Gerardo
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
92 changed files with 7203 additions and 1442 deletions
-
40.github/auto-comment.yml
-
39.github/workflows/DNS.yml
-
63.github/workflows/FreeBSD.yml
-
147.github/workflows/LetsEncrypt.yml
-
41.github/workflows/Linux.yml
-
55.github/workflows/MacOS.yml
-
33.github/workflows/PebbleStrict.yml
-
61.github/workflows/Solaris.yml
-
86.github/workflows/Ubuntu.yml
-
73.github/workflows/Windows.yml
-
15.github/workflows/dockerhub.yml
-
4.github/workflows/shellcheck.yml
-
12Dockerfile
-
81README.md
-
1111acme.sh
-
30deploy/cleverreach.sh
-
98deploy/consul.sh
-
1deploy/docker.sh
-
46deploy/fritzbox.sh
-
13deploy/gcore_cdn.sh
-
25deploy/haproxy.sh
-
2deploy/kong.sh
-
280deploy/lighttpd.sh
-
23deploy/mailcow.sh
-
156deploy/openmediavault.sh
-
123deploy/peplink.sh
-
118deploy/routeros.sh
-
27deploy/ssh.sh
-
79deploy/synology_dsm.sh
-
202deploy/truenas.sh
-
194deploy/unifi.sh
-
11deploy/vault.sh
-
10deploy/vault_cli.sh
-
89dnsapi/dns_1984hosting.sh
-
63dnsapi/dns_acmedns.sh
-
41dnsapi/dns_arvan.sh
-
171dnsapi/dns_aurora.sh
-
2dnsapi/dns_aws.sh
-
204dnsapi/dns_azion.sh
-
64dnsapi/dns_azure.sh
-
6dnsapi/dns_cf.sh
-
24dnsapi/dns_cloudns.sh
-
43dnsapi/dns_constellix.sh
-
159dnsapi/dns_cpanel.sh
-
159dnsapi/dns_curanet.sh
-
4dnsapi/dns_ddnss.sh
-
25dnsapi/dns_desec.sh
-
87dnsapi/dns_dnshome.sh
-
2dnsapi/dns_dp.sh
-
10dnsapi/dns_dpi.sh
-
8dnsapi/dns_duckdns.sh
-
5dnsapi/dns_gcloud.sh
-
232dnsapi/dns_geoscaling.sh
-
2dnsapi/dns_he.sh
-
64dnsapi/dns_huaweicloud.sh
-
25dnsapi/dns_infoblox.sh
-
163dnsapi/dns_ionos.sh
-
24dnsapi/dns_ispconfig.sh
-
6dnsapi/dns_knot.sh
-
3dnsapi/dns_linode_v4.sh
-
48dnsapi/dns_loopia.sh
-
261dnsapi/dns_mythic_beasts.sh
-
10dnsapi/dns_namecheap.sh
-
8dnsapi/dns_netcup.sh
-
2dnsapi/dns_nsd.sh
-
324dnsapi/dns_oci.sh
-
56dnsapi/dns_one.sh
-
3dnsapi/dns_opnsense.sh
-
4dnsapi/dns_ovh.sh
-
13dnsapi/dns_pdns.sh
-
157dnsapi/dns_porkbun.sh
-
156dnsapi/dns_rackcorp.sh
-
5dnsapi/dns_rackspace.sh
-
5dnsapi/dns_regru.sh
-
176dnsapi/dns_scaleway.sh
-
26dnsapi/dns_servercow.sh
-
269dnsapi/dns_simply.sh
-
160dnsapi/dns_udr.sh
-
158dnsapi/dns_veesp.sh
-
6dnsapi/dns_vultr.sh
-
207dnsapi/dns_websupport.sh
-
49dnsapi/dns_world4you.sh
-
51notify/bark.sh
-
57notify/discord.sh
-
48notify/feishu.sh
-
62notify/gotify.sh
-
5notify/mail.sh
-
44notify/pushbullet.sh
-
8notify/sendgrid.sh
-
398notify/smtp.sh
-
52notify/telegram.sh
-
49notify/weixin_work.sh
@ -1,40 +0,0 @@ |
|||||
# Comment to a new issue. |
|
||||
issuesOpened: > |
|
||||
If this is a bug report, please upgrade to the latest code and try again: |
|
||||
|
|
||||
如果有 bug, 请先更新到最新版试试: |
|
||||
|
|
||||
``` |
|
||||
acme.sh --upgrade |
|
||||
``` |
|
||||
|
|
||||
please also provide the log with `--debug 2`. |
|
||||
|
|
||||
同时请提供调试输出 `--debug 2` |
|
||||
|
|
||||
see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh |
|
||||
|
|
||||
Without `--debug 2` log, your issue will NEVER get replied. |
|
||||
|
|
||||
没有调试输出, 你的 issue 不会得到任何解答. |
|
||||
|
|
||||
|
|
||||
pullRequestOpened: > |
|
||||
First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead. |
|
||||
|
|
||||
If this is a PR to support new DNS API or new notification API, please read this guide first: |
|
||||
https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|
||||
|
|
||||
Please check the guide items one by one. |
|
||||
|
|
||||
Then add your usage here: |
|
||||
https://github.com/acmesh-official/acme.sh/wiki/dnsapi |
|
||||
|
|
||||
Or some other wiki pages: |
|
||||
|
|
||||
https://github.com/acmesh-official/acme.sh/wiki/deployhooks |
|
||||
|
|
||||
https://github.com/acmesh-official/acme.sh/wiki/notify |
|
||||
|
|
||||
|
|
||||
|
|
@ -0,0 +1,63 @@ |
|||||
|
name: FreeBSD |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/FreeBSD.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/FreeBSD.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
FreeBSD: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
TEST_PREFERRED_CHAIN: "" |
||||
|
runs-on: macos-10.15 |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- uses: vmactions/cf-tunnel@v0.0.3 |
||||
|
id: tunnel |
||||
|
with: |
||||
|
protocol: http |
||||
|
port: 8080 |
||||
|
- name: Set envs |
||||
|
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- uses: vmactions/freebsd-vm@v0.1.5 |
||||
|
with: |
||||
|
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' |
||||
|
nat: | |
||||
|
"8080": "80" |
||||
|
prepare: pkg install -y socat curl |
||||
|
usesh: true |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& ./letest.sh |
||||
|
|
||||
|
|
@ -1,147 +0,0 @@ |
|||||
name: LetsEncrypt |
|
||||
on: |
|
||||
push: |
|
||||
branches: |
|
||||
- '*' |
|
||||
paths: |
|
||||
- '**.sh' |
|
||||
- '**.yml' |
|
||||
pull_request: |
|
||||
branches: |
|
||||
- dev |
|
||||
paths: |
|
||||
- '**.sh' |
|
||||
- '**.yml' |
|
||||
|
|
||||
|
|
||||
jobs: |
|
||||
CheckToken: |
|
||||
runs-on: ubuntu-latest |
|
||||
outputs: |
|
||||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|
||||
env: |
|
||||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|
||||
steps: |
|
||||
- name: Set the value |
|
||||
id: step_one |
|
||||
run: | |
|
||||
if [ "$NGROK_TOKEN" ] ; then |
|
||||
echo "::set-output name=hasToken::true" |
|
||||
else |
|
||||
echo "::set-output name=hasToken::false" |
|
||||
fi |
|
||||
- name: Check the value |
|
||||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|
||||
|
|
||||
Ubuntu: |
|
||||
runs-on: ubuntu-latest |
|
||||
needs: CheckToken |
|
||||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|
||||
env: |
|
||||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|
||||
TEST_LOCAL: 1 |
|
||||
steps: |
|
||||
- uses: actions/checkout@v2 |
|
||||
- name: Install tools |
|
||||
run: sudo apt-get install -y socat |
|
||||
- name: Clone acmetest |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- name: Run acmetest |
|
||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|
||||
|
|
||||
MacOS: |
|
||||
runs-on: macos-latest |
|
||||
needs: Ubuntu |
|
||||
env: |
|
||||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|
||||
TEST_LOCAL: 1 |
|
||||
steps: |
|
||||
- uses: actions/checkout@v2 |
|
||||
- name: Install tools |
|
||||
run: brew install socat |
|
||||
- name: Clone acmetest |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- name: Run acmetest |
|
||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|
||||
|
|
||||
Windows: |
|
||||
runs-on: windows-latest |
|
||||
needs: MacOS |
|
||||
env: |
|
||||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|
||||
TEST_LOCAL: 1 |
|
||||
#The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port. |
|
||||
Le_HTTPPort: 8888 |
|
||||
steps: |
|
||||
- name: Set git to use LF |
|
||||
run: | |
|
||||
git config --global core.autocrlf false |
|
||||
- uses: actions/checkout@v2 |
|
||||
- name: Install cygwin base packages with chocolatey |
|
||||
run: | |
|
||||
choco config get cacheLocation |
|
||||
choco install --no-progress cygwin |
|
||||
shell: cmd |
|
||||
- name: Install cygwin additional packages |
|
||||
run: | |
|
||||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|
||||
shell: cmd |
|
||||
- name: Set ENV |
|
||||
shell: cmd |
|
||||
run: | |
|
||||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% |
|
||||
- name: Check ENV |
|
||||
shell: cmd |
|
||||
run: | |
|
||||
echo "PATH=%PATH%" |
|
||||
- name: Clone acmetest |
|
||||
shell: cmd |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- name: Run acmetest |
|
||||
shell: cmd |
|
||||
run: cd ../acmetest && bash.exe -c ./letest.sh |
|
||||
|
|
||||
FreeBSD: |
|
||||
runs-on: macos-latest |
|
||||
needs: Windows |
|
||||
env: |
|
||||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|
||||
TEST_LOCAL: 1 |
|
||||
steps: |
|
||||
- uses: actions/checkout@v2 |
|
||||
- name: Clone acmetest |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- uses: vmactions/freebsd-vm@v0.0.7 |
|
||||
with: |
|
||||
envs: 'NGROK_TOKEN TEST_LOCAL' |
|
||||
prepare: pkg install -y socat curl |
|
||||
usesh: true |
|
||||
run: | |
|
||||
cd ../acmetest && ./letest.sh |
|
||||
|
|
||||
Solaris: |
|
||||
runs-on: macos-latest |
|
||||
needs: FreeBSD |
|
||||
env: |
|
||||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|
||||
TEST_LOCAL: 1 |
|
||||
steps: |
|
||||
- uses: actions/checkout@v2 |
|
||||
- uses: vmactions/ngrok-tunnel@v0.0.1 |
|
||||
id: ngrok |
|
||||
with: |
|
||||
protocol: http |
|
||||
port: 8080 |
|
||||
- name: Set envs |
|
||||
run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV |
|
||||
- name: Clone acmetest |
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|
||||
- uses: vmactions/solaris-vm@v0.0.1 |
|
||||
with: |
|
||||
envs: 'TEST_LOCAL TestingDomain' |
|
||||
nat: | |
|
||||
"8080": "80" |
|
||||
prepare: pkgutil -y -i socat curl |
|
||||
run: | |
|
||||
cd ../acmetest && ./letest.sh |
|
||||
|
|
@ -0,0 +1,41 @@ |
|||||
|
name: Linux |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Linux.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Linux.yml' |
||||
|
|
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Linux: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:7", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] |
||||
|
runs-on: ubuntu-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Clone acmetest |
||||
|
run: | |
||||
|
cd .. \ |
||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \ |
||||
|
&& cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& ./rundocker.sh testplat ${{ matrix.os }} |
||||
|
|
||||
|
|
||||
|
|
@ -0,0 +1,55 @@ |
|||||
|
name: MacOS |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/MacOS.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/MacOS.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
MacOS: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
TEST_PREFERRED_CHAIN: "" |
||||
|
runs-on: macos-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Install tools |
||||
|
run: brew install socat |
||||
|
- name: Clone acmetest |
||||
|
run: | |
||||
|
cd .. \ |
||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \ |
||||
|
&& cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& sudo --preserve-env ./letest.sh |
||||
|
|
||||
|
|
@ -0,0 +1,61 @@ |
|||||
|
name: Solaris |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Solaris.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Solaris.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Solaris: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
TEST_PREFERRED_CHAIN: "" |
||||
|
runs-on: macos-10.15 |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- uses: vmactions/cf-tunnel@v0.0.3 |
||||
|
id: tunnel |
||||
|
with: |
||||
|
protocol: http |
||||
|
port: 8080 |
||||
|
- name: Set envs |
||||
|
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- uses: vmactions/solaris-vm@v0.0.5 |
||||
|
with: |
||||
|
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' |
||||
|
nat: | |
||||
|
"8080": "80" |
||||
|
prepare: pkgutil -y -i socat curl |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& ./letest.sh |
||||
|
|
@ -0,0 +1,86 @@ |
|||||
|
name: Ubuntu |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Ubuntu.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Ubuntu.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Ubuntu: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
TEST_PREFERRED_CHAIN: "" |
||||
|
- TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" |
||||
|
CA_ECDSA: "Smallstep Intermediate CA" |
||||
|
CA: "Smallstep Intermediate CA" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: "" |
||||
|
NO_REVOKE: 1 |
||||
|
- TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" |
||||
|
CA_ECDSA: "Smallstep Intermediate CA" |
||||
|
CA: "Smallstep Intermediate CA" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: "" |
||||
|
NO_REVOKE: 1 |
||||
|
TEST_IPCERT: 1 |
||||
|
TestingDomain: "172.17.0.1" |
||||
|
|
||||
|
runs-on: ubuntu-latest |
||||
|
env: |
||||
|
TEST_LOCAL: 1 |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
NO_ECC_384: ${{ matrix.NO_ECC_384 }} |
||||
|
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
||||
|
NO_REVOKE: ${{ matrix.NO_REVOKE }} |
||||
|
TEST_IPCERT: ${{ matrix.TEST_IPCERT }} |
||||
|
TestingDomain: ${{ matrix.TestingDomain }} |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Install tools |
||||
|
run: sudo apt-get install -y socat |
||||
|
- name: Start StepCA |
||||
|
if: ${{ matrix.TEST_ACME_Server=='https://localhost:9000/acme/acme/directory' }} |
||||
|
run: | |
||||
|
docker run --rm -d \ |
||||
|
-p 9000:9000 \ |
||||
|
-e "DOCKER_STEPCA_INIT_NAME=Smallstep" \ |
||||
|
-e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \ |
||||
|
--name stepca \ |
||||
|
smallstep/step-ca \ |
||||
|
&& sleep 5 && docker exec stepca step ca provisioner add acme --type ACME \ |
||||
|
&& docker exec stepca kill -1 1 \ |
||||
|
&& docker exec stepca cat /home/step/certs/root_ca.crt | sudo bash -c "cat - >>/etc/ssl/certs/ca-certificates.crt" |
||||
|
- name: Clone acmetest |
||||
|
run: | |
||||
|
cd .. \ |
||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \ |
||||
|
&& cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
run: | |
||||
|
cd ../acmetest \ |
||||
|
&& sudo --preserve-env ./letest.sh |
||||
|
|
||||
|
|
@ -0,0 +1,73 @@ |
|||||
|
name: Windows |
||||
|
on: |
||||
|
push: |
||||
|
branches: |
||||
|
- '*' |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Windows.yml' |
||||
|
|
||||
|
pull_request: |
||||
|
branches: |
||||
|
- dev |
||||
|
paths: |
||||
|
- '*.sh' |
||||
|
- '.github/workflows/Windows.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
Windows: |
||||
|
strategy: |
||||
|
matrix: |
||||
|
include: |
||||
|
- TEST_ACME_Server: "LetsEncrypt.org_test" |
||||
|
CA_ECDSA: "" |
||||
|
CA: "" |
||||
|
CA_EMAIL: "" |
||||
|
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
||||
|
- TEST_ACME_Server: "ZeroSSL.com" |
||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
||||
|
CA: "ZeroSSL RSA Domain Secure Site CA" |
||||
|
CA_EMAIL: "githubtest@acme.sh" |
||||
|
TEST_PREFERRED_CHAIN: "" |
||||
|
runs-on: windows-latest |
||||
|
env: |
||||
|
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
||||
|
CA: ${{ matrix.CA }} |
||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
||||
|
TEST_LOCAL: 1 |
||||
|
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. |
||||
|
Le_HTTPPort: 8888 |
||||
|
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
||||
|
steps: |
||||
|
- name: Set git to use LF |
||||
|
run: | |
||||
|
git config --global core.autocrlf false |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Install cygwin base packages with chocolatey |
||||
|
run: | |
||||
|
choco config get cacheLocation |
||||
|
choco install --no-progress cygwin |
||||
|
shell: cmd |
||||
|
- name: Install cygwin additional packages |
||||
|
run: | |
||||
|
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git,xxd |
||||
|
shell: cmd |
||||
|
- name: Set ENV |
||||
|
shell: cmd |
||||
|
run: | |
||||
|
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin;%PATH% >> %GITHUB_ENV% |
||||
|
- name: Check ENV |
||||
|
shell: cmd |
||||
|
run: | |
||||
|
echo "PATH=%PATH%" |
||||
|
- name: Clone acmetest |
||||
|
shell: cmd |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
shell: cmd |
||||
|
run: cd ../acmetest && bash.exe -c ./letest.sh |
||||
|
|
||||
|
|
||||
|
|
1111
acme.sh
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,98 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Here is a script to deploy cert to hashicorp consul using curl |
||||
|
# (https://www.consul.io/) |
||||
|
# |
||||
|
# it requires following environment variables: |
||||
|
# |
||||
|
# CONSUL_PREFIX - this contains the prefix path in consul |
||||
|
# CONSUL_HTTP_ADDR - consul requires this to find your consul server |
||||
|
# |
||||
|
# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available |
||||
|
# to access the consul server |
||||
|
|
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
consul_deploy() { |
||||
|
|
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
# validate required env vars |
||||
|
_getdeployconf CONSUL_PREFIX |
||||
|
if [ -z "$CONSUL_PREFIX" ]; then |
||||
|
_err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX" |
||||
|
|
||||
|
_getdeployconf CONSUL_HTTP_ADDR |
||||
|
if [ -z "$CONSUL_HTTP_ADDR" ]; then |
||||
|
_err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR" |
||||
|
|
||||
|
CONSUL_CMD=$(command -v consul) |
||||
|
|
||||
|
# force CLI, but the binary does not exist => error |
||||
|
if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then |
||||
|
_err "Cannot find the consul binary!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# use the CLI first |
||||
|
if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then |
||||
|
_info "Found consul binary, deploying with CLI" |
||||
|
consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX" |
||||
|
else |
||||
|
_info "Did not find consul binary, deploying with API" |
||||
|
consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
consul_deploy_api() { |
||||
|
CONSUL_HTTP_ADDR="$1" |
||||
|
CONSUL_PREFIX="$2" |
||||
|
CONSUL_HTTP_TOKEN="$3" |
||||
|
|
||||
|
URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX" |
||||
|
export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN" |
||||
|
|
||||
|
if [ -n "$FABIO" ]; then |
||||
|
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1 |
||||
|
else |
||||
|
_post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
consul_deploy_cli() { |
||||
|
CONSUL_CMD="$1" |
||||
|
CONSUL_PREFIX="$2" |
||||
|
|
||||
|
if [ -n "$FABIO" ]; then |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1 |
||||
|
else |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 |
||||
|
fi |
||||
|
} |
@ -0,0 +1,280 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Script for acme.sh to deploy certificates to lighttpd |
||||
|
# |
||||
|
# The following variables can be exported: |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem" |
||||
|
# |
||||
|
# Defines the name of the PEM file. |
||||
|
# Defaults to "<domain>.pem" |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd" |
||||
|
# |
||||
|
# Defines location of PEM file for Lighttpd. |
||||
|
# Defaults to /etc/lighttpd |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd" |
||||
|
# |
||||
|
# OPTIONAL: Reload command used post deploy |
||||
|
# This defaults to be a no-op (ie "true"). |
||||
|
# It is strongly recommended to set this something that makes sense |
||||
|
# for your distro. |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_ISSUER="yes" |
||||
|
# |
||||
|
# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer" |
||||
|
# Note: Required for OCSP stapling to work |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_BUNDLE="no" |
||||
|
# |
||||
|
# OPTIONAL: Deploy this certificate as part of a multi-cert bundle |
||||
|
# This adds a suffix to the certificate based on the certificate type |
||||
|
# eg RSA certificates will have .rsa as a suffix to the file name |
||||
|
# Lighttpd will load all certificates and provide one or the other |
||||
|
# depending on client capabilities |
||||
|
# Note: This functionality requires Lighttpd was compiled against |
||||
|
# a version of OpenSSL that supports this. |
||||
|
# |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
lighttpd_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
# Some defaults |
||||
|
DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd" |
||||
|
DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem" |
||||
|
DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no" |
||||
|
DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes" |
||||
|
DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true" |
||||
|
|
||||
|
_debug _cdomain "${_cdomain}" |
||||
|
_debug _ckey "${_ckey}" |
||||
|
_debug _ccert "${_ccert}" |
||||
|
_debug _cca "${_cca}" |
||||
|
_debug _cfullchain "${_cfullchain}" |
||||
|
|
||||
|
# PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_PEM_PATH |
||||
|
_debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# Ensure PEM_PATH exists |
||||
|
if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then |
||||
|
_debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists" |
||||
|
else |
||||
|
_err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_PEM_NAME |
||||
|
_debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_BUNDLE |
||||
|
_debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then |
||||
|
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then |
||||
|
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_ISSUER |
||||
|
_debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then |
||||
|
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then |
||||
|
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_RELOAD |
||||
|
_debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then |
||||
|
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then |
||||
|
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# Set the suffix depending if we are creating a bundle or not |
||||
|
if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then |
||||
|
_info "Bundle creation requested" |
||||
|
# Initialise $Le_Keylength if its not already set |
||||
|
if [ -z "${Le_Keylength}" ]; then |
||||
|
Le_Keylength="" |
||||
|
fi |
||||
|
if _isEccKey "${Le_Keylength}"; then |
||||
|
_info "ECC key type detected" |
||||
|
_suffix=".ecdsa" |
||||
|
else |
||||
|
_info "RSA key type detected" |
||||
|
_suffix=".rsa" |
||||
|
fi |
||||
|
else |
||||
|
_suffix="" |
||||
|
fi |
||||
|
_debug _suffix "${_suffix}" |
||||
|
|
||||
|
# Set variables for later |
||||
|
_pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}" |
||||
|
_issuer="${_pem}.issuer" |
||||
|
_ocsp="${_pem}.ocsp" |
||||
|
_reload="${Le_Deploy_lighttpd_reload}" |
||||
|
|
||||
|
_info "Deploying PEM file" |
||||
|
# Create a temporary PEM file |
||||
|
_temppem="$(_mktemp)" |
||||
|
_debug _temppem "${_temppem}" |
||||
|
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}" |
||||
|
_ret="$?" |
||||
|
|
||||
|
# Check that we could create the temporary file |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned during PEM file creation" |
||||
|
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
|
||||
|
# Move PEM file into place |
||||
|
_info "Moving new certificate into place" |
||||
|
_debug _pem "${_pem}" |
||||
|
cat "${_temppem}" >"${_pem}" |
||||
|
_ret=$? |
||||
|
|
||||
|
# Clean up temp file |
||||
|
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
||||
|
|
||||
|
# Deal with any failure of moving PEM file into place |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned while moving new certificate into place" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
|
||||
|
# Update .issuer file if requested |
||||
|
if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then |
||||
|
_info "Updating .issuer file" |
||||
|
_debug _issuer "${_issuer}" |
||||
|
cat "${_cca}" >"${_issuer}" |
||||
|
_ret="$?" |
||||
|
|
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned while copying issuer/CA certificate into place" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
else |
||||
|
[ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists" |
||||
|
fi |
||||
|
|
||||
|
# Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option |
||||
|
if [ -z "${Le_OCSP_Staple}" ]; then |
||||
|
Le_OCSP_Staple="0" |
||||
|
fi |
||||
|
if [ "${Le_OCSP_Staple}" = "1" ]; then |
||||
|
_info "Updating OCSP stapling info" |
||||
|
_debug _ocsp "${_ocsp}" |
||||
|
_info "Extracting OCSP URL" |
||||
|
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}") |
||||
|
_debug _ocsp_url "${_ocsp_url}" |
||||
|
|
||||
|
# Only process OCSP if URL was present |
||||
|
if [ "${_ocsp_url}" != "" ]; then |
||||
|
# Extract the hostname from the OCSP URL |
||||
|
_info "Extracting OCSP URL" |
||||
|
_ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3) |
||||
|
_debug _ocsp_host "${_ocsp_host}" |
||||
|
|
||||
|
# Only process the certificate if we have a .issuer file |
||||
|
if [ -r "${_issuer}" ]; then |
||||
|
# Check if issuer cert is also a root CA cert |
||||
|
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
||||
|
_debug _subjectdn "${_subjectdn}" |
||||
|
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
||||
|
_debug _issuerdn "${_issuerdn}" |
||||
|
_info "Requesting OCSP response" |
||||
|
# If the issuer is a CA cert then our command line has "-CAfile" added |
||||
|
if [ "${_subjectdn}" = "${_issuerdn}" ]; then |
||||
|
_cafile_argument="-CAfile \"${_issuer}\"" |
||||
|
else |
||||
|
_cafile_argument="" |
||||
|
fi |
||||
|
_debug _cafile_argument "${_cafile_argument}" |
||||
|
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed |
||||
|
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2) |
||||
|
_debug _openssl_version "${_openssl_version}" |
||||
|
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) |
||||
|
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) |
||||
|
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then |
||||
|
_header_sep="=" |
||||
|
else |
||||
|
_header_sep=" " |
||||
|
fi |
||||
|
# Request the OCSP response from the issuer and store it |
||||
|
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \ |
||||
|
-issuer \"${_issuer}\" \ |
||||
|
-cert \"${_pem}\" \ |
||||
|
-url \"${_ocsp_url}\" \ |
||||
|
-header Host${_header_sep}\"${_ocsp_host}\" \ |
||||
|
-respout \"${_ocsp}\" \ |
||||
|
-verify_other \"${_issuer}\" \ |
||||
|
${_cafile_argument} \ |
||||
|
| grep -q \"${_pem}: good\"" |
||||
|
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}" |
||||
|
eval "${_openssl_ocsp_cmd}" |
||||
|
_ret=$? |
||||
|
else |
||||
|
# Non fatal: No issuer file was present so no OCSP stapling file created |
||||
|
_err "OCSP stapling in use but no .issuer file was present" |
||||
|
fi |
||||
|
else |
||||
|
# Non fatal: No OCSP url was found int the certificate |
||||
|
_err "OCSP update requested but no OCSP URL was found in certificate" |
||||
|
fi |
||||
|
|
||||
|
# Non fatal: Check return code of openssl command |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Updating OCSP stapling failed with return code ${_ret}" |
||||
|
fi |
||||
|
else |
||||
|
# An OCSP file was already present but certificate did not have OCSP extension |
||||
|
if [ -f "${_ocsp}" ]; then |
||||
|
_err "OCSP was not requested but .ocsp file exists." |
||||
|
# Could remove the file at this step, although Lighttpd just ignores it in this case |
||||
|
# rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file" |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
# Reload Lighttpd |
||||
|
_debug _reload "${_reload}" |
||||
|
eval "${_reload}" |
||||
|
_ret=$? |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} during reload" |
||||
|
return ${_ret} |
||||
|
else |
||||
|
_info "Reload successful" |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,156 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment. |
||||
|
# The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert. |
||||
|
# |
||||
|
# DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command. |
||||
|
# DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh. |
||||
|
# |
||||
|
# returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
openmediavault_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
_getdeployconf DEPLOY_OMV_WEBUI_ADMIN |
||||
|
|
||||
|
if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then |
||||
|
DEPLOY_OMV_WEBUI_ADMIN="admin" |
||||
|
fi |
||||
|
|
||||
|
_savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN" |
||||
|
|
||||
|
_getdeployconf DEPLOY_OMV_HOST |
||||
|
_getdeployconf DEPLOY_OMV_SSH_USER |
||||
|
|
||||
|
if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then |
||||
|
_info "[OMV deploy-hook] Deploy certificate remotely through ssh." |
||||
|
_savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST" |
||||
|
_savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER" |
||||
|
else |
||||
|
_info "[OMV deploy-hook] Deploy certificate locally." |
||||
|
fi |
||||
|
|
||||
|
if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then |
||||
|
|
||||
|
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" |
||||
|
# shellcheck disable=SC2029 |
||||
|
_uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
||||
|
_debug _command "$_command" |
||||
|
|
||||
|
if [ -z "$_uuid" ]; then |
||||
|
_info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" |
||||
|
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" |
||||
|
# shellcheck disable=SC2029 |
||||
|
_uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
||||
|
_debug _command "$_command" |
||||
|
|
||||
|
if [ -z "$_uuid" ]; then |
||||
|
_err "[OMV deploy-hook] An error occured while creating the certificate" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
_info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" |
||||
|
_fullchain=$(jq <"$_cfullchain" -aRs .) |
||||
|
_key=$(jq <"$_ckey" -aRs .) |
||||
|
|
||||
|
_debug _fullchain "$_fullchain" |
||||
|
_debug _key "$_key" |
||||
|
|
||||
|
_info "[OMV deploy-hook] Updating key and certificate in openmediavault" |
||||
|
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" |
||||
|
# shellcheck disable=SC2029 |
||||
|
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
||||
|
|
||||
|
_debug _command "$_command" |
||||
|
_debug _result "$_result" |
||||
|
|
||||
|
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" |
||||
|
# shellcheck disable=SC2029 |
||||
|
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
||||
|
|
||||
|
_debug _command "$_command" |
||||
|
_debug _result "$_result" |
||||
|
|
||||
|
_info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" |
||||
|
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" |
||||
|
# shellcheck disable=SC2029 |
||||
|
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
||||
|
|
||||
|
_debug _command "$_command" |
||||
|
_debug _result "$_result" |
||||
|
|
||||
|
_info "[OMV deploy-hook] Asking nginx to reload" |
||||
|
_command="nginx -s reload" |
||||
|
# shellcheck disable=SC2029 |
||||
|
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
||||
|
|
||||
|
_debug _command "$_command" |
||||
|
_debug _result "$_result" |
||||
|
|
||||
|
else |
||||
|
|
||||
|
# shellcheck disable=SC2086 |
||||
|
_uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq -r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid') |
||||
|
if [ -z "$_uuid" ]; then |
||||
|
_info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" |
||||
|
# shellcheck disable=SC2086 |
||||
|
_uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq -r '.uuid') |
||||
|
|
||||
|
if [ -z "$_uuid" ]; then |
||||
|
_err "[OMB deploy-hook] An error occured while creating the certificate" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
_info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" |
||||
|
_fullchain=$(jq <"$_cfullchain" -aRs .) |
||||
|
_key=$(jq <"$_ckey" -aRs .) |
||||
|
|
||||
|
_debug _fullchain "$_fullchain" |
||||
|
_debug _key "$_key" |
||||
|
|
||||
|
_info "[OMV deploy-hook] Updating key and certificate in openmediavault" |
||||
|
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" |
||||
|
_result=$(eval "$_command") |
||||
|
|
||||
|
_debug _command "$_command" |
||||
|
_debug _result "$_result" |
||||
|
|
||||
|
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" |
||||
|
_result=$(eval "$_command") |
||||
|
|
||||
|
_debug _command "$_command" |
||||
|
_debug _result "$_result" |
||||
|
|
||||
|
_info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" |
||||
|
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" |
||||
|
_result=$(eval "$_command") |
||||
|
|
||||
|
_debug _command "$_command" |
||||
|
_debug _result "$_result" |
||||
|
|
||||
|
_info "[OMV deploy-hook] Asking nginx to reload" |
||||
|
_command="nginx -s reload" |
||||
|
_result=$(eval "$_command") |
||||
|
|
||||
|
_debug _command "$_command" |
||||
|
_debug _result "$_result" |
||||
|
|
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,123 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Script to deploy cert to Peplink Routers |
||||
|
# |
||||
|
# The following environment variables must be set: |
||||
|
# |
||||
|
# PEPLINK_Hostname - Peplink hostname |
||||
|
# PEPLINK_Username - Peplink username to login |
||||
|
# PEPLINK_Password - Peplink password to login |
||||
|
# |
||||
|
# The following environmental variables may be set if you don't like their |
||||
|
# default values: |
||||
|
# |
||||
|
# PEPLINK_Certtype - Certificate type to target for replacement |
||||
|
# defaults to "webadmin", can be one of: |
||||
|
# * "chub" (ContentHub) |
||||
|
# * "openvpn" (OpenVPN CA) |
||||
|
# * "portal" (Captive Portal SSL) |
||||
|
# * "webadmin" (Web Admin SSL) |
||||
|
# * "webproxy" (Proxy Root CA) |
||||
|
# * "wwan_ca" (Wi-Fi WAN CA) |
||||
|
# * "wwan_client" (Wi-Fi WAN Client) |
||||
|
# PEPLINK_Scheme - defaults to "https" |
||||
|
# PEPLINK_Port - defaults to "443" |
||||
|
# |
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
_peplink_get_cookie_data() { |
||||
|
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
||||
|
} |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
peplink_deploy() { |
||||
|
|
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
|
||||
|
# Get Hostname, Username and Password, but don't save until we successfully authenticate |
||||
|
_getdeployconf PEPLINK_Hostname |
||||
|
_getdeployconf PEPLINK_Username |
||||
|
_getdeployconf PEPLINK_Password |
||||
|
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then |
||||
|
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname" |
||||
|
_debug2 PEPLINK_Username "$PEPLINK_Username" |
||||
|
_secure_debug2 PEPLINK_Password "$PEPLINK_Password" |
||||
|
|
||||
|
# Optional certificate type, scheme, and port for Peplink |
||||
|
_getdeployconf PEPLINK_Certtype |
||||
|
_getdeployconf PEPLINK_Scheme |
||||
|
_getdeployconf PEPLINK_Port |
||||
|
|
||||
|
# Don't save the certificate type until we verify it exists and is supported |
||||
|
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" |
||||
|
_savedeployconf PEPLINK_Port "$PEPLINK_Port" |
||||
|
|
||||
|
# Default vaules for certificate type, scheme, and port |
||||
|
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" |
