Browse Source

Merge pull request #1 from linux-insideDE/netcup-api

Netcup api
pull/1597/head
linux-insideDE 7 years ago
committed by GitHub
parent
commit
507ccd7717
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      README.md
  2. 20
      deploy/README.md
  3. 36
      deploy/haproxy.sh
  4. 18
      dnsapi/README.md
  5. 133
      dnsapi/dns_netcup.sh

1
README.md

@ -320,6 +320,7 @@ You don't have to do anything manually!
1. Loopia.se API 1. Loopia.se API
1. acme-dns (https://github.com/joohoi/acme-dns) 1. acme-dns (https://github.com/joohoi/acme-dns)
1. TELE3 (https://www.tele3.cz) 1. TELE3 (https://www.tele3.cz)
1. Netcup DNS API (https://www.netcup.de)
And: And:

20
deploy/README.md

@ -255,3 +255,23 @@ acme.sh --deploy -d fritzbox.example.com --deploy-hook fritzbox
```sh ```sh
acme.sh --deploy -d ftp.example.com --deploy-hook strongswan acme.sh --deploy -d ftp.example.com --deploy-hook strongswan
``` ```
## 10. Deploy the cert to HAProxy
You must specify the path where you want the concatenated key and certificate chain written.
```sh
export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy
```
You may optionally define the command to reload HAProxy. The value shown below will be used as the default if you don't set this environment variable.
```sh
export DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
```
You can then deploy the certificate as follows
```sh
acme.sh --deploy -d haproxy.example.com --deploy-hook haproxy
```
The path for the PEM file will be stored with the domain configuration and will be available when renewing, so that deploy will happen automatically when renewed.

36
deploy/haproxy.sh

@ -20,7 +20,39 @@ haproxy_deploy() {
_debug _cca "$_cca" _debug _cca "$_cca"
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
_err "deploy cert to haproxy server, Not implemented yet"
return 1
# handle reload preference
DEFAULT_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
if [ -z "${DEPLOY_HAPROXY_RELOAD}" ]; then
_reload="${DEFAULT_HAPROXY_RELOAD}"
_cleardomainconf DEPLOY_HAPROXY_RELOAD
else
_reload="${DEPLOY_HAPROXY_RELOAD}"
_savedomainconf DEPLOY_HAPROXY_RELOAD "$DEPLOY_HAPROXY_RELOAD"
fi
_savedomainconf DEPLOY_HAPROXY_PEM_PATH "$DEPLOY_HAPROXY_PEM_PATH"
# work out the path where the PEM file should go
_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
if [ -z "$_pem_path" ]; then
_err "Path to save PEM file not found. Please define DEPLOY_HAPROXY_PEM_PATH."
return 1
fi
_pem_full_path="$_pem_path/$_cdomain.pem"
_info "Full path to PEM $_pem_full_path"
# combine the key and fullchain into a single pem and install
cat "$_cfullchain" "$_ckey" >"$_pem_full_path"
chmod 600 "$_pem_full_path"
_info "Certificate successfully deployed"
# restart HAProxy
_info "Run reload: $_reload"
if eval "$_reload"; then
_info "Reload success!"
return 0
else
_err "Reload error"
return 1
fi
} }

