Browse Source

Merge pull request #1 from linux-insideDE/netcup-api

Netcup api
pull/1597/head
linux-insideDE 7 years ago
committed by GitHub
parent
commit
507ccd7717
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      README.md
  2. 20
      deploy/README.md
  3. 36
      deploy/haproxy.sh
  4. 18
      dnsapi/README.md
  5. 133
      dnsapi/dns_netcup.sh

1
README.md

@ -320,6 +320,7 @@ You don't have to do anything manually!
1. Loopia.se API
1. acme-dns (https://github.com/joohoi/acme-dns)
1. TELE3 (https://www.tele3.cz)
1. Netcup DNS API (https://www.netcup.de)
And:

20
deploy/README.md

@ -255,3 +255,23 @@ acme.sh --deploy -d fritzbox.example.com --deploy-hook fritzbox
```sh
acme.sh --deploy -d ftp.example.com --deploy-hook strongswan
```
## 10. Deploy the cert to HAProxy
You must specify the path where you want the concatenated key and certificate chain written.
```sh
export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy
```
You may optionally define the command to reload HAProxy. The value shown below will be used as the default if you don't set this environment variable.
```sh
export DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
```
You can then deploy the certificate as follows
```sh
acme.sh --deploy -d haproxy.example.com --deploy-hook haproxy
```
The path for the PEM file will be stored with the domain configuration and will be available when renewing, so that deploy will happen automatically when renewed.

36
deploy/haproxy.sh

@ -20,7 +20,39 @@ haproxy_deploy() {
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
_err "deploy cert to haproxy server, Not implemented yet"
return 1
# handle reload preference
DEFAULT_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
if [ -z "${DEPLOY_HAPROXY_RELOAD}" ]; then
_reload="${DEFAULT_HAPROXY_RELOAD}"
_cleardomainconf DEPLOY_HAPROXY_RELOAD
else
_reload="${DEPLOY_HAPROXY_RELOAD}"
_savedomainconf DEPLOY_HAPROXY_RELOAD "$DEPLOY_HAPROXY_RELOAD"
fi
_savedomainconf DEPLOY_HAPROXY_PEM_PATH "$DEPLOY_HAPROXY_PEM_PATH"
# work out the path where the PEM file should go
_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
if [ -z "$_pem_path" ]; then
_err "Path to save PEM file not found. Please define DEPLOY_HAPROXY_PEM_PATH."
return 1
fi
_pem_full_path="$_pem_path/$_cdomain.pem"
_info "Full path to PEM $_pem_full_path"
# combine the key and fullchain into a single pem and install
cat "$_cfullchain" "$_ckey" >"$_pem_full_path"
chmod 600 "$_pem_full_path"
_info "Certificate successfully deployed"
# restart HAProxy
_info "Run reload: $_reload"
if eval "$_reload"; then
_info "Reload success!"
return 0
else
_err "Reload error"
return 1
fi
}