||||
|
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" |
||||
|
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" |
||||
|
|
||||
|
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype" |
||||
|
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme" |
||||
|
_debug2 PEPLINK_Port "$PEPLINK_Port" |
||||
|
|
||||
|
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" |
||||
|
_debug _base_url "$_base_url" |
||||
|
|
||||
|
# Login, get the auth token from the cookie |
||||
|
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" |
||||
|
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" |
||||
|
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" |
||||
|
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") |
||||
|
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") |
||||
|
_debug3 response "$response" |
||||
|
_debug auth_token "$auth_token" |
||||
|
|
||||
|
if [ -z "$auth_token" ]; then |
||||
|
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." |
||||
|
_err "Check your username and password." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_H1="Cookie: $auth_token" |
||||
|
export _H1 |
||||
|
_debug2 H1 "${_H1}" |
||||
|
|
||||
|
# Now that we know the hostnameusername and password are good, save them |
||||
|
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" |
||||
|
_savedeployconf PEPLINK_Username "$PEPLINK_Username" |
||||
|
_savedeployconf PEPLINK_Password "$PEPLINK_Password" |
||||
|
|
||||
|
_info "Generate form POST request" |
||||
|
|
||||
|
encoded_key="$(_url_encode <"$_ckey")" |
||||
|
encoded_fullchain="$(_url_encode <"$_cfullchain")" |
||||
|
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" |
||||
|
_debug3 body "$body" |
||||
|
|
||||
|
_info "Upload $PEPLINK_Certtype certificate to the Peplink" |
||||
|
|
||||
|
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") |
||||
|
_debug3 response "$response" |
||||
|
|
||||
|
if echo "$response" | grep 'Success' >/dev/null; then |
||||
|
# We've verified this certificate type is valid, so save it |
||||
|
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" |
||||
|
_info "Certificate was updated" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Unable to update certificate, error code $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
@ -0,0 +1,202 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Here is a scipt to deploy the cert to your TrueNAS using the REST API. |
||||
|
# https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html |
||||
|
# |
||||
|
# Written by Frank Plass github@f-plass.de |
||||
|
# https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py |
||||
|
# Thanks to danb35 for your template! |
||||
|
# |
||||
|
# Following environment variables must be set: |
||||
|
# |
||||
|
# export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI" |
||||
|
# |
||||
|
# The following environmental variables may be set if you don't like their |
||||
|
# default values: |
||||
|
# |
||||
|
# DEPLOY_TRUENAS_HOSTNAME - defaults to localhost |
||||
|
# DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https |
||||
|
# |
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
truenas_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
_getdeployconf DEPLOY_TRUENAS_APIKEY |
||||
|
|
||||
|
if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then |
||||
|
_err "TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable." |
||||
|
return 1 |
||||
|
fi |
||||
|
_secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" |
||||
|
|
||||
|
# Optional hostname, scheme for TrueNAS |
||||
|
_getdeployconf DEPLOY_TRUENAS_HOSTNAME |
||||
|
_getdeployconf DEPLOY_TRUENAS_SCHEME |
||||
|
|
||||
|
# default values for hostname and scheme |
||||
|
[ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME="localhost" |
||||
|
[ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME="http" |
||||
|
|
||||
|
_debug2 DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" |
||||
|
_debug2 DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
||||
|
|
||||
|
_api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0" |
||||
|
_debug _api_url "$_api_url" |
||||
|
|
||||
|
_H1="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY" |
||||
|
_secure_debug3 _H1 "$_H1" |
||||
|
|
||||
|
_info "Testing Connection TrueNAS" |
||||
|
_response=$(_get "$_api_url/system/state") |
||||
|
_info "TrueNAS system state: $_response." |
||||
|
|
||||
|
if [ -z "$_response" ]; then |
||||
|
_err "Unable to authenticate to $_api_url." |
||||
|
_err 'Check your connection settings are correct, e.g.' |
||||
|
_err 'DEPLOY_TRUENAS_HOSTNAME="192.168.x.y" or DEPLOY_TRUENAS_HOSTNAME="truenas.example.com".' |
||||
|
_err 'DEPLOY_TRUENAS_SCHEME="https" or DEPLOY_TRUENAS_SCHEME="http".' |
||||
|
_err "Verify your TrueNAS API key is valid and set correctly, e.g. DEPLOY_TRUENAS_APIKEY=xxxx...." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_savedeployconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" |
||||
|
_savedeployconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" |
||||
|
_savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
||||
|
|
||||
|
_info "Getting current active certificate from TrueNAS" |
||||
|
_response=$(_get "$_api_url/system/general") |
||||
|
_active_cert_id=$(echo "$_response" | grep -B2 '"name":' | grep 'id' | tr -d -- '"id: ,') |
||||
|
_active_cert_name=$(echo "$_response" | grep '"name":' | sed -n 's/.*: "\(.\{1,\}\)",$/\1/p') |
||||
|
_param_httpsredirect=$(echo "$_response" | grep '"ui_httpsredirect":' | sed -n 's/.*": \(.\{1,\}\),$/\1/p') |
||||
|
_debug Active_UI_Certificate_ID "$_active_cert_id" |
||||
|
_debug Active_UI_Certificate_Name "$_active_cert_name" |
||||
|
_debug Active_UI_http_redirect "$_param_httpsredirect" |
||||
|
|
||||
|
if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then |
||||
|
_info "HTTP->HTTPS redirection is enabled" |
||||
|
_info "Setting DEPLOY_TRUENAS_SCHEME to 'https'" |
||||
|
DEPLOY_TRUENAS_SCHEME="https" |
||||
|
_api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0" |
||||
|
_savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
||||
|
fi |
||||
|
|
||||
|
_info "Uploading new certificate to TrueNAS" |
||||
|
_certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')" |
||||
|
_debug3 _certname "$_certname" |
||||
|
|
||||
|
_certData="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}" |
||||
|
_add_cert_result="$(_post "$_certData" "$_api_url/certificate" "" "POST" "application/json")" |
||||
|
|
||||
|
_debug3 _add_cert_result "$_add_cert_result" |
||||
|
|
||||
|
_info "Fetching list of installed certificates" |
||||
|
_cert_list=$(_get "$_api_url/system/general/ui_certificate_choices") |
||||
|
_cert_id=$(echo "$_cert_list" | grep "$_certname" | sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p') |
||||
|
|
||||
|
_debug3 _cert_id "$_cert_id" |
||||
|
|
||||
|
_info "Current activate certificate ID: $_cert_id" |
||||
|
_activateData="{\"ui_certificate\": \"${_cert_id}\"}" |
||||
|
_activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")" |
||||
|
|
||||
|
_debug3 _activate_result "$_activate_result" |
||||
|
|
||||
|
_info "Checking if WebDAV certificate is the same as the TrueNAS web UI" |
||||
|
_webdav_list=$(_get "$_api_url/webdav") |
||||
|
_webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,') |
||||
|
|
||||
|
if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then |
||||
|
_info "Updating the WebDAV certificate" |
||||
|
_debug _webdav_cert_id "$_webdav_cert_id" |
||||
|
_webdav_data="{\"certssl\": \"${_cert_id}\"}" |
||||
|
_activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")" |
||||
|
_webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | grep '"certssl":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
||||
|
if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then |
||||
|
_info "WebDAV certificate updated successfully" |
||||
|
else |
||||
|
_err "Unable to set WebDAV certificate" |
||||
|
_debug3 _activate_webdav_cert "$_activate_webdav_cert" |
||||
|
_debug3 _webdav_new_cert_id "$_webdav_new_cert_id" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug3 _webdav_new_cert_id "$_webdav_new_cert_id" |
||||
|
else |
||||
|
_info "WebDAV certificate is not configured or is not the same as TrueNAS web UI" |
||||
|
fi |
||||
|
|
||||
|
_info "Checking if FTP certificate is the same as the TrueNAS web UI" |
||||
|
_ftp_list=$(_get "$_api_url/ftp") |
||||
|
_ftp_cert_id=$(echo "$_ftp_list" | grep '"ssltls_certificate":' | tr -d -- '"certislfa:_ ,') |
||||
|
|
||||
|
if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then |
||||
|
_info "Updating the FTP certificate" |
||||
|
_debug _ftp_cert_id "$_ftp_cert_id" |
||||
|
_ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}" |
||||
|
_activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")" |
||||
|
_ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | grep '"ssltls_certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
||||
|
if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then |
||||
|
_info "FTP certificate updated successfully" |
||||
|
else |
||||
|
_err "Unable to set FTP certificate" |
||||
|
_debug3 _activate_ftp_cert "$_activate_ftp_cert" |
||||
|
_debug3 _ftp_new_cert_id "$_ftp_new_cert_id" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug3 _activate_ftp_cert "$_activate_ftp_cert" |
||||
|
else |
||||
|
_info "FTP certificate is not configured or is not the same as TrueNAS web UI" |
||||
|
fi |
||||
|
|
||||
|
_info "Checking if S3 certificate is the same as the TrueNAS web UI" |
||||
|
_s3_list=$(_get "$_api_url/s3") |
||||
|
_s3_cert_id=$(echo "$_s3_list" | grep '"certificate":' | tr -d -- '"certifa:_ ,') |
||||
|
|
||||
|
if [ "$_s3_cert_id" = "$_active_cert_id" ]; then |
||||
|
_info "Updating the S3 certificate" |
||||
|
_debug _s3_cert_id "$_s3_cert_id" |
||||
|
_s3_data="{\"certificate\": \"${_cert_id}\"}" |
||||
|
_activate_s3_cert="$(_post "$_s3_data" "$_api_url/s3" "" "PUT" "application/json")" |
||||
|
_s3_new_cert_id=$(echo "$_activate_s3_cert" | _json_decode | grep '"certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
||||
|
if [ "$_s3_new_cert_id" -eq "$_cert_id" ]; then |
||||
|
_info "S3 certificate updated successfully" |
||||
|
else |
||||
|
_err "Unable to set S3 certificate" |
||||
|
_debug3 _activate_s3_cert "$_activate_s3_cert" |
||||
|
_debug3 _s3_new_cert_id "$_s3_new_cert_id" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug3 _activate_s3_cert "$_activate_s3_cert" |
||||
|
else |
||||
|
_info "S3 certificate is not configured or is not the same as TrueNAS web UI" |
||||
|
fi |
||||
|
|
||||
|
_info "Deleting old certificate" |
||||
|
_delete_result="$(_post "" "$_api_url/certificate/id/$_active_cert_id" "" "DELETE" "application/json")" |
||||
|
|
||||
|
_debug3 _delete_result "$_delete_result" |
||||
|
|
||||
|
_info "Reloading TrueNAS web UI" |
||||
|
_restart_UI=$(_get "$_api_url/system/general/ui_restart") |
||||
|
_debug2 _restart_UI "$_restart_UI" |
||||
|
|
||||
|
if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Certificate update was not succesful, please try again with --debug" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
@ -0,0 +1,171 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#AURORA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" |
||||
|
# |
||||
|
#AURORA_Secret="sdfsdfsdfljlbjkljlkjsdfoiwje" |
||||
|
|
||||
|
AURORA_Api="https://api.auroradns.eu" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_aurora_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" |
||||
|
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" |
||||
|
|
||||
|
if [ -z "$AURORA_Key" ] || [ -z "$AURORA_Secret" ]; then |
||||
|
AURORA_Key="" |
||||
|
AURORA_Secret="" |
||||
|
_err "You didn't specify an Aurora api key and secret yet." |
||||
|
_err "You can get yours from here https://cp.pcextreme.nl/auroradns/users." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api key and secret to the account conf file. |
||||
|
_saveaccountconf_mutable AURORA_Key "$AURORA_Key" |
||||
|
_saveaccountconf_mutable AURORA_Secret "$AURORA_Secret" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
if _aurora_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":300}"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Added, OK" |
||||
|
return 0 |
||||
|
elif _contains "$response" "RecordExistsError"; then |
||||
|
_info "Already exists, OK" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#fulldomain txtvalue |
||||
|
dns_aurora_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" |
||||
|
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting records" |
||||
|
_aurora_rest GET "zones/${_domain_id}/records" |
||||
|
|
||||
|
if ! _contains "$response" "$txtvalue"; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
records=$(echo "$response" | _normalizeJson | tr -d "[]" | sed "s/},{/}|{/g" | tr "|" "\n") |
||||
|
if [ "$(echo "$records" | wc -l)" -le 2 ]; then |
||||
|
_err "Can not parse records." |
||||
|
return 1 |
||||
|
fi |
||||
|
record_id=$(echo "$records" | grep "\"type\": *\"TXT\"" | grep "\"name\": *\"$_sub_domain\"" | grep "\"content\": *\"$txtvalue\"" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _aurora_rest DELETE "zones/$_domain_id/records/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _aurora_rest GET "zones/$h"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\": \"$h\""; then |
||||
|
_domain_id=$(echo "$response" | _normalizeJson | tr -d "{}" | tr "," "\n" | grep "\"id\": *\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_aurora_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
key_trimmed=$(echo "$AURORA_Key" | tr -d '"') |
||||
|
secret_trimmed=$(echo "$AURORA_Secret" | tr -d '"') |
||||
|
|
||||
|
timestamp=$(date -u +"%Y%m%dT%H%M%SZ") |
||||
|
signature=$(printf "%s/%s%s" "$m" "$ep" "$timestamp" | _hmac sha256 "$(printf "%s" "$secret_trimmed" | _hex_dump | tr -d " ")" | _base64) |
||||
|
authorization=$(printf "AuroraDNSv1 %s" "$(printf "%s:%s" "$key_trimmed" "$signature" | _base64)") |
||||
|
|
||||
|
export _H1="Content-Type: application/json; charset=UTF-8" |
||||
|
export _H2="X-AuroraDNS-Date: $timestamp" |
||||
|
export _H3="Authorization: $authorization" |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$AURORA_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$AURORA_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,204 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#AZION_Email="" |
||||
|
#AZION_Password="" |
||||
|
# |
||||
|
|
||||
|
AZION_Api="https://api.azionapi.net" |
||||
|
|
||||
|
######## Public functions ######## |
||||
|
|
||||
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
dns_azion_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug "Detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Domain not found" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
|
||||
|
_info "Add or update record" |
||||
|
_get_record "$_domain_id" "$_sub_domain" |
||||
|
if [ "$record_id" ]; then |
||||
|
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}" |
||||
|
if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Record updated." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
else |
||||
|
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}" |
||||
|
if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Record added." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
fi |
||||
|
_err "Failed to add or update record." |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_azion_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug "Detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Domain not found" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
|
||||
|
_info "Removing record" |
||||
|
_get_record "$_domain_id" "$_sub_domain" |
||||
|
if [ "$record_id" ]; then |
||||
|
if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then |
||||
|
_info "Record removed." |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Failed to remove record." |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_info "Record not found or already removed." |
||||
|
return 0 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
# Usage: _acme-challenge.www.domain.com |
||||
|
# returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
if ! _azion_rest GET "intelligent_dns"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
# not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"domain\":\"$h\""; then |
||||
|
_domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_record() { |
||||
|
_domain_id=$1 |
||||
|
_record=$2 |
||||
|
|
||||
|
if ! _azion_rest GET "intelligent_dns/$_domain_id/records"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"entry\":\"$_record\""; then |
||||
|
_json_record=$(echo "$response" | tr '{' "\n" | grep "\"entry\":\"$_record\"") |
||||
|
if [ "$_json_record" ]; then |
||||
|
record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
||||
|
answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\]) |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_token() { |
||||
|
AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}" |
||||
|
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}" |
||||
|
|
||||
|