18
dnsapi/README.md

@ -876,6 +876,24 @@ acme.sh --issue --dns dns_tele3 -d example.com -d *.example.com
``` ```
The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed. The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.
## 47. Use Netcup DNS API to automatically issue cert
First you need to login to your CCP account to get your API Key and API Password.
```
export NC_Apikey="<Apikey>"
export NC_Apipw="<Apipassword>"
export NC_CID="<Customernumber>"
```
Now, let's issue a cert:
```
acme.sh --issue --dns dns_netcup -d example.com -d www.example.com
```
The `NC_Apikey`,`NC_Apipw` and `NC_CID` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
# Use custom API # Use custom API
If your API is not supported yet, you can write your own DNS API. If your API is not supported yet, you can write your own DNS API.

133
dnsapi/dns_netcup.sh

@ -0,0 +1,133 @@
#!/usr/bin/env sh
#Requirments: jq
NC_Apikey="${NC_Apikey:-$(_readaccountconf_mutable NC_Apikey)}"
NC_Apipw="${NC_Apipw:-$(_readaccountconf_mutable NC_Apipw)}"
NC_CID="${NC_CID:-$(_readaccountconf_mutable NC_CID)}"
end=https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON
client=""
dns_netcup_add() {
login
if [ "$NC_Apikey" = "" ] || [ "$NC_Apipw" = "" ] || [ "$NC_CID" = "" ]; then
_err "No Credentials given"
return 1
fi
fulldomain=$1
txtvalue=$2
tld=""
domain=""
exit=0
for (( i=20; i>0; i--))
do
tmp=$(cut -d'.' -f$i <<< $fulldomain)
if [ "$tmp" != "" ]; then
if [ "$tld" = "" ]; then
tld=$tmp
else
domain=$tmp
exit=$i
break;
fi
fi
done
inc=""
for (( i=1; i<($exit); i++))
do
if [ "$((exit-1))" = "$i" ]; then
inc="$inc$i"
break;
else
if [ "$inc" = "" ]; then
inc="$i,"
else
inc="$inc$i,"
fi
fi
done
tmp=$(cut -d'.' -f$inc <<< $fulldomain)
msg=$(_post "{\"action\": \"updateDnsRecords\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\",\"clientrequestid\": \"$client\" , \"domainname\": \"$domain.$tld\", \"dnsrecordset\": { \"dnsrecords\": [ {\"id\": \"\", \"hostname\": \"$tmp\", \"type\": \"TXT\", \"priority\": \"\", \"destination\": \"$txtvalue\", \"deleterecord\": \"false\", \"state\": \"yes\"} ]}}}" $end "" "POST")
_debug "$msg"
if [ $(echo $msg | jq -r .status) != "success" ]; then
_err "$msg"
return 1
fi
logout
}
dns_netcup_rm() {
login
fulldomain=$1
txtvalue=$2
tld=""
domain=""
exit=0
for (( i=20; i>0; i--))
do
tmp=$(cut -d'.' -f$i <<< $fulldomain)
if [ "$tmp" != "" ]; then
if [ "$tld" = "" ]; then
tld=$tmp
else
domain=$tmp
exit=$i
break;
fi
fi
done
inc=""
for (( i=1; i<($exit); i++))
do
if [ "$((exit-1))" = "$i" ]; then
inc="$inc$i"
break;
else
if [ "$inc" = "" ]; then
inc="$i,"
else
inc="$inc$i,"
fi
fi
done
tmp=$(cut -d'.' -f$inc <<< $fulldomain)
doma="$domain.$tld"
rec=$(getRecords $doma)
ids=$(echo $rec | jq -r ".[]|select(.destination==\"$txtvalue\")|.id")
msg=$(_post "{\"action\": \"updateDnsRecords\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\",\"clientrequestid\": \"$client\" , \"domainname\": \"$doma\", \"dnsrecordset\": { \"dnsrecords\": [ {\"id\": \"$ids\", \"hostname\": \"$tmp\", \"type\": \"TXT\", \"priority\": \"\", \"destination\": \"$txtvalue\", \"deleterecord\": \"TRUE\", \"state\": \"yes\"} ]}}}" $end "" "POST")
_debug "$msg"
if [ $(echo $msg | jq -r .status) != "success" ]; then
_err "$msg"
return 1
fi
logout
}
login() {
tmp=$(_post '{"action": "login", "param": {"apikey": "'$NC_Apikey'", "apipassword": "'$NC_Apipw'", "customernumber": "'$NC_CID'"}}' $end "" "POST")
sid=$(echo ${tmp} | jq -r .responsedata.apisessionid)
_debug "$tmp"
if [ $(echo $tmp | jq -r .status) != "success" ]; then
_err "$tmp"
return 1
fi
}
logout() {
tmp=$(_post '{"action": "logout", "param": {"apikey": "'$NC_Apikey'", "apisessionid": "'$sid'", "customernumber": "'$NC_CID'"}}' $end "" "POST")
_debug "$tmp"
if [ $(echo $tmp | jq -r .status) != "success" ]; then
_err "$tmp"
return 1
fi
}
getRecords() {
tmp2=$(_post "{\"action\": \"infoDnsRecords\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\", \"domainname\": \"$1\"}}" $end "" "POST")
xxd=$(echo ${tmp2} | jq -r '.responsedata.dnsrecords | .[]')
xcd=$(echo $xxd | sed 's/} {/},{/g')
echo "[ $xcd ]"
_debug "$tmp2"
if [ $(echo $tmp2 | jq -r .status) != "success" ]; then
_err "$tmp2"
return 1
fi
}
Loading…
Cancel
Save