18
dnsapi/README.md

@ -876,6 +876,24 @@ acme.sh --issue --dns dns_tele3 -d example.com -d *.example.com
```
The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.
## 47. Use Netcup DNS API to automatically issue cert
First you need to login to your CCP account to get your API Key and API Password.
```
export NC_Apikey="<Apikey>"
export NC_Apipw="<Apipassword>"
export NC_CID="<Customernumber>"
```
Now, let's issue a cert:
```
acme.sh --issue --dns dns_netcup -d example.com -d www.example.com
```
The `NC_Apikey`,`NC_Apipw` and `NC_CID` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
# Use custom API
If your API is not supported yet, you can write your own DNS API.

133
dnsapi/dns_netcup.sh

@ -0,0 +1,133 @@
#!/usr/bin/env sh
#Requirments: jq
NC_Apikey="${NC_Apikey:-$(_readaccountconf_mutable NC_Apikey)}"
NC_Apipw="${NC_Apipw:-$(_readaccountconf_mutable NC_Apipw)}"
NC_CID="${NC_CID:-$(_readaccountconf_mutable NC_CID)}"
end=https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON
client=""
dns_netcup_add() {
login
if [ "$NC_Apikey" = "" ] || [ "$NC_Apipw" = "" ] || [ "$NC_CID" = "" ]; then
_err "No Credentials given"
return 1
fi
fulldomain=$1
txtvalue=$2
tld=""
domain=""
exit=0
for (( i=20; i>0; i--))
do
tmp=$(cut -d'.' -f$i <<< $fulldomain)
if [ "$tmp" != "" ]; then
if [ "$tld" = "" ]; then
tld=$tmp
else
domain=$tmp
exit=$i
break;
fi
fi
done
inc=""
for (( i=1; i<($exit); i++))
do
if [ "$((exit-1))" = "$i" ]; then
inc="$inc$i"
break;
else
if [ "$inc" = "" ]; then
inc="$i,"
else
inc="$inc$i,"
fi
fi
done
tmp=$(cut -d'.' -f$inc <<< $fulldomain)
msg=$(_post "{\"action\": \"updateDnsRecords\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\",\"clientrequestid\": \"$client\" , \"domainname\": \"$domain.$tld\", \"dnsrecordset\": { \"dnsrecords\": [ {\"id\": \"\", \"hostname\": \"$tmp\", \"type\": \"TXT\", \"priority\": \"\", \"destination\": \"$txtvalue\", \"deleterecord\": \"false\", \"state\": \"yes\"} ]}}}" $end "" "POST")
_debug "$msg"
if [ $(echo $msg | jq -r .status) != "success" ]; then
_err "$msg"
return 1
fi
logout
}
dns_netcup_rm() {
login
fulldomain=$1
txtvalue=$2
tld=""
domain=""
exit=0
for (( i=20; i>0; i--))
do
tmp=$(cut -d'.' -f$i <<< $fulldomain)
if [ "$tmp" != "" ]; then
if [ "$tld" = "" ]; then
tld=$tmp
else
domain=$tmp
exit=$i
break;
fi
fi
done
inc=""
for (( i=1; i<($exit); i++))
do
if [ "$((exit-1))" = "$i" ]; then
inc="$inc$i"
break;
else
if [ "$inc" = "" ]; then
inc="$i,"
else
inc="$inc$i,"
fi
fi
done
tmp=$(cut -d'.' -f$inc <<< $fulldomain)
doma="$domain.$tld"
rec=$(getRecords $doma)
ids=$(echo $rec | jq -r ".[]|select(.destination==\"$txtvalue\")|.id")
msg=$(_post "{\"action\": \"updateDnsRecords\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\",\"clientrequestid\": \"$client\" , \"domainname\": \"$doma\", \"dnsrecordset\": { \"dnsrecords\": [ {\"id\": \"$ids\", \"hostname\": \"$tmp\", \"type\": \"TXT\", \"priority\": \"\", \"destination\": \"$txtvalue\", \"deleterecord\": \"TRUE\", \"state\": \"yes\"} ]}}}" $end "" "POST")
_debug "$msg"
if [ $(echo $msg | jq -r .status) != "success" ]; then
_err "$msg"
return 1
fi
logout
}
login() {
tmp=$(_post '{"action": "login", "param": {"apikey": "'$NC_Apikey'", "apipassword": "'$NC_Apipw'", "customernumber": "'$NC_CID'"}}' $end "" "POST")
sid=$(echo ${tmp} | jq -r .responsedata.apisessionid)
_debug "$tmp"
if [ $(echo $tmp | jq -r .status) != "success" ]; then
_err "$tmp"
return 1
fi
}
logout() {
tmp=$(_post '{"action": "logout", "param": {"apikey": "'$NC_Apikey'", "apisessionid": "'$sid'", "customernumber": "'$NC_CID'"}}' $end "" "POST")
_debug "$tmp"
if [ $(echo $tmp | jq -r .status) != "success" ]; then
_err "$tmp"
return 1
fi
}
getRecords() {
tmp2=$(_post "{\"action\": \"infoDnsRecords\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\", \"domainname\": \"$1\"}}" $end "" "POST")
xxd=$(echo ${tmp2} | jq -r '.responsedata.dnsrecords | .[]')
xcd=$(echo $xxd | sed 's/} {/},{/g')
echo "[ $xcd ]"
_debug "$tmp2"
if [ $(echo $tmp2 | jq -r .status) != "success" ]; then
_err "$tmp2"
return 1
fi
}
Loading…
Cancel
Save