if ! _contains "$AZION_Email" "@"; then |
||||
|
_err "It seems that the AZION_Email is not a valid email address. Revalidate your environments." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then |
||||
|
_err "You didn't specified a AZION_Email/AZION_Password to generate Azion token." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable AZION_Email "$AZION_Email" |
||||
|
_saveaccountconf_mutable AZION_Password "$AZION_Password" |
||||
|
|
||||
|
_basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64) |
||||
|
_debug _basic_auth "$_basic_auth" |
||||
|
|
||||
|
export _H1="Accept: application/json; version=3" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H3="Authorization: Basic $_basic_auth" |
||||
|
|
||||
|
response="$(_post "" "$AZION_Api/tokens" "" "POST")" |
||||
|
if _contains "$response" "\"token\":\"" >/dev/null; then |
||||
|
_azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") |
||||
|
export AZION_Token="$_azion_token" |
||||
|
else |
||||
|
_err "Failed to generate Azion token" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_azion_rest() { |
||||
|
_method=$1 |
||||
|
_uri="$2" |
||||
|
_data="$3" |
||||
|
|
||||
|
if [ -z "$AZION_Token" ]; then |
||||
|
_get_token |
||||
|
fi |
||||
|
_debug2 token "$AZION_Token" |
||||
|
|
||||
|
export _H1="Accept: application/json; version=3" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H3="Authorization: token $AZION_Token" |
||||
|
|
||||
|
if [ "$_method" != "GET" ]; then |
||||
|
_debug _data "$_data" |
||||
|
response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")" |
||||
|
else |
||||
|
response="$(_get "$AZION_Api/$_uri")" |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $_method $_uri $_data" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,159 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# |
||||
|
#Author: Bjarne Saltbaek |
||||
|
#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 |
||||
|
# |
||||
|
# |
||||
|
######## Public functions ##################### |
||||
|
# |
||||
|
# Export CPANEL username,api token and hostname in the following variables |
||||
|
# |
||||
|
# cPanel_Username=username |
||||
|
# cPanel_Apitoken=apitoken |
||||
|
# cPanel_Hostname=hostname |
||||
|
# |
||||
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
dns_cpanel_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "Adding TXT record to cPanel based system" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
_debug cPanel_Username "$cPanel_Username" |
||||
|
_debug cPanel_Apitoken "$cPanel_Apitoken" |
||||
|
_debug cPanel_Hostname "$cPanel_Hostname" |
||||
|
|
||||
|
if ! _cpanel_login; then |
||||
|
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "No matching root domain for $fulldomain found" |
||||
|
return 1 |
||||
|
fi |
||||
|
# adding entry |
||||
|
_info "Adding the entry" |
||||
|
stripped_fulldomain=$(echo "$fulldomain" | sed "s/.$_domain//") |
||||
|
_debug "Adding $stripped_fulldomain to $_domain zone" |
||||
|
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=add_zone_record&domain=$_domain&name=$stripped_fulldomain&type=TXT&txtdata=$txtvalue&ttl=1" |
||||
|
if _successful_update; then return 0; fi |
||||
|
_err "Couldn't create entry!" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_cpanel_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "Using cPanel based system" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
if ! _cpanel_login; then |
||||
|
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_root; then |
||||
|
_err "No matching root domain for $fulldomain found" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_findentry "$fulldomain" "$txtvalue" |
||||
|
if [ -z "$_id" ]; then |
||||
|
_info "Entry doesn't exist, nothing to delete" |
||||
|
return 0 |
||||
|
fi |
||||
|
_debug "Deleting record..." |
||||
|
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id" |
||||
|
# removing entry |
||||
|
_debug "_result is: $_result" |
||||
|
|
||||
|
if _successful_update; then return 0; fi |
||||
|
_err "Couldn't delete entry!" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_checkcredentials() { |
||||
|
cPanel_Username="${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}" |
||||
|
cPanel_Apitoken="${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}" |
||||
|
cPanel_Hostname="${cPanel_Hostname:-$(_readaccountconf_mutable cPanel_Hostname)}" |
||||
|
|
||||
|
if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ] || [ -z "$cPanel_Hostname" ]; then |
||||
|
cPanel_Username="" |
||||
|
cPanel_Apitoken="" |
||||
|
cPanel_Hostname="" |
||||
|
_err "You haven't specified cPanel username, apitoken and hostname yet." |
||||
|
_err "Please add credentials and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
#save the credentials to the account conf file. |
||||
|
_saveaccountconf_mutable cPanel_Username "$cPanel_Username" |
||||
|
_saveaccountconf_mutable cPanel_Apitoken "$cPanel_Apitoken" |
||||
|
_saveaccountconf_mutable cPanel_Hostname "$cPanel_Hostname" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_cpanel_login() { |
||||
|
if ! _checkcredentials; then return 1; fi |
||||
|
|
||||
|
if ! _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo"; then |
||||
|
_err "cPanel login failed for user $cPanel_Username." |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_myget() { |
||||
|
#Adds auth header to request |
||||
|
export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken" |
||||
|
_result=$(_get "$cPanel_Hostname/$1") |
||||
|
} |
||||
|
|
||||
|
_get_root() { |
||||
|
_myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' |
||||
|
_domains=$(echo "$_result" | sed 's/.*\(zones.*\[\).*/\1/' | cut -d':' -f2 | sed 's/"//g' | sed 's/{//g') |
||||
|
_debug "_result is: $_result" |
||||
|
_debug "_domains is: $_domains" |
||||
|
if [ -z "$_domains" ]; then |
||||
|
_err "Primary domain list not found!" |
||||
|
return 1 |
||||
|
fi |
||||
|
for _domain in $_domains; do |
||||
|
_debug "Checking if $fulldomain ends with $_domain" |
||||
|
if (_endswith "$fulldomain" "$_domain"); then |
||||
|
_debug "Root domain: $_domain" |
||||
|
return 0 |
||||
|
fi |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_successful_update() { |
||||
|
if (echo "$_result" | grep -q 'newserial'); then return 0; fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_findentry() { |
||||
|
_debug "In _findentry" |
||||
|
#returns id of dns entry, if it exists |
||||
|
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" |
||||
|
_id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain.*$txtvalue\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1) |
||||
|
_debug "_result is: $_result" |
||||
|
_debug "fulldomain. is $fulldomain." |
||||
|
_debug "txtvalue is $txtvalue" |
||||
|
_debug "_id is: $_id" |
||||
|
if [ -n "$_id" ]; then |
||||
|
_debug "Entry found with _id=$_id" |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,159 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management. |
||||
|
#Requires api credentials with scope: dns |
||||
|
#Author: Peter L. Hansen <peter@r12.dk> |
||||
|
#Version 1.0 |
||||
|
|
||||
|
CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" |
||||
|
CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token" |
||||
|
CURANET_ACCESS_TOKEN="" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_curanet_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_curanet_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Using curanet" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" |
||||
|
CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" |
||||
|
if [ -z "$CURANET_AUTHCLIENTID" ] || [ -z "$CURANET_AUTHSECRET" ]; then |
||||
|
CURANET_AUTHCLIENTID="" |
||||
|
CURANET_AUTHSECRET="" |
||||
|
_err "You don't specify curanet api client and secret." |
||||
|
_err "Please create your auth info and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the credentials to the account conf file. |
||||
|
_saveaccountconf_mutable CURANET_AUTHCLIENTID "$CURANET_AUTHCLIENTID" |
||||
|
_saveaccountconf_mutable CURANET_AUTHSECRET "$CURANET_AUTHSECRET" |
||||
|
|
||||
|
if ! _get_token; then |
||||
|
_err "Unable to get token" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
export _H1="Content-Type: application/json-patch+json" |
||||
|
export _H2="Accept: application/json" |
||||
|
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
||||
|
data="{\"name\": \"$fulldomain\",\"type\": \"TXT\",\"ttl\": 60,\"priority\": 0,\"data\": \"$txtvalue\"}" |
||||
|
response="$(_post "$data" "$CURANET_REST_URL/${_domain}/Records" "" "")" |
||||
|
|
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_debug "TXT record added OK" |
||||
|
else |
||||
|
_err "Unable to add TXT record" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_curanet_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Using curanet" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" |
||||
|
CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" |
||||
|
|
||||
|
if ! _get_token; then |
||||
|
_err "Unable to get token" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Getting current record list to identify TXT to delete" |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
export _H2="Accept: application/json" |
||||
|
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
||||
|
|
||||
|
response="$(_get "$CURANET_REST_URL/${_domain}/Records" "" "")" |
||||
|
|
||||
|
if ! _contains "$response" "$txtvalue"; then |
||||
|
_err "Unable to delete record (does not contain $txtvalue )" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" | _egrep_o "id\":[0-9]+" | cut -c 5-) |
||||
|
|
||||
|
if [ -z "$recordid" ]; then |
||||
|
_err "Unable to get recordid" |
||||
|
_debug "regex {\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" |
||||
|
_debug "response $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Deleting recordID $recordid" |
||||
|
response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_get_token() { |
||||
|
response="$(_post "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" "$CURANET_AUTH_URL" "" "")" |
||||
|
if ! _contains "$response" "access_token"; then |
||||
|
_err "Unable get access token" |
||||
|
return 1 |
||||
|
fi |
||||
|
CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+" | cut -c 17-) |
||||
|
|
||||
|
if [ -z "$CURANET_ACCESS_TOKEN" ]; then |
||||
|
_err "Unable to get token" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
export _H2="Accept: application/json" |
||||
|
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
||||
|
response="$(_get "$CURANET_REST_URL/$h/Records" "" "")" |
||||
|
|
||||
|
if [ ! "$(echo "$response" | _egrep_o "Entity not found")" ]; then |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,87 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# dnsHome.de API for acme.sh |
||||
|
# |
||||
|
# This Script adds the necessary TXT record to a Subdomain |
||||
|
# |
||||
|
# Author dnsHome.de (https://github.com/dnsHome-de) |
||||
|
# |
||||
|
# Report Bugs to https://github.com/acmesh-official/acme.sh/issues/3819 |
||||
|
# |
||||
|
# export DNSHOME_Subdomain="" |
||||
|
# export DNSHOME_SubdomainPassword="" |
||||
|
|
||||
|
# Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
dns_dnshome_add() { |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}" |
||||
|
DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}" |
||||
|
|
||||
|
if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then |
||||
|
DNSHOME_Subdomain="" |
||||
|
DNSHOME_SubdomainPassword="" |
||||
|
_err "Please specify/export your dnsHome.de Subdomain and Password" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the credentials to the account conf file. |
||||
|
_savedomainconf DNSHOME_Subdomain "$DNSHOME_Subdomain" |
||||
|
_savedomainconf DNSHOME_SubdomainPassword "$DNSHOME_SubdomainPassword" |
||||
|
|
||||
|
DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php" |
||||
|
|
||||
|
_DNSHOME_rest POST "acme=add&txt=$txtvalue" |
||||
|
if ! echo "$response" | grep 'successfully' >/dev/null; then |
||||
|
_err "Error" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# Usage: txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_dnshome_rm() { |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}" |
||||
|
DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}" |
||||
|
|
||||
|
DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php" |
||||
|
|
||||
|
if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then |
||||
|
DNSHOME_Subdomain="" |
||||
|
DNSHOME_SubdomainPassword="" |
||||
|
_err "Please specify/export your dnsHome.de Subdomain and Password" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_DNSHOME_rest POST "acme=rm&txt=$txtvalue" |
||||
|
if ! echo "$response" | grep 'successfully' >/dev/null; then |
||||
|
_err "Error" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
_DNSHOME_rest() { |
||||
|
method=$1 |
||||
|
data="$2" |
||||
|
_debug "$data" |
||||
|
|
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$DNSHOME_Api" "" "$method")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $data" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,232 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
######################################################################## |
||||
|
# Geoscaling hook script for acme.sh |
||||
|
# |
||||
|
# Environment variables: |
||||
|
# |
||||
|
# - $GEOSCALING_Username (your Geoscaling username - this is usually NOT an amail address) |
||||
|
# - $GEOSCALING_Password (your Geoscaling password) |
||||
|
|
||||
|
#-- dns_geoscaling_add() - Add TXT record -------------------------------------- |
||||
|
# Usage: dns_geoscaling_add _acme-challenge.subdomain.domain.com "XyZ123..." |
||||
|
|
||||
|
dns_geoscaling_add() { |
||||
|
full_domain=$1 |
||||
|
txt_value=$2 |
||||
|
_info "Using DNS-01 Geoscaling DNS2 hook" |
||||
|
|
||||
|
GEOSCALING_Username="${GEOSCALING_Username:-$(_readaccountconf_mutable GEOSCALING_Username)}" |
||||
|
GEOSCALING_Password="${GEOSCALING_Password:-$(_readaccountconf_mutable GEOSCALING_Password)}" |
||||
|
if [ -z "$GEOSCALING_Username" ] || [ -z "$GEOSCALING_Password" ]; then |
||||
|
GEOSCALING_Username= |
||||
|
GEOSCALING_Password= |
||||
|
_err "No auth details provided. Please set user credentials using the \$GEOSCALING_Username and \$GEOSCALING_Password environment variables." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable GEOSCALING_Username "${GEOSCALING_Username}" |
||||
|
_saveaccountconf_mutable GEOSCALING_Password "${GEOSCALING_Password}" |
||||
|
|
||||
|
# Fills in the $zone_id and $zone_name |
||||
|
find_zone "${full_domain}" || return 1 |
||||
|
_debug "Zone id '${zone_id}' will be used." |
||||
|
|
||||
|
# We're logged in here |
||||
|
|
||||
|
# we should add ${full_domain} minus the trailing ${zone_name} |
||||
|
|
||||
|
prefix=$(echo "${full_domain}" | sed "s|\\.${zone_name}\$||") |
||||
|
|
||||
|
body="id=${zone_id}&name=${prefix}&type=TXT&content=${txt_value}&ttl=300&prio=0" |
||||
|
|
||||
|
do_post "$body" "https://www.geoscaling.com/dns2/ajax/add_record.php" |
||||
|
exit_code="$?" |
||||
|
if [ "${exit_code}" -eq 0 ]; then |
||||
|
_info "TXT record added successfully." |
||||
|
else |
||||
|
_err "Couldn't add the TXT record." |
||||
|
fi |
||||
|
do_logout |
||||
|
return "${exit_code}" |
||||
|
} |
||||
|
|
||||
|
#-- dns_geoscaling_rm() - Remove TXT record ------------------------------------ |
||||
|
# Usage: dns_geoscaling_rm _acme-challenge.subdomain.domain.com "XyZ123..." |
||||
|
|
||||
|
dns_geoscaling_rm() { |
||||
|
full_domain=$1 |
||||
|
txt_value=$2 |
||||
|
_info "Cleaning up after DNS-01 Geoscaling DNS2 hook" |
||||
|
|
||||
|
GEOSCALING_Username="${GEOSCALING_Username:-$(_readaccountconf_mutable GEOSCALING_Username)}" |
||||
|
GEOSCALING_Password="${GEOSCALING_Password:-$(_readaccountconf_mutable GEOSCALING_Password)}" |
||||
|
if [ -z "$GEOSCALING_Username" ] || [ -z "$GEOSCALING_Password" ]; then |
||||
|
GEOSCALING_Username= |
||||
|
GEOSCALING_Password= |
||||
|
_err "No auth details provided. Please set user credentials using the \$GEOSCALING_Username and \$GEOSCALING_Password environment variables." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable GEOSCALING_Username "${GEOSCALING_Username}" |
||||
|
_saveaccountconf_mutable GEOSCALING_Password "${GEOSCALING_Password}" |
||||
|
|
||||
|
# fills in the $zone_id |
||||
|
find_zone "${full_domain}" || return 1 |
||||
|
_debug "Zone id '${zone_id}' will be used." |
||||
|
|
||||
|
# Here we're logged in |
||||
|
# Find the record id to clean |
||||
|
|
||||
|
# get the domain |
||||
|
response=$(do_get "https://www.geoscaling.com/dns2/index.php?module=domain&id=${zone_id}") |
||||
|
_debug2 "response" "$response" |
||||
|
|
||||
|
table="$(echo "${response}" | tr -d '\n' | sed 's|.*<div class="box"><div class="boxtitle">Basic Records</div><div class="boxtext"><table|<table|; s|</table>.*|</table>|')" |
||||
|
_debug2 table "${table}" |
||||
|
names=$(echo "${table}" | _egrep_o 'id="[0-9]+\.name">[^<]*</td>' | sed 's|</td>||; s|.*>||') |
||||
|
ids=$(echo "${table}" | _egrep_o 'id="[0-9]+\.name">[^<]*</td>' | sed 's|\.name">.*||; s|id="||') |
||||
|
types=$(echo "${table}" | _egrep_o 'id="[0-9]+\.type">[^<]*</td>' | sed 's|</td>||; s|.*>||') |
