_readaccountconf_mutable LA_Sk)}"
+ _log "LA_Id=$LA_Id"
+ _log "LA_Sk=$LA_Sk"
- if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then
+ if [ -z "$LA_Id" ] || [ -z "$LA_Sk" ]; then
LA_Id=""
- LA_Key=""
+ LA_Sk=""
_err "You didn't specify a dnsla api id and key yet."
return 1
fi
#save the api key and email to the account conf file.
_saveaccountconf_mutable LA_Id "$LA_Id"
- _saveaccountconf_mutable LA_Key "$LA_Key"
+ _saveaccountconf_mutable LA_Sk "$LA_Sk"
+
+ # generate dnsla token
+ _la_token
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
@@ -42,11 +50,13 @@ dns_la_add() {
_debug _domain "$_domain"
_info "Adding record"
- if _la_rest "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then
- if _contains "$response" '"resultid":'; then
+
+ # record type is enum in new api, 16 for TXT
+ if _la_post "{\"domainId\":\"$_domain_id\",\"type\":16,\"host\":\"$_sub_domain\",\"data\":\"$txtvalue\",\"ttl\":600}" "record"; then
+ if _contains "$response" '"id":'; then
_info "Added, OK"
return 0
- elif _contains "$response" '"code":532'; then
+ elif _contains "$response" '"msg":"与已有记录冲突"'; then
_info "Already exists, OK"
return 0
else
@@ -54,7 +64,7 @@ dns_la_add() {
return 1
fi
fi
- _err "Add txt record error."
+ _err "Add txt record failed."
return 1
}
@@ -65,7 +75,9 @@ dns_la_rm() {
txtvalue=$2
LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}"
- LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}"
+ LA_Sk="${LA_Sk:-$(_readaccountconf_mutable LA_Sk)}"
+
+ _la_token
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
@@ -77,27 +89,29 @@ dns_la_rm() {
_debug _domain "$_domain"
_debug "Getting txt records"
- if ! _la_rest "record.ashx?cmd=listn&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue"; then
+ # record type is enum in new api, 16 for TXT
+ if ! _la_get "recordList?pageIndex=1&pageSize=10&domainId=$_domain_id&host=$_sub_domain&type=16&data=$txtvalue"; then
_err "Error"
return 1
fi
- if ! _contains "$response" '"recordid":'; then
+ if ! _contains "$response" '"id":'; then
_info "Don't need to remove."
return 0
fi
- record_id=$(printf "%s" "$response" | grep '"recordid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n')
+ record_id=$(printf "%s" "$response" | grep '"id":' | _head_n 1 | sed 's/.*"id": *"\([^"]*\)".*/\1/')
_debug "record_id" "$record_id"
if [ -z "$record_id" ]; then
_err "Can not get record id to remove."
return 1
fi
- if ! _la_rest "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$record_id"; then
+ # remove record in new api is RESTful
+ if ! _la_post "" "record?id=$record_id" "DELETE"; then
_err "Delete record error."
return 1
fi
- _contains "$response" '"code":300'
+ _contains "$response" '"code":200'
}
@@ -119,12 +133,13 @@ _get_root() {
return 1
fi
- if ! _la_rest "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then
+ if ! _la_get "domain?domain=$h"; then
return 1
fi
- if _contains "$response" '"domainid":'; then
- _domain_id=$(printf "%s" "$response" | grep '"domainid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n')
+ if _contains "$response" '"domain":'; then
+ _domain_id=$(echo "$response" | sed -n 's/.*"id":"\([^"]*\)".*/\1/p')
+ _log "_domain_id" "$_domain_id"
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain="$h"
@@ -143,6 +158,21 @@ _la_rest() {
url="$LA_Api/$1"
_debug "$url"
+ if ! response="$(_get "$url" "Authorization: Basic $LA_Token" | tr -d ' ' | tr "}" ",")"; then
+ _err "Error: $url"
+ return 1
+ fi
+
+ _debug2 response "$response"
+ return 0
+}
+
+_la_get() {
+ url="$LA_Api/$1"
+ _debug "$url"
+
+ export _H1="Authorization: Basic $LA_Token"
+
if ! response="$(_get "$url" | tr -d ' ' | tr "}" ",")"; then
_err "Error: $url"
return 1
@@ -151,3 +181,29 @@ _la_rest() {
_debug2 response "$response"
return 0
}
+
+# Usage: _la_post body url [POST|PUT|DELETE]
+_la_post() {
+ body=$1
+ url="$LA_Api/$2"
+ http_method=$3
+ _debug "$body"
+ _debug "$url"
+
+ export _H1="Authorization: Basic $LA_Token"
+
+ if ! response="$(_post "$body" "$url" "" "$http_method")"; then
+ _err "Error: $url"
+ return 1
+ fi
+
+ _debug2 response "$response"
+ return 0
+}
+
+_la_token() {
+ LA_Token=$(printf "%s:%s" "$LA_Id" "$LA_Sk" | _base64)
+ _debug "$LA_Token"
+
+ return 0
+}
diff --git a/dnsapi/dns_mijnhost.sh b/dnsapi/dns_mijnhost.sh
index 9dafc702..9f5e7710 100644
--- a/dnsapi/dns_mijnhost.sh
+++ b/dnsapi/dns_mijnhost.sh
@@ -1,16 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_mijnhost_info='mijn.host
-Domains: mijn.host
Site: mijn.host
-Docs: https://mijn.host/api/doc/
-Issues: https://github.com/acmesh-official/acme.sh/issues/6177
-Author: peterv99
+Docs: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_mijnhost
Options:
MIJNHOST_API_KEY API Key
+Issues: github.com/acmesh-official/acme.sh/issues/6177
+Author: @peterv99
'
-######## Public functions ###################### Constants for your mijn-host API
+######## Public functions ######################
MIJNHOST_API="https://mijn.host/api/v2"
# Add TXT record for domain verification
diff --git a/dnsapi/dns_mydnsjp.sh b/dnsapi/dns_mydnsjp.sh
index 336c4889..4dfffaaa 100755
--- a/dnsapi/dns_mydnsjp.sh
+++ b/dnsapi/dns_mydnsjp.sh
@@ -6,7 +6,7 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_mydnsjp
Options:
MYDNSJP_MasterID Master ID
MYDNSJP_Password Password
-Author: epgdatacapbon
+Author: @tkmsst
'
######## Public functions #####################
diff --git a/dnsapi/dns_namecom.sh b/dnsapi/dns_namecom.sh
index 44549c9e..1062c849 100755
--- a/dnsapi/dns_namecom.sh
+++ b/dnsapi/dns_namecom.sh
@@ -6,7 +6,7 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namecom
Options:
Namecom_Username Username
Namecom_Token API Token
-Author: RaidenII
+Author: @RaidenII
'
######## Public functions #####################
diff --git a/dnsapi/dns_namesilo.sh b/dnsapi/dns_namesilo.sh
index b31e32a1..5d47a59a 100755
--- a/dnsapi/dns_namesilo.sh
+++ b/dnsapi/dns_namesilo.sh
@@ -5,7 +5,7 @@ Site: NameSilo.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namesilo
Options:
Namesilo_Key API Key
-Author: meowthink
+Author: @meowthink
'
#Utilize API to finish dns-01 verifications.
diff --git a/dnsapi/dns_nanelo.sh b/dnsapi/dns_nanelo.sh
index 1ab47a89..0c42989b 100644
--- a/dnsapi/dns_nanelo.sh
+++ b/dnsapi/dns_nanelo.sh
@@ -27,8 +27,16 @@ dns_nanelo_add() {
fi
_saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN"
+ _debug "First detect the root zone"
+ if ! _get_root "$fulldomain"; then
+ _err "invalid domain"
+ return 1
+ fi
+ _debug _sub_domain "$_sub_domain"
+ _debug _domain "$_domain"
+
_info "Adding TXT record to ${fulldomain}"
- response="$(_get "$NANELO_API$NANELO_TOKEN/dns/addrecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")"
+ response="$(_post "" "$NANELO_API$NANELO_TOKEN/dns/addrecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}" "" "" "")"
if _contains "${response}" 'success'; then
return 0
fi
@@ -51,8 +59,16 @@ dns_nanelo_rm() {
fi
_saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN"
+ _debug "First, let's detect the root zone:"
+ if ! _get_root "$fulldomain"; then
+ _err "invalid domain"
+ return 1
+ fi
+ _debug _sub_domain "$_sub_domain"
+ _debug _domain "$_domain"
+
_info "Deleting resource record $fulldomain"
- response="$(_get "$NANELO_API$NANELO_TOKEN/dns/deleterecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")"
+ response="$(_post "" "$NANELO_API$NANELO_TOKEN/dns/deleterecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}" "" "" "")"
if _contains "${response}" 'success'; then
return 0
fi
@@ -60,3 +76,45 @@ dns_nanelo_rm() {
_err "${response}"
return 1
}
+
+#################### Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+
+_get_root() {
+ fulldomain=$1
+
+ # Fetch all zones from Nanelo
+ response="$(_get "$NANELO_API$NANELO_TOKEN/dns/getzones")" || return 1
+
+ # Extract "zones" array into space-separated list
+ zones=$(echo "$response" |
+ tr -d ' \n' |
+ sed -n 's/.*"zones":\[\([^]]*\)\].*/\1/p' |
+ tr -d '"' |
+ tr , ' ')
+ _debug zones "$zones"
+
+ bestzone=""
+ for z in $zones; do
+ case "$fulldomain" in
+ *."$z" | "$z")
+ if [ ${#z} -gt ${#bestzone} ]; then
+ bestzone=$z
+ fi
+ ;;
+ esac
+ done
+
+ if [ -z "$bestzone" ]; then
+ _err "No matching zone found for $fulldomain"
+ return 1
+ fi
+
+ _domain="$bestzone"
+ _sub_domain=$(printf "%s" "$fulldomain" | sed "s/\\.$_domain\$//")
+
+ return 0
+}
diff --git a/dnsapi/dns_openprovider_rest.sh b/dnsapi/dns_openprovider_rest.sh
new file mode 100644
index 00000000..210dc6fc
--- /dev/null
+++ b/dnsapi/dns_openprovider_rest.sh
@@ -0,0 +1,186 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC2034
+dns_openprovider_rest_info='OpenProvider (REST)
+Domains: OpenProvider.com
+Site: OpenProvider.eu
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_openprovider_rest
+Options:
+ OPENPROVIDER_REST_USERNAME Openprovider Account Username
+ OPENPROVIDER_REST_PASSWORD Openprovider Account Password
+Issues: github.com/acmesh-official/acme.sh/issues/6122
+Author: Lambiek12
+'
+
+OPENPROVIDER_API_URL="https://api.openprovider.eu/v1beta"
+
+######## Public functions #####################
+
+# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Used to add txt record
+dns_openprovider_rest_add() {
+ fulldomain=$1
+ txtvalue=$2
+
+ _openprovider_prepare_credentials || return 1
+
+ _debug "Try fetch OpenProvider DNS zone details"
+ if ! _get_dns_zone "$fulldomain"; then
+ _err "DNS zone not found within configured OpenProvider account."
+ return 1
+ fi
+
+ if [ -n "$_domain_id" ]; then
+ addzonerecordrequestparameters="dns/zones/$_domain_name"
+ addzonerecordrequestbody="{\"id\":$_domain_id,\"name\":\"$_domain_name\",\"records\":{\"add\":[{\"name\":\"$_sub_domain\",\"ttl\":900,\"type\":\"TXT\",\"value\":\"$txtvalue\"}]}}"
+
+ if _openprovider_rest PUT "$addzonerecordrequestparameters" "$addzonerecordrequestbody"; then
+ if _contains "$response" "\"success\":true"; then
+ return 0
+ elif _contains "$response" "\"Duplicate record\""; then
+ _debug "Record already existed"
+ return 0
+ else
+ _err "Adding TXT record failed due to errors."
+ return 1
+ fi
+ fi
+ fi
+
+ _err "Adding TXT record failed due to errors."
+ return 1
+}
+
+# Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Used to remove the txt record after validation
+dns_openprovider_rest_rm() {
+ fulldomain=$1
+ txtvalue=$2
+
+ _openprovider_prepare_credentials || return 1
+
+ _debug "Try fetch OpenProvider DNS zone details"
+ if ! _get_dns_zone "$fulldomain"; then
+ _err "DNS zone not found within configured OpenProvider account."
+ return 1
+ fi
+
+ if [ -n "$_domain_id" ]; then
+ removezonerecordrequestparameters="dns/zones/$_domain_name"
+ removezonerecordrequestbody="{\"id\":$_domain_id,\"name\":\"$_domain_name\",\"records\":{\"remove\":[{\"name\":\"$_sub_domain\",\"ttl\":900,\"type\":\"TXT\",\"value\":\"\\\"$txtvalue\\\"\"}]}}"
+
+ if _openprovider_rest PUT "$removezonerecordrequestparameters" "$removezonerecordrequestbody"; then
+ if _contains "$response" "\"success\":true"; then
+ return 0
+ else
+ _err "Removing TXT record failed due to errors."
+ return 1
+ fi
+ fi
+ fi
+
+ _err "Removing TXT record failed due to errors."
+ return 1
+}
+
+#################### OpenProvider API common functions ####################
+_openprovider_prepare_credentials() {
+ OPENPROVIDER_REST_USERNAME="${OPENPROVIDER_REST_USERNAME:-$(_readaccountconf_mutable OPENPROVIDER_REST_USERNAME)}"
+ OPENPROVIDER_REST_PASSWORD="${OPENPROVIDER_REST_PASSWORD:-$(_readaccountconf_mutable OPENPROVIDER_REST_PASSWORD)}"
+
+ if [ -z "$OPENPROVIDER_REST_USERNAME" ] || [ -z "$OPENPROVIDER_REST_PASSWORD" ]; then
+ OPENPROVIDER_REST_USERNAME=""
+ OPENPROVIDER_REST_PASSWORD=""
+ _err "You didn't specify the Openprovider username or password yet."
+ return 1
+ fi
+
+ #save the credentials to the account conf file.
+ _saveaccountconf_mutable OPENPROVIDER_REST_USERNAME "$OPENPROVIDER_REST_USERNAME"
+ _saveaccountconf_mutable OPENPROVIDER_REST_PASSWORD "$OPENPROVIDER_REST_PASSWORD"
+}
+
+_openprovider_rest() {
+ httpmethod=$1
+ queryparameters=$2
+ requestbody=$3
+
+ _openprovider_rest_login
+ if [ -z "$openproviderauthtoken" ]; then
+ _err "Unable to fetch authentication token from Openprovider API."
+ return 1
+ fi
+
+ export _H1="Content-Type: application/json"
+ export _H2="Accept: application/json"
+ export _H3="Authorization: Bearer $openproviderauthtoken"
+
+ if [ "$httpmethod" != "GET" ]; then
+ response="$(_post "$requestbody" "$OPENPROVIDER_API_URL/$queryparameters" "" "$httpmethod")"
+ else
+ response="$(_get "$OPENPROVIDER_API_URL/$queryparameters")"
+ fi
+
+ if [ "$?" != "0" ]; then
+ _err "No valid parameters supplied for Openprovider API: Error $queryparameters"
+ return 1
+ fi
+
+ _debug2 response "$response"
+
+ return 0
+}
+
+_openprovider_rest_login() {
+ export _H1="Content-Type: application/json"
+ export _H2="Accept: application/json"
+
+ loginrequesturl="$OPENPROVIDER_API_URL/auth/login"
+ loginrequestbody="{\"ip\":\"0.0.0.0\",\"password\":\"$OPENPROVIDER_REST_PASSWORD\",\"username\":\"$OPENPROVIDER_REST_USERNAME\"}"
+ loginresponse="$(_post "$loginrequestbody" "$loginrequesturl" "" "POST")"
+
+ openproviderauthtoken="$(printf "%s\n" "$loginresponse" | _egrep_o '"token" *: *"[^"]*' | _head_n 1 | sed 's#^"token" *: *"##')"
+
+ export openproviderauthtoken
+}
+
+#################### Private functions ##################################
+
+# Usage: _get_dns_zone _acme-challenge.www.domain.com
+# Returns:
+# _domain_id=123456789
+# _domain_name=domain.com
+# _sub_domain=_acme-challenge.www
+_get_dns_zone() {
+ domain=$1
+ i=1
+ p=1
+
+ while true; do
+ h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
+ if [ -z "$h" ]; then
+ # Empty value not allowed
+ return 1
+ fi
+
+ if ! _openprovider_rest GET "dns/zones/$h" ""; then
+ return 1
+ fi
+
+ if _contains "$response" "\"name\":\"$h\""; then
+ _domain_id="$(printf "%s\n" "$response" | _egrep_o '"id" *: *[^,]*' | _head_n 1 | sed 's#^"id" *: *##')"
+ _debug _domain_id "$_domain_id"
+
+ _domain_name="$h"
+ _debug _domain_name "$_domain_name"
+
+ _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
+ _debug _sub_domain "$_sub_domain"
+ return 0
+ fi
+
+ p=$i
+ i=$(_math "$i" + 1)
+ done
+
+ return 1
+}
diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh
index d1e9c0ac..a11cfae5 100755
--- a/dnsapi/dns_opnsense.sh
+++ b/dnsapi/dns_opnsense.sh
@@ -110,15 +110,16 @@ rm_record() {
if _existingchallenge "$_domain" "$_host" "$new_challenge"; then
# Delete
if _opns_rest "POST" "/record/delRecord/${_uuid}" "\{\}"; then
- if echo "$_return_str" | _egrep_o "\"result\":\"deleted\"" >/dev/null; then
- _opns_rest "POST" "/service/reconfigure" "{}"
+ if echo "$response" | _egrep_o "\"result\":\"deleted\"" >/dev/null; then
_debug "Record deleted"
+ _opns_rest "POST" "/service/reconfigure" "{}"
+ _debug "Service reconfigured"
else
_err "Error deleting record $_host from domain $fulldomain"
return 1
fi
else
- _err "Error deleting record $_host from domain $fulldomain"
+ _err "Error requesting deletion of record $_host from domain $fulldomain"
return 1
fi
else
@@ -150,14 +151,17 @@ _get_root() {
return 1
fi
_debug h "$h"
- id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"primary\",\"domainname\":\"${h}\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
- if [ -n "$id" ]; then
- _debug id "$id"
- _host=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
- _domain="${h}"
- _domainid="${id}"
- return 0
- fi
+ lines=$(echo "$_domain_response" | sed 's/{/\n/g')
+ for line in $lines; do
+ id=$(echo "$line" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"primary\",.*\"domainname\":\"${h}\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
+ if [ -n "$id" ]; then
+ _debug id "$id"
+ _host=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
+ _domain="${h}"
+ _domainid="${id}"
+ return 0
+ fi
+ done
p=$i
i=$(_math "$i" + 1)
done
@@ -206,13 +210,13 @@ _existingchallenge() {
return 1
fi
_uuid=""
- _uuid=$(echo "$_record_response" | _egrep_o "\"uuid\":\"[^\"]*\",\"enabled\":\"[01]\",\"domain\":\"$1\",\"name\":\"$2\",\"type\":\"TXT\",\"value\":\"$3\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
+ _uuid=$(echo "$_record_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"[01]\",\"domain\":\"[a-z0-9\-]*\",\"%domain\":\"$1\",\"name\":\"$2\",\"type\":\"TXT\",\"value\":\"$3\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
if [ -n "$_uuid" ]; then
_debug uuid "$_uuid"
return 0
fi
- _debug "${2}.$1{1} record not found"
+ _debug "${2}.${1} record not found"
return 1
}
diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh
index 24ad0904..9f2cd23f 100755
--- a/dnsapi/dns_ovh.sh
+++ b/dnsapi/dns_ovh.sh
@@ -201,7 +201,7 @@ dns_ovh_rm() {
if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then
return 1
fi
- if _contains "$response" "\"target\":\"$txtvalue\""; then
+ if _contains "$response" "$txtvalue"; then
_debug "Found txt id:$rid"
if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then
return 1
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index 6b38abcb..465bcc60 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -8,7 +8,7 @@ Options:
pleskxml_user Username
pleskxml_pass Password
Issues: github.com/acmesh-official/acme.sh/issues/2577
-Author: Stilez,
+Author: @Stilez, @romanlum
'
## Plesk XML API described at:
diff --git a/dnsapi/dns_rage4.sh b/dnsapi/dns_rage4.sh
index ad312759..c27fbc5f 100755
--- a/dnsapi/dns_rage4.sh
+++ b/dnsapi/dns_rage4.sh
@@ -42,6 +42,14 @@ dns_rage4_add() {
_debug _domain_id "$_domain_id"
_rage4_rest "createrecord/?id=$_domain_id&name=$fulldomain&content=$unquotedtxtvalue&type=TXT&active=true&ttl=1"
+
+ # Response after adding a TXT record should be something like this:
+ # {"status":true,"id":28160443,"error":null}
+ if ! _contains "$response" '"error":null' >/dev/null; then
+ _err "Error while adding TXT record: '$response'"
+ return 1
+ fi
+
return 0
}
@@ -63,7 +71,12 @@ dns_rage4_rm() {
_debug "Getting txt records"
_rage4_rest "getrecords/?id=${_domain_id}"
- _record_id=$(echo "$response" | sed -rn 's/.*"id":([[:digit:]]+)[^\}]*'"$txtvalue"'.*/\1/p')
+ _record_id=$(echo "$response" | tr '{' '\n' | grep '"TXT"' | grep "\"$txtvalue" | sed -rn 's/.*"id":([[:digit:]]+),.*/\1/p')
+ if [ -z "$_record_id" ]; then
+ _err "error retrieving the record_id of the new TXT record in order to delete it, got: '$_record_id'."
+ return 1
+ fi
+
_rage4_rest "deleterecord/?id=${_record_id}"
return 0
}
@@ -105,8 +118,7 @@ _rage4_rest() {
token_trimmed=$(echo "$RAGE4_TOKEN" | tr -d '"')
auth=$(printf '%s:%s' "$username_trimmed" "$token_trimmed" | _base64)
- export _H1="Content-Type: application/json"
- export _H2="Authorization: Basic $auth"
+ export _H1="Authorization: Basic $auth"
response="$(_get "$RAGE4_Api$ep")"
diff --git a/dnsapi/dns_schlundtech.sh b/dnsapi/dns_schlundtech.sh
index 6d2930a2..21930110 100644
--- a/dnsapi/dns_schlundtech.sh
+++ b/dnsapi/dns_schlundtech.sh
@@ -7,7 +7,7 @@ Options:
SCHLUNDTECH_USER Username
SCHLUNDTECH_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/2246
-Author:
+Author: @mod242
'
SCHLUNDTECH_API="https://gateway.schlundtech.de"
diff --git a/dnsapi/dns_selectel.sh b/dnsapi/dns_selectel.sh
index 434bc483..565f541b 100644
--- a/dnsapi/dns_selectel.sh
+++ b/dnsapi/dns_selectel.sh
@@ -1,27 +1,21 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
-
-# dns_selectel_info='Selectel.com
-# Domains: Selectel.ru
-# Site: Selectel.com
-# Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_selectel
-# Options:
-# Variables that must be defined before running
-# SL_Ver can take one of the values 'v1' or 'v2', default is 'v1'
-# SL_Ver='v1', when using version API legacy (v1)
-# SL_Ver='v2', when using version API actual (v2)
-# when using API version v1, i.e. SL_Ver is 'v1' or not defined:
-# SL_Key - API Key, required
-# when using API version v2:
-# SL_Ver - required as 'v2'
-# SL_Login_ID - account ID, required
-# SL_Project_Name - name project, required
-# SL_Login_Name - service user name, required
-# SL_Pswd - service user password, required
-# SL_Expire - token lifetime in minutes (0-1440), default 1400 minutes
-#
-# Issues: github.com/acmesh-official/acme.sh/issues/5126
-#
+dns_selectel_info='Selectel.com
+Domains: Selectel.ru
+Site: Selectel.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_selectel
+Options: For old API version v1 (deprecated)
+ SL_Ver API version. Use "v1".
+ SL_Key API Key
+OptionsAlt: For the current API version v2
+ SL_Ver API version. Use "v2".
+ SL_Login_ID Account ID
+ SL_Project_Name Project name
+ SL_Login_Name Service user name
+ SL_Pswd Service user password
+ SL_Expire Token lifetime. In minutes (0-1440). Default "1400"
+Issues: github.com/acmesh-official/acme.sh/issues/5126
+'
SL_Api="https://api.selectel.ru/domains"
auth_uri="https://cloud.api.selcloud.ru/identity/v3/auth/tokens"
diff --git a/dnsapi/dns_spaceship.sh b/dnsapi/dns_spaceship.sh
index 770e22cc..8fff4037 100644
--- a/dnsapi/dns_spaceship.sh
+++ b/dnsapi/dns_spaceship.sh
@@ -4,11 +4,11 @@ dns_spaceship_info='Spaceship.com
Site: Spaceship.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_spaceship
Options:
- SPACESHIP_API_KEY Spaceship API Key
- SPACESHIP_API_SECRET Spaceship API Secret
- SPACESHIP_ROOT_DOMAIN (Optional) Manually specify the root domain if auto-detection fails
+ SPACESHIP_API_KEY API Key
+ SPACESHIP_API_SECRET API Secret
+ SPACESHIP_ROOT_DOMAIN Root domain. Manually specify the root domain if auto-detection fails. Optional.
Issues: github.com/acmesh-official/acme.sh/issues/6304
-Author: Meow
+Author: Meow <@Meo597>
'
# Spaceship API
diff --git a/dnsapi/dns_tele3.sh b/dnsapi/dns_tele3.sh
index e5974951..3a3ccf8c 100644
--- a/dnsapi/dns_tele3.sh
+++ b/dnsapi/dns_tele3.sh
@@ -6,7 +6,7 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#tele3
Options:
TELE3_Key API Key
TELE3_Secret API Secret
-Author: Roman Blizik
+Author: Roman Blizik <@par-pa>
'
TELE3_API="https://www.tele3.cz/acme/"
diff --git a/dnsapi/dns_timeweb.sh b/dnsapi/dns_timeweb.sh
index 544564ea..7040ac9a 100644
--- a/dnsapi/dns_timeweb.sh
+++ b/dnsapi/dns_timeweb.sh
@@ -6,7 +6,7 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_timeweb
Options:
TW_Token API JWT token. Get it from the control panel at https://timeweb.cloud/my/api-keys
Issues: github.com/acmesh-official/acme.sh/issues/5140
-Author: Nikolay Pronchev
+Author: Nikolay Pronchev <@nikolaypronchev>
'
TW_Api="https://api.timeweb.cloud/api/v1"
diff --git a/dnsapi/dns_udr.sh b/dnsapi/dns_udr.sh
index f9772e10..656a0557 100644
--- a/dnsapi/dns_udr.sh
+++ b/dnsapi/dns_udr.sh
@@ -7,7 +7,7 @@ Options:
UDR_USER Username
UDR_PASS Password
Issues: github.com/acmesh-official/acme.sh/issues/3923
-Author: Andreas Scherer
+Author: Andreas Scherer <@andischerer>
'
UDR_API="https://api.domainreselling.de/api/call.cgi"
diff --git a/dnsapi/dns_variomedia.sh b/dnsapi/dns_variomedia.sh
index fa38bbb6..4620b854 100644
--- a/dnsapi/dns_variomedia.sh
+++ b/dnsapi/dns_variomedia.sh
@@ -74,7 +74,7 @@ dns_variomedia_rm() {
return 1
fi
- _record_id="$(echo "$response" | sed -E 's/,"tags":\[[^]]*\]//g' | cut -d '[' -f2 | cut -d']' -f1 | sed 's/},[ \t]*{/\},§\{/g' | tr § '\n' | grep "$_sub_domain" | grep -- "$txtvalue" | sed 's/^{//;s/}[,]?$//' | tr , '\n' | tr -d '\"' | grep ^id | cut -d : -f2 | tr -d ' ')"
+ _record_id="$(echo "$response" | sed -E 's/,"tags":\[[^]]*\]//g' | cut -d '[' -f3 | cut -d']' -f1 | sed 's/},[ \t]*{/\},§\{/g' | tr § '\n' | grep -i "$_sub_domain" | grep -- "$txtvalue" | sed 's/^{//;s/}[,]?$//' | tr , '\n' | tr -d '\"' | grep ^id | cut -d : -f2 | tr -d ' ')"
_debug _record_id "$_record_id"
if [ "$_record_id" ]; then
_info "Successfully retrieved the record id for ACME challenge."
diff --git a/dnsapi/dns_vscale.sh b/dnsapi/dns_vscale.sh
index c3915c69..faf3105d 100755
--- a/dnsapi/dns_vscale.sh
+++ b/dnsapi/dns_vscale.sh
@@ -5,7 +5,7 @@ Site: vscale.io
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_vscale
Options:
VSCALE_API_KEY API Key
-Author: Alex Loban
+Author: Alex Loban <@LAV45>
'
VSCALE_API_URL="https://api.vscale.io/v1"
diff --git a/dnsapi/dns_vultr.sh b/dnsapi/dns_vultr.sh
index 61ec3f60..4002e5de 100644
--- a/dnsapi/dns_vultr.sh
+++ b/dnsapi/dns_vultr.sh
@@ -6,7 +6,6 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_vultr
Options:
VULTR_API_KEY API Key
Issues: github.com/acmesh-official/acme.sh/issues/2374
-Author:
'
VULTR_Api="https://api.vultr.com/v2"
diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh
index bfc4b23a..2374afc3 100644
--- a/dnsapi/dns_websupport.sh
+++ b/dnsapi/dns_websupport.sh
@@ -7,7 +7,7 @@ Options:
WS_ApiKey API Key. Called "Identifier" in the WS Admin
WS_ApiSecret API Secret. Called "Secret key" in the WS Admin
Issues: github.com/acmesh-official/acme.sh/issues/3486
-Author: trgo.sk , akulumbeg
+Author: trgo.sk <@trgosk>, @akulumbeg
'
# Requirements: API Key and Secret from https://admin.websupport.sk/en/auth/apiKey
diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh
index 46cdc4fe..dc295330 100644
--- a/dnsapi/dns_world4you.sh
+++ b/dnsapi/dns_world4you.sh
@@ -7,7 +7,7 @@ Options:
WORLD4YOU_USERNAME Username
WORLD4YOU_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/3269
-Author: Lorenz Stechauner
+Author: Lorenz Stechauner <@NerLOR>
'
WORLD4YOU_API="https://my.world4you.com/en"
diff --git a/notify/ntfy.sh b/notify/ntfy.sh
index 21e39559..3a788a84 100644
--- a/notify/ntfy.sh
+++ b/notify/ntfy.sh
@@ -14,6 +14,13 @@ ntfy_send() {
_debug "_content" "$_content"
_debug "_statusCode" "$_statusCode"
+ _priority_default="default"
+ _priority_error="high"
+
+ _tag_success="white_check_mark"
+ _tag_error="warning"
+ _tag_info="information_source"
+
NTFY_URL="${NTFY_URL:-$(_readaccountconf_mutable NTFY_URL)}"
if [ "$NTFY_URL" ]; then
_saveaccountconf_mutable NTFY_URL "$NTFY_URL"
@@ -30,7 +37,26 @@ ntfy_send() {
export _H1="Authorization: Bearer $NTFY_TOKEN"
fi
- _data="${_subject}. $_content"
+ case "$_statusCode" in
+ 0)
+ _priority="$_priority_default"
+ _tag="$_tag_success"
+ ;;
+ 1)
+ _priority="$_priority_error"
+ _tag="$_tag_error"
+ ;;
+ 2)
+ _priority="$_priority_default"
+ _tag="$_tag_info"
+ ;;
+ esac
+
+ export _H2="Priority: $_priority"
+ export _H3="Tags: $_tag"
+ export _H4="Title: $PROJECT_NAME: $_subject"
+
+ _data="$_content"
response="$(_post "$_data" "$NTFY_URL/$NTFY_TOPIC" "" "POST" "")"
if [ "$?" = "0" ] && _contains "$response" "expires"; then
diff --git a/notify/opsgenie.sh b/notify/opsgenie.sh
new file mode 100644
index 00000000..d352a18c
--- /dev/null
+++ b/notify/opsgenie.sh
@@ -0,0 +1,130 @@
+#!/usr/bin/env sh
+
+#Support OpsGenie API integration
+
+#OPSGENIE_API_KEY="" Required, opsgenie api key
+#OPSGENIE_REGION="" Optional, opsgenie region, can be EU or US (default: US)
+#OPSGENIE_PRIORITY_SUCCESS="" Optional, opsgenie priority for success (default: P5)
+#OPSGENIE_PRIORITY_ERROR="" Optional, opsgenie priority for error (default: P2)
+#OPSGENIE_PRIORITY_SKIP="" Optional, opsgenie priority for renew skipped (default: P5)
+
+_OPSGENIE_AVAIL_REGION="US,EU"
+_OPSGENIE_AVAIL_PRIORITIES="P1,P2,P3,P4,P5"
+
+opsgenie_send() {
+ _subject="$1"
+ _content="$2"
+ _status_code="$3" #0: success, 1: error, 2($RENEW_SKIP): skipped
+
+ OPSGENIE_API_KEY="${OPSGENIE_API_KEY:-$(_readaccountconf_mutable OPSGENIE_API_KEY)}"
+ if [ -z "$OPSGENIE_API_KEY" ]; then
+ OPSGENIE_API_KEY=""
+ _err "You didn't specify an OpsGenie API key OPSGENIE_API_KEY yet."
+ return 1
+ fi
+ _saveaccountconf_mutable OPSGENIE_API_KEY "$OPSGENIE_API_KEY"
+ export _H1="Authorization: GenieKey $OPSGENIE_API_KEY"
+
+ OPSGENIE_REGION="${OPSGENIE_REGION:-$(_readaccountconf_mutable OPSGENIE_REGION)}"
+ if [ -z "$OPSGENIE_REGION" ]; then
+ OPSGENIE_REGION="US"
+ _info "The OPSGENIE_REGION is not set, so use the default US as regeion."
+ elif ! _hasfield "$_OPSGENIE_AVAIL_REGION" "$OPSGENIE_REGION"; then
+ _err "The OPSGENIE_REGION \"$OPSGENIE_REGION\" is not available, should be one of $_OPSGENIE_AVAIL_REGION"
+ OPSGENIE_REGION=""
+ return 1
+ else
+ _saveaccountconf_mutable OPSGENIE_REGION "$OPSGENIE_REGION"
+ fi
+
+ OPSGENIE_PRIORITY_SUCCESS="${OPSGENIE_PRIORITY_SUCCESS:-$(_readaccountconf_mutable OPSGENIE_PRIORITY_SUCCESS)}"
+ if [ -z "$OPSGENIE_PRIORITY_SUCCESS" ]; then
+ OPSGENIE_PRIORITY_SUCCESS="P5"
+ _info "The OPSGENIE_PRIORITY_SUCCESS is not set, so use the default P5 as priority."
+ elif ! _hasfield "$_OPSGENIE_AVAIL_PRIORITIES" "$OPSGENIE_PRIORITY_SUCCESS"; then
+ _err "The OPSGENIE_PRIORITY_SUCCESS \"$OPSGENIE_PRIORITY_SUCCESS\" is not available, should be one of $_OPSGENIE_AVAIL_PRIORITIES"
+ OPSGENIE_PRIORITY_SUCCESS=""
+ return 1
+ else
+ _saveaccountconf_mutable OPSGENIE_PRIORITY_SUCCESS "$OPSGENIE_PRIORITY_SUCCESS"
+ fi
+
+ OPSGENIE_PRIORITY_ERROR="${OPSGENIE_PRIORITY_ERROR:-$(_readaccountconf_mutable OPSGENIE_PRIORITY_ERROR)}"
+ if [ -z "$OPSGENIE_PRIORITY_ERROR" ]; then
+ OPSGENIE_PRIORITY_ERROR="P2"
+ _info "The OPSGENIE_PRIORITY_ERROR is not set, so use the default P2 as priority."
+ elif ! _hasfield "$_OPSGENIE_AVAIL_PRIORITIES" "$OPSGENIE_PRIORITY_ERROR"; then
+ _err "The OPSGENIE_PRIORITY_ERROR \"$OPSGENIE_PRIORITY_ERROR\" is not available, should be one of $_OPSGENIE_AVAIL_PRIORITIES"
+ OPSGENIE_PRIORITY_ERROR=""
+ return 1
+ else
+ _saveaccountconf_mutable OPSGENIE_PRIORITY_ERROR "$OPSGENIE_PRIORITY_ERROR"
+ fi
+
+ OPSGENIE_PRIORITY_SKIP="${OPSGENIE_PRIORITY_SKIP:-$(_readaccountconf_mutable OPSGENIE_PRIORITY_SKIP)}"
+ if [ -z "$OPSGENIE_PRIORITY_SKIP" ]; then
+ OPSGENIE_PRIORITY_SKIP="P5"
+ _info "The OPSGENIE_PRIORITY_SKIP is not set, so use the default P5 as priority."
+ elif ! _hasfield "$_OPSGENIE_AVAIL_PRIORITIES" "$OPSGENIE_PRIORITY_SKIP"; then
+ _err "The OPSGENIE_PRIORITY_SKIP \"$OPSGENIE_PRIORITY_SKIP\" is not available, should be one of $_OPSGENIE_AVAIL_PRIORITIES"
+ OPSGENIE_PRIORITY_SKIP=""
+ return 1
+ else
+ _saveaccountconf_mutable OPSGENIE_PRIORITY_SKIP "$OPSGENIE_PRIORITY_SKIP"
+ fi
+
+ case "$OPSGENIE_REGION" in
+ "US")
+ _opsgenie_url="https://api.opsgenie.com/v2/alerts"
+ ;;
+ "EU")
+ _opsgenie_url="https://api.eu.opsgenie.com/v2/alerts"
+ ;;
+ *)
+ _err "opsgenie region error."
+ return 1
+ ;;
+ esac
+
+ case $_status_code in
+ 0)
+ _priority=$OPSGENIE_PRIORITY_SUCCESS
+ ;;
+ 1)
+ _priority=$OPSGENIE_PRIORITY_ERROR
+ ;;
+ 2)
+ _priority=$OPSGENIE_PRIORITY_SKIP
+ ;;
+ *)
+ _priority=$OPSGENIE_PRIORITY_ERROR
+ ;;
+ esac
+
+ _subject_json=$(echo "$_subject" | _json_encode)
+ _content_json=$(echo "$_content" | _json_encode)
+ _subject_underscore=$(echo "$_subject" | sed 's/ /_/g')
+ _alias_json=$(echo "acme.sh-$(hostname)-$_subject_underscore-$(date +%Y%m%d)" | base64 --wrap=0 | _json_encode)
+
+ _data="{
+ \"message\": \"$_subject_json\",
+ \"alias\": \"$_alias_json\",
+ \"description\": \"$_content_json\",
+ \"tags\": [
+ \"acme.sh\",
+ \"host:$(hostname)\"
+ ],
+ \"entity\": \"$(hostname -f)\",
+ \"priority\": \"$_priority\"
+}"
+
+ if response=$(_post "$_data" "$_opsgenie_url" "" "" "application/json"); then
+ if ! _contains "$response" error; then
+ _info "opsgenie send success."
+ return 0
+ fi
+ fi
+ _err "opsgenie send error."
+ _err "$response"
+ return 1
+}
diff --git a/notify/telegram.sh b/notify/telegram.sh
index ccbd1533..4ed50a65 100644
--- a/notify/telegram.sh
+++ b/notify/telegram.sh
@@ -34,8 +34,8 @@ telegram_send() {
fi
_saveaccountconf_mutable TELEGRAM_BOT_URLBASE "$TELEGRAM_BOT_URLBASE"
- _subject="$(printf "%s" "$_subject" | sed 's/\\/\\\\\\\\/g' | sed 's/\]/\\\\\]/g' | sed 's/\([_*[()~`>#+--=|{}.!]\)/\\\\\1/g')"
- _content="$(printf "%s" "$_content" | sed 's/\\/\\\\\\\\/g' | sed 's/\]/\\\\\]/g' | sed 's/\([_*[()~`>#+--=|{}.!]\)/\\\\\1/g')"
+ _subject="$(printf "%s" "$_subject" | sed -E 's/([][()~`>#+=|{}.!*_\\-])/\\\\\1/g')"
+ _content="$(printf "%s" "$_content" | sed -E 's/([][()~`>#+=|{}.!*_\\-])/\\\\\1/g')"
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)"
_data="{\"text\": \"$_content\", "
_data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", "
+