Browse Source

Merge pull request #3109 from acmesh-official/dev

Support github actions
pull/3223/head
neil 4 years ago
committed by GitHub
parent
commit
4adb525513
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 16
      .github/workflows/shellcheck.yml
  2. 5
      README.md
  3. 85
      acme.sh
  4. 4
      deploy/exim4.sh
  5. 10
      deploy/ssh.sh
  6. 6
      deploy/vsftpd.sh
  7. 12
      dnsapi/dns_aws.sh
  8. 2
      dnsapi/dns_azure.sh
  9. 6
      dnsapi/dns_conoha.sh
  10. 28
      dnsapi/dns_cyon.sh
  11. 24
      dnsapi/dns_do.sh
  12. 18
      dnsapi/dns_freedns.sh
  13. 16
      dnsapi/dns_gandi_livedns.sh
  14. 12
      dnsapi/dns_gcloud.sh
  15. 4
      dnsapi/dns_he.sh
  16. 8
      dnsapi/dns_hetzner.sh
  17. 2
      dnsapi/dns_netlify.sh
  18. 39
      dnsapi/dns_pleskxml.sh

16
.github/workflows/shellcheck.yml

@ -0,0 +1,16 @@
name: shellcheck
on: [push, pull_request]
jobs:
formatCheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install Shellcheck
run: sudo apt-get install -y shellcheck
- name: DoShellcheck
run: shellcheck -V && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK"
- name: Install shfmt
run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
- name: shfmt
run: ~/shfmt -l -w -i 2 . ; git diff --exit-code && echo "shfmt OK"

5
README.md

@ -1,9 +1,10 @@
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) # An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a>
[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") [![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") [![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg)
acme.sh is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial acme.sh is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial

85
acme.sh

@ -1077,11 +1077,11 @@ _isEccKey() {
return 1 return 1
fi fi
[ "$_length" != "1024" ] \
&& [ "$_length" != "2048" ] \
&& [ "$_length" != "3072" ] \
&& [ "$_length" != "4096" ] \
&& [ "$_length" != "8192" ]
[ "$_length" != "1024" ] &&
[ "$_length" != "2048" ] &&
[ "$_length" != "3072" ] &&
[ "$_length" != "4096" ] &&
[ "$_length" != "8192" ]
} }
# _createkey 2048|ec-256 file # _createkey 2048|ec-256 file
@ -1473,7 +1473,7 @@ createDomainKey() {
_initpath "$domain" "$_cdl" _initpath "$domain" "$_cdl"
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$_ACME_IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
if _createkey "$_cdl" "$CERT_KEY_PATH"; then if _createkey "$_cdl" "$CERT_KEY_PATH"; then
_savedomainconf Le_Keylength "$_cdl" _savedomainconf Le_Keylength "$_cdl"
_info "The domain key is here: $(__green $CERT_KEY_PATH)" _info "The domain key is here: $(__green $CERT_KEY_PATH)"
@ -1483,7 +1483,7 @@ createDomainKey() {
return 1 return 1
fi fi
else else
if [ "$IS_RENEW" ]; then
if [ "$_ACME_IS_RENEW" ]; then
_info "Domain key exists, skip" _info "Domain key exists, skip"
return 0 return 0
else else
@ -1509,7 +1509,7 @@ createCSR() {
_initpath "$domain" "$_isEcc" _initpath "$domain" "$_isEcc"
if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then
if [ -f "$CSR_PATH" ] && [ "$_ACME_IS_RENEW" ] && [ -z "$FORCE" ]; then
_info "CSR exists, skip" _info "CSR exists, skip"
return return
fi fi
@ -2585,7 +2585,7 @@ _initpath() {
. "$ACCOUNT_CONF_PATH" . "$ACCOUNT_CONF_PATH"
fi fi
if [ "$ACME_IN_CRON" ]; then
if [ "$_ACME_IN_CRON" ]; then
if [ ! "$_USER_PATH_EXPORTED" ]; then if [ ! "$_USER_PATH_EXPORTED" ]; then
_USER_PATH_EXPORTED=1 _USER_PATH_EXPORTED=1
export PATH="$USER_PATH:$PATH" export PATH="$USER_PATH:$PATH"
@ -2599,7 +2599,7 @@ _initpath() {
if [ -z "$ACME_DIRECTORY" ]; then if [ -z "$ACME_DIRECTORY" ]; then
if [ "$STAGE" ]; then if [ "$STAGE" ]; then
ACME_DIRECTORY="$DEFAULT_STAGING_CA" ACME_DIRECTORY="$DEFAULT_STAGING_CA"
_info "Using stage ACME_DIRECTORY: $ACME_DIRECTORY"
_info "Using ACME_DIRECTORY: $ACME_DIRECTORY"
else else
default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER") default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER")
_debug default_acme_server "$default_acme_server" _debug default_acme_server "$default_acme_server"
@ -3387,7 +3387,7 @@ _on_issue_err() {
) )
fi fi
if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
if [ "$_ACME_IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
_err "$_DNS_MANUAL_ERR" _err "$_DNS_MANUAL_ERR"
fi fi
@ -3419,7 +3419,7 @@ _on_issue_success() {
fi fi
#run renew hook #run renew hook
if [ "$IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
if [ "$_ACME_IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
_info "Run renew hook:'$_chk_renew_hook'" _info "Run renew hook:'$_chk_renew_hook'"
if ! ( if ! (
export CERT_PATH export CERT_PATH
@ -3990,17 +3990,22 @@ _check_dns_entries() {
} }
#file #file
_get_cert_issuer() {
_get_cert_issuers() {
_cfile="$1" _cfile="$1"
echo $(openssl x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2)
if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7"; then
${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | openssl pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
else
${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
fi
} }
#cert issuer #cert issuer
_match_issuer() { _match_issuer() {
_cfile="$1" _cfile="$1"
_missuer="$2" _missuer="$2"
_fissuer=$(_get_cert_issuer $_cfile)
[ "$_missuer" = "$_fissuer" ]
_fissuers="$(_get_cert_issuers $_cfile)"
_debug2 _fissuers "$_fissuers"
_contains "$_fissuers" "$_missuer"
} }
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
@ -4037,7 +4042,7 @@ issue() {
_challenge_alias="${14}" _challenge_alias="${14}"
_preferred_chain="${15}" _preferred_chain="${15}"
if [ ! "$IS_RENEW" ]; then
if [ -z "$_ACME_IS_RENEW" ]; then
_initpath "$_main_domain" "$_key_length" _initpath "$_main_domain" "$_key_length"
mkdir -p "$DOMAIN_PATH" mkdir -p "$DOMAIN_PATH"
fi fi
@ -4689,7 +4694,8 @@ $_authorizations_map"
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)" der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
if [ "$ACME_VERSION" = "2" ]; then if [ "$ACME_VERSION" = "2" ]; then
_info "Lets finalize the order, Le_OrderFinalize: $Le_OrderFinalize"
_info "Lets finalize the order."
_info "Le_OrderFinalize" "$Le_OrderFinalize"
if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
_err "Sign failed." _err "Sign failed."
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook"
@ -4760,7 +4766,8 @@ $_authorizations_map"
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook"
return 1 return 1
fi fi
_info "Downloading cert, Le_LinkCert: $Le_LinkCert"
_info "Downloading cert."
_info "Le_LinkCert" "$Le_LinkCert"
if ! _send_signed_request "$Le_LinkCert"; then if ! _send_signed_request "$Le_LinkCert"; then
_err "Sign failed, can not download cert:$Le_LinkCert." _err "Sign failed, can not download cert:$Le_LinkCert."
_err "$response" _err "$response"
@ -4771,10 +4778,8 @@ $_authorizations_map"
echo "$response" >"$CERT_PATH" echo "$response" >"$CERT_PATH"
_split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH" _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH"
if [ "$_preferred_chain" ]; then
_cert_issuer=$(_get_cert_issuer "$CA_CERT_PATH")
_debug _cert_issuer "$_cert_issuer"
if ! _match_issuer "$CA_CERT_PATH" "$_preferred_chain"; then
if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then
if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then
rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)"
_debug2 "rels" "$rels" _debug2 "rels" "$rels"
for rel in $rels; do for rel in $rels; do
@ -4789,7 +4794,7 @@ $_authorizations_map"
_relca="$CA_CERT_PATH.alt" _relca="$CA_CERT_PATH.alt"
echo "$response" >"$_relcert" echo "$response" >"$_relcert"
_split_cert_chain "$_relcert" "$_relfullchain" "$_relca" _split_cert_chain "$_relcert" "$_relfullchain" "$_relca"
if _match_issuer "$_relca" "$_preferred_chain"; then
if _match_issuer "$_relfullchain" "$_preferred_chain"; then
_info "Matched issuer in: $rel" _info "Matched issuer in: $rel"
cat $_relcert >"$CERT_PATH" cat $_relcert >"$CERT_PATH"
cat $_relfullchain >"$CERT_FULLCHAIN_PATH" cat $_relfullchain >"$CERT_FULLCHAIN_PATH"
@ -4842,7 +4847,7 @@ $_authorizations_map"
_info "Your cert key is in $(__green " $CERT_KEY_PATH ")" _info "Your cert key is in $(__green " $CERT_KEY_PATH ")"
fi fi
if [ ! "$USER_PATH" ] || [ ! "$ACME_IN_CRON" ]; then
if [ ! "$USER_PATH" ] || [ ! "$_ACME_IN_CRON" ]; then
USER_PATH="$PATH" USER_PATH="$PATH"
_saveaccountconf "USER_PATH" "$USER_PATH" _saveaccountconf "USER_PATH" "$USER_PATH"
fi fi
@ -5033,12 +5038,12 @@ renew() {
return "$RENEW_SKIP" return "$RENEW_SKIP"
fi fi
if [ "$ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then
if [ "$_ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then
_info "Skip invalid cert for: $Le_Domain" _info "Skip invalid cert for: $Le_Domain"
return $RENEW_SKIP return $RENEW_SKIP
fi fi
IS_RENEW="1"
_ACME_IS_RENEW="1"
Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)" Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
Le_PreHook="$(_readdomainconf Le_PreHook)" Le_PreHook="$(_readdomainconf Le_PreHook)"
Le_PostHook="$(_readdomainconf Le_PostHook)" Le_PostHook="$(_readdomainconf Le_PostHook)"
@ -5054,7 +5059,7 @@ renew() {
res="$?" res="$?"
fi fi
IS_RENEW=""
_ACME_IS_RENEW=""
return "$res" return "$res"
} }
@ -5094,7 +5099,7 @@ renewAll() {
_error_level="$NOTIFY_LEVEL_RENEW" _error_level="$NOTIFY_LEVEL_RENEW"
_notify_code=0 _notify_code=0
fi fi
if [ "$ACME_IN_CRON" ]; then
if [ "$_ACME_IN_CRON" ]; then
if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
_send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0 _send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0
@ -5108,7 +5113,7 @@ renewAll() {
_error_level="$NOTIFY_LEVEL_SKIP" _error_level="$NOTIFY_LEVEL_SKIP"
_notify_code=$RENEW_SKIP _notify_code=$RENEW_SKIP
fi fi
if [ "$ACME_IN_CRON" ]; then
if [ "$_ACME_IN_CRON" ]; then
if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
_send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" _send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP"
@ -5123,7 +5128,7 @@ renewAll() {
_error_level="$NOTIFY_LEVEL_ERROR" _error_level="$NOTIFY_LEVEL_ERROR"
_notify_code=1 _notify_code=1
fi fi
if [ "$ACME_IN_CRON" ]; then
if [ "$_ACME_IN_CRON" ]; then
if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
_send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1 _send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1
@ -5144,7 +5149,7 @@ renewAll() {
done done
_debug _error_level "$_error_level" _debug _error_level "$_error_level"
_debug _set_level "$_set_level" _debug _set_level "$_set_level"
if [ "$ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then
if [ "$_ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then
if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then
_msg_subject="Renew" _msg_subject="Renew"
if [ "$_error_msg" ]; then if [ "$_error_msg" ]; then
@ -5442,7 +5447,7 @@ _installcert() {
if [ "$_real_cert" ]; then if [ "$_real_cert" ]; then
_info "Installing cert to:$_real_cert" _info "Installing cert to:$_real_cert"
if [ -f "$_real_cert" ] && [ ! "$IS_RENEW" ]; then
if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_cert" "$_backup_path/cert.bak" cp "$_real_cert" "$_backup_path/cert.bak"
fi fi
cat "$CERT_PATH" >"$_real_cert" || return 1 cat "$CERT_PATH" >"$_real_cert" || return 1
@ -5454,7 +5459,7 @@ _installcert() {
echo "" >>"$_real_ca" echo "" >>"$_real_ca"
cat "$CA_CERT_PATH" >>"$_real_ca" || return 1 cat "$CA_CERT_PATH" >>"$_real_ca" || return 1
else else
if [ -f "$_real_ca" ] && [ ! "$IS_RENEW" ]; then
if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_ca" "$_backup_path/ca.bak" cp "$_real_ca" "$_backup_path/ca.bak"
fi fi
cat "$CA_CERT_PATH" >"$_real_ca" || return 1 cat "$CA_CERT_PATH" >"$_real_ca" || return 1
@ -5463,7 +5468,7 @@ _installcert() {
if [ "$_real_key" ]; then if [ "$_real_key" ]; then
_info "Installing key to:$_real_key" _info "Installing key to:$_real_key"
if [ -f "$_real_key" ] && [ ! "$IS_RENEW" ]; then
if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_key" "$_backup_path/key.bak" cp "$_real_key" "$_backup_path/key.bak"
fi fi
if [ -f "$_real_key" ]; then if [ -f "$_real_key" ]; then
@ -5476,7 +5481,7 @@ _installcert() {
if [ "$_real_fullchain" ]; then if [ "$_real_fullchain" ]; then
_info "Installing full chain to:$_real_fullchain" _info "Installing full chain to:$_real_fullchain"
if [ -f "$_real_fullchain" ] && [ ! "$IS_RENEW" ]; then
if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_fullchain" "$_backup_path/fullchain.bak" cp "$_real_fullchain" "$_backup_path/fullchain.bak"
fi fi
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1 cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
@ -6093,7 +6098,7 @@ install() {
_debug "Skip install cron job" _debug "Skip install cron job"
fi fi
if [ "$ACME_IN_CRON" != "1" ]; then
if [ "$_ACME_IN_CRON" != "1" ]; then
if ! _precheck "$_nocron"; then if ! _precheck "$_nocron"; then
_err "Pre-check failed, can not install." _err "Pre-check failed, can not install."
return 1 return 1
@ -6150,7 +6155,7 @@ install() {
_info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY" _info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY"
if [ "$ACME_IN_CRON" != "1" ] && [ -z "$_noprofile" ]; then
if [ "$_ACME_IN_CRON" != "1" ] && [ -z "$_noprofile" ]; then
_installalias "$_c_home" _installalias "$_c_home"
fi fi
@ -6248,7 +6253,7 @@ _uninstallalias() {
} }
cron() { cron() {
export ACME_IN_CRON=1
export _ACME_IN_CRON=1
_initpath _initpath
_info "$(__green "===Starting cron===")" _info "$(__green "===Starting cron===")"
if [ "$AUTO_UPGRADE" = "1" ]; then if [ "$AUTO_UPGRADE" = "1" ]; then
@ -6269,7 +6274,7 @@ cron() {
fi fi
renewAll renewAll
_ret="$?" _ret="$?"
ACME_IN_CRON=""
_ACME_IN_CRON=""
_info "$(__green "===End cron===")" _info "$(__green "===End cron===")"
exit $_ret exit $_ret
} }

4
deploy/exim4.sh

@ -69,8 +69,8 @@ exim4_deploy() {
cp "$_exim4_conf" "$_backup_conf" cp "$_exim4_conf" "$_backup_conf"
_info "Modify exim4 conf: $_exim4_conf" _info "Modify exim4 conf: $_exim4_conf"
if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" \
&& _setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" &&
_setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
_info "Set config success!" _info "Set config success!"
else else
_err "Config exim4 server error, please report bug to us." _err "Config exim4 server error, please report bug to us."

10
deploy/ssh.sh

@ -195,8 +195,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
fi fi
if [ -n "$Le_Deploy_ssh_cafile" ]; then if [ -n "$Le_Deploy_ssh_cafile" ]; then
_pipe=">" _pipe=">"
if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] \
|| [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] ||
[ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
# if filename is same as previous file then append. # if filename is same as previous file then append.
_pipe=">>" _pipe=">>"
elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
@ -222,9 +222,9 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
fi fi
if [ -n "$Le_Deploy_ssh_fullchain" ]; then if [ -n "$Le_Deploy_ssh_fullchain" ]; then
_pipe=">" _pipe=">"
if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] \
|| [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] \
|| [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] ||
[ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] ||
[ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
# if filename is same as previous file then append. # if filename is same as previous file then append.
_pipe=">>" _pipe=">>"
elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then

6
deploy/vsftpd.sh

@ -65,9 +65,9 @@ vsftpd_deploy() {
cp "$_vsftpd_conf" "$_backup_conf" cp "$_vsftpd_conf" "$_backup_conf"
_info "Modify vsftpd conf: $_vsftpd_conf" _info "Modify vsftpd conf: $_vsftpd_conf"
if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" \
&& _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" \
&& _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" &&
_setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" &&
_setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
_info "Set config success!" _info "Set config success!"
else else
_err "Config vsftpd server error, please report bug to us." _err "Config vsftpd server error, please report bug to us."

12
dnsapi/dns_aws.sh

@ -222,10 +222,10 @@ _use_instance_role() {
_use_metadata() { _use_metadata() {
_aws_creds="$( _aws_creds="$(
_get "$1" "" 1 \
| _normalizeJson \
| tr '{,}' '\n' \
| while read -r _line; do
_get "$1" "" 1 |
_normalizeJson |
tr '{,}' '\n' |
while read -r _line; do
_key="$(echo "${_line%%:*}" | tr -d '"')" _key="$(echo "${_line%%:*}" | tr -d '"')"
_value="${_line#*:}" _value="${_line#*:}"
_debug3 "_key" "$_key" _debug3 "_key" "$_key"
@ -235,8 +235,8 @@ _use_metadata() {
SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;; SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;;
Token) echo "AWS_SESSION_TOKEN=$_value" ;; Token) echo "AWS_SESSION_TOKEN=$_value" ;;
esac esac
done \
| paste -sd' ' -
done |
paste -sd' ' -
)" )"
_secure_debug "_aws_creds" "$_aws_creds" _secure_debug "_aws_creds" "$_aws_creds"

2
dnsapi/dns_azure.sh

@ -220,7 +220,7 @@ _azure_rest() {
export _H2="accept: application/json" export _H2="accept: application/json"
export _H3="Content-Type: application/json" export _H3="Content-Type: application/json"
# clear headers from previous request to avoid getting wrong http code on timeouts # clear headers from previous request to avoid getting wrong http code on timeouts
:>"$HTTP_HEADER"
: >"$HTTP_HEADER"
_debug "$ep" _debug "$ep"
if [ "$m" != "GET" ]; then if [ "$m" != "GET" ]; then
_secure_debug2 "data $data" _secure_debug2 "data $data"

6
dnsapi/dns_conoha.sh

@ -115,9 +115,9 @@ dns_conoha_rm() {
return 1 return 1
fi fi
record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' \
| grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" \
| _head_n 1 | cut -d : -f 2 | tr -d \")
record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' |
grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" |
_head_n 1 | cut -d : -f 2 | tr -d \")
if [ -z "$record_id" ]; then if [ -z "$record_id" ]; then
_err "Can not get record id to remove." _err "Can not get record id to remove."
return 1 return 1

28
dnsapi/dns_cyon.sh

@ -18,23 +18,23 @@
######## ########
dns_cyon_add() { dns_cyon_add() {
_cyon_load_credentials \
&& _cyon_load_parameters "$@" \
&& _cyon_print_header "add" \
&& _cyon_login \
&& _cyon_change_domain_env \
&& _cyon_add_txt \
&& _cyon_logout
_cyon_load_credentials &&
_cyon_load_parameters "$@" &&
_cyon_print_header "add" &&
_cyon_login &&
_cyon_change_domain_env &&
_cyon_add_txt &&
_cyon_logout
} }
dns_cyon_rm() { dns_cyon_rm() {
_cyon_load_credentials \
&& _cyon_load_parameters "$@" \
&& _cyon_print_header "delete" \
&& _cyon_login \
&& _cyon_change_domain_env \
&& _cyon_delete_txt \
&& _cyon_logout
_cyon_load_credentials &&
_cyon_load_parameters "$@" &&
_cyon_print_header "delete" &&
_cyon_login &&
_cyon_change_domain_env &&
_cyon_delete_txt &&
_cyon_logout
} }
######################### #########################

24
dnsapi/dns_do.sh

@ -67,14 +67,14 @@ _dns_do_list_rrs() {
_err "getRRList origin ${_domain} failed" _err "getRRList origin ${_domain} failed"
return 1 return 1
fi fi
_rr_list="$(echo "${response}" \
| tr -d "\n\r\t" \
| sed -e 's/<item xsi:type="ns2:Map">/\n/g' \
| grep ">$(_regexcape "$fulldomain")</value>" \
| sed -e 's/<\/item>/\n/g' \
| grep '>id</key><value' \
| _egrep_o '>[0-9]{1,16}<' \
| tr -d '><')"
_rr_list="$(echo "${response}" |
tr -d "\n\r\t" |
sed -e 's/<item xsi:type="ns2:Map">/\n/g' |
grep ">$(_regexcape "$fulldomain")</value>" |
sed -e 's/<\/item>/\n/g' |
grep '>id</key><value' |
_egrep_o '>[0-9]{1,16}<' |
tr -d '><')"
[ "${_rr_list}" ] [ "${_rr_list}" ]
} }
@ -120,10 +120,10 @@ _get_root() {
i=1 i=1
_dns_do_soap getDomainList _dns_do_soap getDomainList
_all_domains="$(echo "${response}" \
| tr -d "\n\r\t " \
| _egrep_o 'domain</key><value[^>]+>[^<]+' \
| sed -e 's/^domain<\/key><value[^>]*>//g')"
_all_domains="$(echo "${response}" |
tr -d "\n\r\t " |
_egrep_o 'domain</key><value[^>]+>[^<]+' |
sed -e 's/^domain<\/key><value[^>]*>//g')"
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f $i-100)

18
dnsapi/dns_freedns.sh

@ -303,10 +303,10 @@ _freedns_domain_id() {
return 1 return 1
fi fi
domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
| grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" \
| sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' \
| cut -d = -f 2)"
domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' |
grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" |
sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' |
cut -d = -f 2)"
# The above beauty extracts domain ID from the html page... # The above beauty extracts domain ID from the html page...
# strip out all blank space and new lines. Then insert newlines # strip out all blank space and new lines. Then insert newlines
# before each table row <tr> # before each table row <tr>
@ -349,11 +349,11 @@ _freedns_data_id() {
return 1 return 1
fi fi
data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
| grep "<td[a-zA-Z=#]*>$record_type</td>" \
| grep "<ahref.*>$search_domain</a>" \
| sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' \
| cut -d = -f 2)"
data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' |
grep "<td[a-zA-Z=#]*>$record_type</td>" |
grep "<ahref.*>$search_domain</a>" |
sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' |
cut -d = -f 2)"
# The above beauty extracts data ID from the html page... # The above beauty extracts data ID from the html page...
# strip out all blank space and new lines. Then insert newlines # strip out all blank space and new lines. Then insert newlines
# before each table row <tr> # before each table row <tr>

16
dnsapi/dns_gandi_livedns.sh

@ -69,9 +69,9 @@ dns_gandi_livedns_rm() {
_gandi_livedns_rest PUT \ _gandi_livedns_rest PUT \
"domains/$_domain/records/$_sub_domain/TXT" \ "domains/$_domain/records/$_sub_domain/TXT" \
"{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" \
&& _contains "$response" '{"message": "DNS Record Created"}' \
&& _info "Removing record $(__green "success")"
"{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" &&
_contains "$response" '{"message": "DNS Record Created"}' &&
_info "Removing record $(__green "success")"
} }
#################### Private functions below ################################## #################### Private functions below ##################################
@ -125,9 +125,9 @@ _dns_gandi_append_record() {
fi fi
_debug new_rrset_values "$_rrset_values" _debug new_rrset_values "$_rrset_values"
_gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \ _gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
"{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" \
&& _contains "$response" '{"message": "DNS Record Created"}' \
&& _info "Adding record $(__green "success")"
"{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" &&
_contains "$response" '{"message": "DNS Record Created"}' &&
_info "Adding record $(__green "success")"
} }
_dns_gandi_existing_rrset_values() { _dns_gandi_existing_rrset_values() {
@ -145,8 +145,8 @@ _dns_gandi_existing_rrset_values() {
return 1 return 1
fi fi
_debug "Already has TXT record." _debug "Already has TXT record."
_rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' \
| _egrep_o '\[".*\"]')
_rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' |
_egrep_o '\[".*\"]')
return 0 return 0
} }

12
dnsapi/dns_gcloud.sh

@ -78,8 +78,8 @@ _dns_gcloud_execute_tr() {
for i in $(seq 1 120); do for i in $(seq 1 120); do
if gcloud dns record-sets changes list \ if gcloud dns record-sets changes list \
--zone="$managedZone" \ --zone="$managedZone" \
--filter='status != done' \
| grep -q '^.*'; then
--filter='status != done' |
grep -q '^.*'; then
_info "_dns_gcloud_execute_tr: waiting for transaction to be comitted ($i/120)..." _info "_dns_gcloud_execute_tr: waiting for transaction to be comitted ($i/120)..."
sleep 5 sleep 5
else else
@ -137,11 +137,11 @@ _dns_gcloud_find_zone() {
# List domains and find the zone with the deepest sub-domain (in case of some levels of delegation) # List domains and find the zone with the deepest sub-domain (in case of some levels of delegation)
if ! match=$(gcloud dns managed-zones list \ if ! match=$(gcloud dns managed-zones list \
--format="value(name, dnsName)" \ --format="value(name, dnsName)" \
--filter="$filter" \
| while read -r dnsName name; do
--filter="$filter" |
while read -r dnsName name; do
printf "%s\t%s\t%s\n" "$(echo "$name" | awk -F"." '{print NF-1}')" "$dnsName" "$name" printf "%s\t%s\t%s\n" "$(echo "$name" | awk -F"." '{print NF-1}')" "$dnsName" "$name"
done \
| sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
done |
sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
_err "_dns_gcloud_find_zone: Can't find a matching managed zone! Perhaps wrong project or gcloud credentials?" _err "_dns_gcloud_find_zone: Can't find a matching managed zone! Perhaps wrong project or gcloud credentials?"
return 1 return 1
fi fi

4
dnsapi/dns_he.sh

@ -101,8 +101,8 @@ dns_he_rm() {
body="$body&hosted_dns_editzone=1" body="$body&hosted_dns_editzone=1"
body="$body&hosted_dns_delrecord=1" body="$body&hosted_dns_delrecord=1"
body="$body&hosted_dns_delconfirm=delete" body="$body&hosted_dns_delconfirm=delete"
_post "$body" "https://dns.he.net/" \
| grep '<div id="dns_status" onClick="hideThis(this);">Successfully removed record.</div>' \
_post "$body" "https://dns.he.net/" |
grep '<div id="dns_status" onClick="hideThis(this);">Successfully removed record.</div>' \
>/dev/null >/dev/null
exit_code="$?" exit_code="$?"
if [ "$exit_code" -eq 0 ]; then if [ "$exit_code" -eq 0 ]; then

8
dnsapi/dns_hetzner.sh

@ -123,10 +123,10 @@ _find_record() {
return 1 return 1
else else
_record_id=$( _record_id=$(
echo "$response" \
| grep -o "{[^\{\}]*\"name\":\"$_record_name\"[^\}]*}" \
| grep "\"value\":\"$_record_value\"" \
| while read -r record; do
echo "$response" |
grep -o "{[^\{\}]*\"name\":\"$_record_name\"[^\}]*}" |
grep "\"value\":\"$_record_value\"" |
while read -r record; do
# test for type and # test for type and
if [ -n "$(echo "$record" | _egrep_o '"type":"TXT"')" ]; then if [ -n "$(echo "$record" | _egrep_o '"type":"TXT"')" ]; then
echo "$record" | _egrep_o '"id":"[^"]*"' | cut -d : -f 2 | tr -d \" echo "$record" | _egrep_o '"id":"[^"]*"' | cut -d : -f 2 | tr -d \"

2
dnsapi/dns_netlify.sh

@ -144,7 +144,7 @@ _netlify_rest() {
export _H1="Content-Type: application/json" export _H1="Content-Type: application/json"
export _H2="Authorization: Bearer $token_trimmed" export _H2="Authorization: Bearer $token_trimmed"
:>"$HTTP_HEADER"
: >"$HTTP_HEADER"
if [ "$m" != "GET" ]; then if [ "$m" != "GET" ]; then
_debug data "$data" _debug data "$data"

39
dnsapi/dns_pleskxml.sh

@ -136,11 +136,12 @@ dns_pleskxml_rm() {
# Reduce output to one line per DNS record, filtered for TXT records with a record ID only (which they should all have) # Reduce output to one line per DNS record, filtered for TXT records with a record ID only (which they should all have)
# Also strip out spaces between tags, redundant <data> and </data> group tags and any <self-closing/> tags # Also strip out spaces between tags, redundant <data> and </data> group tags and any <self-closing/> tags
reclist="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' \
| sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' \
| grep "<site-id>${root_domain_id}</site-id>" \
| grep '<id>[0-9]\{1,\}</id>' \
| grep '<type>TXT</type>'
reclist="$(
_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' |
sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' |
grep "<site-id>${root_domain_id}</site-id>" |
grep '<id>[0-9]\{1,\}</id>' |
grep '<type>TXT</type>'
)" )"
if [ -z "$reclist" ]; then if [ -z "$reclist" ]; then
@ -151,10 +152,11 @@ dns_pleskxml_rm() {
_debug "Got list of DNS TXT records for root domain '$root_domain_name':" _debug "Got list of DNS TXT records for root domain '$root_domain_name':"
_debug "$reclist" _debug "$reclist"
recid="$(_value "$reclist" \
| grep "<host>${fulldomain}.</host>" \
| grep "<value>${txtvalue}</value>" \
| sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
recid="$(
_value "$reclist" |
grep "<host>${fulldomain}.</host>" |
grep "<value>${txtvalue}</value>" |
sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
)" )"
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
@ -220,11 +222,11 @@ _countdots() {
# Last line could change to <sed -n '/.../p'> instead, with suitable escaping of ['"/$], # Last line could change to <sed -n '/.../p'> instead, with suitable escaping of ['"/$],
# if future Plesk XML API changes ever require extended regex # if future Plesk XML API changes ever require extended regex
_api_response_split() { _api_response_split() {
printf '%s' "$1" \
| sed 's/^ +//;s/ +$//' \
| tr -d '\n\r' \
| sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" \
| grep "$3"
printf '%s' "$1" |
sed 's/^ +//;s/ +$//' |
tr -d '\n\r' |
sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" |
grep "$3"
} }
#################### Private functions below (DNS functions) ################################## #################### Private functions below (DNS functions) ##################################
@ -265,10 +267,11 @@ _call_api() {
# - filter output to keep only lines like this: "SPACES<TAG>text</TAG>SPACES" (shouldn't be necessary with prettyprint but guarantees subsequent code is ok) # - filter output to keep only lines like this: "SPACES<TAG>text</TAG>SPACES" (shouldn't be necessary with prettyprint but guarantees subsequent code is ok)
# - then edit the 3 "useful" error tokens individually and remove closing tags on all lines # - then edit the 3 "useful" error tokens individually and remove closing tags on all lines
# - then filter again to remove all lines not edited (which will be the lines not starting A-Z) # - then filter again to remove all lines not edited (which will be the lines not starting A-Z)
errtext="$(_value "$pleskxml_prettyprint_result" \
| grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' \
| sed 's/^ *<status>/Status: /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' \
| grep '^[A-Z]'
errtext="$(
_value "$pleskxml_prettyprint_result" |
grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' |
sed 's/^ *<status>/Status: /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' |
grep '^[A-Z]'
)" )"
fi fi

Loading…
Cancel
Save