||||
|
values=$(echo "${table}" | _egrep_o 'id="[0-9]+\.content">[^<]*</td>' | sed 's|</td>||; s|.*>||') |
||||
|
|
||||
|
_debug2 names "${names}" |
||||
|
_debug2 ids "${ids}" |
||||
|
_debug2 types "${types}" |
||||
|
_debug2 values "${values}" |
||||
|
|
||||
|
# look for line whose name is ${full_domain}, whose type is TXT, and whose value is ${txt_value} |
||||
|
line_num="$(echo "${values}" | grep -F -n -- "${txt_value}" | _head_n 1 | cut -d ':' -f 1)" |
||||
|
_debug2 line_num "${line_num}" |
||||
|
found_id= |
||||
|
if [ -n "$line_num" ]; then |
||||
|
type=$(echo "${types}" | sed -n "${line_num}p") |
||||
|
name=$(echo "${names}" | sed -n "${line_num}p") |
||||
|
id=$(echo "${ids}" | sed -n "${line_num}p") |
||||
|
|
||||
|
_debug2 type "$type" |
||||
|
_debug2 name "$name" |
||||
|
_debug2 id "$id" |
||||
|
_debug2 full_domain "$full_domain" |
||||
|
|
||||
|
if [ "${type}" = "TXT" ] && [ "${name}" = "${full_domain}" ]; then |
||||
|
found_id=${id} |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
if [ "${found_id}" = "" ]; then |
||||
|
_err "Can not find record id." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
# Remove the record |
||||
|
body="id=${zone_id}&record_id=${found_id}" |
||||
|
response=$(do_post "$body" "https://www.geoscaling.com/dns2/ajax/delete_record.php") |
||||
|
exit_code="$?" |
||||
|
if [ "$exit_code" -eq 0 ]; then |
||||
|
_info "Record removed successfully." |
||||
|
else |
||||
|
_err "Could not clean (remove) up the record. Please go to Geoscaling administration interface and clean it by hand." |
||||
|
fi |
||||
|
do_logout |
||||
|
return "${exit_code}" |
||||
|
} |
||||
|
|
||||
|
########################## PRIVATE FUNCTIONS ########################### |
||||
|
|
||||
|
do_get() { |
||||
|
_url=$1 |
||||
|
export _H1="Cookie: $geoscaling_phpsessid_cookie" |
||||
|
_get "${_url}" |
||||
|
} |
||||
|
|
||||
|
do_post() { |
||||
|
_body=$1 |
||||
|
_url=$2 |
||||
|
export _H1="Cookie: $geoscaling_phpsessid_cookie" |
||||
|
_post "${_body}" "${_url}" |
||||
|
} |
||||
|
|
||||
|
do_login() { |
||||
|
|
||||
|
_info "Logging in..." |
||||
|
|
||||
|
username_encoded="$(printf "%s" "${GEOSCALING_Username}" | _url_encode)" |
||||
|
password_encoded="$(printf "%s" "${GEOSCALING_Password}" | _url_encode)" |
||||
|
body="username=${username_encoded}&password=${password_encoded}" |
||||
|
|
||||
|
response=$(_post "$body" "https://www.geoscaling.com/dns2/index.php?module=auth") |
||||
|
_debug2 response "${response}" |
||||
|
|
||||
|
#retcode=$(grep '^HTTP[^ ]*' "${HTTP_HEADER}" | _head_n 1 | _egrep_o '[0-9]+$') |
||||
|
retcode=$(grep '^HTTP[^ ]*' "${HTTP_HEADER}" | _head_n 1 | cut -d ' ' -f 2) |
||||
|
|
||||
|
if [ "$retcode" != "302" ]; then |
||||
|
_err "Geoscaling login failed for user ${GEOSCALING_Username}. Check ${HTTP_HEADER} file" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
geoscaling_phpsessid_cookie="$(grep -i '^set-cookie:' "${HTTP_HEADER}" | _egrep_o 'PHPSESSID=[^;]*;' | tr -d ';')" |
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
do_logout() { |
||||
|
_info "Logging out." |
||||
|
response="$(do_get "https://www.geoscaling.com/dns2/index.php?module=auth")" |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
find_zone() { |
||||
|
domain="$1" |
||||
|
|
||||
|
# do login |
||||
|
do_login || return 1 |
||||
|
|
||||
|
# get zones |
||||
|
response="$(do_get "https://www.geoscaling.com/dns2/index.php?module=domains")" |
||||
|
|
||||
|
table="$(echo "${response}" | tr -d '\n' | sed 's|.*<div class="box"><div class="boxtitle">Your domains</div><div class="boxtext"><table|<table|; s|</table>.*|</table>|')" |
||||
|
_debug2 table "${table}" |
||||
|
zone_names="$(echo "${table}" | _egrep_o '<b>[^<]*</b>' | sed 's|<b>||;s|</b>||')" |
||||
|
_debug2 _matches "${zone_names}" |
||||
|
# Zone names and zone IDs are in same order |
||||
|
zone_ids=$(echo "${table}" | _egrep_o '<a href=.index\.php\?module=domain&id=[0-9]+. onclick="javascript:show_loader\(\);">' | sed 's|.*id=||;s|. .*||') |
||||
|
|
||||
|
_debug2 "These are the zones on this Geoscaling account:" |
||||
|
_debug2 "zone_names" "${zone_names}" |
||||
|
_debug2 "And these are their respective IDs:" |
||||
|
_debug2 "zone_ids" "${zone_ids}" |
||||
|
if [ -z "${zone_names}" ] || [ -z "${zone_ids}" ]; then |
||||
|
_err "Can not get zone names or IDs." |
||||
|
return 1 |
||||
|
fi |
||||
|
# Walk through all possible zone names |
||||
|
strip_counter=1 |
||||
|
while true; do |
||||
|
attempted_zone=$(echo "${domain}" | cut -d . -f ${strip_counter}-) |
||||
|
|
||||
|
# All possible zone names have been tried |
||||
|
if [ -z "${attempted_zone}" ]; then |
||||
|
_err "No zone for domain '${domain}' found." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Looking for zone '${attempted_zone}'" |
||||
|
|
||||
|
line_num="$(echo "${zone_names}" | grep -n "^${attempted_zone}\$" | _head_n 1 | cut -d : -f 1)" |
||||
|
_debug2 line_num "${line_num}" |
||||
|
if [ "$line_num" ]; then |
||||
|
zone_id=$(echo "${zone_ids}" | sed -n "${line_num}p") |
||||
|
zone_name=$(echo "${zone_names}" | sed -n "${line_num}p") |
||||
|
if [ -z "${zone_id}" ]; then |
||||
|
_err "Can not find zone id." |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "Found relevant zone '${attempted_zone}' with id '${zone_id}' - will be used for domain '${domain}'." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_debug "Zone '${attempted_zone}' doesn't exist, let's try a less specific zone." |
||||
|
strip_counter=$(_math "${strip_counter}" + 1) |
||||
|
done |
||||
|
} |
||||
|
# vim: et:ts=2:sw=2: |
@ -0,0 +1,163 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Supports IONOS DNS API Beta v1.0.0 |
||||
|
# |
||||
|
# Usage: |
||||
|
# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: |
||||
|
# |
||||
|
# $ export IONOS_PREFIX="..." |
||||
|
# $ export IONOS_SECRET="..." |
||||
|
# |
||||
|
# $ acme.sh --issue --dns dns_ionos ... |
||||
|
|
||||
|
IONOS_API="https://api.hosting.ionos.com/dns" |
||||
|
IONOS_ROUTE_ZONES="/v1/zones" |
||||
|
|
||||
|
IONOS_TXT_TTL=60 # minimum accepted by API |
||||
|
IONOS_TXT_PRIO=10 |
||||
|
|
||||
|
dns_ionos_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _ionos_init; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" |
||||
|
|
||||
|
if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then |
||||
|
_info "TXT record has been created successfully." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
dns_ionos_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _ionos_init; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then |
||||
|
_err "Could not find _acme-challenge TXT record." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ -z "$response" ]; then |
||||
|
_info "TXT record has been deleted successfully." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_init() { |
||||
|
IONOS_PREFIX="${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}" |
||||
|
IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" |
||||
|
|
||||
|
if [ -z "$IONOS_PREFIX" ] || [ -z "$IONOS_SECRET" ]; then |
||||
|
_err "You didn't specify an IONOS api prefix and secret yet." |
||||
|
_err "Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." |
||||
|
_err "" |
||||
|
_err "Then set them before calling acme.sh:" |
||||
|
_err "\$ export IONOS_PREFIX=\"...\"" |
||||
|
_err "\$ export IONOS_SECRET=\"...\"" |
||||
|
_err "\$ acme.sh --issue -d ... --dns dns_ionos" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" |
||||
|
_saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Cannot find this domain in your IONOS account." |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then |
||||
|
response="$(echo "$response" | tr -d "\n")" |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_zone="$(echo "$response" | _egrep_o "\"name\":\"$h\".*\}")" |
||||
|
if [ "$_zone" ]; then |
||||
|
_zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
||||
|
if [ "$_zone_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
|
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_get_record() { |
||||
|
fulldomain=$1 |
||||
|
zone_id=$2 |
||||
|
txtrecord=$3 |
||||
|
|
||||
|
if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then |
||||
|
response="$(echo "$response" | tr -d "\n")" |
||||
|
|
||||
|
_record="$(echo "$response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" |
||||
|
if [ "$_record" ]; then |
||||
|
_record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
||||
|
|
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_rest() { |
||||
|
method="$1" |
||||
|
route="$2" |
||||
|
data="$3" |
||||
|
|
||||
|
IONOS_API_KEY="$(printf "%s.%s" "$IONOS_PREFIX" "$IONOS_SECRET")" |
||||
|
|
||||
|
export _H1="X-API-Key: $IONOS_API_KEY" |
||||
|
|
||||
|
if [ "$method" != "GET" ]; then |
||||
|
export _H2="Accept: application/json" |
||||
|
export _H3="Content-Type: application/json" |
||||
|
|
||||
|
response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" |
||||
|
else |
||||
|
export _H2="Accept: */*" |
||||
|
export _H3= |
||||
|
response="$(_get "$IONOS_API$route")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "Error $route: $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 "response" "$response" |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,261 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication |
||||
|
# To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com |
||||
|
# Cannot retest once cert is issued |
||||
|
# OAuth2 tokens only valid for 300 seconds so we do not store |
||||
|
# NOTE: This will remove all TXT records matching the fulldomain, not just the added ones (_acme-challenge.www.domain.com) |
||||
|
|
||||
|
# Test OAuth2 credentials |
||||
|
#MB_AK="aaaaaaaaaaaaaaaa" |
||||
|
#MB_AS="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" |
||||
|
|
||||
|
# URLs |
||||
|
MB_API='https://api.mythic-beasts.com/dns/v2/zones' |
||||
|
MB_AUTH='https://auth.mythic-beasts.com/login' |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_mythic_beasts_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "MYTHIC BEASTS Adding record $fulldomain = $txtvalue" |
||||
|
if ! _initAuth; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# method path body_data |
||||
|
if _mb_rest POST "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then |
||||
|
|
||||
|
if _contains "$response" "1 records added"; then |
||||
|
_info "Added, verifying..." |
||||
|
# Max 120 seconds to publish |
||||
|
for i in $(seq 1 6); do |
||||
|
# Retry on error |
||||
|
if ! _mb_rest GET "$_domain/records/$_sub_domain/TXT?verify"; then |
||||
|
_sleep 20 |
||||
|
else |
||||
|
_info "Record published!" |
||||
|
return 0 |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
else |
||||
|
_err "\n$response" |
||||
|
fi |
||||
|
|
||||
|
fi |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_mythic_beasts_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "MYTHIC BEASTS Removing record $fulldomain = $txtvalue" |
||||
|
if ! _initAuth; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# method path body_data |
||||
|
if _mb_rest DELETE "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then |
||||
|
_info "Record removed" |
||||
|
return 0 |
||||
|
fi |
||||
|
_err "Remove txt record error." |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
#Possible formats: |
||||
|
# _acme-challenge.www.example.com |
||||
|
# _acme-challenge.example.com |
||||
|
# _acme-challenge.example.co.uk |
||||
|
# _acme-challenge.www.example.co.uk |
||||
|
# _acme-challenge.sub1.sub2.www.example.co.uk |
||||
|
# sub1.sub2.example.co.uk |
||||
|
# example.com |
||||
|
# example.co.uk |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
_debug "Detect the root zone" |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
_err "Domain exhausted" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# Use the status errors to find the domain, continue on 403 Access denied |
||||
|
# method path body_data |
||||
|
_mb_rest GET "$h/records" |
||||
|
ret="$?" |
||||
|
if [ "$ret" -eq 0 ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
return 0 |
||||
|
elif [ "$ret" -eq 1 ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
|
||||
|
if [ "$i" -gt 50 ]; then |
||||
|
break |
||||
|
fi |
||||
|
done |
||||
|
_err "Domain too long" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_initAuth() { |
||||
|
MB_AK="${MB_AK:-$(_readaccountconf_mutable MB_AK)}" |
||||
|
MB_AS="${MB_AS:-$(_readaccountconf_mutable MB_AS)}" |
||||
|
|
||||
|
if [ -z "$MB_AK" ] || [ -z "$MB_AS" ]; then |
||||
|
MB_AK="" |
||||
|
MB_AS="" |
||||
|
_err "Please specify an OAuth2 Key & Secret" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable MB_AK "$MB_AK" |
||||
|
_saveaccountconf_mutable MB_AS "$MB_AS" |
||||
|
|
||||
|
if ! _oauth2; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Checking authentication" |
||||
|
_secure_debug access_token "$MB_TK" |
||||
|
_sleep 1 |
||||
|
|
||||
|
# GET a list of zones |
||||
|
# method path body_data |
||||
|
if ! _mb_rest GET ""; then |
||||
|
_err "The token is invalid" |
||||
|
return 1 |
||||
|
fi |
||||
|
_info "Token OK" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# Github appears to use an outbound proxy for requests which means subsequent requests may not have the same |
||||
|
# source IP. The standard Mythic Beasts OAuth2 tokens are tied to an IP, meaning github test requests fail |
||||
|
# authentication. This is a work around using an undocumented MB API to obtain a token not tied to an |
||||
|
# IP just for the github tests. |
||||
|
_oauth2() { |
||||
|
if [ "$GITHUB_ACTIONS" = "true" ]; then |
||||
|
_oauth2_github |
||||
|
else |
||||
|
_oauth2_std |
||||
|
fi |
||||
|
return $? |
||||
|
} |
||||
|
|
||||
|
_oauth2_std() { |
||||
|
# HTTP Basic Authentication |
||||
|
_H1="Authorization: Basic $(echo "$MB_AK:$MB_AS" | _base64)" |
||||
|
_H2="Accepts: application/json" |
||||
|
export _H1 _H2 |
||||
|
body="grant_type=client_credentials" |
||||
|
|
||||
|
_info "Getting OAuth2 token..." |
||||
|
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
||||
|
response="$(_post "$body" "$MB_AUTH" "" "POST" "application/x-www-form-urlencoded")" |
||||
|
if _contains "$response" "\"token_type\":\"bearer\""; then |
||||
|
MB_TK="$(echo "$response" | _egrep_o "access_token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" |
||||
|
if [ -z "$MB_TK" ]; then |
||||
|
_err "Unable to get access_token" |
||||
|
_err "\n$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_err "OAuth2 token_type not Bearer" |
||||
|
_err "\n$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_oauth2_github() { |
||||
|
_H1="Accepts: application/json" |
||||
|
export _H1 |
||||
|
body="{\"login\":{\"handle\":\"$MB_AK\",\"pass\":\"$MB_AS\",\"floating\":1}}" |
||||
|
|
||||
|
_info "Getting Floating token..." |
||||
|
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
||||
|
response="$(_post "$body" "$MB_AUTH" "" "POST" "application/json")" |
||||
|
MB_TK="$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" |
||||
|
if [ -z "$MB_TK" ]; then |
||||
|
_err "Unable to get token" |
||||
|
_err "\n$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# method path body_data |
||||
|
_mb_rest() { |
||||
|
# URL encoded body for single API operations |
||||
|
m="$1" |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
|
||||
|
if [ -z "$ep" ]; then |
||||
|
_mb_url="$MB_API" |
||||
|
else |
||||
|
_mb_url="$MB_API/$ep" |
||||
|
fi |
||||
|
|
||||
|
_H1="Authorization: Bearer $MB_TK" |
||||
|
_H2="Accepts: application/json" |
||||
|
export _H1 _H2 |
||||
|
if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then |
||||
|
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
||||
|
response="$(_post "data=$data" "$_mb_url" "" "$m" "application/x-www-form-urlencoded")" |
||||
|
else |
||||
|
response="$(_get "$_mb_url")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "Request error" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
header="$(cat "$HTTP_HEADER")" |
||||
|
status="$(echo "$header" | _egrep_o "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n")" |
||||
|
code="$(echo "$status" | _egrep_o "^[0-9]*")" |
||||
|
if [ "$code" -ge 400 ] || _contains "$response" "\"error\"" || _contains "$response" "invalid_client"; then |
||||
|
_err "error $status" |
||||
|
_err "\n$response" |
||||
|
_debug "\n$header" |
||||
|
return 2 |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,324 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# |
||||
|
# Acme.sh DNS API plugin for Oracle Cloud Infrastructure |
||||
|
# Copyright (c) 2021, Oracle and/or its affiliates |
||||
|
# |
||||
|
# The plugin will automatically use the default profile from an OCI SDK and CLI |
||||
|
# configuration file, if it exists. |
||||
|
# |
||||
|
# Alternatively, set the following environment variables: |
||||
|
# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone |
||||
|
# - OCI_CLI_USER : OCID of user with permission to add/remove records from zones |
||||
|
# - OCI_CLI_REGION : Should point to the tenancy home region |
||||
|
# |
||||
|
# One of the following two variables is required: |
||||
|
# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or |
||||
|
# - OCI_CLI_KEY : The private API signing key in PEM format |
||||
|
# |
||||
|
# NOTE: using an encrypted private key that needs a passphrase is not supported. |
||||
|
# |
||||
|
|
||||
|
dns_oci_add() { |
||||
|
_fqdn="$1" |
||||
|
_rdata="$2" |
||||
|
|
||||
|
if _get_oci_zone; then |
||||
|
|
||||
|
_add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}" |
||||
|
response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body") |
||||
|
if [ "$response" ]; then |
||||
|
_info "Success: added TXT record for ${_sub_domain}.${_domain}." |
||||
|
else |
||||
|
_err "Error: failed to add TXT record for ${_sub_domain}.${_domain}." |
||||
|
_err "Check that the user has permission to add records to this zone." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
dns_oci_rm() { |
||||
|
_fqdn="$1" |
||||
|
_rdata="$2" |
||||
|
|
||||
|
if _get_oci_zone; then |
||||
|
|
||||
|
_remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}" |
||||
|
response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body") |
||||
|
if [ "$response" ]; then |
||||
|
_info "Success: removed TXT record for ${_sub_domain}.${_domain}." |
||||
|
else |
||||
|
_err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}." |
||||
|
_err "Check that the user has permission to remove records from this zone." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
_get_oci_zone() { |
||||
|
|
||||
|
if ! _oci_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_zone "$_fqdn"; then |
||||
|
_err "Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
_oci_config() { |
||||
|
|
||||
|
_DEFAULT_OCI_CLI_CONFIG_FILE="$HOME/.oci/config" |
||||
|
OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}" |
||||
|
|
||||
|
if [ -z "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
OCI_CLI_CONFIG_FILE="$_DEFAULT_OCI_CLI_CONFIG_FILE" |
||||
|
fi |
||||
|
|
||||
|
if [ "$_DEFAULT_OCI_CLI_CONFIG_FILE" != "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_CONFIG_FILE "$OCI_CLI_CONFIG_FILE" |
||||
|
else |
||||
|
_clearaccountconf_mutable OCI_CLI_CONFIG_FILE |
||||
|
fi |
||||
|
|
||||
|
_DEFAULT_OCI_CLI_PROFILE="DEFAULT" |
||||
|
OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}" |
||||
|
if [ "$_DEFAULT_OCI_CLI_PROFILE" != "$OCI_CLI_PROFILE" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_PROFILE "$OCI_CLI_PROFILE" |
||||
|
else |
||||
|
OCI_CLI_PROFILE="$_DEFAULT_OCI_CLI_PROFILE" |
||||
|
_clearaccountconf_mutable OCI_CLI_PROFILE |
||||
|
fi |
||||
|
|
||||
|
OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}" |
||||
|
if [ "$OCI_CLI_TENANCY" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY" |
||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
_debug "Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE" |
||||
|
OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini "$OCI_CLI_CONFIG_FILE" tenancy "$OCI_CLI_PROFILE")}" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$OCI_CLI_TENANCY" ]; then |
||||
|
_err "Error: unable to read OCI_CLI_TENANCY from config file or environment variable." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}" |
||||
|
if [ "$OCI_CLI_USER" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER" |
||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
_debug "Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE" |
||||
|
OCI_CLI_USER="${OCI_CLI_USER:-$(_readini "$OCI_CLI_CONFIG_FILE" user "$OCI_CLI_PROFILE")}" |
||||
|
fi |
||||
|
if [ -z "$OCI_CLI_USER" ]; then |
||||
|
_err "Error: unable to read OCI_CLI_USER from config file or environment variable." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}" |
||||
|
if [ "$OCI_CLI_REGION" ]; then |
||||
|
_saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION" |
||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then |
||||
|
_debug "Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE" |
||||
|
OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini "$OCI_CLI_CONFIG_FILE" region "$OCI_CLI_PROFILE")}" |
||||
|
fi |
||||
|
if [ -z "$OCI_CLI_REGION" ]; then |
||||
|
_err "Error: unable to read OCI_CLI_REGION from config file or environment variable." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}" |
||||
|
if [ -z "$OCI_CLI_KEY" ]; then |
||||
|
_clearaccountconf_mutable OCI_CLI_KEY |
||||
|
OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini "$OCI_CLI_CONFIG_FILE" key_file "$OCI_CLI_PROFILE")}" |
||||
|
if [ "$OCI_CLI_KEY_FILE" ] && [ -f "$OCI_CLI_KEY_FILE" ]; then |
||||
|
_debug "Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE" |
||||
|
OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE") |
||||
|
_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" |
||||
|
fi |
||||
|
else |
||||
|
_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then |
||||
|
_err "Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE." |
||||
|
_err "Error: unable to load private API signing key from OCI_CLI_KEY." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then |
||||
|
OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline) |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
# _get_zone(): retrieves the Zone name and OCID |
||||
|
# |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_ociid=ocid1.dns-zone.oc1.. |
||||
|
_get_zone() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
# not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id") |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
|
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#Usage: privatekey |
||||
|
#Output MD5 fingerprint |
||||
|
_fingerprint() { |
||||
|
|
||||
|
pkey="$1" |
||||
|
if [ -z "$pkey" ]; then |
||||
|
_usage "Usage: _fingerprint privkey" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
printf "%s" "$pkey" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' ' |
||||
|
|
||||
|
} |
||||
|
|
||||
|
_signed_request() { |
||||
|
|
||||
|
_sig_method="$1" |
||||
|
_sig_target="$2" |
||||
|
_sig_body="$3" |
||||
|
_return_field="$4" |
||||
|
|
||||
|
_key_fingerprint=$(_fingerprint "$OCI_CLI_KEY") |
||||
|
_sig_host="dns.$OCI_CLI_REGION.oraclecloud.com" |
||||
|
_sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint" |
||||
|
_sig_alg="rsa-sha256" |
||||
|
_sig_version="1" |
||||
|
_sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")" |
||||
|
|
||||
|
_request_method=$(printf %s "$_sig_method" | _lower_case) |
||||
|
_curl_method=$(printf %s "$_sig_method" | _upper_case) |
||||
|
|
||||
|
_request_target="(request-target): $_request_method $_sig_target" |
||||
|
_date_header="date: $_sig_now" |
||||
|
_host_header="host: $_sig_host" |
||||
|
|
||||
|
_string_to_sign="$_request_target\n$_date_header\n$_host_header" |
||||
|
_sig_headers="(request-target) date host" |
||||
|
|
||||
|
if [ "$_sig_body" ]; then |
||||
|
_secure_debug3 _sig_body "$_sig_body" |
||||
|
_sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | _digest sha256)" |
||||
|
_sig_body_type="content-type: application/json" |
||||
|
_sig_body_length="content-length: ${#_sig_body}" |
||||
|
_string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length" |
||||
|
_sig_headers="$_sig_headers x-content-sha256 content-type content-length" |
||||
|
fi |
||||
|
|
||||
|
_tmp_file=$(_mktemp) |
||||
|
if [ -f "$_tmp_file" ]; then |
||||
|
printf '%s' "$OCI_CLI_KEY" >"$_tmp_file" |
||||
|
_signature=$(printf '%b' "$_string_to_sign" | _sign "$_tmp_file" sha256 | tr -d '\r\n') |
||||
|
rm -f "$_tmp_file" |
||||
|
fi |
||||
|
|
||||
|
_signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\"" |
||||
|
_secure_debug3 _signed_header "$_signed_header" |
||||
|
|
||||
|
if [ "$_curl_method" = "GET" ]; then |
||||
|
export _H1="$_date_header" |
||||
|
export _H2="$_signed_header" |
||||
|
_response="$(_get "https://${_sig_host}${_sig_target}")" |
||||
|
elif [ "$_curl_method" = "PATCH" ]; then |
||||
|
export _H1="$_date_header" |
||||
|
export _H2="$_sig_body_sha256" |
||||
|
export _H3="$_sig_body_type" |
||||
|
export _H4="$_sig_body_length" |
||||
|
export _H5="$_signed_header" |
||||
|
_response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")" |
||||
|
else |
||||
|
_err "Unable to process method: $_curl_method." |
||||
|
fi |
||||
|
|
||||
|
_ret="$?" |
||||
|
if [ "$_return_field" ]; then |
||||
|
_response="$(echo "$_response" | sed 's/\\\"//g'))" |
||||
|
_return=$(echo "${_response}" | _egrep_o "\"$_return_field\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") |
||||
|
else |
||||
|
_return="$_response" |
||||
|
fi |
||||
|
|
||||
|
printf "%s" "$_return" |
||||
|
return $_ret |
||||
|
|
||||
|
} |
||||
|
|
||||
|
# file key [section] |
||||
|
_readini() { |
||||
|
_file="$1" |
||||
|
_key="$2" |
||||
|
_section="${3:-DEFAULT}" |
||||
|
|
||||
|
_start_n=$(grep -n '\['"$_section"']' "$_file" | cut -d : -f 1) |
||||
|
_debug3 _start_n "$_start_n" |
||||
|
if [ -z "$_start_n" ]; then |
||||
|
_err "Can not find section: $_section" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_start_nn=$(_math "$_start_n" + 1) |
||||
|
_debug3 "_start_nn" "$_start_nn" |
||||
|
|
||||
|
_left="$(sed -n "${_start_nn},99999p" "$_file")" |
||||
|
_debug3 _left "$_left" |
||||
|
_end="$(echo "$_left" | grep -n "^\[" | _head_n 1)" |
||||
|
_debug3 "_end" "$_end" |
||||
|
if [ "$_end" ]; then |
||||
|
_end_n=$(echo "$_end" | cut -d : -f 1) |
||||
|
_debug3 "_end_n" "$_end_n" |
||||
|
_seg_n=$(echo "$_left" | sed -n "1,${_end_n}p") |
||||
|
else |
||||
|
_seg_n="$_left" |
||||
|
fi |
||||
|
|
||||
|
_debug3 "_seg_n" "$_seg_n" |
||||
|
_lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")" |
||||
|
_inivalue="$(printf "%b" "$(eval "echo $_lineini | sed \"s/^ *${_key} *= *//g\"")")" |
||||
|
_debug2 _inivalue "$_inivalue" |
||||
|
echo "$_inivalue" |
||||
|
|
||||
|
} |
@ -0,0 +1,157 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" |
||||
|
#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" |
||||
|
|
||||
|
PORKBUN_Api="https://porkbun.com/api/json/v3" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_porkbun_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" |
||||
|
PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" |
||||
|
|
||||
|
if [ -z "$PORKBUN_API_KEY" ] || [ -z "$PORKBUN_SECRET_API_KEY" ]; then |
||||
|
PORKBUN_API_KEY='' |
||||
|
PORKBUN_SECRET_API_KEY='' |
||||
|
_err "You didn't specify a Porkbun api key and secret api key yet." |
||||
|
_err "You can get yours from here https://porkbun.com/account/api." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the credentials to the account conf file. |
||||
|
_saveaccountconf_mutable PORKBUN_API_KEY "$PORKBUN_API_KEY" |
||||
|
_saveaccountconf_mutable PORKBUN_SECRET_API_KEY "$PORKBUN_SECRET_API_KEY" |
||||
|
|
||||
|
_debug 'First detect the root zone' |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so |
||||
|
# we can not use updating anymore. |
||||
|
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
||||
|
# _debug count "$count" |
||||
|
# if [ "$count" = "0" ]; then |
||||
|
_info "Adding record" |
||||
|
if _porkbun_rest POST "dns/create/$_domain" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":120}"; then |
||||
|
if _contains "$response" '\"status\":"SUCCESS"'; then |
||||
|
_info "Added, OK" |
||||
|
return 0 |
||||
|
elif _contains "$response" "The record already exists"; then |
||||
|
_info "Already exists, OK" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error. ($response)" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#fulldomain txtvalue |
||||
|
dns_porkbun_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" |
||||
|
PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" |
||||
|
|
||||
|
_debug 'First detect the root zone' |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ") |
||||
|
_debug count "$count" |
||||
|
if [ "$count" = "0" ]; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
record_id=$(echo "$response" | tr '{' '\n' | grep -- "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \") |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _porkbun_rest POST "dns/delete/$_domain/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _porkbun_rest POST "dns/retrieve/$h"; then |
||||
|
if _contains "$response" "\"status\":\"SUCCESS\""; then |
||||
|
_domain=$h |
||||
|
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" |
||||
|
return 0 |
||||
|
else |
||||
|
_debug "Go to next level of $_domain" |
||||
|
fi |
||||
|
else |
||||
|
_debug "Go to next level of $_domain" |
||||
|
fi |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_porkbun_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"') |
||||
|
secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"') |
||||
|
|
||||
|
test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1)," |
||||
|
data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}" |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$PORKBUN_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$PORKBUN_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
_sleep 3 # prevent rate limit |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,156 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Provider: RackCorp (www.rackcorp.com) |
||||
|
# Author: Stephen Dendtler (sdendtler@rackcorp.com) |
||||
|
# Report Bugs here: https://github.com/senjoo/acme.sh |
||||
|
# Alternate email contact: support@rackcorp.com |
||||
|
# |
||||
|
# You'll need an API key (Portal: ADMINISTRATION -> API) |
||||
|
# Set the environment variables as below: |
||||
|
# |
||||
|
# export RACKCORP_APIUUID="UUIDHERE" |
||||
|
# export RACKCORP_APISECRET="SECRETHERE" |
||||
|
# |
||||
|
|
||||
|
RACKCORP_API_ENDPOINT="https://api.rackcorp.net/api/rest/v2.4/json.php" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
dns_rackcorp_add() { |
||||
|
fulldomain="$1" |
||||
|
txtvalue="$2" |
||||
|
|
||||
|
_debug fulldomain="$fulldomain" |
||||
|
_debug txtvalue="$txtvalue" |
||||
|
|
||||
|
if ! _rackcorp_validate; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Searching for root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _lookup "$_lookup" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Creating TXT record." |
||||
|
|
||||
|
if ! _rackcorp_api dns.record.create "\"name\":\"$_domain\",\"type\":\"TXT\",\"lookup\":\"$_lookup\",\"data\":\"$txtvalue\",\"ttl\":300"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_rackcorp_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug fulldomain="$fulldomain" |
||||
|
_debug txtvalue="$txtvalue" |
||||
|
|
||||
|
if ! _rackcorp_validate; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Searching for root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _lookup "$_lookup" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Creating TXT record." |
||||
|
|
||||
|
if ! _rackcorp_api dns.record.delete "\"name\":\"$_domain\",\"type\":\"TXT\",\"lookup\":\"$_lookup\",\"data\":\"$txtvalue\""; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.domain.com |
||||
|
#returns |
||||
|
# _lookup=_acme-challenge |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
if ! _rackcorp_api dns.domain.getall "\"name\":\"$domain\""; then |
||||
|
return 1 |
||||
|
fi |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug searchhost "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
_err "Could not find domain for record $domain in RackCorp using the provided credentials" |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_rackcorp_api dns.domain.getall "\"exactName\":\"$h\"" |
||||
|
|
||||
|
if _contains "$response" "\"matches\":1"; then |
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_lookup=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_rackcorp_validate() { |
||||
|
RACKCORP_APIUUID="${RACKCORP_APIUUID:-$(_readaccountconf_mutable RACKCORP_APIUUID)}" |
||||
|
if [ -z "$RACKCORP_APIUUID" ]; then |
||||
|
RACKCORP_APIUUID="" |
||||
|
_err "You require a RackCorp API UUID (export RACKCORP_APIUUID=\"<api uuid>\")" |
||||
|
_err "Please login to the portal and create an API key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable RACKCORP_APIUUID "$RACKCORP_APIUUID" |
||||
|
|
||||
|
RACKCORP_APISECRET="${RACKCORP_APISECRET:-$(_readaccountconf_mutable RACKCORP_APISECRET)}" |
||||
|
if [ -z "$RACKCORP_APISECRET" ]; then |
||||
|
RACKCORP_APISECRET="" |
||||
|
_err "You require a RackCorp API secret (export RACKCORP_APISECRET=\"<api secret>\")" |
||||
|
_err "Please login to the portal and create an API key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable RACKCORP_APISECRET "$RACKCORP_APISECRET" |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
_rackcorp_api() { |
||||
|
_rackcorpcmd=$1 |
||||
|
_rackcorpinputdata=$2 |
||||
|
_debug cmd "$_rackcorpcmd $_rackcorpinputdata" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
response="$(_post "{\"APIUUID\":\"$RACKCORP_APIUUID\",\"APISECRET\":\"$RACKCORP_APISECRET\",\"cmd\":\"$_rackcorpcmd\",$_rackcorpinputdata}" "$RACKCORP_API_ENDPOINT" "" "POST")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
if _contains "$response" "\"code\":\"OK\""; then |
||||
|
_debug code "OK" |
||||
|
else |
||||
|
_debug code "FAILED" |
||||
|
response="" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,176 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Scaleway API |
||||
|
# https://developers.scaleway.com/en/products/domain/dns/api/ |
||||
|
# |
||||
|
# Requires Scaleway API token set in SCALEWAY_API_TOKEN |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
SCALEWAY_API="https://api.scaleway.com/domain/v2beta1" |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_scaleway_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _scaleway_check_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
_scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue" |
||||
|
if _contains "$response" "records"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err error "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_info "Record added." |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
dns_scaleway_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _scaleway_check_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Deleting record" |
||||
|
_scaleway_delete_TXT_record "$_domain" "$_sub_domain" "$txtvalue" |
||||
|
if _contains "$response" "records"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err error "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_info "Record deleted." |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_scaleway_check_config() { |
||||
|
SCALEWAY_API_TOKEN="${SCALEWAY_API_TOKEN:-$(_readaccountconf_mutable SCALEWAY_API_TOKEN)}" |
||||
|
if [ -z "$SCALEWAY_API_TOKEN" ]; then |
||||
|
_err "No API key specified for Scaleway API." |
||||
|
_err "Create your key and export it as SCALEWAY_API_TOKEN" |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _scaleway_rest GET "dns-zones"; then |
||||
|
_err "Invalid API key specified for Scaleway API." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable SCALEWAY_API_TOKEN "$SCALEWAY_API_TOKEN" |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_scaleway_rest GET "dns-zones/$h/records" |
||||
|
|
||||
|
if ! _contains "$response" "subdomain not found" >/dev/null; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
_err "Unable to retrive DNS zone matching this domain" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
# this function add a TXT record |
||||
|
_scaleway_create_TXT_record() { |
||||
|
txt_zone=$1 |
||||
|
txt_name=$2 |
||||
|
txt_value=$3 |
||||
|
|
||||
|
_scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"add\":{\"records\":[{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\",\"ttl\":60}]}}]}" |
||||
|
|
||||
|
if _contains "$response" "records"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err "error1 $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# this function delete a TXT record based on name and content |
||||
|
_scaleway_delete_TXT_record() { |
||||
|
txt_zone=$1 |
||||
|
txt_name=$2 |
||||
|
txt_value=$3 |
||||
|
|
||||
|
_scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"delete\":{\"id_fields\":{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\"}}}]}" |
||||
|
|
||||
|
if _contains "$response" "records"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err "error2 $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_scaleway_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
_scaleway_url="$SCALEWAY_API/$ep" |
||||
|
_debug2 _scaleway_url "$_scaleway_url" |
||||
|
export _H1="x-auth-token: $SCALEWAY_API_TOKEN" |
||||
|
export _H2="Accept: application/json" |
||||
|
export _H3="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$data" ] || [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$_scaleway_url" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$_scaleway_url")" |
||||
|
fi |
||||
|
if [ "$?" != "0" ] || _contains "$response" "denied_authentication" || _contains "$response" "Method not allowed" || _contains "$response" "json parse error: unexpected EOF"; then |
||||
|
_err "error $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,269 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# API-integration for Simply.com (https://www.simply.com) |
||||
|
|
||||
|
#SIMPLY_AccountName="accountname" |
||||
|
#SIMPLY_ApiKey="apikey" |
||||
|
# |
||||
|
#SIMPLY_Api="https://api.simply.com/2/" |
||||
|
SIMPLY_Api_Default="https://api.simply.com/2" |
||||
|
|
||||
|
#This is used for determining success of REST call |
||||
|
SIMPLY_SUCCESS_CODE='"status":200' |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_simply_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _simply_load_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_simply_save_config |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
|
||||
|
if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then |
||||
|
_err "Could not add DNS record" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
dns_simply_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _simply_load_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_simply_save_config |
||||
|
|
||||
|
_debug "Find the DNS zone" |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
_info "Getting all existing records" |
||||
|
|
||||
|
if ! _simply_get_all_records "$_domain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' ' | tr -d ' ' | tr ';' ' ') |
||||
|
|
||||
|
nr_of_deleted_records=0 |
||||
|
_info "Fetching txt record" |
||||
|
|
||||
|
for record in $records; do |
||||
|
_debug record "$record" |
||||
|
|
||||
|
record_data=$(echo "$record" | sed -n "s/.*\"data\":\"\([^\"]*\)\".*/\1/p") |
||||
|
record_type=$(echo "$record" | sed -n "s/.*\"type\":\"\([^\"]*\)\".*/\1/p") |
||||
|
|
||||
|
_debug2 record_data "$record_data" |
||||
|
_debug2 record_type "$record_type" |
||||
|
|
||||
|
if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then |
||||
|
|
||||
|
record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) |
||||
|
|
||||
|
_info "Deleting record $record" |
||||
|
_debug2 record_id "$record_id" |
||||
|
|
||||
|
if [ "$record_id" -gt 0 ]; then |
||||
|
|
||||
|
if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then |
||||
|
_err "Record with id $record_id could not be deleted" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
nr_of_deleted_records=1 |
||||
|
break |
||||
|
else |
||||
|
_err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" |
||||
|
break |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
done |
||||
|
|
||||
|
if [ "$nr_of_deleted_records" -eq 0 ]; then |
||||
|
_err "No record deleted, the DNS record needs to be removed manually." |
||||
|
else |
||||
|
_info "Deleted $nr_of_deleted_records record" |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_simply_load_config() { |
||||
|
SIMPLY_Api="${SIMPLY_Api:-$(_readaccountconf_mutable SIMPLY_Api)}" |
||||
|
SIMPLY_AccountName="${SIMPLY_AccountName:-$(_readaccountconf_mutable SIMPLY_AccountName)}" |
||||
|
SIMPLY_ApiKey="${SIMPLY_ApiKey:-$(_readaccountconf_mutable SIMPLY_ApiKey)}" |
||||
|
|
||||
|
if [ -z "$SIMPLY_Api" ]; then |
||||
|
SIMPLY_Api="$SIMPLY_Api_Default" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then |
||||
|
SIMPLY_AccountName="" |
||||
|
SIMPLY_ApiKey="" |
||||
|
|
||||
|
_err "A valid Simply API account and apikey not provided." |
||||
|
_err "Please provide a valid API user and try again." |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_simply_save_config() { |
||||
|
if [ "$SIMPLY_Api" != "$SIMPLY_Api_Default" ]; then |
||||
|
_saveaccountconf_mutable SIMPLY_Api "$SIMPLY_Api" |
||||
|
fi |
||||
|
_saveaccountconf_mutable SIMPLY_AccountName "$SIMPLY_AccountName" |
||||
|
_saveaccountconf_mutable SIMPLY_ApiKey "$SIMPLY_ApiKey" |
||||
|
} |
||||
|
|
||||
|
_simply_get_all_records() { |
||||
|
domain=$1 |
||||
|
|
||||
|
if ! _simply_rest GET "my/products/$domain/dns/records/"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _simply_rest GET "my/products/$h/dns/"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then |
||||
|
_debug "$h not found" |
||||
|
else |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
p="$i" |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_simply_add_record() { |
||||
|
domain=$1 |
||||
|
sub_domain=$2 |
||||
|
txtval=$3 |
||||
|
|
||||
|
data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}" |
||||
|
|
||||
|
if ! _simply_rest POST "my/products/$domain/dns/records/" "$data"; then |
||||
|
_err "Adding record not successfull!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then |
||||
|
_err "Call to API not sucessfull, see below message for more details" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_simply_delete_record() { |
||||
|
domain=$1 |
||||
|
sub_domain=$2 |
||||
|
record_id=$3 |
||||
|
|
||||
|
_debug record_id "Delete record with id $record_id" |
||||
|
|
||||
|
if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id/"; then |
||||
|
_err "Deleting record not successfull!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then |
||||
|
_err "Call to API not sucessfull, see below message for more details" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_simply_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
|
||||
|
_debug2 data "$data" |
||||
|
_debug2 ep "$ep" |
||||
|
_debug2 m "$m" |
||||
|
|
||||
|
basicauth=$(printf "%s:%s" "$SIMPLY_AccountName" "$SIMPLY_ApiKey" | _base64) |
||||
|
|
||||
|
if [ "$basicauth" ]; then |
||||
|
export _H1="Authorization: Basic $basicauth" |
||||
|
fi |
||||
|
|
||||
|
export _H2="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
response="$(_post "$data" "$SIMPLY_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$SIMPLY_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
response="$(echo "$response" | _normalizeJson)" |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
|
||||
|
if _contains "$response" "Invalid account authorization"; then |
||||
|
_err "It seems that your api key or accountnumber is not correct." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,160 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# united-domains Reselling (https://www.ud-reselling.com/) DNS API |
||||
|
# Author: Andreas Scherer (https://github.com/andischerer) |
||||
|
# Created: 2021-02-01 |
||||
|
# |
||||
|
# Set the environment variables as below: |
||||
|
# |
||||
|
# export UDR_USER="your_username_goes_here" |
||||
|
# export UDR_PASS="some_password_goes_here" |
||||
|
# |
||||
|
|
||||
|
UDR_API="https://api.domainreselling.de/api/call.cgi" |
||||
|
UDR_TTL="30" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "some_long_string_of_characters_go_here_from_lets_encrypt" |
||||
|
dns_udr_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
UDR_USER="${UDR_USER:-$(_readaccountconf_mutable UDR_USER)}" |
||||
|
UDR_PASS="${UDR_PASS:-$(_readaccountconf_mutable UDR_PASS)}" |
||||
|
if [ -z "$UDR_USER" ] || [ -z "$UDR_PASS" ]; then |
||||
|
UDR_USER="" |
||||
|
UDR_PASS="" |
||||
|
_err "You didn't specify an UD-Reselling username and password yet" |
||||
|
return 1 |
||||
|
fi |
||||
|
# save the username and password to the account conf file. |
||||
|
_saveaccountconf_mutable UDR_USER "$UDR_USER" |
||||
|
_saveaccountconf_mutable UDR_PASS "$UDR_PASS" |
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _dnszone "${_dnszone}" |
||||
|
|
||||
|
_debug "Getting txt records" |
||||
|
if ! _udr_rest "QueryDNSZoneRRList" "dnszone=${_dnszone}"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
rr="${fulldomain}. ${UDR_TTL} IN TXT ${txtvalue}" |
||||
|
_debug resource_record "${rr}" |
||||
|
if _contains "$response" "$rr" >/dev/null; then |
||||
|
_err "Error, it would appear that this record already exists. Please review existing TXT records for this domain." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Adding record" |
||||
|
if ! _udr_rest "UpdateDNSZone" "dnszone=${_dnszone}&addrr0=${rr}"; then |
||||
|
_err "Adding the record did not succeed, please verify/check." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Added, OK" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
dns_udr_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
UDR_USER="${UDR_USER:-$(_readaccountconf_mutable UDR_USER)}" |
||||
|
UDR_PASS="${UDR_PASS:-$(_readaccountconf_mutable UDR_PASS)}" |
||||
|
if [ -z "$UDR_USER" ] || [ -z "$UDR_PASS" ]; then |
||||
|
UDR_USER="" |
||||
|
UDR_PASS="" |
||||
|
_err "You didn't specify an UD-Reselling username and password yet" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _dnszone "${_dnszone}" |
||||
|
|
||||
|
_debug "Getting txt records" |
||||
|
if ! _udr_rest "QueryDNSZoneRRList" "dnszone=${_dnszone}"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
rr="${fulldomain}. ${UDR_TTL} IN TXT ${txtvalue}" |
||||
|
_debug resource_record "${rr}" |
||||
|
if _contains "$response" "$rr" >/dev/null; then |
||||
|
if ! _udr_rest "UpdateDNSZone" "dnszone=${_dnszone}&delrr0=${rr}"; then |
||||
|
_err "Deleting the record did not succeed, please verify/check." |
||||
|
return 1 |
||||
|
fi |
||||
|
_info "Removed, OK" |
||||
|
return 0 |
||||
|
else |
||||
|
_info "Text record is not present, will not delete anything." |
||||
|
return 0 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
|
||||
|
if ! _udr_rest "QueryDNSZoneList" ""; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
|
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "${response}" "${h}." >/dev/null; then |
||||
|
_dnszone=$(echo "$response" | _egrep_o "${h}") |
||||
|
if [ "$_dnszone" ]; then |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_udr_rest() { |
||||
|
if [ -n "$2" ]; then |
||||
|
data="command=$1&$2" |
||||
|
else |
||||
|
data="command=$1" |
||||
|
fi |
||||
|
|
||||
|
_debug data "${data}" |
||||
|
response="$(_post "${data}" "${UDR_API}?s_login=${UDR_USER}&s_pw=${UDR_PASS}" "" "POST")" |
||||
|
|
||||
|
_code=$(echo "$response" | _egrep_o "code = ([0-9]+)" | _head_n 1 | cut -d = -f 2 | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') |
||||
|
_description=$(echo "$response" | _egrep_o "description = .*" | _head_n 1 | cut -d = -f 2 | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') |
||||
|
|
||||
|
_debug response_code "$_code" |
||||
|
_debug response_description "$_description" |
||||
|
|
||||
|
if [ ! "$_code" = "200" ]; then |
||||
|
_err "DNS-API-Error: $_description" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,158 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# bug reports to stepan@plyask.in |
||||
|
|
||||
|
# |
||||
|
# export VEESP_User="username" |
||||
|
# export VEESP_Password="password" |
||||
|
|
||||
|
VEESP_Api="https://secure.veesp.com/api" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_veesp_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}" |
||||
|
VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}" |
||||
|
VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64) |
||||
|
|
||||
|
if [ -z "$VEESP_Password" ] || [ -z "$VEESP_User" ]; then |
||||
|
VEESP_Password="" |
||||
|
VEESP_User="" |
||||
|
_err "You don't specify veesp api key and email yet." |
||||
|
_err "Please create you key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api key and email to the account conf file. |
||||
|
_saveaccountconf_mutable VEESP_Password "$VEESP_Password" |
||||
|
_saveaccountconf_mutable VEESP_User "$VEESP_User" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
if VEESP_rest POST "service/$_service_id/dns/$_domain_id/records" "{\"name\":\"$fulldomain\",\"ttl\":1,\"priority\":0,\"type\":\"TXT\",\"content\":\"$txtvalue\"}"; then |
||||
|
if _contains "$response" "\"success\":true"; then |
||||
|
_info "Added" |
||||
|
#todo: check if the record takes effect |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_veesp_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}" |
||||
|
VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}" |
||||
|
VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64) |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting txt records" |
||||
|
VEESP_rest GET "service/$_service_id/dns/$_domain_id" |
||||
|
|
||||
|
count=$(printf "%s\n" "$response" | _egrep_o "\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | wc -l | tr -d " ") |
||||
|
_debug count "$count" |
||||
|
if [ "$count" = "0" ]; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
record_id=$(printf "%s\n" "$response" | _egrep_o "{\"id\":[^}]*\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | cut -d\" -f4) |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! VEESP_rest DELETE "service/$_service_id/dns/$_domain_id/records/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
_contains "$response" "\"success\":true" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
if ! VEESP_rest GET "dns"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"domain_id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1 | cut -d '"' -f 2) |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_service_id=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$h\",\"service_id\":[^}]*" | cut -d : -f 3 | cut -d '"' -f 2) |
||||
|
_debug _service_id "$_service_id" |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
VEESP_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
export _H2="Authorization: Basic $VEESP_auth" |
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
export _H3="Content-Type: application/json" |
||||
|
response="$(_post "$data" "$VEESP_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$VEESP_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,207 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Acme.sh DNS API wrapper for websupport.sk |
||||
|
# |
||||
|
# Original author: trgo.sk (https://github.com/trgosk) |
||||
|
# Tweaks by: akulumbeg (https://github.com/akulumbeg) |
||||
|
# Report Bugs here: https://github.com/akulumbeg/acme.sh |
||||
|
|
||||
|
# Requirements: API Key and Secret from https://admin.websupport.sk/en/auth/apiKey |
||||
|
# |
||||
|
# WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" |
||||
|
# (called "Identifier" in the WS Admin) |
||||
|
# |
||||
|
# WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
||||
|
# (called "Secret key" in the WS Admin) |
||||
|
|
||||
|
WS_Api="https://rest.websupport.sk" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
dns_websupport_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
WS_ApiKey="${WS_ApiKey:-$(_readaccountconf_mutable WS_ApiKey)}" |
||||
|
WS_ApiSecret="${WS_ApiSecret:-$(_readaccountconf_mutable WS_ApiSecret)}" |
||||
|
|
||||
|
if [ "$WS_ApiKey" ] && [ "$WS_ApiSecret" ]; then |
||||
|
_saveaccountconf_mutable WS_ApiKey "$WS_ApiKey" |
||||
|
_saveaccountconf_mutable WS_ApiSecret "$WS_ApiSecret" |
||||
|
else |
||||
|
WS_ApiKey="" |
||||
|
WS_ApiSecret="" |
||||
|
_err "You did not specify the API Key and/or API Secret" |
||||
|
_err "You can get the API login credentials from https://admin.websupport.sk/en/auth/apiKey" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so |
||||
|
# we can not use updating anymore. |
||||
|
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
||||
|
# _debug count "$count" |
||||
|
# if [ "$count" = "0" ]; then |
||||
|
_info "Adding record" |
||||
|
if _ws_rest POST "/v1/user/self/zone/$_domain/record" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Added, OK" |
||||
|
return 0 |
||||
|
elif _contains "$response" "The record already exists"; then |
||||
|
_info "Already exists, OK" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
dns_websupport_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug2 fulldomain "$fulldomain" |
||||
|
_debug2 txtvalue "$txtvalue" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting txt records" |
||||
|
_ws_rest GET "/v1/user/self/zone/$_domain/record" |
||||
|
|
||||
|
if [ "$(printf "%s" "$response" | tr -d " " | grep -c \"items\")" -lt "1" ]; then |
||||
|
_err "Error: $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
record_line="$(_get_from_array "$response" "$txtvalue")" |
||||
|
_debug record_line "$record_line" |
||||
|
if [ -z "$record_line" ]; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
record_id=$(echo "$record_line" | _egrep_o "\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _ws_rest DELETE "/v1/user/self/zone/$_domain/record/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
if [ "$(printf "%s" "$response" | tr -d " " | grep -c \"success\")" -lt "1" ]; then |
||||
|
return 1 |
||||
|
else |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private Functions ################################## |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _ws_rest GET "/v1/user/self/zone"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ws_rest() { |
||||
|
me=$1 |
||||
|
pa="$2" |
||||
|
da="$3" |
||||
|
|
||||
|
_debug2 api_key "$WS_ApiKey" |
||||
|
_debug2 api_secret "$WS_ApiSecret" |
||||
|
|
||||
|
timestamp=$(_time) |
||||
|
datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" |
||||
|
canonical_request="${me} ${pa} ${timestamp}" |
||||
|
signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) |
||||
|
basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" |
||||
|
|
||||
|
_debug2 method "$me" |
||||
|
_debug2 path "$pa" |
||||
|
_debug2 data "$da" |
||||
|
_debug2 timestamp "$timestamp" |
||||
|
_debug2 datez "$datez" |
||||
|
_debug2 canonical_request "$canonical_request" |
||||
|
_debug2 signature_hash "$signature_hash" |
||||
|
_debug2 basicauth "$basicauth" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H3="Authorization: Basic ${basicauth}" |
||||
|
export _H4="Date: ${datez}" |
||||
|
|
||||
|
_debug2 H1 "$_H1" |
||||
|
_debug2 H2 "$_H2" |
||||
|
_debug2 H3 "$_H3" |
||||
|
_debug2 H4 "$_H4" |
||||
|
|
||||
|
if [ "$me" != "GET" ]; then |
||||
|
_debug2 "${me} $WS_Api${pa}" |
||||
|
_debug data "$da" |
||||
|
response="$(_post "$da" "${WS_Api}${pa}" "" "$me")" |
||||
|
else |
||||
|
_debug2 "GET $WS_Api${pa}" |
||||
|
response="$(_get "$WS_Api${pa}")" |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
return "$?" |
||||
|
} |
||||
|
|
||||
|
_get_from_array() { |
||||
|
va="$1" |
||||
|
fi="$2" |
||||
|
for i in $(echo "$va" | sed "s/{/ /g"); do |
||||
|
if _contains "$i" "$fi"; then |
||||
|
echo "$i" |
||||
|
break |
||||
|
fi |
||||
|
done |
||||
|
} |
@ -0,0 +1,51 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support iOS Bark Notification |
||||
|
|
||||
|
#BARK_API_URL="https://api.day.app/xxxx" |
||||
|
#BARK_SOUND="yyyy" |
||||
|
#BARK_GROUP="zzzz" |
||||
|
|
||||
|
# subject content statusCode |
||||
|
bark_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_subject" "$_subject" |
||||
|
_debug "_content" "$_content" |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
BARK_API_URL="${BARK_API_URL:-$(_readaccountconf_mutable BARK_API_URL)}" |
||||
|
if [ -z "$BARK_API_URL" ]; then |
||||
|
BARK_API_URL="" |
||||
|
_err "You didn't specify a Bark API URL BARK_API_URL yet." |
||||
|
_err "You can download Bark from App Store and get yours." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable BARK_API_URL "$BARK_API_URL" |
||||
|
|
||||
|
BARK_SOUND="${BARK_SOUND:-$(_readaccountconf_mutable BARK_SOUND)}" |
||||
|
_saveaccountconf_mutable BARK_SOUND "$BARK_SOUND" |
||||
|
|
||||
|
BARK_GROUP="${BARK_GROUP:-$(_readaccountconf_mutable BARK_GROUP)}" |
||||
|
if [ -z "$BARK_GROUP" ]; then |
||||
|
BARK_GROUP="ACME" |
||||
|
_info "The BARK_GROUP is not set, so use the default ACME as group name." |
||||
|
else |
||||
|
_saveaccountconf_mutable BARK_GROUP "$BARK_GROUP" |
||||
|
fi |
||||
|
|
||||
|
_content=$(echo "$_content" | _url_encode) |
||||
|
_subject=$(echo "$_subject" | _url_encode) |
||||
|
|
||||
|
response="$(_get "$BARK_API_URL/$_subject/$_content?sound=$BARK_SOUND&group=$BARK_GROUP")" |
||||
|
|
||||
|
if [ "$?" = "0" ] && _contains "$response" "success"; then |
||||
|
_info "Bark API fired success." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_err "Bark API fired error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,57 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support Discord webhooks |
||||
|
|
||||
|
# Required: |
||||
|
#DISCORD_WEBHOOK_URL="" |
||||
|
# Optional: |
||||
|
#DISCORD_USERNAME="" |
||||
|
#DISCORD_AVATAR_URL="" |
||||
|
|
||||
|
discord_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
DISCORD_WEBHOOK_URL="${DISCORD_WEBHOOK_URL:-$(_readaccountconf_mutable DISCORD_WEBHOOK_URL)}" |
||||
|
if [ -z "$DISCORD_WEBHOOK_URL" ]; then |
||||
|
DISCORD_WEBHOOK_URL="" |
||||
|
_err "You didn't specify a Discord webhook url DISCORD_WEBHOOK_URL yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable DISCORD_WEBHOOK_URL "$DISCORD_WEBHOOK_URL" |
||||
|
|
||||
|
DISCORD_USERNAME="${DISCORD_USERNAME:-$(_readaccountconf_mutable DISCORD_USERNAME)}" |
||||
|
if [ "$DISCORD_USERNAME" ]; then |
||||
|
_saveaccountconf_mutable DISCORD_USERNAME "$DISCORD_USERNAME" |
||||
|
fi |
||||
|
|
||||
|
DISCORD_AVATAR_URL="${DISCORD_AVATAR_URL:-$(_readaccountconf_mutable DISCORD_AVATAR_URL)}" |
||||
|
if [ "$DISCORD_AVATAR_URL" ]; then |
||||
|
_saveaccountconf_mutable DISCORD_AVATAR_URL "$DISCORD_AVATAR_URL" |
||||
|
fi |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
|
||||
|
_content="$(printf "**%s**\n%s" "$_subject" "$_content" | _json_encode)" |
||||
|
_data="{\"content\": \"$_content\" " |
||||
|
if [ "$DISCORD_USERNAME" ]; then |
||||
|
_data="$_data, \"username\": \"$DISCORD_USERNAME\" " |
||||
|
fi |
||||
|
if [ "$DISCORD_AVATAR_URL" ]; then |
||||
|
_data="$_data, \"avatar_url\": \"$DISCORD_AVATAR_URL\" " |
||||
|
fi |
||||
|
_data="$_data}" |
||||
|
|
||||
|
if _post "$_data" "$DISCORD_WEBHOOK_URL?wait=true"; then |
||||
|
# shellcheck disable=SC2154 |
||||
|
if [ "$response" ]; then |
||||
|
_info "discord send success." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
_err "discord send error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,48 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support feishu webhooks api |
||||
|
|
||||
|
#required |
||||
|
#FEISHU_WEBHOOK="xxxx" |
||||
|
|
||||
|
#optional |
||||
|
#FEISHU_KEYWORD="yyyy" |
||||
|
|
||||
|
# subject content statusCode |
||||
|
feishu_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_subject" "$_subject" |
||||
|
_debug "_content" "$_content" |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
FEISHU_WEBHOOK="${FEISHU_WEBHOOK:-$(_readaccountconf_mutable FEISHU_WEBHOOK)}" |
||||
|
if [ -z "$FEISHU_WEBHOOK" ]; then |
||||
|
FEISHU_WEBHOOK="" |
||||
|
_err "You didn't specify a feishu webhooks FEISHU_WEBHOOK yet." |
||||
|
_err "You can get yours from https://www.feishu.cn" |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable FEISHU_WEBHOOK "$FEISHU_WEBHOOK" |
||||
|
|
||||
|
FEISHU_KEYWORD="${FEISHU_KEYWORD:-$(_readaccountconf_mutable FEISHU_KEYWORD)}" |
||||
|
if [ "$FEISHU_KEYWORD" ]; then |
||||
|
_saveaccountconf_mutable FEISHU_KEYWORD "$FEISHU_KEYWORD" |
||||
|
fi |
||||
|
|
||||
|
_content=$(echo "$_content" | _json_encode) |
||||
|
_subject=$(echo "$_subject" | _json_encode) |
||||
|
_data="{\"msg_type\": \"text\", \"content\": {\"text\": \"[$FEISHU_KEYWORD]\n$_subject\n$_content\"}}" |
||||
|
|
||||
|
response="$(_post "$_data" "$FEISHU_WEBHOOK" "" "POST" "application/json")" |
||||
|
|
||||
|
if [ "$?" = "0" ] && _contains "$response" "StatusCode\":0"; then |
||||
|
_info "feishu webhooks event fired success." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_err "feishu webhooks event fired error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,62 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support Gotify |
||||
|
|
||||
|
#GOTIFY_URL="https://gotify.example.com" |
||||
|
#GOTIFY_TOKEN="123456789ABCDEF" |
||||
|
|
||||
|
#optional |
||||
|
#GOTIFY_PRIORITY=0 |
||||
|
|
||||
|
# subject content statusCode |
||||
|
gotify_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_subject" "$_subject" |
||||
|
_debug "_content" "$_content" |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
GOTIFY_URL="${GOTIFY_URL:-$(_readaccountconf_mutable GOTIFY_URL)}" |
||||
|
if [ -z "$GOTIFY_URL" ]; then |
||||
|
GOTIFY_URL="" |
||||
|
_err "You didn't specify the gotify server url GOTIFY_URL." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable GOTIFY_URL "$GOTIFY_URL" |
||||
|
|
||||
|
GOTIFY_TOKEN="${GOTIFY_TOKEN:-$(_readaccountconf_mutable GOTIFY_TOKEN)}" |
||||
|
if [ -z "$GOTIFY_TOKEN" ]; then |
||||
|
GOTIFY_TOKEN="" |
||||
|
_err "You didn't specify the gotify token GOTIFY_TOKEN." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable GOTIFY_TOKEN "$GOTIFY_TOKEN" |
||||
|
|
||||
|
GOTIFY_PRIORITY="${GOTIFY_PRIORITY:-$(_readaccountconf_mutable GOTIFY_PRIORITY)}" |
||||
|
if [ -z "$GOTIFY_PRIORITY" ]; then |
||||
|
GOTIFY_PRIORITY=0 |
||||
|
else |
||||
|
_saveaccountconf_mutable GOTIFY_PRIORITY "$GOTIFY_PRIORITY" |
||||
|
fi |
||||
|
|
||||
|
export _H1="X-Gotify-Key: ${GOTIFY_TOKEN}" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
|
||||
|
_content=$(echo "$_content" | _json_encode) |
||||
|
_subject=$(echo "$_subject" | _json_encode) |
||||
|
|
||||
|
_data="{\"title\": \"${_subject}\", \"message\": \"${_content}\", \"priority\": ${GOTIFY_PRIORITY}}" |
||||
|
|
||||
|
response="$(_post "${_data}" "${GOTIFY_URL}/message" "" "POST" "application/json")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "Failed to send message" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,44 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support for pushbullet.com's api. Push notification, notification sync and message platform for multiple platforms |
||||
|
#PUSHBULLET_TOKEN="" Required, pushbullet application token |
||||
|
#PUSHBULLET_DEVICE="" Optional, Specific device, ignore to send to all devices |
||||
|
|
||||
|
PUSHBULLET_URI="https://api.pushbullet.com/v2/pushes" |
||||
|
pushbullet_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
PUSHBULLET_TOKEN="${PUSHBULLET_TOKEN:-$(_readaccountconf_mutable PUSHBULLET_TOKEN)}" |
||||
|
if [ -z "$PUSHBULLET_TOKEN" ]; then |
||||
|
PUSHBULLET_TOKEN="" |
||||
|
_err "You didn't specify a Pushbullet application token yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" |
||||
|
|
||||
|
PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}" |
||||
|
if [ -z "$PUSHBULLET_DEVICE" ]; then |
||||
|
_clearaccountconf_mutable PUSHBULLET_DEVICE |
||||
|
else |
||||
|
_saveaccountconf_mutable PUSHBULLET_DEVICE "$PUSHBULLET_DEVICE" |
||||
|
fi |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
export _H2="Access-Token: ${PUSHBULLET_TOKEN}" |
||||
|
_content="$(printf "*%s*\n" "$_content" | _json_encode)" |
||||
|
_subject="$(printf "*%s*\n" "$_subject" | _json_encode)" |
||||
|
_data="{\"type\": \"note\",\"title\": \"${_subject}\",\"body\": \"${_content}\",\"device_iden\": \"${PUSHBULLET_DEVICE}\"}" |
||||
|
response="$(_post "$_data" "$PUSHBULLET_URI")" |
||||
|
|
||||
|
if [ "$?" != "0" ] || _contains "$response" "\"error_code\""; then |
||||
|
_err "PUSHBULLET send error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "PUSHBULLET send success." |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,52 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support Telegram Bots |
||||
|
|
||||
|
#TELEGRAM_BOT_APITOKEN="" |
||||
|
#TELEGRAM_BOT_CHATID="" |
||||
|
|
||||
|
telegram_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
TELEGRAM_BOT_APITOKEN="${TELEGRAM_BOT_APITOKEN:-$(_readaccountconf_mutable TELEGRAM_BOT_APITOKEN)}" |
||||
|
if [ -z "$TELEGRAM_BOT_APITOKEN" ]; then |
||||
|
TELEGRAM_BOT_APITOKEN="" |
||||
|
_err "You didn't specify a Telegram BOT API Token TELEGRAM_BOT_APITOKEN yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable TELEGRAM_BOT_APITOKEN "$TELEGRAM_BOT_APITOKEN" |
||||
|
|
||||
|
TELEGRAM_BOT_CHATID="${TELEGRAM_BOT_CHATID:-$(_readaccountconf_mutable TELEGRAM_BOT_CHATID)}" |
||||
|
if [ -z "$TELEGRAM_BOT_CHATID" ]; then |
||||
|
TELEGRAM_BOT_CHATID="" |
||||
|
_err "You didn't specify a Telegram Chat id TELEGRAM_BOT_CHATID yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID" |
||||
|
|
||||
|
_content="$(printf "%s" "$_content" | sed -e 's/\([_*`\[]\)/\\\\\1/g')" |
||||
|
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" |
||||
|
_data="{\"text\": \"$_content\", " |
||||
|
_data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", " |
||||
|
_data="$_data\"parse_mode\": \"markdown\", " |
||||
|
_data="$_data\"disable_web_page_preview\": \"1\"}" |
||||
|
|
||||
|
_debug "$_data" |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
_telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage" |
||||
|
if _post "$_data" "$_telegram_bot_url" >/dev/null; then |
||||
|
# shellcheck disable=SC2154 |
||||
|
_message=$(printf "%s\n" "$response" | sed -n 's/.*"ok":\([^,]*\).*/\1/p') |
||||
|
if [ "$_message" = "true" ]; then |
||||
|
_info "telegram send success." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
_err "telegram send error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,49 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support weixin work webhooks api |
||||
|
|
||||
|
#WEIXIN_WORK_WEBHOOK="xxxx" |
||||
|
|
||||
|
#optional |
||||
|
#WEIXIN_WORK_KEYWORD="yyyy" |
||||
|
|
||||
|
#`WEIXIN_WORK_SIGNING_KEY`="SEC08ffdbd403cbc3fc8a65xxxxxxxxxxxxxxxxxxxx" |
||||
|
|
||||
|
# subject content statusCode |
||||
|
weixin_work_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_subject" "$_subject" |
||||
|
_debug "_content" "$_content" |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
WEIXIN_WORK_WEBHOOK="${WEIXIN_WORK_WEBHOOK:-$(_readaccountconf_mutable WEIXIN_WORK_WEBHOOK)}" |
||||
|
if [ -z "$WEIXIN_WORK_WEBHOOK" ]; then |
||||
|
WEIXIN_WORK_WEBHOOK="" |
||||
|
_err "You didn't specify a weixin_work webhooks WEIXIN_WORK_WEBHOOK yet." |
||||
|
_err "You can get yours from https://work.weixin.qq.com/api/doc/90000/90136/91770" |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable WEIXIN_WORK_WEBHOOK "$WEIXIN_WORK_WEBHOOK" |
||||
|
|
||||
|
WEIXIN_WORK_KEYWORD="${WEIXIN_WORK_KEYWORD:-$(_readaccountconf_mutable WEIXIN_WORK_KEYWORD)}" |
||||
|
if [ "$WEIXIN_WORK_KEYWORD" ]; then |
||||
|
_saveaccountconf_mutable WEIXIN_WORK_KEYWORD "$WEIXIN_WORK_KEYWORD" |
||||
|
fi |
||||
|
|
||||
|
_content=$(echo "$_content" | _json_encode) |
||||
|
_subject=$(echo "$_subject" | _json_encode) |
||||
|
_data="{\"msgtype\": \"text\", \"text\": {\"content\": \"[$WEIXIN_WORK_KEYWORD]\n$_subject\n$_content\"}}" |
||||
|
|
||||
|
response="$(_post "$_data" "$WEIXIN_WORK_WEBHOOK" "" "POST" "application/json")" |
||||
|
|
||||
|
if [ "$?" = "0" ] && _contains "$response" "errmsg\":\"ok"; then |
||||
|
_info "weixin_work webhooks event fired success." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_err "weixin_work webhooks event fired error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue