From f5f0680ec768e5978d90aa1a63f1e4c91d04ff06 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Sun, 31 May 2020 18:49:39 +0200 Subject: [PATCH 01/81] Added support for custom domains --- dnsapi/dns_dynv6.sh | 66 +++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 29 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index cf39282b..4ffd7009 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -13,14 +13,18 @@ dns_dynv6_add() { _debug txtvalue "$txtvalue" _get_keyfile _info "using keyfile $dynv6_keyfile" - _get_domain "$fulldomain" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _contains "$_your_hosts" "$_host"; then - _debug "The host is $_host and the record $_record" - _debug "Dynv6 returned $_your_hosts" - _err "The host $_host does not exists on your dynv6 account" - return 1 + + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 fi +# if ! _contains "$_your_hosts" "$_host"; then +# _debug "The host is $_host and the record $_record" +# _debug "Dynv6 returned $_your_hosts" +# _err "The host $_host does not exists on your dynv6 account" +# return 1 +# fi _debug "found host on your account" returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" _debug "Dynv6 returend this after record was added: $returnval" @@ -44,14 +48,17 @@ dns_dynv6_rm() { _debug txtvalue "$txtvalue" _get_keyfile _info "using keyfile $dynv6_keyfile" - _get_domain "$fulldomain" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _contains "$_your_hosts" "$_host"; then - _debug "The host is $_host and the record $_record" - _debug "Dynv6 returned $_your_hosts" - _err "The host $_host does not exists on your dynv6 account" - return 1 + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 fi +# if ! _contains "$_your_hosts" "$_host"; then +# _debug "The host is $_host and the record $_record" +# _debug "Dynv6 returned $_your_hosts" +# _err "The host $_host does not exists on your dynv6 account" +# return 1 +# fi _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 @@ -72,29 +79,30 @@ _generate_new_key() { return 1 fi } -#Usage: _acme-challenge.www.example.dynv6.net + +#Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts" +#where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts #returns #_host= example.dynv6.net #_record=_acme-challenge.www #aborts if not a valid domain _get_domain() { + #_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)" _full_domain="$1" - _debug "getting domain for $_full_domain" - if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy'; then - _err "The hosts does not seem to be a dynv6 host" - return 1 - fi - _record="${_full_domain%.*}" - _record="${_record%.*}" - _record="${_record%.*}" - _debug "The record we are ging to use is $_record" - _host="$_full_domain" - while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do - _host="${_host#*.}" - done - _debug "And the host is $_host" - return 0 + _your_hosts="$2" + _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" + for l in $_your_hosts; do + #echo "host: $l" + if test "${_full_domain#*$l}" != "$_full_domain"; then + _record="${_full_domain%.$l}" + _host=$l + _debug "The host is $_host and the record $_record" + return 0 + fi + done + _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" + return 1 } # Usage: No input required @@ -103,7 +111,7 @@ _get_domain() { _get_keyfile() { _debug "get keyfile method called" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" - _debug Your key is "$dynv6_keyfile" + _debug "Your key is $dynv6_keyfile" if [ -z "$dynv6_keyfile" ]; then if [ -z "$KEY" ]; then _err "You did not specify a key to use with dynv6" From 6cc9f49d975a10ea41951de3efad0c2b5a1e2cc0 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Sun, 31 May 2020 19:09:27 +0200 Subject: [PATCH 02/81] first attempt to make travis happy --- dnsapi/dns_dynv6.sh | 36 +++++++++++------------------------- 1 file changed, 11 insertions(+), 25 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 4ffd7009..dce7ce5f 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -14,17 +14,10 @@ dns_dynv6_add() { _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 + _err "Host not found on your account" + return 1 fi -# if ! _contains "$_your_hosts" "$_host"; then -# _debug "The host is $_host and the record $_record" -# _debug "Dynv6 returned $_your_hosts" -# _err "The host $_host does not exists on your dynv6 account" -# return 1 -# fi _debug "found host on your account" returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" _debug "Dynv6 returend this after record was added: $returnval" @@ -50,19 +43,12 @@ dns_dynv6_rm() { _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 + _err "Host not found on your account" + return 1 fi -# if ! _contains "$_your_hosts" "$_host"; then -# _debug "The host is $_host and the record $_record" -# _debug "Dynv6 returned $_your_hosts" -# _err "The host $_host does not exists on your dynv6 account" -# return 1 -# fi _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 - } #################### Private functions below ################################## #Usage: No Input required @@ -93,13 +79,13 @@ _get_domain() { _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" for l in $_your_hosts; do - #echo "host: $l" - if test "${_full_domain#*$l}" != "$_full_domain"; then - _record="${_full_domain%.$l}" - _host=$l - _debug "The host is $_host and the record $_record" - return 0 - fi + #echo "host: $l" + if test "${_full_domain#*$l}" != "$_full_domain"; then + _record="${_full_domain%.$l}" + _host=$l + _debug "The host is $_host and the record $_record" + return 0 + fi done _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" return 1 From f5411ac9ab9f40b0501d99132a561605a9e8d714 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 15:42:45 +0200 Subject: [PATCH 03/81] no supporting HTTP API as well --- dnsapi/dns_dynv6.sh | 263 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 219 insertions(+), 44 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index dce7ce5f..0fd6fa4c 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -1,32 +1,41 @@ #!/usr/bin/env sh #Author StefanAbl #Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"' +#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value" #if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub + +dynv6_api="https://dynv6.com/api/v2" ######## Public functions ##################### # Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide -#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +#Usage: dns_dynv6_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dynv6_add() { fulldomain=$1 txtvalue=$2 _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" - _get_keyfile - _info "using keyfile $dynv6_keyfile" - _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 - fi - _debug "found host on your account" - returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" - _debug "Dynv6 returend this after record was added: $returnval" - if _contains "$returnval" "created"; then - return 0 - elif _contains "$returnval" "updated"; then - return 0 - else - _err "Something went wrong! it does not seem like the record was added succesfully" + _get_authentication + if [ "$dynv6_token" ]; then + _dns_dynv6_add_http + return $? + else + _info "using key file $dynv6_keyfile" + _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 + fi + _debug "found host on your account" + returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" + _debug "Dynv6 returned this after record was added: $returnval" + if _contains "$returnval" "created"; then + return 0 + elif _contains "$returnval" "updated"; then + return 0 + else + _err "Something went wrong! it does not seem like the record was added successfully" + return 1 + fi return 1 fi return 1 @@ -36,24 +45,29 @@ dns_dynv6_add() { dns_dynv6_rm() { fulldomain=$1 txtvalue=$2 - _info "Using dynv6 api" + _info "Using dynv6 API" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" - _get_keyfile - _info "using keyfile $dynv6_keyfile" - _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 + _get_authentication + if [ "$dynv6_token" ]; then + _dns_dynv6_rm_http + return $? + else + _info "using key file $dynv6_keyfile" + _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 + fi + _debug "found host on your account" + _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" + return 0 fi - _debug "found host on your account" - _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" - return 0 } #################### Private functions below ################################## #Usage: No Input required #returns -#dynv6_keyfile the path to the new keyfile that has been generated +#dynv6_keyfile the path to the new key file that has been generated _generate_new_key() { dynv6_keyfile="$(eval echo ~"$USER")/.ssh/dynv6" _info "Path to key file used: $dynv6_keyfile" @@ -94,22 +108,183 @@ _get_domain() { # Usage: No input required #returns #dynv6_keyfile path to the key that will be used -_get_keyfile() { - _debug "get keyfile method called" - dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" - _debug "Your key is $dynv6_keyfile" - if [ -z "$dynv6_keyfile" ]; then - if [ -z "$KEY" ]; then - _err "You did not specify a key to use with dynv6" - _info "Creating new dynv6 api key to add to dynv6.com" - _generate_new_key - _info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")" - _info "Hit Enter to contiue" - read -r _ - #save the credentials to the account conf file. - else - dynv6_keyfile="$KEY" +_get_authentication() { + if [ "$DYNV6_TOKEN" ]; then + _debug "Going to use the HTTP Token you specifed and saving it for futur use" + _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" + dynv6_token="$DYNV6_TOKEN" + elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then + _debug "Found a previously used HTTP token going to use that" + dynv6_token="$(_readaccountconf_mutable dynv6_token)" + else + _debug "no HTTP token found. Looking for an SSH key" + dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" + _debug "Your key is $dynv6_keyfile" + if [ -z "$dynv6_keyfile" ]; then + if [ -z "$KEY" ]; then + _err "You did not specify a key to use with dynv6" + _info "Creating new dynv6 API key to add to dynv6.com" + _generate_new_key + _info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")" + _info "Hit Enter to continue" + read -r _ + #save the credentials to the account conf file. + else + dynv6_keyfile="$KEY" + fi + _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" fi - _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" fi } + + + +_dns_dynv6_add_http(){ +_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain" ;then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _set_record TXT "$record" "$txtvalue" + if _contains "$response" "$txtvalue"; then + _info "Successfully added record" + return 0 + else + _err "Something went wrong while adding the record" + return 1 + fi +} + +_dns_dynv6_rm_http(){ + _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain" ;then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _get_record_id "$_zone_id" "$record" "$txtvalue" + _del_record "$_zone_id" "$_record_id" + if [ -z "$response" ] ; then + _info "Successfully deleted record" + return 0 + else + _err "Something went wrong while deleting the record" + return 1 + fi +} + + +#get the zoneid for a specifc record or zone +#usage: _get_zone_id §record +#where $record is the record to get the id for +#returns _zone_id the id of the zone +_get_zone_id(){ + record="$1" + _debug "getting zone id for $record" + _dynv6_rest GET zones + + zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" + #echo $zones + + selected="" + for z in $zones; do + z="${z#name:}" + _debug zone: "$z" + if _contains "$record" "$z"; then + _debug "$z found in $record" + selected="$z" + fi + done + if [ -z "$selected" ]; then + _err "no zone found" + return 1 + fi + + zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" + _zone_id="${zone_id#id:}" + _debug "zone id: $_zone_id" +} + +_get_zone_name(){ + _zone_id="$1" + _dynv6_rest GET zones/"$_zone_id" + _zone_name="$(echo "$response" | tr ',' '\n'| tr -d '{'|grep name|tr -d '"')" + _zone_name="${_zone_name#name:}" +} + +#usaage _get_record_id $zone_id $record +# where zone_id is thevalue returned by _get_zone_id +# and record ist in the form _acme.www for an fqdn of _acme.www.example.com +# returns _record_id +_get_record_id(){ + _zone_id="$1" + record="$2" + value="$3" + _dynv6_rest GET "zones/$_zone_id/records" + if ! _get_record_id_from_response "$response" ; then + _err "no such record $record found in zone $_zone_id" + return 1 + fi +} + +_get_record_id_from_response(){ + response="$1" + _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id |tr -d '"'|tr -d 'id:')" + #_record_id="${_record_id#id:}" + if [ -z "$_record_id" ]; then + _err "no such record: $record found in zone $_zone_id" + return 1 + fi + _debug "record id: $_record_id" + return 0 +} +#usage: _set_record TXT _acme_challenge.www longvalue 12345678 +#zone id is optional can also be set as vairable bevor calling this method +_set_record(){ + type="$1" + record="$2" + value="$3" + if [ "$4" ]; then + _zone_id="$4" + fi + data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" + #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' + echo "$data" + #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" + _dynv6_rest POST "zones/$_zone_id/records" "$data" +} +_del_record(){ + _zone_id=$1 + _record_id=$2 + _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id" +} + +_dynv6_rest() { + m=$1 #method GET,POST,DELETE or PUT + ep="$2" #the endpoint + data="$3" + _debug "$ep" + + token_trimmed=$(echo "$dynv6_token" | tr -d '"') + + export _H1="Authorization: Bearer $token_trimmed" + export _H2="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" + else + response="$(_get "$dynv6_api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} + From f8c8330258da736f7deb9b5bbdda0f8e734b65a3 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 15:49:25 +0200 Subject: [PATCH 04/81] formatting --- dnsapi/dns_dynv6.sh | 204 ++++++++++++++++++++++---------------------- 1 file changed, 100 insertions(+), 104 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 0fd6fa4c..c41aef3a 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -18,7 +18,7 @@ dns_dynv6_add() { if [ "$dynv6_token" ]; then _dns_dynv6_add_http return $? - else + else _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then @@ -49,10 +49,10 @@ dns_dynv6_rm() { _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" _get_authentication - if [ "$dynv6_token" ]; then + if [ "$dynv6_token" ]; then _dns_dynv6_rm_http return $? - else + else _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then @@ -109,14 +109,14 @@ _get_domain() { #returns #dynv6_keyfile path to the key that will be used _get_authentication() { - if [ "$DYNV6_TOKEN" ]; then - _debug "Going to use the HTTP Token you specifed and saving it for futur use" - _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" - dynv6_token="$DYNV6_TOKEN" - elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then - _debug "Found a previously used HTTP token going to use that" - dynv6_token="$(_readaccountconf_mutable dynv6_token)" - else + if [ "$DYNV6_TOKEN" ]; then + _debug "Going to use the HTTP Token you specifed and saving it for futur use" + _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" + dynv6_token="$DYNV6_TOKEN" + elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then + _debug "Found a previously used HTTP token going to use that" + dynv6_token="$(_readaccountconf_mutable dynv6_token)" + else _debug "no HTTP token found. Looking for an SSH key" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" _debug "Your key is $dynv6_keyfile" @@ -137,142 +137,139 @@ _get_authentication() { fi } - - -_dns_dynv6_add_http(){ -_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" - if ! _get_zone_id "$fulldomain" ;then - _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" - return 1 - fi - _get_zone_name "$_zone_id" - record="${fulldomain%%.$_zone_name}" - _set_record TXT "$record" "$txtvalue" - if _contains "$response" "$txtvalue"; then - _info "Successfully added record" - return 0 - else - _err "Something went wrong while adding the record" - return 1 - fi +_dns_dynv6_add_http() { + _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain"; then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _set_record TXT "$record" "$txtvalue" + if _contains "$response" "$txtvalue"; then + _info "Successfully added record" + return 0 + else + _err "Something went wrong while adding the record" + return 1 + fi } -_dns_dynv6_rm_http(){ +_dns_dynv6_rm_http() { _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" - if ! _get_zone_id "$fulldomain" ;then - _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" - return 1 - fi - _get_zone_name "$_zone_id" - record="${fulldomain%%.$_zone_name}" - _get_record_id "$_zone_id" "$record" "$txtvalue" - _del_record "$_zone_id" "$_record_id" - if [ -z "$response" ] ; then - _info "Successfully deleted record" - return 0 - else - _err "Something went wrong while deleting the record" - return 1 - fi + if ! _get_zone_id "$fulldomain"; then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _get_record_id "$_zone_id" "$record" "$txtvalue" + _del_record "$_zone_id" "$_record_id" + if [ -z "$response" ]; then + _info "Successfully deleted record" + return 0 + else + _err "Something went wrong while deleting the record" + return 1 + fi } - #get the zoneid for a specifc record or zone #usage: _get_zone_id §record #where $record is the record to get the id for #returns _zone_id the id of the zone -_get_zone_id(){ +_get_zone_id() { record="$1" _debug "getting zone id for $record" _dynv6_rest GET zones - - zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" - #echo $zones - selected="" - for z in $zones; do - z="${z#name:}" - _debug zone: "$z" - if _contains "$record" "$z"; then - _debug "$z found in $record" - selected="$z" - fi - done - if [ -z "$selected" ]; then - _err "no zone found" - return 1 - fi - - zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" - _zone_id="${zone_id#id:}" - _debug "zone id: $_zone_id" + zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" + #echo $zones + + selected="" + for z in $zones; do + z="${z#name:}" + _debug zone: "$z" + if _contains "$record" "$z"; then + _debug "$z found in $record" + selected="$z" + fi + done + if [ -z "$selected" ]; then + _err "no zone found" + return 1 + fi + + zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" + _zone_id="${zone_id#id:}" + _debug "zone id: $_zone_id" } -_get_zone_name(){ - _zone_id="$1" - _dynv6_rest GET zones/"$_zone_id" - _zone_name="$(echo "$response" | tr ',' '\n'| tr -d '{'|grep name|tr -d '"')" - _zone_name="${_zone_name#name:}" +_get_zone_name() { + _zone_id="$1" + _dynv6_rest GET zones/"$_zone_id" + _zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')" + _zone_name="${_zone_name#name:}" } #usaage _get_record_id $zone_id $record # where zone_id is thevalue returned by _get_zone_id # and record ist in the form _acme.www for an fqdn of _acme.www.example.com # returns _record_id -_get_record_id(){ +_get_record_id() { _zone_id="$1" record="$2" value="$3" - _dynv6_rest GET "zones/$_zone_id/records" - if ! _get_record_id_from_response "$response" ; then - _err "no such record $record found in zone $_zone_id" - return 1 - fi + _dynv6_rest GET "zones/$_zone_id/records" + if ! _get_record_id_from_response "$response"; then + _err "no such record $record found in zone $_zone_id" + return 1 + fi } -_get_record_id_from_response(){ +_get_record_id_from_response() { response="$1" - _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id |tr -d '"'|tr -d 'id:')" - #_record_id="${_record_id#id:}" - if [ -z "$_record_id" ]; then - _err "no such record: $record found in zone $_zone_id" - return 1 - fi - _debug "record id: $_record_id" - return 0 + _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')" + #_record_id="${_record_id#id:}" + if [ -z "$_record_id" ]; then + _err "no such record: $record found in zone $_zone_id" + return 1 + fi + _debug "record id: $_record_id" + return 0 } #usage: _set_record TXT _acme_challenge.www longvalue 12345678 #zone id is optional can also be set as vairable bevor calling this method -_set_record(){ - type="$1" - record="$2" - value="$3" - if [ "$4" ]; then - _zone_id="$4" - fi - data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" - #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' - echo "$data" - #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" - _dynv6_rest POST "zones/$_zone_id/records" "$data" +_set_record() { + type="$1" + record="$2" + value="$3" + if [ "$4" ]; then + _zone_id="$4" + fi + data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" + #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' + echo "$data" + #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" + _dynv6_rest POST "zones/$_zone_id/records" "$data" } -_del_record(){ +_del_record() { _zone_id=$1 _record_id=$2 _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id" } _dynv6_rest() { - m=$1 #method GET,POST,DELETE or PUT + m=$1 #method GET,POST,DELETE or PUT ep="$2" #the endpoint data="$3" _debug "$ep" token_trimmed=$(echo "$dynv6_token" | tr -d '"') - + export _H1="Authorization: Bearer $token_trimmed" export _H2="Content-Type: application/json" - + if [ "$m" != "GET" ]; then _debug data "$data" response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" @@ -287,4 +284,3 @@ _dynv6_rest() { _debug2 response "$response" return 0 } - From 65aa7b10844eeb9b2692e5e2731a4d4eda99d36e Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 16:01:46 +0200 Subject: [PATCH 05/81] formatting --- dnsapi/dns_dynv6.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index c41aef3a..e51e118a 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -109,13 +109,12 @@ _get_domain() { #returns #dynv6_keyfile path to the key that will be used _get_authentication() { - if [ "$DYNV6_TOKEN" ]; then - _debug "Going to use the HTTP Token you specifed and saving it for futur use" - _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" - dynv6_token="$DYNV6_TOKEN" - elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then - _debug "Found a previously used HTTP token going to use that" - dynv6_token="$(_readaccountconf_mutable dynv6_token)" + dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}" + if [ "$dynv6_token" ]; then + _debug "Found HTTP Token. Going to use the HTTP API and not the SSH API" + if [ "$DYNV6_TOKEN" ]; then + _saveaccountconf_mutable dynv6_token "$dynv6_token" + fi else _debug "no HTTP token found. Looking for an SSH key" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" From f18f4c69f26a8606e6f95754ebebdc762242a88d Mon Sep 17 00:00:00 2001 From: Pedro Lamas Date: Thu, 23 Jul 2020 13:53:53 +0100 Subject: [PATCH 06/81] Adds Docker multi-arch build support --- .github/workflows/dockerhub.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index f1c0025d..7b44f938 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -8,9 +8,19 @@ jobs: build: runs-on: ubuntu-latest steps: - - name: trigger - run: curl -X POST https://hub.docker.com/api/build/v1/source/1813a660-2ee5-4583-a238-dd54e9a6ebac/trigger/c8cd9f1f-f269-45bc-9750-a08327257f62/call/ - - - - + - name: checkout code + uses: actions/checkout@v2 + - name: install buildx + id: buildx + uses: crazy-max/ghaction-docker-buildx@v1 + with: + version: latest + - name: login to docker hub + run: | + echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin + - name: build the image + run: | + docker buildx build \ + --push \ + --tag neilpang/acme.sh:latest \ + --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 . From 67360e93b8564228035b4a7604d3c70e887ff6e7 Mon Sep 17 00:00:00 2001 From: Pedro Lamas Date: Fri, 24 Jul 2020 09:25:58 +0100 Subject: [PATCH 07/81] Correctly labels Docker images per branch --- .github/workflows/dockerhub.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index 7b44f938..8c277827 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -18,9 +18,17 @@ jobs: - name: login to docker hub run: | echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - - name: build the image + - name: build and push the image (master branch) run: | docker buildx build \ --push \ --tag neilpang/acme.sh:latest \ --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 . + if: ${{ github.ref == 'refs/heads/master' }} + - name: build and push the image (dev branch) + run: | + docker buildx build \ + --push \ + --tag neilpang/acme.sh:dev \ + --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 . + if: ${{ github.ref == 'refs/heads/dev' }} From 4e0de2237522c2c3814aefdd39751144c079fbcc Mon Sep 17 00:00:00 2001 From: Alexilmarranen Date: Wed, 12 Aug 2020 15:17:54 +0300 Subject: [PATCH 08/81] Issue2547 wrong url construction for multiple dns services Fix for problem in https://github.com/acmesh-official/acme.sh/issues/2547#issuecomment-672830796 --- dnsapi/dns_nic.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 5052ee10..56170f87 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -166,7 +166,7 @@ _get_root() { if _contains "$_all_domains" "^$h$"; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h - _service=$(printf "%s" "$response" | grep "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/") + _service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/") return 0 fi p="$i" From 956114fc4250cae30116f5d998c48ab827272945 Mon Sep 17 00:00:00 2001 From: Alexilmarranen Date: Wed, 19 Aug 2020 00:50:18 +0300 Subject: [PATCH 09/81] Issue2336 Add subdomain (3 and more) support Fix for issue in https://github.com/acmesh-official/acme.sh/issues/2336#issuecomment-670522738 --- dnsapi/dns_regru.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_regru.sh b/dnsapi/dns_regru.sh index b5729fda..469d8d20 100644 --- a/dnsapi/dns_regru.sh +++ b/dnsapi/dns_regru.sh @@ -33,8 +33,11 @@ dns_regru_add() { fi _debug _domain "$_domain" + _subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//") + _debug _subdomain "$_subdomain" + _info "Adding TXT record to ${fulldomain}" - _regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json" + _regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json" if ! _contains "${response}" 'error'; then return 0 @@ -64,8 +67,11 @@ dns_regru_rm() { fi _debug _domain "$_domain" + _subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//") + _debug _subdomain "$_subdomain" + _info "Deleting resource record $fulldomain" - _regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json" + _regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json" if ! _contains "${response}" 'error'; then return 0 From 966c744992b8d00819ec4225cc4bb8eb45cf7931 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 20 Aug 2020 21:41:36 +0800 Subject: [PATCH 10/81] minor, just move badge position --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3012f676..e0fcd679 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ -# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) +# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) ![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg) ![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) + [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") [![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") -![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg) -![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) + acme.sh is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial From d9f9477a52d3e5e937b1e4b56a9eec7113e84e89 Mon Sep 17 00:00:00 2001 From: neil <8305679+Neilpang@users.noreply.github.com> Date: Thu, 20 Aug 2020 21:44:37 +0800 Subject: [PATCH 11/81] move badge move badge --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e0fcd679..bf6ea06c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,7 @@ -# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) ![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg) ![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) +# An ACME Shell script: acme.sh +[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) +![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg) +![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) From c0fbe8237bbd4df2a32636e383419732a5b1b104 Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Wed, 19 Aug 2020 13:33:08 +0200 Subject: [PATCH 12/81] reformat usage message for consistency & clarity --- acme.sh | 137 +++++++++++++++++++++++++------------------------------- 1 file changed, 62 insertions(+), 75 deletions(-) diff --git a/acme.sh b/acme.sh index d1a08e6c..a00e314f 100755 --- a/acme.sh +++ b/acme.sh @@ -6402,8 +6402,8 @@ showhelp() { version echo "Usage: $PROJECT_ENTRY command ...[parameters].... Commands: - --help, -h Show this help message. - --version, -v Show version info. + -h, --help Show this help message. + -v, --version Show version info. --install Install $PROJECT_NAME to your system. --uninstall Uninstall $PROJECT_NAME, and uninstall the cron job. --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. @@ -6411,7 +6411,7 @@ Commands: --signcsr Issue a cert from an existing csr. --deploy Deploy the cert to your server. --install-cert Install the issued cert to apache/nginx or any other server. - --renew, -r Renew a cert. + -r, --renew Renew a cert. --renew-all Renew all the certs. --revoke Revoke a cert. --remove Remove the cert from list of certs known to $PROJECT_NAME. @@ -6427,117 +6427,104 @@ Commands: --deactivate-account Deactivate the account. --create-account-key Create an account private key, professional use. --create-domain-key Create an domain private key, professional use. - --createCSR, -ccsr Create CSR , professional use. + -ccsr, --createCSR Create CSR, professional use. --deactivate Deactivate the domain authz, professional use. --set-notify Set the cron notification hook, level or mode. --set-default-ca Used with '--server' , to set the default CA to use to use. Parameters: - --domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc. - --challenge-alias domain.tld The challenge domain alias for DNS alias mode. + -d, --domain Specifies a domain, used to issue, renew or revoke etc. + --challenge-alias The challenge domain alias for DNS alias mode. See: $_DNS_ALIAS_WIKI - - --domain-alias domain.tld The domain alias for DNS alias mode. + --domain-alias The domain alias for DNS alias mode. See: $_DNS_ALIAS_WIKI - - --preferred-chain CHAIN If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. + --preferred-chain If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. (default: empty) See: $_PREFERRED_CHAIN_WIKI - - --force, -f Used to force to install or force to renew a cert immediately. - --staging, --test Use staging server, just for test. - --debug Output debug info. + -f, --force Force install, force cert renewal or override sudo restrictions. + --staging, --test Use staging server, for testing. + --debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted. --output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for security. - - --webroot, -w /path/to/webroot Specifies the web root folder for web root mode. + -w, --webroot Specifies the web root folder for web root mode. --standalone Use standalone mode. --alpn Use standalone alpn mode. --stateless Use stateless mode. See: $_STATELESS_WIKI - --apache Use apache mode. - --dns [dns_hook] Use dns mode or dns api. + --dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted. See: $_DNS_API_WIKI - - --dnssleep 300 The time in seconds to wait for all the txt records to propagate in dns api mode. + --dnssleep The time in seconds to wait for all the txt records to propagate in dns api mode. It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically. - - --keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521. - --accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096 - --log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here. - --log-level 1|2 Specifies the log level, default is 1. - --syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug. - - --eab-kid EAB_KID Key Identifier for External Account Binding. - --eab-hmac-key EAB_HMAC_KEY HMAC key for External Account Binding. + -k, --keylength Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521. + -ak, --accountkeylength Specifies the account key length: 2048, 3072, 4096 + --log [/path/to/logfile] Specifies the log file. Defaults to \"$DEFAULT_LOG_FILE\" if argument is omitted. + --log-level <1|2> Specifies the log level, default is 1. + --syslog <0|3|6|7> Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug. + --eab-kid Key Identifier for External Account Binding. + --eab-hmac-key HMAC key for External Account Binding. These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: - --cert-file After issue/renew, the cert will be copied to this path. - --key-file After issue/renew, the key will be copied to this path. - --ca-file After issue/renew, the intermediate cert will be copied to this path. - --fullchain-file After issue/renew, the fullchain cert will be copied to this path. + --cert-file Path to copy the cert file to after issue/renew.. + --key-file Path to copy the key file to after issue/renew. + --ca-file Path to copy the intermediate cert file to after issue/renew. + --fullchain-file Path to copy the fullchain cert file to after issue/renew. - --reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server. + --reloadcmd Command to execute after issue/renew to reload the server. - --server SERVER ACME Directory Resource URI. (default: $DEFAULT_CA) + --server ACME Directory Resource URI. (default: $DEFAULT_CA) See: $_SERVER_WIKI - --accountconf Specifies a customized account config file. - --home Specifies the home dir for $PROJECT_NAME. - --cert-home Specifies the home dir to save all the certs, only valid for '--install' command. - --config-home Specifies the home dir to save all the configurations. - --useragent Specifies the user agent string. it will be saved for future use too. - --accountemail, -m Specifies the account email, only valid for the '--install' and '--update-account' command. - --accountkey Specifies the account key path, only valid for the '--install' command. - --days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days. - --httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer. - --tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer. - --local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses. + --accountconf Specifies a customized account config file. + --home Specifies the home dir for $PROJECT_NAME. + --cert-home Specifies the home dir to save all the certs, only valid for '--install' command. + --config-home Specifies the home dir to save all the configurations. + --useragent Specifies the user agent string. it will be saved for future use too. + -m, --accountemail Specifies the account email, only valid for the '--install' and '--update-account' command. + --accountkey Specifies the account key path, only valid for the '--install' command. + --days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days. + --httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer. + --tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer. + --local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses. --listraw Only used for '--list' command, list the certs in raw format. - --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal. + -se, --stopRenewOnError Only valid for '--renew-all' command. Stop if one cert has error in renewal. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. - --ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate. - --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. + --ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate. + --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. - --noprofile Only valid for '--install' command, which means: do not install aliases to user profile. --no-color Do not output color text. --force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails. --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' - --csr Specifies the input csr. - --pre-hook Command to be run before obtaining any certificates. - --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed. - --renew-hook Command to be run once for each successfully renewed certificate. - --deploy-hook The hook file to deploy cert - --ocsp-must-staple, --ocsp Generate ocsp must Staple extension. - --always-force-new-domain-key Generate new domain key when renewal. Otherwise, the domain key is not changed by default. - --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. + --csr Specifies the input csr. + --pre-hook Command to be run before obtaining any certificates. + --post-hook Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed. + --renew-hook Command to be run after each successfully renewed certificate. + --deploy-hook The hook file to deploy cert + --ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension. + --always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default. + --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted. --listen-v4 Force standalone/tls server to listen at ipv4. --listen-v6 Force standalone/tls server to listen at ipv6. - --openssl-bin Specifies a custom openssl bin location. + --openssl-bin Specifies a custom openssl bin location. --use-wget Force to use wget, if you have both curl and wget installed. - --yes-I-know-dns-manual-mode-enough-go-ahead-please Force to use dns manual mode. + --yes-I-know-dns-manual-mode-enough-go-ahead-please Force use ofdns manual mode. See: $_DNS_MANUAL_WIKI - - --branch, -b Only valid for '--upgrade' command, specifies the branch name to upgrade to. - - --notify-level 0|1|2|3 Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT. - 0: disabled, no notification will be sent. - 1: send notifications only when there is an error. - 2: send notifications when a cert is successfully renewed, or there is an error. - 3: send notifications when a cert is skipped, renewed, or error. - - --notify-mode 0|1 Set notification mode. Default value is $NOTIFY_MODE_DEFAULT. - 0: Bulk mode. Send all the domain's notifications in one message(mail). - 1: Cert mode. Send a message for every single cert. - - --notify-hook [hookname] Set the notify hook - --revoke-reason [0-10] The reason for '--revoke' command. + -b, --branch Only valid for '--upgrade' command, specifies the branch name to upgrade to. + --notify-level <0|1|2|3> Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT. + 0: disabled, no notification will be sent. + 1: send notifications only when there is an error. + 2: send notifications when a cert is successfully renewed, or there is an error. + 3: send notifications when a cert is skipped, renewed, or error. + --notify-mode <0|1> Set notification mode. Default value is $NOTIFY_MODE_DEFAULT. + 0: Bulk mode. Send all the domain's notifications in one message(mail). + 1: Cert mode. Send a message for every single cert. + --notify-hook Set the notify hook + --revoke-reason <0-10> The reason for revocation, can be used in conjunction with the '--revoke' command. See: $_REVOKE_WIKI From d81369d63a79e3b0ea41d772b1dcafd332efa642 Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Wed, 19 Aug 2020 17:37:51 +0200 Subject: [PATCH 13/81] add hyphenated options, fix wrong -ccr in usage() --- acme.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/acme.sh b/acme.sh index a00e314f..76c55ca2 100755 --- a/acme.sh +++ b/acme.sh @@ -6410,27 +6410,27 @@ Commands: --issue Issue a cert. --signcsr Issue a cert from an existing csr. --deploy Deploy the cert to your server. - --install-cert Install the issued cert to apache/nginx or any other server. + -i, --install-cert Install the issued cert to apache/nginx or any other server. -r, --renew Renew a cert. --renew-all Renew all the certs. --revoke Revoke a cert. --remove Remove the cert from list of certs known to $PROJECT_NAME. --list List all the certs. - --showcsr Show the content of a csr. + --show-csr Show the content of a csr. --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically. --cron Run cron job to renew all the certs. - --toPkcs Export the certificate and key to a pfx file. - --toPkcs8 Convert to pkcs8 format. + --to-pkcs Export the certificate and key to a pfx file. + --to-pkcs8 Convert to pkcs8 format. --update-account Update account info. --register-account Register account key. --deactivate-account Deactivate the account. --create-account-key Create an account private key, professional use. --create-domain-key Create an domain private key, professional use. - -ccsr, --createCSR Create CSR, professional use. + -ccr, --create-csr Create CSR, professional use. --deactivate Deactivate the domain authz, professional use. --set-notify Set the cron notification hook, level or mode. - --set-default-ca Used with '--server' , to set the default CA to use to use. + --set-default-ca Used with '--server', to set the default CA to use to use. Parameters: @@ -6490,14 +6490,14 @@ Parameters: --tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer. --local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses. --listraw Only used for '--list' command, list the certs in raw format. - -se, --stopRenewOnError Only valid for '--renew-all' command. Stop if one cert has error in renewal. + -se, --stop-renew-on-error Only valid for '--renew-all' command. Stop if one cert has error in renewal. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate. --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. --noprofile Only valid for '--install' command, which means: do not install aliases to user profile. - --no-color Do not output color text. + --nocolor Do not output color text. --force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails. --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' --csr Specifies the input csr. @@ -6817,10 +6817,10 @@ _process() { --cron) _CMD="cron" ;; - --toPkcs) + --toPkcs | --to-pkcs) _CMD="toPkcs" ;; - --toPkcs8) + --toPkcs8 | --to-pkcs8) _CMD="toPkcs8" ;; --createAccountKey | --createaccountkey | -cak | --create-account-key) @@ -6829,7 +6829,7 @@ _process() { --createDomainKey | --createdomainkey | -cdk | --create-domain-key) _CMD="createDomainKey" ;; - --createCSR | --createcsr | -ccr) + --createCSR | --createcsr | -ccr | --create-csr) _CMD="createCSR" ;; --deactivate) @@ -7074,7 +7074,7 @@ _process() { --listraw) _listraw="raw" ;; - --stopRenewOnError | --stoprenewonerror | -se) + --stopRenewOnError | --stoprenewonerror | -se | --stop-renew-on-error) _stopRenewOnError="1" ;; --insecure) From 7decf768837d51b41bf474009e8e54368d4b4caf Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Thu, 20 Aug 2020 08:33:37 +0200 Subject: [PATCH 14/81] group commands logically, rearrange option forms in _process() Commands have been reordered in showhelp() to a more consistent grouping, help > version > install > certs > csr > account > cron > other All option alternatives in _process() case statement have been reordered toshow the canonical variants first, legacy variants after. --- acme.sh | 58 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/acme.sh b/acme.sh index 76c55ca2..fc4b7e7c 100755 --- a/acme.sh +++ b/acme.sh @@ -6408,7 +6408,6 @@ Commands: --uninstall Uninstall $PROJECT_NAME, and uninstall the cron job. --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. --issue Issue a cert. - --signcsr Issue a cert from an existing csr. --deploy Deploy the cert to your server. -i, --install-cert Install the issued cert to apache/nginx or any other server. -r, --renew Renew a cert. @@ -6416,20 +6415,21 @@ Commands: --revoke Revoke a cert. --remove Remove the cert from list of certs known to $PROJECT_NAME. --list List all the certs. - --show-csr Show the content of a csr. - --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. - --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically. - --cron Run cron job to renew all the certs. --to-pkcs Export the certificate and key to a pfx file. --to-pkcs8 Convert to pkcs8 format. + --sign-csr Issue a cert from an existing csr. + --show-csr Show the content of a csr. + -ccr, --create-csr Create CSR, professional use. + --create-domain-key Create an domain private key, professional use. --update-account Update account info. --register-account Register account key. --deactivate-account Deactivate the account. --create-account-key Create an account private key, professional use. - --create-domain-key Create an domain private key, professional use. - -ccr, --create-csr Create CSR, professional use. - --deactivate Deactivate the domain authz, professional use. + --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. + --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically. + --cron Run cron job to renew all the certs. --set-notify Set the cron notification hook, level or mode. + --deactivate Deactivate the domain authz, professional use. --set-default-ca Used with '--server', to set the default CA to use to use. @@ -6784,19 +6784,19 @@ _process() { --deploy) _CMD="deploy" ;; - --signcsr) + --sign-csr | --signcsr) _CMD="signcsr" ;; - --showcsr) + --show-csr | --showcsr) _CMD="showcsr" ;; - --installcert | -i | --install-cert) + -i | --install-cert | --installcert) _CMD="installcert" ;; --renew | -r) _CMD="renew" ;; - --renewAll | --renewall | --renew-all) + --renew-all | --renewAll | --renewall) _CMD="renewAll" ;; --revoke) @@ -6808,37 +6808,37 @@ _process() { --list) _CMD="list" ;; - --installcronjob | --install-cronjob) + --install-cronjob | --installcronjob) _CMD="installcronjob" ;; - --uninstallcronjob | --uninstall-cronjob) + --uninstall-cronjob | --uninstallcronjob) _CMD="uninstallcronjob" ;; --cron) _CMD="cron" ;; - --toPkcs | --to-pkcs) + --to-pkcs | --toPkcs) _CMD="toPkcs" ;; - --toPkcs8 | --to-pkcs8) + --to-pkcs8 | --toPkcs8) _CMD="toPkcs8" ;; - --createAccountKey | --createaccountkey | -cak | --create-account-key) + --create-account-key | --createAccountKey | --createaccountkey | -cak) _CMD="createAccountKey" ;; - --createDomainKey | --createdomainkey | -cdk | --create-domain-key) + --create-domain-key | --createDomainKey | --createdomainkey | -cdk) _CMD="createDomainKey" ;; - --createCSR | --createcsr | -ccr | --create-csr) + -ccr | --create-csr | --createCSR | --createcsr) _CMD="createCSR" ;; --deactivate) _CMD="deactivate" ;; - --updateaccount | --update-account) + --update-account | --updateaccount) _CMD="updateaccount" ;; - --registeraccount | --register-account) + --register-account | --registeraccount) _CMD="registeraccount" ;; --deactivate-account) @@ -6850,7 +6850,7 @@ _process() { --set-default-ca) _CMD="setdefaultca" ;; - --domain | -d) + -d | --domain) _dvalue="$2" if [ "$_dvalue" ]; then @@ -6881,7 +6881,7 @@ _process() { shift ;; - --force | -f) + -f | --force) FORCE="1" ;; --staging | --test) @@ -6903,7 +6903,7 @@ _process() { --output-insecure) export OUTPUT_INSECURE=1 ;; - --webroot | -w) + -w | --webroot) wvalue="$2" if [ -z "$_webroot" ]; then _webroot="$wvalue" @@ -6993,7 +6993,7 @@ _process() { _keylength="$2" shift ;; - --accountkeylength | -ak) + -ak | --accountkeylength) _accountkeylength="$2" shift ;; @@ -7031,7 +7031,7 @@ _process() { LE_WORKING_DIR="$2" shift ;; - --certhome | --cert-home) + --cert-home | --certhome) _certhome="$2" CERT_HOME="$_certhome" shift @@ -7046,7 +7046,7 @@ _process() { USER_AGENT="$_useragent" shift ;; - --accountemail | -m) + -m | --accountemail) _accountemail="$2" ACCOUNT_EMAIL="$_accountemail" shift @@ -7074,7 +7074,7 @@ _process() { --listraw) _listraw="raw" ;; - --stopRenewOnError | --stoprenewonerror | -se | --stop-renew-on-error) + -se | --stop-renew-on-error | --stopRenewOnError | --stoprenewonerror) _stopRenewOnError="1" ;; --insecure) @@ -7097,7 +7097,7 @@ _process() { --noprofile) _noprofile="1" ;; - --no-color) + --nocolor | --no-color) export ACME_NO_COLOR=1 ;; --force-color) From b086afb2720731176ce63823409d4287516bbe24 Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Thu, 20 Aug 2020 09:00:58 +0200 Subject: [PATCH 15/81] fix some more issues in showhelp() --- acme.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/acme.sh b/acme.sh index fc4b7e7c..3ac44d35 100755 --- a/acme.sh +++ b/acme.sh @@ -6447,7 +6447,7 @@ Parameters: --debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted. --output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for security. - -w, --webroot Specifies the web root folder for web root mode. + -w, --webroot Specifies the web root folder for web root mode. --standalone Use standalone mode. --alpn Use standalone alpn mode. --stateless Use stateless mode. @@ -6459,7 +6459,7 @@ Parameters: It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically. -k, --keylength Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521. -ak, --accountkeylength Specifies the account key length: 2048, 3072, 4096 - --log [/path/to/logfile] Specifies the log file. Defaults to \"$DEFAULT_LOG_FILE\" if argument is omitted. + --log [file] Specifies the log file. Defaults to \"$DEFAULT_LOG_FILE\" if argument is omitted. --log-level <1|2> Specifies the log level, default is 1. --syslog <0|3|6|7> Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug. --eab-kid Key Identifier for External Account Binding. @@ -6468,11 +6468,10 @@ Parameters: These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: - --cert-file Path to copy the cert file to after issue/renew.. - --key-file Path to copy the key file to after issue/renew. - --ca-file Path to copy the intermediate cert file to after issue/renew. - --fullchain-file Path to copy the fullchain cert file to after issue/renew. - + --cert-file Path to copy the cert file to after issue/renew.. + --key-file Path to copy the key file to after issue/renew. + --ca-file Path to copy the intermediate cert file to after issue/renew. + --fullchain-file Path to copy the fullchain cert file to after issue/renew. --reloadcmd Command to execute after issue/renew to reload the server. --server ACME Directory Resource URI. (default: $DEFAULT_CA) From e7a6ff39f9b3ae514165d4773c326b68bd6a67d1 Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Thu, 20 Aug 2020 09:14:15 +0200 Subject: [PATCH 16/81] fix wrong indentation --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3ac44d35..990e422b 100755 --- a/acme.sh +++ b/acme.sh @@ -7045,7 +7045,7 @@ _process() { USER_AGENT="$_useragent" shift ;; - -m | --accountemail) + -m | --accountemail) _accountemail="$2" ACCOUNT_EMAIL="$_accountemail" shift From 58150f5dcd62a99eec2f4565d581e12358fbcf05 Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Thu, 20 Aug 2020 17:17:30 +0200 Subject: [PATCH 17/81] change --pkcs to --pkcs12 --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 990e422b..22b5a580 100755 --- a/acme.sh +++ b/acme.sh @@ -6415,7 +6415,7 @@ Commands: --revoke Revoke a cert. --remove Remove the cert from list of certs known to $PROJECT_NAME. --list List all the certs. - --to-pkcs Export the certificate and key to a pfx file. + --to-pkcs12 Export the certificate and key to a pfx file. --to-pkcs8 Convert to pkcs8 format. --sign-csr Issue a cert from an existing csr. --show-csr Show the content of a csr. @@ -6816,7 +6816,7 @@ _process() { --cron) _CMD="cron" ;; - --to-pkcs | --toPkcs) + --to-pkcs12 | --toPkcs) _CMD="toPkcs" ;; --to-pkcs8 | --toPkcs8) From 07fdb087dccd9df358c2bdfef9b61c4208408fe7 Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Thu, 20 Aug 2020 17:23:40 +0200 Subject: [PATCH 18/81] fix typo --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 22b5a580..87cb927f 100755 --- a/acme.sh +++ b/acme.sh @@ -6511,7 +6511,7 @@ Parameters: --listen-v6 Force standalone/tls server to listen at ipv6. --openssl-bin Specifies a custom openssl bin location. --use-wget Force to use wget, if you have both curl and wget installed. - --yes-I-know-dns-manual-mode-enough-go-ahead-please Force use ofdns manual mode. + --yes-I-know-dns-manual-mode-enough-go-ahead-please Force use of dns manual mode. See: $_DNS_MANUAL_WIKI -b, --branch Only valid for '--upgrade' command, specifies the branch name to upgrade to. --notify-level <0|1|2|3> Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT. From 2910be82a4d5684490db30b2d2be6cdb8a17f086 Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Fri, 21 Aug 2020 09:54:47 +0200 Subject: [PATCH 19/81] revert change of --no-color option --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 87cb927f..d2424dee 100755 --- a/acme.sh +++ b/acme.sh @@ -6496,7 +6496,7 @@ Parameters: --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. --noprofile Only valid for '--install' command, which means: do not install aliases to user profile. - --nocolor Do not output color text. + --no-color Do not output color text. --force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails. --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' --csr Specifies the input csr. @@ -7096,7 +7096,7 @@ _process() { --noprofile) _noprofile="1" ;; - --nocolor | --no-color) + --no-color) export ACME_NO_COLOR=1 ;; --force-color) From 1521199e443bddf8e13eb695af3090c6d0a1586a Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Fri, 21 Aug 2020 09:56:57 +0200 Subject: [PATCH 20/81] add hidden alias --to-pkcs for --to-pkcs12 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d2424dee..6719d1e6 100755 --- a/acme.sh +++ b/acme.sh @@ -6816,7 +6816,7 @@ _process() { --cron) _CMD="cron" ;; - --to-pkcs12 | --toPkcs) + --to-pkcs12 | --to-pkcs | --toPkcs) _CMD="toPkcs" ;; --to-pkcs8 | --toPkcs8) From a48c22d14fab2f29c95eefc04460adf4e3f7888a Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Fri, 21 Aug 2020 09:58:58 +0200 Subject: [PATCH 21/81] add missing blank lines after links to wiki --- acme.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/acme.sh b/acme.sh index 6719d1e6..3679cc0b 100755 --- a/acme.sh +++ b/acme.sh @@ -6437,11 +6437,14 @@ Parameters: -d, --domain Specifies a domain, used to issue, renew or revoke etc. --challenge-alias The challenge domain alias for DNS alias mode. See: $_DNS_ALIAS_WIKI + --domain-alias The domain alias for DNS alias mode. See: $_DNS_ALIAS_WIKI + --preferred-chain If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. (default: empty) See: $_PREFERRED_CHAIN_WIKI + -f, --force Force install, force cert renewal or override sudo restrictions. --staging, --test Use staging server, for testing. --debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted. @@ -6452,9 +6455,11 @@ Parameters: --alpn Use standalone alpn mode. --stateless Use stateless mode. See: $_STATELESS_WIKI + --apache Use apache mode. --dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted. See: $_DNS_API_WIKI + --dnssleep The time in seconds to wait for all the txt records to propagate in dns api mode. It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically. -k, --keylength Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521. @@ -6513,6 +6518,7 @@ Parameters: --use-wget Force to use wget, if you have both curl and wget installed. --yes-I-know-dns-manual-mode-enough-go-ahead-please Force use of dns manual mode. See: $_DNS_MANUAL_WIKI + -b, --branch Only valid for '--upgrade' command, specifies the branch name to upgrade to. --notify-level <0|1|2|3> Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT. 0: disabled, no notification will be sent. From 6fbf33c8f4f9a643f83caf279ff8ca292598f4d7 Mon Sep 17 00:00:00 2001 From: Pedro Lamas Date: Fri, 21 Aug 2020 09:54:24 +0100 Subject: [PATCH 22/81] More changes --- .github/workflows/dockerhub.yml | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index 8c277827..fc1db8e5 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -2,7 +2,12 @@ name: Build DockerHub on: push: - branches: [ master, dev ] + branches: + - master + - dev + - temp + tags: + - '*' jobs: build: @@ -12,23 +17,21 @@ jobs: uses: actions/checkout@v2 - name: install buildx id: buildx - uses: crazy-max/ghaction-docker-buildx@v1 + uses: crazy-max/ghaction-docker-buildx@v3 with: - version: latest + buildx-version: latest + qemu-version: latest - name: login to docker hub run: | echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - - name: build and push the image (master branch) - run: | - docker buildx build \ - --push \ - --tag neilpang/acme.sh:latest \ - --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 . - if: ${{ github.ref == 'refs/heads/master' }} - - name: build and push the image (dev branch) + - name: build and push the image run: | + DOCKER_IMAGE_TAG=$(echo ${GITHUB_REF#refs/heads/} | sed 's/^master$/latest/') + [ "$DOCKER_IMAGE" == "latest" ] && AUTO_UPGRADE="1" || AUTO_UPGRADE="" + docker buildx build \ - --push \ - --tag neilpang/acme.sh:dev \ + --output "type=image,push=true" \ + --tag ei99070/acme.sh:${DOCKER_IMAGE_TAG} \ + --tag ei99070/acme.sh:${GITHUB_SHA} \ + --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \ --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 . - if: ${{ github.ref == 'refs/heads/dev' }} From abc62b9348d6d01a0da8c17b6d6afe9e42ec84df Mon Sep 17 00:00:00 2001 From: Pedro Lamas Date: Fri, 21 Aug 2020 10:34:43 +0100 Subject: [PATCH 23/81] more --- .github/workflows/dockerhub.yml | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index fc1db8e5..4a5efc38 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -26,12 +26,25 @@ jobs: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - name: build and push the image run: | - DOCKER_IMAGE_TAG=$(echo ${GITHUB_REF#refs/heads/} | sed 's/^master$/latest/') - [ "$DOCKER_IMAGE" == "latest" ] && AUTO_UPGRADE="1" || AUTO_UPGRADE="" + DOCKER_IMAGE=ei99070/acme.sh + + if [[ $GITHUB_REF == refs/tags/* ]]; then + BRANCH_TAG=${GITHUB_REF#refs/tags/} + AUTO_UPGRADE=1 + fi + + if [[ $GITHUB_REF == refs/heads/* ]]; then + BRANCH_TAG=${GITHUB_REF#refs/heads/} + + if [[ $BRANCH_TAG == master ]]; then + BRANCH_TAG=latest + AUTO_UPGRADE=1 + fi + fi docker buildx build \ + --tag ${DOCKER_IMAGE}:${BRANCH_TAG} \ + --tag ${DOCKER_IMAGE}:${GITHUB_SHA} \ --output "type=image,push=true" \ - --tag ei99070/acme.sh:${DOCKER_IMAGE_TAG} \ - --tag ei99070/acme.sh:${GITHUB_SHA} \ --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \ --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 . From fcb6198a823da64f1e02815f4d994d05bceb9fa0 Mon Sep 17 00:00:00 2001 From: Pedro Lamas Date: Fri, 21 Aug 2020 10:55:07 +0100 Subject: [PATCH 24/81] More updated following PR comments --- .github/workflows/dockerhub.yml | 15 ++++++--------- Dockerfile | 2 +- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index bd96a8de..cf65f4a6 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -3,8 +3,7 @@ name: Build DockerHub on: push: branches: - - master - - dev + - '*' tags: - '*' @@ -28,22 +27,20 @@ jobs: DOCKER_IMAGE=neilpang/acme.sh if [[ $GITHUB_REF == refs/tags/* ]]; then - BRANCH_TAG=${GITHUB_REF#refs/tags/} - AUTO_UPGRADE=1 + DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/} fi if [[ $GITHUB_REF == refs/heads/* ]]; then - BRANCH_TAG=${GITHUB_REF#refs/heads/} + DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/} - if [[ $BRANCH_TAG == master ]]; then - BRANCH_TAG=latest + if [[ $DOCKER_IMAGE_TAG == master ]]; then + DOCKER_IMAGE_TAG=latest AUTO_UPGRADE=1 fi fi docker buildx build \ - --tag ${DOCKER_IMAGE}:${BRANCH_TAG} \ - --tag ${DOCKER_IMAGE}:${GITHUB_SHA} \ + --tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \ --output "type=image,push=true" \ --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \ --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 . diff --git a/Dockerfile b/Dockerfile index f00d03bd..a61c6ab4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ RUN apk update -f \ ENV LE_CONFIG_HOME /acme.sh -ENV AUTO_UPGRADE 1 +ARG AUTO_UPGRADE=1 #Install ADD ./ /install_acme.sh/ From 05477c1a0312215615241871c42b4376f9565027 Mon Sep 17 00:00:00 2001 From: Pedro Lamas Date: Fri, 21 Aug 2020 11:03:53 +0100 Subject: [PATCH 25/81] Fixes Dockerfile --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index a61c6ab4..4cea3c06 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,8 @@ ENV LE_CONFIG_HOME /acme.sh ARG AUTO_UPGRADE=1 +ENV AUTO_UPGRADE $AUTO_UPGRADE + #Install ADD ./ /install_acme.sh/ RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/ From 2e87e64bd1036b2d98f831a5a686003303b0c350 Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Fri, 21 Aug 2020 12:12:30 +0200 Subject: [PATCH 26/81] update individual Usage: messages to match showHelp --- acme.sh | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/acme.sh b/acme.sh index 3679cc0b..168ab8da 100755 --- a/acme.sh +++ b/acme.sh @@ -1375,7 +1375,7 @@ toPkcs() { domain="$1" pfxPassword="$2" if [ -z "$domain" ]; then - _usage "Usage: $PROJECT_ENTRY --toPkcs -d domain [--password pfx-password]" + _usage "Usage: $PROJECT_ENTRY --to-pkcs12 --domain [--password ] [--ecc]" return 1 fi @@ -1396,7 +1396,7 @@ toPkcs8() { domain="$1" if [ -z "$domain" ]; then - _usage "Usage: $PROJECT_ENTRY --toPkcs8 -d domain [--ecc]" + _usage "Usage: $PROJECT_ENTRY --to-pkcs8 --domain [--ecc]" return 1 fi @@ -1416,7 +1416,7 @@ toPkcs8() { createAccountKey() { _info "Creating account key" if [ -z "$1" ]; then - _usage "Usage: $PROJECT_ENTRY --createAccountKey --accountkeylength 2048" + _usage "Usage: $PROJECT_ENTRY --create-account-key [--accountkeylength ]" return fi @@ -1459,7 +1459,7 @@ _create_account_key() { createDomainKey() { _info "Creating domain key" if [ -z "$1" ]; then - _usage "Usage: $PROJECT_ENTRY --createDomainKey -d domain.com [ --keylength 2048 ]" + _usage "Usage: $PROJECT_ENTRY --create-domain-key --domain [--keylength ]" return fi @@ -1499,7 +1499,7 @@ createDomainKey() { createCSR() { _info "Creating csr" if [ -z "$1" ]; then - _usage "Usage: $PROJECT_ENTRY --createCSR -d domain1.com [-d domain2.com -d domain3.com ... ]" + _usage "Usage: $PROJECT_ENTRY --create-csr --domain [--domain ...]" return fi @@ -2888,7 +2888,7 @@ Allow from all if _restoreApache; then _err "The apache config file is restored." else - _err "Sorry, The apache config file can not be restored, please report bug." + _err "Sorry, the apache config file can not be restored, please report bug." fi return 1 fi @@ -4012,7 +4012,7 @@ _match_issuer() { #webroot, domain domainlist keylength issue() { if [ -z "$2" ]; then - _usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ " + _usage "Usage: $PROJECT_ENTRY --issue --domain --webroot " return 1 fi if [ -z "$1" ]; then @@ -4993,7 +4993,7 @@ _split_cert_chain() { renew() { Le_Domain="$1" if [ -z "$Le_Domain" ]; then - _usage "Usage: $PROJECT_ENTRY --renew -d domain.com [--ecc]" + _usage "Usage: $PROJECT_ENTRY --renew --domain [--ecc]" return 1 fi @@ -5003,7 +5003,7 @@ renew() { _info "$(__green "Renew: '$Le_Domain'")" if [ ! -f "$DOMAIN_CONF" ]; then - _info "'$Le_Domain' is not a issued domain, skip." + _info "'$Le_Domain' is not an issued domain, skip." return $RENEW_SKIP fi @@ -5082,7 +5082,7 @@ renewAll() { for di in "${CERT_HOME}"/*.*/; do _debug di "$di" if ! [ -d "$di" ]; then - _debug "Not directory, skip: $di" + _debug "Not a directory, skip: $di" continue fi d=$(basename "$di") @@ -5185,7 +5185,7 @@ signcsr() { _csrfile="$1" _csrW="$2" if [ -z "$_csrfile" ] || [ -z "$_csrW" ]; then - _usage "Usage: $PROJECT_ENTRY --signcsr --csr mycsr.csr -w /path/to/webroot/a.com/ " + _usage "Usage: $PROJECT_ENTRY --sign-csr --csr --webroot " return 1 fi @@ -5253,7 +5253,7 @@ showcsr() { _csrfile="$1" _csrd="$2" if [ -z "$_csrfile" ] && [ -z "$_csrd" ]; then - _usage "Usage: $PROJECT_ENTRY --showcsr --csr mycsr.csr" + _usage "Usage: $PROJECT_ENTRY --show-csr --csr " return 1 fi @@ -5370,7 +5370,7 @@ deploy() { _hooks="$2" _isEcc="$3" if [ -z "$_hooks" ]; then - _usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] " + _usage "Usage: $PROJECT_ENTRY --deploy --domain --deploy-hook [--ecc] " return 1 fi @@ -5391,7 +5391,7 @@ deploy() { installcert() { _main_domain="$1" if [ -z "$_main_domain" ]; then - _usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--cert-file cert-file-path] [--key-file key-file-path] [--ca-file ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchain-file fullchain-path]" + _usage "Usage: $PROJECT_ENTRY --install-cert --domain [--ecc] [--cert-file ] [--key-file ] [--ca-file ] [ --reloadcmd ] [--fullchain-file ]" return 1 fi @@ -5670,7 +5670,7 @@ uninstallcronjob() { revoke() { Le_Domain="$1" if [ -z "$Le_Domain" ]; then - _usage "Usage: $PROJECT_ENTRY --revoke -d domain.com [--ecc]" + _usage "Usage: $PROJECT_ENTRY --revoke --domain [--ecc]" return 1 fi @@ -5741,7 +5741,7 @@ revoke() { remove() { Le_Domain="$1" if [ -z "$Le_Domain" ]; then - _usage "Usage: $PROJECT_ENTRY --remove -d domain.com [--ecc]" + _usage "Usage: $PROJECT_ENTRY --remove --domain [--ecc]" return 1 fi @@ -5901,7 +5901,7 @@ deactivate() { _initAPI _debug _d_domain_list "$_d_domain_list" if [ -z "$(echo $_d_domain_list | cut -d , -f 1)" ]; then - _usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com [-d domain.com]" + _usage "Usage: $PROJECT_ENTRY --deactivate --domain [--domain ...]" return 1 fi for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do @@ -6361,7 +6361,7 @@ setnotify() { _initpath if [ -z "$_nhook$_nlevel$_nmode" ]; then - _usage "Usage: $PROJECT_ENTRY --set-notify [--notify-hook mailgun] [--notify-level $NOTIFY_LEVEL_DEFAULT] [--notify-mode $NOTIFY_MODE_DEFAULT]" + _usage "Usage: $PROJECT_ENTRY --set-notify [--notify-hook ] [--notify-level <0|1|2|3>] [--notify-mode <0|1>]" _usage "$_NOTIFY_WIKI" return 1 fi @@ -6400,7 +6400,7 @@ setnotify() { showhelp() { _initpath version - echo "Usage: $PROJECT_ENTRY command ...[parameters].... + echo "Usage: $PROJECT_ENTRY ... [parameters ...] Commands: -h, --help Show this help message. -v, --version Show version info. From dd6c5c9eea7d76d9e6eb32c606cab2192430b7ab Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Fri, 21 Aug 2020 12:15:45 +0200 Subject: [PATCH 27/81] add documentation for --password option --- acme.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/acme.sh b/acme.sh index 168ab8da..3b56b8d6 100755 --- a/acme.sh +++ b/acme.sh @@ -6532,6 +6532,8 @@ Parameters: --revoke-reason <0-10> The reason for revocation, can be used in conjunction with the '--revoke' command. See: $_REVOKE_WIKI + --password Add a password to exported pfx file. Use with --to-pkcs12. + " } From b67d663a388660ceb0a4f0f3ded422b25affb40d Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Fri, 21 Aug 2020 12:19:26 +0200 Subject: [PATCH 28/81] fix wrong options listed in --ecc help entry --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3b56b8d6..b5fafa4b 100755 --- a/acme.sh +++ b/acme.sh @@ -6503,7 +6503,7 @@ Parameters: --noprofile Only valid for '--install' command, which means: do not install aliases to user profile. --no-color Do not output color text. --force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails. - --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' + --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--to-pkcs12' and '--create-csr' --csr Specifies the input csr. --pre-hook Command to be run before obtaining any certificates. --post-hook Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed. From 328b6d1cc696b93c129e2ee165eb520fbbf22934 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 21 Aug 2020 18:19:26 +0800 Subject: [PATCH 29/81] add docker hub badge --- .github/workflows/shellcheck.yml | 2 +- README.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 529f41e1..a6f82d9e 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -1,4 +1,4 @@ -name: shellcheck +name: Shellcheck on: [push, pull_request] jobs: diff --git a/README.md b/README.md index bf6ea06c..812e5602 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ # An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) -![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg) +![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) ![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) +![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg) From 8d0e4851200ef060cb2344225acbd875b834d84f Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 27 Aug 2020 18:07:26 +0800 Subject: [PATCH 30/81] add set-default-ca --- Dockerfile | 1 + acme.sh | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4cea3c06..2ccf6800 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,6 +54,7 @@ RUN for verb in help \ deactivate \ deactivate-account \ set-notify \ + set-default-ca \ ; do \ printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ ; done diff --git a/acme.sh b/acme.sh index b5fafa4b..ad29669c 100755 --- a/acme.sh +++ b/acme.sh @@ -6430,7 +6430,8 @@ Commands: --cron Run cron job to renew all the certs. --set-notify Set the cron notification hook, level or mode. --deactivate Deactivate the domain authz, professional use. - --set-default-ca Used with '--server', to set the default CA to use to use. + --set-default-ca Used with '--server', Set the default CA to use. + See: $_SERVER_WIKI Parameters: From fdb96e91f1bc585bbb2145e999fdc83147fe4ab8 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 27 Aug 2020 21:41:18 +0800 Subject: [PATCH 31/81] match issuer ignoring case --- acme.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/acme.sh b/acme.sh index ad29669c..891f0d81 100755 --- a/acme.sh +++ b/acme.sh @@ -4006,6 +4006,11 @@ _match_issuer() { _missuer="$2" _fissuers="$(_get_cert_issuers $_cfile)" _debug2 _fissuers "$_fissuers" + if _contains "$_fissuers" "$_missuer"; then + return 0 + fi + _fissuers="$(echo "$_fissuers" | _lower_case)" + _missuer="$(echo "$_missuer" | _lower_case)" _contains "$_fissuers" "$_missuer" } From f1692b3436725e0f43d285d4fc46390ba8600584 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 28 Aug 2020 20:10:12 +0800 Subject: [PATCH 32/81] begin 2.8.8 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 891f0d81..c36ce80e 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.8.7 +VER=2.8.8 PROJECT_NAME="acme.sh" From 1ad450d753959bf1231655d70899acfe222459cb Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 27 Aug 2020 21:45:26 +0800 Subject: [PATCH 33/81] add ubuntu test in github actions --- .github/workflows/Ubuntu.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/Ubuntu.yml diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml new file mode 100644 index 00000000..1b89c28c --- /dev/null +++ b/.github/workflows/Ubuntu.yml @@ -0,0 +1,14 @@ +name: PebbleStrict +on: [push, pull_request] + +jobs: + PebbleStrict: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Install tools + run: sudo apt-get install -y socat + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + run: cd ../acmetest && ./letest.sh From 5f4d08ada5962f9d3d0adfdba72af4d5a5c402c4 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 27 Aug 2020 21:46:29 +0800 Subject: [PATCH 34/81] fix name --- .github/workflows/Ubuntu.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 1b89c28c..523bfefb 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -1,8 +1,8 @@ -name: PebbleStrict +name: Ubuntu on: [push, pull_request] jobs: - PebbleStrict: + Ubuntu: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 From 8017774bf398c13fe6d43d85d5e7189781216046 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 27 Aug 2020 21:49:19 +0800 Subject: [PATCH 35/81] add token --- .github/workflows/Ubuntu.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 523bfefb..5c0859a4 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -4,6 +4,8 @@ on: [push, pull_request] jobs: Ubuntu: runs-on: ubuntu-latest + env: + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} steps: - uses: actions/checkout@v2 - name: Install tools From e087bccd339e054790300297fbd3e6b0c53fdb55 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 27 Aug 2020 22:17:10 +0800 Subject: [PATCH 36/81] remove travis --- .github/workflows/LetsEncrypt.yml | 30 +++++++++++++++++++++++++ .github/workflows/Ubuntu.yml | 16 ------------- .travis.yml | 37 ------------------------------- 3 files changed, 30 insertions(+), 53 deletions(-) create mode 100644 .github/workflows/LetsEncrypt.yml delete mode 100644 .github/workflows/Ubuntu.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml new file mode 100644 index 00000000..83a1a931 --- /dev/null +++ b/.github/workflows/LetsEncrypt.yml @@ -0,0 +1,30 @@ +name: LetsEncrypt +on: [push, pull_request] + +jobs: + Ubuntu: + runs-on: ubuntu-latest + env: + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + steps: + - uses: actions/checkout@v2 + - name: Install tools + run: sudo apt-get install -y socat + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + run: cd ../acmetest && ./letest.sh + + MacOS: + needs: Ubuntu + runs-on: macos-latest + env: + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + steps: + - uses: actions/checkout@v2 + - name: Install tools + run: brew update && brew install socat; + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + run: cd ../acmetest && ./letest.sh \ No newline at end of file diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml deleted file mode 100644 index 5c0859a4..00000000 --- a/.github/workflows/Ubuntu.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Ubuntu -on: [push, pull_request] - -jobs: - Ubuntu: - runs-on: ubuntu-latest - env: - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} - steps: - - uses: actions/checkout@v2 - - name: Install tools - run: sudo apt-get install -y socat - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - run: cd ../acmetest && ./letest.sh diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 2741e719..00000000 --- a/.travis.yml +++ /dev/null @@ -1,37 +0,0 @@ -language: shell -dist: bionic - -os: - - linux - - osx - -services: - - docker - -env: - global: - - SHFMT_URL=https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 - - -install: - - if [ "$TRAVIS_OS_NAME" = 'osx' ]; then - brew update && brew install socat; - export PATH="/usr/local/opt/openssl@1.1/bin:$PATH" ; - fi - -script: - - echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)" - - command -V openssl && openssl version - - if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt && chmod +x ~/shfmt && ~/shfmt -l -w -i 2 . ; fi - - if [ "$TRAVIS_OS_NAME" = "linux" ]; then git diff --exit-code && echo "shfmt OK" ; fi - - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi - - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi - - cd .. - - git clone --depth 1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest - - if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi - - if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi - -matrix: - fast_finish: true - - From e66337a1db904359691c23133342998f492cb153 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 27 Aug 2020 22:35:05 +0800 Subject: [PATCH 37/81] fix badge --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 812e5602..9b7d48cc 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # An ACME Shell script: acme.sh -[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) + +![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg) ![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) ![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) ![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg) @@ -11,8 +12,6 @@ [![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") -acme.sh is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial - - An ACME protocol client written purely in Shell (Unix shell) language. - Full ACME protocol implementation. @@ -77,7 +76,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) |18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris |19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux -|20|[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)|Mac OSX +|20|[![Build Status](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX |21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest): From f0c710b245be71acb4aa98dca8aee88f5f3788e5 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 28 Aug 2020 09:32:38 +0800 Subject: [PATCH 38/81] Update LetsEncrypt.yml --- .github/workflows/LetsEncrypt.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 83a1a931..a239a9ca 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -6,6 +6,7 @@ jobs: runs-on: ubuntu-latest env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 - name: Install tools @@ -13,13 +14,14 @@ jobs: - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && ./letest.sh + run: cd ../acmetest && sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./letest.sh MacOS: needs: Ubuntu runs-on: macos-latest env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 - name: Install tools @@ -27,4 +29,4 @@ jobs: - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && ./letest.sh \ No newline at end of file + run: cd ../acmetest && sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./letest.sh From f170ee9e598851dfc593beb6299fa8d459dd1969 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 28 Aug 2020 23:18:05 +0800 Subject: [PATCH 39/81] add Windows --- .github/workflows/LetsEncrypt.yml | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index a239a9ca..5145d006 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -17,8 +17,8 @@ jobs: run: cd ../acmetest && sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./letest.sh MacOS: - needs: Ubuntu runs-on: macos-latest + needs: Ubuntu env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 @@ -30,3 +30,32 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest run: cd ../acmetest && sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./letest.sh + + Windows: + runs-on: windows-latest + needs: MacOS + env: + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + TEST_LOCAL: 1 + steps: + - uses: actions/checkout@v2 + - name: Install cygwin base packages with chocolatey + run: | + choco config get cacheLocation + choco install cygwin + shell: cmd + - name: Install cygwin additional packages + run: | + C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,git + shell: cmd + - name: Set ENV + run: | + echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' + - name: Clone acmetest + shell: cmd + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + shell: cmd + run: cd ../acmetest && bash.exe -c ./letest.sh + + From 9f80df3fcb4989170e01e7432eb8bf0f1808176d Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 28 Aug 2020 23:31:18 +0800 Subject: [PATCH 40/81] add unzip --- .github/workflows/LetsEncrypt.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 5145d006..86d9ad3e 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -42,11 +42,11 @@ jobs: - name: Install cygwin base packages with chocolatey run: | choco config get cacheLocation - choco install cygwin + choco install --no-progress cygwin shell: cmd - name: Install cygwin additional packages run: | - C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,git + C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git shell: cmd - name: Set ENV run: | From 763c05313beae4e25acee004f4debfd064f34dc6 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 28 Aug 2020 23:54:39 +0800 Subject: [PATCH 41/81] 80 port of github windows server is already used. --- .github/workflows/LetsEncrypt.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 86d9ad3e..90a94982 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -37,6 +37,7 @@ jobs: env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 + Le_HTTPPort: 8888 steps: - uses: actions/checkout@v2 - name: Install cygwin base packages with chocolatey From 3b3d7eff3c95adc2893c2898b3b717d8476e69a1 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 00:35:33 +0800 Subject: [PATCH 42/81] remove \r --- .github/workflows/LetsEncrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 90a94982..23d1f055 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -54,7 +54,7 @@ jobs: echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' - name: Clone acmetest shell: cmd - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ && sed -i 's/\r//g' acmetest/acme.sh/acme.sh - name: Run acmetest shell: cmd run: cd ../acmetest && bash.exe -c ./letest.sh From 395fdc9d61701bd3a9fb4b1bb812663461a579ae Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Sun, 31 May 2020 18:49:39 +0200 Subject: [PATCH 43/81] Added support for custom domains --- dnsapi/dns_dynv6.sh | 66 +++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 29 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 3c222d3a..f1471643 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -13,14 +13,18 @@ dns_dynv6_add() { _debug txtvalue "$txtvalue" _get_keyfile _info "using keyfile $dynv6_keyfile" - _get_domain "$fulldomain" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _contains "$_your_hosts" "$_host"; then - _debug "The host is $_host and the record $_record" - _debug "Dynv6 returned $_your_hosts" - _err "The host $_host does not exist on your dynv6 account" - return 1 + + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 fi +# if ! _contains "$_your_hosts" "$_host"; then +# _debug "The host is $_host and the record $_record" +# _debug "Dynv6 returned $_your_hosts" +# _err "The host $_host does not exists on your dynv6 account" +# return 1 +# fi _debug "found host on your account" returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" _debug "Dynv6 returend this after record was added: $returnval" @@ -44,14 +48,17 @@ dns_dynv6_rm() { _debug txtvalue "$txtvalue" _get_keyfile _info "using keyfile $dynv6_keyfile" - _get_domain "$fulldomain" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _contains "$_your_hosts" "$_host"; then - _debug "The host is $_host and the record $_record" - _debug "Dynv6 returned $_your_hosts" - _err "The host $_host does not exist on your dynv6 account" - return 1 + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 fi +# if ! _contains "$_your_hosts" "$_host"; then +# _debug "The host is $_host and the record $_record" +# _debug "Dynv6 returned $_your_hosts" +# _err "The host $_host does not exists on your dynv6 account" +# return 1 +# fi _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 @@ -72,29 +79,30 @@ _generate_new_key() { return 1 fi } -#Usage: _acme-challenge.www.example.dynv6.net + +#Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts" +#where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts #returns #_host= example.dynv6.net #_record=_acme-challenge.www #aborts if not a valid domain _get_domain() { + #_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)" _full_domain="$1" - _debug "getting domain for $_full_domain" - if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy' && ! _contains "$_full_domain" 'v6.rocks'; then - _err "The hosts does not seem to be a dynv6 host" - return 1 - fi - _record="${_full_domain%.*}" - _record="${_record%.*}" - _record="${_record%.*}" - _debug "The record we are ging to use is $_record" - _host="$_full_domain" - while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do - _host="${_host#*.}" - done - _debug "And the host is $_host" - return 0 + _your_hosts="$2" + _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" + for l in $_your_hosts; do + #echo "host: $l" + if test "${_full_domain#*$l}" != "$_full_domain"; then + _record="${_full_domain%.$l}" + _host=$l + _debug "The host is $_host and the record $_record" + return 0 + fi + done + _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" + return 1 } # Usage: No input required @@ -103,7 +111,7 @@ _get_domain() { _get_keyfile() { _debug "get keyfile method called" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" - _debug Your key is "$dynv6_keyfile" + _debug "Your key is $dynv6_keyfile" if [ -z "$dynv6_keyfile" ]; then if [ -z "$KEY" ]; then _err "You did not specify a key to use with dynv6" From 0b539a597710a69e8aa2521fc8d0f4c48c6f1a0c Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Sun, 31 May 2020 19:09:27 +0200 Subject: [PATCH 44/81] first attempt to make travis happy --- dnsapi/dns_dynv6.sh | 38 ++++++++++++++------------------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index f1471643..473bb243 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -14,17 +14,14 @@ dns_dynv6_add() { _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" +<<<<<<< HEAD +======= +>>>>>>> first attempt to make travis happy if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 + _err "Host not found on your account" + return 1 fi -# if ! _contains "$_your_hosts" "$_host"; then -# _debug "The host is $_host and the record $_record" -# _debug "Dynv6 returned $_your_hosts" -# _err "The host $_host does not exists on your dynv6 account" -# return 1 -# fi _debug "found host on your account" returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" _debug "Dynv6 returend this after record was added: $returnval" @@ -50,19 +47,12 @@ dns_dynv6_rm() { _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 + _err "Host not found on your account" + return 1 fi -# if ! _contains "$_your_hosts" "$_host"; then -# _debug "The host is $_host and the record $_record" -# _debug "Dynv6 returned $_your_hosts" -# _err "The host $_host does not exists on your dynv6 account" -# return 1 -# fi _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 - } #################### Private functions below ################################## #Usage: No Input required @@ -93,13 +83,13 @@ _get_domain() { _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" for l in $_your_hosts; do - #echo "host: $l" - if test "${_full_domain#*$l}" != "$_full_domain"; then - _record="${_full_domain%.$l}" - _host=$l - _debug "The host is $_host and the record $_record" - return 0 - fi + #echo "host: $l" + if test "${_full_domain#*$l}" != "$_full_domain"; then + _record="${_full_domain%.$l}" + _host=$l + _debug "The host is $_host and the record $_record" + return 0 + fi done _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" return 1 From 0d4904f05dd9356a72caf7f5941bdcbdd975c654 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 15:42:45 +0200 Subject: [PATCH 45/81] no supporting HTTP API as well --- dnsapi/dns_dynv6.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 473bb243..dce7ce5f 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -14,10 +14,6 @@ dns_dynv6_add() { _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" -<<<<<<< HEAD - -======= ->>>>>>> first attempt to make travis happy if ! _get_domain "$fulldomain" "$_your_hosts"; then _err "Host not found on your account" return 1 From 3cd7a2e6d6f6f6babee36e087abf98510c897f39 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 15:49:25 +0200 Subject: [PATCH 46/81] formatting --- dnsapi/dns_dynv6.sh | 212 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 212 insertions(+) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index dce7ce5f..5f36cef8 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -11,6 +11,7 @@ dns_dynv6_add() { _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" +<<<<<<< HEAD _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" @@ -27,6 +28,30 @@ dns_dynv6_add() { return 0 else _err "Something went wrong! it does not seem like the record was added succesfully" +======= + _get_authentication + if [ "$dynv6_token" ]; then + _dns_dynv6_add_http + return $? + else + _info "using key file $dynv6_keyfile" + _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 + fi + _debug "found host on your account" + returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" + _debug "Dynv6 returned this after record was added: $returnval" + if _contains "$returnval" "created"; then + return 0 + elif _contains "$returnval" "updated"; then + return 0 + else + _err "Something went wrong! it does not seem like the record was added successfully" + return 1 + fi +>>>>>>> formatting return 1 fi return 1 @@ -39,12 +64,29 @@ dns_dynv6_rm() { _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" +<<<<<<< HEAD _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then _err "Host not found on your account" return 1 +======= + _get_authentication + if [ "$dynv6_token" ]; then + _dns_dynv6_rm_http + return $? + else + _info "using key file $dynv6_keyfile" + _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 + fi + _debug "found host on your account" + _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" + return 0 +>>>>>>> formatting fi _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" @@ -94,6 +136,7 @@ _get_domain() { # Usage: No input required #returns #dynv6_keyfile path to the key that will be used +<<<<<<< HEAD _get_keyfile() { _debug "get keyfile method called" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" @@ -111,5 +154,174 @@ _get_keyfile() { dynv6_keyfile="$KEY" fi _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" +======= +_get_authentication() { + if [ "$DYNV6_TOKEN" ]; then + _debug "Going to use the HTTP Token you specifed and saving it for futur use" + _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" + dynv6_token="$DYNV6_TOKEN" + elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then + _debug "Found a previously used HTTP token going to use that" + dynv6_token="$(_readaccountconf_mutable dynv6_token)" + else + _debug "no HTTP token found. Looking for an SSH key" + dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" + _debug "Your key is $dynv6_keyfile" + if [ -z "$dynv6_keyfile" ]; then + if [ -z "$KEY" ]; then + _err "You did not specify a key to use with dynv6" + _info "Creating new dynv6 API key to add to dynv6.com" + _generate_new_key + _info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")" + _info "Hit Enter to continue" + read -r _ + #save the credentials to the account conf file. + else + dynv6_keyfile="$KEY" + fi + _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" + fi + fi +} + +_dns_dynv6_add_http() { + _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain"; then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _set_record TXT "$record" "$txtvalue" + if _contains "$response" "$txtvalue"; then + _info "Successfully added record" + return 0 + else + _err "Something went wrong while adding the record" + return 1 + fi +} + +_dns_dynv6_rm_http() { + _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain"; then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _get_record_id "$_zone_id" "$record" "$txtvalue" + _del_record "$_zone_id" "$_record_id" + if [ -z "$response" ]; then + _info "Successfully deleted record" + return 0 + else + _err "Something went wrong while deleting the record" + return 1 + fi +} + +#get the zoneid for a specifc record or zone +#usage: _get_zone_id §record +#where $record is the record to get the id for +#returns _zone_id the id of the zone +_get_zone_id() { + record="$1" + _debug "getting zone id for $record" + _dynv6_rest GET zones + + zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" + #echo $zones + + selected="" + for z in $zones; do + z="${z#name:}" + _debug zone: "$z" + if _contains "$record" "$z"; then + _debug "$z found in $record" + selected="$z" + fi + done + if [ -z "$selected" ]; then + _err "no zone found" + return 1 + fi + + zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" + _zone_id="${zone_id#id:}" + _debug "zone id: $_zone_id" +} + +_get_zone_name() { + _zone_id="$1" + _dynv6_rest GET zones/"$_zone_id" + _zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')" + _zone_name="${_zone_name#name:}" +} + +#usaage _get_record_id $zone_id $record +# where zone_id is thevalue returned by _get_zone_id +# and record ist in the form _acme.www for an fqdn of _acme.www.example.com +# returns _record_id +_get_record_id() { + _zone_id="$1" + record="$2" + value="$3" + _dynv6_rest GET "zones/$_zone_id/records" + if ! _get_record_id_from_response "$response"; then + _err "no such record $record found in zone $_zone_id" + return 1 + fi +} + +_get_record_id_from_response() { + response="$1" + _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')" + #_record_id="${_record_id#id:}" + if [ -z "$_record_id" ]; then + _err "no such record: $record found in zone $_zone_id" + return 1 + fi + _debug "record id: $_record_id" + return 0 +} +#usage: _set_record TXT _acme_challenge.www longvalue 12345678 +#zone id is optional can also be set as vairable bevor calling this method +_set_record() { + type="$1" + record="$2" + value="$3" + if [ "$4" ]; then + _zone_id="$4" + fi + data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" + #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' + echo "$data" + #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" + _dynv6_rest POST "zones/$_zone_id/records" "$data" +} +_del_record() { + _zone_id=$1 + _record_id=$2 + _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id" +} + +_dynv6_rest() { + m=$1 #method GET,POST,DELETE or PUT + ep="$2" #the endpoint + data="$3" + _debug "$ep" + + token_trimmed=$(echo "$dynv6_token" | tr -d '"') + + export _H1="Authorization: Bearer $token_trimmed" + export _H2="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" + else + response="$(_get "$dynv6_api/$ep")" +>>>>>>> formatting fi } From c849738c6fbd15524e8e2047ffe10203101aa2a8 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 16:01:46 +0200 Subject: [PATCH 47/81] formatting --- dnsapi/dns_dynv6.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 5f36cef8..5ccab1a4 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -156,13 +156,12 @@ _get_keyfile() { _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" ======= _get_authentication() { - if [ "$DYNV6_TOKEN" ]; then - _debug "Going to use the HTTP Token you specifed and saving it for futur use" - _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" - dynv6_token="$DYNV6_TOKEN" - elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then - _debug "Found a previously used HTTP token going to use that" - dynv6_token="$(_readaccountconf_mutable dynv6_token)" + dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}" + if [ "$dynv6_token" ]; then + _debug "Found HTTP Token. Going to use the HTTP API and not the SSH API" + if [ "$DYNV6_TOKEN" ]; then + _saveaccountconf_mutable dynv6_token "$dynv6_token" + fi else _debug "no HTTP token found. Looking for an SSH key" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" From 4632035581599994ed7a7349de002f2e260b76a8 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 01:32:10 +0800 Subject: [PATCH 48/81] no need to run for PR from dev to master --- .github/workflows/LetsEncrypt.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 23d1f055..4916c78b 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -1,5 +1,11 @@ name: LetsEncrypt -on: [push, pull_request] +on: + push: + branches: + - '*' + pull_request: + branches: + - dev jobs: Ubuntu: From 185b558561f8cbeef9598f97f6b8b18d2cdfe099 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Fri, 28 Aug 2020 19:46:45 +0200 Subject: [PATCH 49/81] fix shfmt error --- dnsapi/dns_dynv6.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index e51e118a..9efc9aeb 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -260,7 +260,7 @@ _del_record() { _dynv6_rest() { m=$1 #method GET,POST,DELETE or PUT - ep="$2" #the endpoint + ep="$2" #the endpoint data="$3" _debug "$ep" From 7d7e5bac123cff13061e3e957bf1ba4460e4e8b3 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 09:54:02 +0800 Subject: [PATCH 50/81] add comments --- .github/workflows/LetsEncrypt.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 4916c78b..ad31b752 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -43,6 +43,7 @@ jobs: env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 + #The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port. Le_HTTPPort: 8888 steps: - uses: actions/checkout@v2 From c2214cd4b509ed5b136fad91b59f02ca539bd8f5 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 13:06:58 +0800 Subject: [PATCH 51/81] minor --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9b7d48cc..953c44a5 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # An ACME Shell script: acme.sh -![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg) -![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) -![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) -![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg) +![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg) +![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) +![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) +![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg) From 918c8f9295ac385ad5478746b35cc74179a3aacf Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 13:14:28 +0800 Subject: [PATCH 52/81] filer events --- .github/workflows/LetsEncrypt.yml | 5 +++++ .github/workflows/PebbleStrict.yml | 12 +++++++++++- .github/workflows/shellcheck.yml | 12 +++++++++++- 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index ad31b752..3af574a7 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -3,9 +3,14 @@ on: push: branches: - '*' + paths: + - '**.sh' pull_request: branches: - dev + paths: + - '**.sh' + jobs: Ubuntu: diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index a339f727..ffc2ccdc 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -1,5 +1,15 @@ name: PebbleStrict -on: [push, pull_request] +on: + push: + branches: + - '*' + paths: + - '**.sh' + pull_request: + branches: + - dev + paths: + - '**.sh' jobs: PebbleStrict: diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index a6f82d9e..402492ad 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -1,5 +1,15 @@ name: Shellcheck -on: [push, pull_request] +on: + push: + branches: + - '*' + paths: + - '**.sh' + pull_request: + branches: + - dev + paths: + - '**.sh' jobs: formatCheck: From b639683ac1c821f675b1ddd2f6b2c5539744c91e Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 14:11:11 +0800 Subject: [PATCH 53/81] don't run if "${{ secrets.NGROK_TOKEN }}" is not set. --- .github/workflows/LetsEncrypt.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 3af574a7..e9f0897d 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -15,6 +15,7 @@ on: jobs: Ubuntu: runs-on: ubuntu-latest + if: "${{ secrets.NGROK_TOKEN }}" env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 @@ -29,6 +30,7 @@ jobs: MacOS: runs-on: macos-latest + if: "${{ secrets.NGROK_TOKEN }}" needs: Ubuntu env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} @@ -44,6 +46,7 @@ jobs: Windows: runs-on: windows-latest + if: "${{ secrets.NGROK_TOKEN }}" needs: MacOS env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} From e88180b4d5b7168c99bd10a85e51b885fdc5f9f8 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 14:19:17 +0800 Subject: [PATCH 54/81] fix if --- .github/workflows/LetsEncrypt.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index e9f0897d..3101205c 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -15,7 +15,7 @@ on: jobs: Ubuntu: runs-on: ubuntu-latest - if: "${{ secrets.NGROK_TOKEN }}" + if: "${{ contains(secrets.NGROK_TOKEN, 0) }}" env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 @@ -30,7 +30,7 @@ jobs: MacOS: runs-on: macos-latest - if: "${{ secrets.NGROK_TOKEN }}" + if: "${{ contains(secrets.NGROK_TOKEN, 0) }}" needs: Ubuntu env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} @@ -46,7 +46,7 @@ jobs: Windows: runs-on: windows-latest - if: "${{ secrets.NGROK_TOKEN }}" + if: "${{ contains(secrets.NGROK_TOKEN, 0) }}" needs: MacOS env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} From 70366a98bd596ba8d6bd8160251c3d08b5a48d7d Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 14:33:33 +0800 Subject: [PATCH 55/81] fix if --- .github/workflows/LetsEncrypt.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 3101205c..818e2d19 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -15,7 +15,7 @@ on: jobs: Ubuntu: runs-on: ubuntu-latest - if: "${{ contains(secrets.NGROK_TOKEN, 0) }}" + if: "contains(secrets.NGROK_TOKEN, '-')" env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 @@ -30,7 +30,7 @@ jobs: MacOS: runs-on: macos-latest - if: "${{ contains(secrets.NGROK_TOKEN, 0) }}" + if: "contains(secrets.NGROK_TOKEN, '-')" needs: Ubuntu env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} @@ -46,7 +46,7 @@ jobs: Windows: runs-on: windows-latest - if: "${{ contains(secrets.NGROK_TOKEN, 0) }}" + if: "contains(secrets.NGROK_TOKEN, '-')" needs: MacOS env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} From faaa7bfa3ae577161f24718c3f82cc6f80e56d0c Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 23:14:18 +0800 Subject: [PATCH 56/81] check token before run --- .github/workflows/LetsEncrypt.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 818e2d19..92d378c0 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -13,9 +13,23 @@ on: jobs: + CheckToken: + runs-on: ubuntu-latest + outputs: + hasToken: ${{ steps.step_one.outputs.hasToken }} + env: + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + steps: + - name: Set the value + id: step_one + run: [ "$NGROK_TOKEN" ] && echo "::set-output name=hasToken::true" || echo "::set-output name=hasToken::false" + - name: Check the value + run: echo ${{ steps.step_one.outputs.hasToken }} + Ubuntu: runs-on: ubuntu-latest - if: "contains(secrets.NGROK_TOKEN, '-')" + needs: CheckToken + if: "contains(needs.CheckToken.outputs.hasToken, 'true')" env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 @@ -30,7 +44,6 @@ jobs: MacOS: runs-on: macos-latest - if: "contains(secrets.NGROK_TOKEN, '-')" needs: Ubuntu env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} @@ -46,7 +59,6 @@ jobs: Windows: runs-on: windows-latest - if: "contains(secrets.NGROK_TOKEN, '-')" needs: MacOS env: NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} From 900eedfc2e5f807e19c3981952fbcd3a0e5d7948 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 23:19:21 +0800 Subject: [PATCH 57/81] fix checktoken --- .github/workflows/LetsEncrypt.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 92d378c0..0dff3592 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -22,7 +22,12 @@ jobs: steps: - name: Set the value id: step_one - run: [ "$NGROK_TOKEN" ] && echo "::set-output name=hasToken::true" || echo "::set-output name=hasToken::false" + run: | + if [ "$NGROK_TOKEN" ] ; then + echo "::set-output name=hasToken::true" + else + echo "::set-output name=hasToken::false" + fi - name: Check the value run: echo ${{ steps.step_one.outputs.hasToken }} From 45cf5c4c0f150cb59a6c53680a45604a303f6f5f Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Aug 2020 23:23:07 +0800 Subject: [PATCH 58/81] trigger build --- .github/workflows/LetsEncrypt.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 0dff3592..57948e3a 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -5,6 +5,7 @@ on: - '*' paths: - '**.sh' + - '**.yml' pull_request: branches: - dev From 41754c92c3125feaf7d9a8a8c8c998ebfa2957e3 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 30 Aug 2020 23:26:10 +0800 Subject: [PATCH 59/81] --preserve-env --- .github/workflows/LetsEncrypt.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 57948e3a..afa4da68 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -46,7 +46,7 @@ jobs: - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./letest.sh + run: cd ../acmetest && sudo --preserve-env ./letest.sh MacOS: runs-on: macos-latest @@ -61,7 +61,7 @@ jobs: - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./letest.sh + run: cd ../acmetest && sudo --preserve-env ./letest.sh Windows: runs-on: windows-latest From 91a8b97cf47a108e0c2f9adda3542424c1e02f4b Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Sun, 31 May 2020 18:49:39 +0200 Subject: [PATCH 60/81] Added support for custom domains --- dnsapi/dns_dynv6.sh | 66 +++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 29 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 3c222d3a..f1471643 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -13,14 +13,18 @@ dns_dynv6_add() { _debug txtvalue "$txtvalue" _get_keyfile _info "using keyfile $dynv6_keyfile" - _get_domain "$fulldomain" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _contains "$_your_hosts" "$_host"; then - _debug "The host is $_host and the record $_record" - _debug "Dynv6 returned $_your_hosts" - _err "The host $_host does not exist on your dynv6 account" - return 1 + + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 fi +# if ! _contains "$_your_hosts" "$_host"; then +# _debug "The host is $_host and the record $_record" +# _debug "Dynv6 returned $_your_hosts" +# _err "The host $_host does not exists on your dynv6 account" +# return 1 +# fi _debug "found host on your account" returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" _debug "Dynv6 returend this after record was added: $returnval" @@ -44,14 +48,17 @@ dns_dynv6_rm() { _debug txtvalue "$txtvalue" _get_keyfile _info "using keyfile $dynv6_keyfile" - _get_domain "$fulldomain" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _contains "$_your_hosts" "$_host"; then - _debug "The host is $_host and the record $_record" - _debug "Dynv6 returned $_your_hosts" - _err "The host $_host does not exist on your dynv6 account" - return 1 + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 fi +# if ! _contains "$_your_hosts" "$_host"; then +# _debug "The host is $_host and the record $_record" +# _debug "Dynv6 returned $_your_hosts" +# _err "The host $_host does not exists on your dynv6 account" +# return 1 +# fi _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 @@ -72,29 +79,30 @@ _generate_new_key() { return 1 fi } -#Usage: _acme-challenge.www.example.dynv6.net + +#Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts" +#where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts #returns #_host= example.dynv6.net #_record=_acme-challenge.www #aborts if not a valid domain _get_domain() { + #_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)" _full_domain="$1" - _debug "getting domain for $_full_domain" - if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy' && ! _contains "$_full_domain" 'v6.rocks'; then - _err "The hosts does not seem to be a dynv6 host" - return 1 - fi - _record="${_full_domain%.*}" - _record="${_record%.*}" - _record="${_record%.*}" - _debug "The record we are ging to use is $_record" - _host="$_full_domain" - while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do - _host="${_host#*.}" - done - _debug "And the host is $_host" - return 0 + _your_hosts="$2" + _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" + for l in $_your_hosts; do + #echo "host: $l" + if test "${_full_domain#*$l}" != "$_full_domain"; then + _record="${_full_domain%.$l}" + _host=$l + _debug "The host is $_host and the record $_record" + return 0 + fi + done + _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" + return 1 } # Usage: No input required @@ -103,7 +111,7 @@ _get_domain() { _get_keyfile() { _debug "get keyfile method called" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" - _debug Your key is "$dynv6_keyfile" + _debug "Your key is $dynv6_keyfile" if [ -z "$dynv6_keyfile" ]; then if [ -z "$KEY" ]; then _err "You did not specify a key to use with dynv6" From a83b16e12ac83ec67374f5d6986d10e8e898b9b1 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Sun, 31 May 2020 19:09:27 +0200 Subject: [PATCH 61/81] first attempt to make travis happy --- dnsapi/dns_dynv6.sh | 38 ++++++++++++++------------------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index f1471643..473bb243 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -14,17 +14,14 @@ dns_dynv6_add() { _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" +<<<<<<< HEAD +======= +>>>>>>> first attempt to make travis happy if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 + _err "Host not found on your account" + return 1 fi -# if ! _contains "$_your_hosts" "$_host"; then -# _debug "The host is $_host and the record $_record" -# _debug "Dynv6 returned $_your_hosts" -# _err "The host $_host does not exists on your dynv6 account" -# return 1 -# fi _debug "found host on your account" returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" _debug "Dynv6 returend this after record was added: $returnval" @@ -50,19 +47,12 @@ dns_dynv6_rm() { _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 + _err "Host not found on your account" + return 1 fi -# if ! _contains "$_your_hosts" "$_host"; then -# _debug "The host is $_host and the record $_record" -# _debug "Dynv6 returned $_your_hosts" -# _err "The host $_host does not exists on your dynv6 account" -# return 1 -# fi _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 - } #################### Private functions below ################################## #Usage: No Input required @@ -93,13 +83,13 @@ _get_domain() { _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" for l in $_your_hosts; do - #echo "host: $l" - if test "${_full_domain#*$l}" != "$_full_domain"; then - _record="${_full_domain%.$l}" - _host=$l - _debug "The host is $_host and the record $_record" - return 0 - fi + #echo "host: $l" + if test "${_full_domain#*$l}" != "$_full_domain"; then + _record="${_full_domain%.$l}" + _host=$l + _debug "The host is $_host and the record $_record" + return 0 + fi done _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" return 1 From 06e7ebbdebfe6aa442140412cf901bb4b18eaa66 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 15:42:45 +0200 Subject: [PATCH 62/81] no supporting HTTP API as well --- dnsapi/dns_dynv6.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 473bb243..dce7ce5f 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -14,10 +14,6 @@ dns_dynv6_add() { _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" -<<<<<<< HEAD - -======= ->>>>>>> first attempt to make travis happy if ! _get_domain "$fulldomain" "$_your_hosts"; then _err "Host not found on your account" return 1 From 9dd50899404b774a351bea75fd8f01deeb85f3ce Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 15:49:25 +0200 Subject: [PATCH 63/81] formatting --- dnsapi/dns_dynv6.sh | 212 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 212 insertions(+) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index dce7ce5f..5f36cef8 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -11,6 +11,7 @@ dns_dynv6_add() { _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" +<<<<<<< HEAD _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" @@ -27,6 +28,30 @@ dns_dynv6_add() { return 0 else _err "Something went wrong! it does not seem like the record was added succesfully" +======= + _get_authentication + if [ "$dynv6_token" ]; then + _dns_dynv6_add_http + return $? + else + _info "using key file $dynv6_keyfile" + _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 + fi + _debug "found host on your account" + returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" + _debug "Dynv6 returned this after record was added: $returnval" + if _contains "$returnval" "created"; then + return 0 + elif _contains "$returnval" "updated"; then + return 0 + else + _err "Something went wrong! it does not seem like the record was added successfully" + return 1 + fi +>>>>>>> formatting return 1 fi return 1 @@ -39,12 +64,29 @@ dns_dynv6_rm() { _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" +<<<<<<< HEAD _get_keyfile _info "using keyfile $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then _err "Host not found on your account" return 1 +======= + _get_authentication + if [ "$dynv6_token" ]; then + _dns_dynv6_rm_http + return $? + else + _info "using key file $dynv6_keyfile" + _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 + fi + _debug "found host on your account" + _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" + return 0 +>>>>>>> formatting fi _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" @@ -94,6 +136,7 @@ _get_domain() { # Usage: No input required #returns #dynv6_keyfile path to the key that will be used +<<<<<<< HEAD _get_keyfile() { _debug "get keyfile method called" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" @@ -111,5 +154,174 @@ _get_keyfile() { dynv6_keyfile="$KEY" fi _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" +======= +_get_authentication() { + if [ "$DYNV6_TOKEN" ]; then + _debug "Going to use the HTTP Token you specifed and saving it for futur use" + _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" + dynv6_token="$DYNV6_TOKEN" + elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then + _debug "Found a previously used HTTP token going to use that" + dynv6_token="$(_readaccountconf_mutable dynv6_token)" + else + _debug "no HTTP token found. Looking for an SSH key" + dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" + _debug "Your key is $dynv6_keyfile" + if [ -z "$dynv6_keyfile" ]; then + if [ -z "$KEY" ]; then + _err "You did not specify a key to use with dynv6" + _info "Creating new dynv6 API key to add to dynv6.com" + _generate_new_key + _info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")" + _info "Hit Enter to continue" + read -r _ + #save the credentials to the account conf file. + else + dynv6_keyfile="$KEY" + fi + _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" + fi + fi +} + +_dns_dynv6_add_http() { + _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain"; then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _set_record TXT "$record" "$txtvalue" + if _contains "$response" "$txtvalue"; then + _info "Successfully added record" + return 0 + else + _err "Something went wrong while adding the record" + return 1 + fi +} + +_dns_dynv6_rm_http() { + _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain"; then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _get_record_id "$_zone_id" "$record" "$txtvalue" + _del_record "$_zone_id" "$_record_id" + if [ -z "$response" ]; then + _info "Successfully deleted record" + return 0 + else + _err "Something went wrong while deleting the record" + return 1 + fi +} + +#get the zoneid for a specifc record or zone +#usage: _get_zone_id §record +#where $record is the record to get the id for +#returns _zone_id the id of the zone +_get_zone_id() { + record="$1" + _debug "getting zone id for $record" + _dynv6_rest GET zones + + zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" + #echo $zones + + selected="" + for z in $zones; do + z="${z#name:}" + _debug zone: "$z" + if _contains "$record" "$z"; then + _debug "$z found in $record" + selected="$z" + fi + done + if [ -z "$selected" ]; then + _err "no zone found" + return 1 + fi + + zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" + _zone_id="${zone_id#id:}" + _debug "zone id: $_zone_id" +} + +_get_zone_name() { + _zone_id="$1" + _dynv6_rest GET zones/"$_zone_id" + _zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')" + _zone_name="${_zone_name#name:}" +} + +#usaage _get_record_id $zone_id $record +# where zone_id is thevalue returned by _get_zone_id +# and record ist in the form _acme.www for an fqdn of _acme.www.example.com +# returns _record_id +_get_record_id() { + _zone_id="$1" + record="$2" + value="$3" + _dynv6_rest GET "zones/$_zone_id/records" + if ! _get_record_id_from_response "$response"; then + _err "no such record $record found in zone $_zone_id" + return 1 + fi +} + +_get_record_id_from_response() { + response="$1" + _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')" + #_record_id="${_record_id#id:}" + if [ -z "$_record_id" ]; then + _err "no such record: $record found in zone $_zone_id" + return 1 + fi + _debug "record id: $_record_id" + return 0 +} +#usage: _set_record TXT _acme_challenge.www longvalue 12345678 +#zone id is optional can also be set as vairable bevor calling this method +_set_record() { + type="$1" + record="$2" + value="$3" + if [ "$4" ]; then + _zone_id="$4" + fi + data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" + #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' + echo "$data" + #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" + _dynv6_rest POST "zones/$_zone_id/records" "$data" +} +_del_record() { + _zone_id=$1 + _record_id=$2 + _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id" +} + +_dynv6_rest() { + m=$1 #method GET,POST,DELETE or PUT + ep="$2" #the endpoint + data="$3" + _debug "$ep" + + token_trimmed=$(echo "$dynv6_token" | tr -d '"') + + export _H1="Authorization: Bearer $token_trimmed" + export _H2="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" + else + response="$(_get "$dynv6_api/$ep")" +>>>>>>> formatting fi } From 551316bcb6a2a3140972bf7e06bfc84d4ac1f5e8 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 16:01:46 +0200 Subject: [PATCH 64/81] formatting --- dnsapi/dns_dynv6.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 5f36cef8..5ccab1a4 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -156,13 +156,12 @@ _get_keyfile() { _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" ======= _get_authentication() { - if [ "$DYNV6_TOKEN" ]; then - _debug "Going to use the HTTP Token you specifed and saving it for futur use" - _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" - dynv6_token="$DYNV6_TOKEN" - elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then - _debug "Found a previously used HTTP token going to use that" - dynv6_token="$(_readaccountconf_mutable dynv6_token)" + dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}" + if [ "$dynv6_token" ]; then + _debug "Found HTTP Token. Going to use the HTTP API and not the SSH API" + if [ "$DYNV6_TOKEN" ]; then + _saveaccountconf_mutable dynv6_token "$dynv6_token" + fi else _debug "no HTTP token found. Looking for an SSH key" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" From 943d419f98ce81b4896b012ad25e2c2c1b570ae3 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Sun, 31 May 2020 18:49:39 +0200 Subject: [PATCH 65/81] Added support for custom domains --- dnsapi/dns_dynv6.sh | 70 +++++++-------------------------------------- 1 file changed, 10 insertions(+), 60 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 5ccab1a4..51d2df48 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -11,24 +11,7 @@ dns_dynv6_add() { _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" -<<<<<<< HEAD - _get_keyfile - _info "using keyfile $dynv6_keyfile" - _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 - fi - _debug "found host on your account" - returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" - _debug "Dynv6 returend this after record was added: $returnval" - if _contains "$returnval" "created"; then - return 0 - elif _contains "$returnval" "updated"; then - return 0 - else - _err "Something went wrong! it does not seem like the record was added succesfully" -======= + _get_authentication if [ "$dynv6_token" ]; then _dns_dynv6_add_http @@ -51,7 +34,6 @@ dns_dynv6_add() { _err "Something went wrong! it does not seem like the record was added successfully" return 1 fi ->>>>>>> formatting return 1 fi return 1 @@ -61,17 +43,9 @@ dns_dynv6_add() { dns_dynv6_rm() { fulldomain=$1 txtvalue=$2 - _info "Using dynv6 api" + _info "Using dynv6 API" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" -<<<<<<< HEAD - _get_keyfile - _info "using keyfile $dynv6_keyfile" - _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 -======= _get_authentication if [ "$dynv6_token" ]; then _dns_dynv6_rm_http @@ -86,11 +60,7 @@ dns_dynv6_rm() { _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 ->>>>>>> formatting fi - _debug "found host on your account" - _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" - return 0 } #################### Private functions below ################################## #Usage: No Input required @@ -121,13 +91,13 @@ _get_domain() { _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" for l in $_your_hosts; do - #echo "host: $l" - if test "${_full_domain#*$l}" != "$_full_domain"; then - _record="${_full_domain%.$l}" - _host=$l - _debug "The host is $_host and the record $_record" - return 0 - fi + #echo "host: $l" + if test "${_full_domain#*$l}" != "$_full_domain"; then + _record="${_full_domain%.$l}" + _host=$l + _debug "The host is $_host and the record $_record" + return 0 + fi done _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" return 1 @@ -136,25 +106,6 @@ _get_domain() { # Usage: No input required #returns #dynv6_keyfile path to the key that will be used -<<<<<<< HEAD -_get_keyfile() { - _debug "get keyfile method called" - dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" - _debug "Your key is $dynv6_keyfile" - if [ -z "$dynv6_keyfile" ]; then - if [ -z "$KEY" ]; then - _err "You did not specify a key to use with dynv6" - _info "Creating new dynv6 api key to add to dynv6.com" - _generate_new_key - _info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")" - _info "Hit Enter to contiue" - read -r _ - #save the credentials to the account conf file. - else - dynv6_keyfile="$KEY" - fi - _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" -======= _get_authentication() { dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}" if [ "$dynv6_token" ]; then @@ -307,7 +258,7 @@ _del_record() { _dynv6_rest() { m=$1 #method GET,POST,DELETE or PUT - ep="$2" #the endpoint + ep="$2" #the endpoint data="$3" _debug "$ep" @@ -321,6 +272,5 @@ _dynv6_rest() { response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" else response="$(_get "$dynv6_api/$ep")" ->>>>>>> formatting fi } From 90e2064d720ec1e3e72790ae78354e98cd637135 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Sun, 31 May 2020 19:09:27 +0200 Subject: [PATCH 66/81] first attempt to make travis happy --- dnsapi/dns_dynv6.sh | 44 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 51d2df48..dbb36255 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -11,11 +11,28 @@ dns_dynv6_add() { _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" +<<<<<<< HEAD _get_authentication if [ "$dynv6_token" ]; then _dns_dynv6_add_http return $? +======= + _get_keyfile + _info "using keyfile $dynv6_keyfile" + _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 + fi + _debug "found host on your account" + returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" + _debug "Dynv6 returend this after record was added: $returnval" + if _contains "$returnval" "created"; then + return 0 + elif _contains "$returnval" "updated"; then + return 0 +>>>>>>> first attempt to make travis happy else _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" @@ -46,6 +63,7 @@ dns_dynv6_rm() { _info "Using dynv6 API" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" +<<<<<<< HEAD _get_authentication if [ "$dynv6_token" ]; then _dns_dynv6_rm_http @@ -61,6 +79,18 @@ dns_dynv6_rm() { _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 fi +======= + _get_keyfile + _info "using keyfile $dynv6_keyfile" + _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" + if ! _get_domain "$fulldomain" "$_your_hosts"; then + _err "Host not found on your account" + return 1 + fi + _debug "found host on your account" + _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" + return 0 +>>>>>>> first attempt to make travis happy } #################### Private functions below ################################## #Usage: No Input required @@ -91,13 +121,13 @@ _get_domain() { _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" for l in $_your_hosts; do - #echo "host: $l" - if test "${_full_domain#*$l}" != "$_full_domain"; then - _record="${_full_domain%.$l}" - _host=$l - _debug "The host is $_host and the record $_record" - return 0 - fi + #echo "host: $l" + if test "${_full_domain#*$l}" != "$_full_domain"; then + _record="${_full_domain%.$l}" + _host=$l + _debug "The host is $_host and the record $_record" + return 0 + fi done _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" return 1 From 9190ce37011453be1bbf236c359b81a36b5bf8bc Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 15:42:45 +0200 Subject: [PATCH 67/81] no supporting HTTP API as well --- dnsapi/dns_dynv6.sh | 193 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 191 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index dbb36255..9c6d330d 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh #Author StefanAbl #Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"' +#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value" #if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub + +dynv6_api="https://dynv6.com/api/v2" ######## Public functions ##################### # Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide -#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +#Usage: dns_dynv6_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dynv6_add() { fulldomain=$1 txtvalue=$2 @@ -12,11 +15,15 @@ dns_dynv6_add() { _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> no supporting HTTP API as well _get_authentication if [ "$dynv6_token" ]; then _dns_dynv6_add_http return $? +<<<<<<< HEAD ======= _get_keyfile _info "using keyfile $dynv6_keyfile" @@ -34,6 +41,9 @@ dns_dynv6_add() { return 0 >>>>>>> first attempt to make travis happy else +======= + else +>>>>>>> no supporting HTTP API as well _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then @@ -63,12 +73,20 @@ dns_dynv6_rm() { _info "Using dynv6 API" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" +<<<<<<< HEAD <<<<<<< HEAD _get_authentication if [ "$dynv6_token" ]; then _dns_dynv6_rm_http return $? else +======= + _get_authentication + if [ "$dynv6_token" ]; then + _dns_dynv6_rm_http + return $? + else +>>>>>>> no supporting HTTP API as well _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then @@ -78,6 +96,7 @@ dns_dynv6_rm() { _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 +<<<<<<< HEAD fi ======= _get_keyfile @@ -91,11 +110,14 @@ dns_dynv6_rm() { _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 >>>>>>> first attempt to make travis happy +======= + fi +>>>>>>> no supporting HTTP API as well } #################### Private functions below ################################## #Usage: No Input required #returns -#dynv6_keyfile the path to the new keyfile that has been generated +#dynv6_keyfile the path to the new key file that has been generated _generate_new_key() { dynv6_keyfile="$(eval echo ~"$USER")/.ssh/dynv6" _info "Path to key file used: $dynv6_keyfile" @@ -137,6 +159,7 @@ _get_domain() { #returns #dynv6_keyfile path to the key that will be used _get_authentication() { +<<<<<<< HEAD dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}" if [ "$dynv6_token" ]; then _debug "Found HTTP Token. Going to use the HTTP API and not the SSH API" @@ -144,6 +167,16 @@ _get_authentication() { _saveaccountconf_mutable dynv6_token "$dynv6_token" fi else +======= + if [ "$DYNV6_TOKEN" ]; then + _debug "Going to use the HTTP Token you specifed and saving it for futur use" + _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" + dynv6_token="$DYNV6_TOKEN" + elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then + _debug "Found a previously used HTTP token going to use that" + dynv6_token="$(_readaccountconf_mutable dynv6_token)" + else +>>>>>>> no supporting HTTP API as well _debug "no HTTP token found. Looking for an SSH key" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" _debug "Your key is $dynv6_keyfile" @@ -160,6 +193,7 @@ _get_authentication() { dynv6_keyfile="$KEY" fi _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" +<<<<<<< HEAD fi fi } @@ -302,5 +336,160 @@ _dynv6_rest() { response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" else response="$(_get "$dynv6_api/$ep")" +======= + fi +>>>>>>> no supporting HTTP API as well fi } + + + +_dns_dynv6_add_http(){ +_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain" ;then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _set_record TXT "$record" "$txtvalue" + if _contains "$response" "$txtvalue"; then + _info "Successfully added record" + return 0 + else + _err "Something went wrong while adding the record" + return 1 + fi +} + +_dns_dynv6_rm_http(){ + _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain" ;then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _get_record_id "$_zone_id" "$record" "$txtvalue" + _del_record "$_zone_id" "$_record_id" + if [ -z "$response" ] ; then + _info "Successfully deleted record" + return 0 + else + _err "Something went wrong while deleting the record" + return 1 + fi +} + + +#get the zoneid for a specifc record or zone +#usage: _get_zone_id §record +#where $record is the record to get the id for +#returns _zone_id the id of the zone +_get_zone_id(){ + record="$1" + _debug "getting zone id for $record" + _dynv6_rest GET zones + + zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" + #echo $zones + + selected="" + for z in $zones; do + z="${z#name:}" + _debug zone: "$z" + if _contains "$record" "$z"; then + _debug "$z found in $record" + selected="$z" + fi + done + if [ -z "$selected" ]; then + _err "no zone found" + return 1 + fi + + zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" + _zone_id="${zone_id#id:}" + _debug "zone id: $_zone_id" +} + +_get_zone_name(){ + _zone_id="$1" + _dynv6_rest GET zones/"$_zone_id" + _zone_name="$(echo "$response" | tr ',' '\n'| tr -d '{'|grep name|tr -d '"')" + _zone_name="${_zone_name#name:}" +} + +#usaage _get_record_id $zone_id $record +# where zone_id is thevalue returned by _get_zone_id +# and record ist in the form _acme.www for an fqdn of _acme.www.example.com +# returns _record_id +_get_record_id(){ + _zone_id="$1" + record="$2" + value="$3" + _dynv6_rest GET "zones/$_zone_id/records" + if ! _get_record_id_from_response "$response" ; then + _err "no such record $record found in zone $_zone_id" + return 1 + fi +} + +_get_record_id_from_response(){ + response="$1" + _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id |tr -d '"'|tr -d 'id:')" + #_record_id="${_record_id#id:}" + if [ -z "$_record_id" ]; then + _err "no such record: $record found in zone $_zone_id" + return 1 + fi + _debug "record id: $_record_id" + return 0 +} +#usage: _set_record TXT _acme_challenge.www longvalue 12345678 +#zone id is optional can also be set as vairable bevor calling this method +_set_record(){ + type="$1" + record="$2" + value="$3" + if [ "$4" ]; then + _zone_id="$4" + fi + data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" + #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' + echo "$data" + #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" + _dynv6_rest POST "zones/$_zone_id/records" "$data" +} +_del_record(){ + _zone_id=$1 + _record_id=$2 + _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id" +} + +_dynv6_rest() { + m=$1 #method GET,POST,DELETE or PUT + ep="$2" #the endpoint + data="$3" + _debug "$ep" + + token_trimmed=$(echo "$dynv6_token" | tr -d '"') + + export _H1="Authorization: Bearer $token_trimmed" + export _H2="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" + else + response="$(_get "$dynv6_api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} + From 6651801b3f958c8b2a0e2afad67b1b27cc85a46b Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 15:49:25 +0200 Subject: [PATCH 68/81] formatting --- dnsapi/dns_dynv6.sh | 205 ++++++++++++++++++++++++-------------------- 1 file changed, 110 insertions(+), 95 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 9c6d330d..4ab278ce 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -24,6 +24,7 @@ dns_dynv6_add() { _dns_dynv6_add_http return $? <<<<<<< HEAD +<<<<<<< HEAD ======= _get_keyfile _info "using keyfile $dynv6_keyfile" @@ -44,6 +45,9 @@ dns_dynv6_add() { ======= else >>>>>>> no supporting HTTP API as well +======= + else +>>>>>>> formatting _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then @@ -82,11 +86,15 @@ dns_dynv6_rm() { else ======= _get_authentication - if [ "$dynv6_token" ]; then + if [ "$dynv6_token" ]; then _dns_dynv6_rm_http return $? +<<<<<<< HEAD else >>>>>>> no supporting HTTP API as well +======= + else +>>>>>>> formatting _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then @@ -159,6 +167,7 @@ _get_domain() { #returns #dynv6_keyfile path to the key that will be used _get_authentication() { +<<<<<<< HEAD <<<<<<< HEAD dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}" if [ "$dynv6_token" ]; then @@ -177,6 +186,16 @@ _get_authentication() { dynv6_token="$(_readaccountconf_mutable dynv6_token)" else >>>>>>> no supporting HTTP API as well +======= + if [ "$DYNV6_TOKEN" ]; then + _debug "Going to use the HTTP Token you specifed and saving it for futur use" + _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" + dynv6_token="$DYNV6_TOKEN" + elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then + _debug "Found a previously used HTTP token going to use that" + dynv6_token="$(_readaccountconf_mutable dynv6_token)" + else +>>>>>>> formatting _debug "no HTTP token found. Looking for an SSH key" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" _debug "Your key is $dynv6_keyfile" @@ -342,142 +361,139 @@ _dynv6_rest() { fi } - - -_dns_dynv6_add_http(){ -_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" - if ! _get_zone_id "$fulldomain" ;then - _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" - return 1 - fi - _get_zone_name "$_zone_id" - record="${fulldomain%%.$_zone_name}" - _set_record TXT "$record" "$txtvalue" - if _contains "$response" "$txtvalue"; then - _info "Successfully added record" - return 0 - else - _err "Something went wrong while adding the record" - return 1 - fi +_dns_dynv6_add_http() { + _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" + if ! _get_zone_id "$fulldomain"; then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _set_record TXT "$record" "$txtvalue" + if _contains "$response" "$txtvalue"; then + _info "Successfully added record" + return 0 + else + _err "Something went wrong while adding the record" + return 1 + fi } -_dns_dynv6_rm_http(){ +_dns_dynv6_rm_http() { _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" - if ! _get_zone_id "$fulldomain" ;then - _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" - return 1 - fi - _get_zone_name "$_zone_id" - record="${fulldomain%%.$_zone_name}" - _get_record_id "$_zone_id" "$record" "$txtvalue" - _del_record "$_zone_id" "$_record_id" - if [ -z "$response" ] ; then - _info "Successfully deleted record" - return 0 - else - _err "Something went wrong while deleting the record" - return 1 - fi + if ! _get_zone_id "$fulldomain"; then + _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" + return 1 + fi + _get_zone_name "$_zone_id" + record="${fulldomain%%.$_zone_name}" + _get_record_id "$_zone_id" "$record" "$txtvalue" + _del_record "$_zone_id" "$_record_id" + if [ -z "$response" ]; then + _info "Successfully deleted record" + return 0 + else + _err "Something went wrong while deleting the record" + return 1 + fi } - #get the zoneid for a specifc record or zone #usage: _get_zone_id §record #where $record is the record to get the id for #returns _zone_id the id of the zone -_get_zone_id(){ +_get_zone_id() { record="$1" _debug "getting zone id for $record" _dynv6_rest GET zones - - zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" - #echo $zones - - selected="" - for z in $zones; do - z="${z#name:}" - _debug zone: "$z" - if _contains "$record" "$z"; then - _debug "$z found in $record" - selected="$z" - fi - done - if [ -z "$selected" ]; then - _err "no zone found" - return 1 - fi - - zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" - _zone_id="${zone_id#id:}" - _debug "zone id: $_zone_id" + + zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" + #echo $zones + + selected="" + for z in $zones; do + z="${z#name:}" + _debug zone: "$z" + if _contains "$record" "$z"; then + _debug "$z found in $record" + selected="$z" + fi + done + if [ -z "$selected" ]; then + _err "no zone found" + return 1 + fi + + zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" + _zone_id="${zone_id#id:}" + _debug "zone id: $_zone_id" } -_get_zone_name(){ - _zone_id="$1" - _dynv6_rest GET zones/"$_zone_id" - _zone_name="$(echo "$response" | tr ',' '\n'| tr -d '{'|grep name|tr -d '"')" - _zone_name="${_zone_name#name:}" +_get_zone_name() { + _zone_id="$1" + _dynv6_rest GET zones/"$_zone_id" + _zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')" + _zone_name="${_zone_name#name:}" } #usaage _get_record_id $zone_id $record # where zone_id is thevalue returned by _get_zone_id # and record ist in the form _acme.www for an fqdn of _acme.www.example.com # returns _record_id -_get_record_id(){ +_get_record_id() { _zone_id="$1" record="$2" value="$3" - _dynv6_rest GET "zones/$_zone_id/records" - if ! _get_record_id_from_response "$response" ; then - _err "no such record $record found in zone $_zone_id" - return 1 - fi + _dynv6_rest GET "zones/$_zone_id/records" + if ! _get_record_id_from_response "$response"; then + _err "no such record $record found in zone $_zone_id" + return 1 + fi } -_get_record_id_from_response(){ +_get_record_id_from_response() { response="$1" - _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id |tr -d '"'|tr -d 'id:')" - #_record_id="${_record_id#id:}" - if [ -z "$_record_id" ]; then - _err "no such record: $record found in zone $_zone_id" - return 1 - fi - _debug "record id: $_record_id" - return 0 + _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')" + #_record_id="${_record_id#id:}" + if [ -z "$_record_id" ]; then + _err "no such record: $record found in zone $_zone_id" + return 1 + fi + _debug "record id: $_record_id" + return 0 } #usage: _set_record TXT _acme_challenge.www longvalue 12345678 #zone id is optional can also be set as vairable bevor calling this method -_set_record(){ - type="$1" - record="$2" - value="$3" - if [ "$4" ]; then - _zone_id="$4" - fi - data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" - #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' - echo "$data" - #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" - _dynv6_rest POST "zones/$_zone_id/records" "$data" +_set_record() { + type="$1" + record="$2" + value="$3" + if [ "$4" ]; then + _zone_id="$4" + fi + data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" + #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' + echo "$data" + #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" + _dynv6_rest POST "zones/$_zone_id/records" "$data" } -_del_record(){ +_del_record() { _zone_id=$1 _record_id=$2 _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id" } _dynv6_rest() { - m=$1 #method GET,POST,DELETE or PUT + m=$1 #method GET,POST,DELETE or PUT ep="$2" #the endpoint data="$3" _debug "$ep" token_trimmed=$(echo "$dynv6_token" | tr -d '"') - + export _H1="Authorization: Bearer $token_trimmed" export _H2="Content-Type: application/json" - + if [ "$m" != "GET" ]; then _debug data "$data" response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" @@ -492,4 +508,3 @@ _dynv6_rest() { _debug2 response "$response" return 0 } - From 8728389c881f83f72bb6f473093c055fc1cb91e1 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Mon, 13 Jul 2020 16:01:46 +0200 Subject: [PATCH 69/81] formatting --- dnsapi/dns_dynv6.sh | 225 -------------------------------------------- 1 file changed, 225 deletions(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 4ab278ce..e51e118a 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -14,40 +14,11 @@ dns_dynv6_add() { _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" -<<<<<<< HEAD -<<<<<<< HEAD - -======= ->>>>>>> no supporting HTTP API as well _get_authentication if [ "$dynv6_token" ]; then _dns_dynv6_add_http return $? -<<<<<<< HEAD -<<<<<<< HEAD -======= - _get_keyfile - _info "using keyfile $dynv6_keyfile" - _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 - fi - _debug "found host on your account" - returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" - _debug "Dynv6 returend this after record was added: $returnval" - if _contains "$returnval" "created"; then - return 0 - elif _contains "$returnval" "updated"; then - return 0 ->>>>>>> first attempt to make travis happy else -======= - else ->>>>>>> no supporting HTTP API as well -======= - else ->>>>>>> formatting _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then @@ -77,24 +48,11 @@ dns_dynv6_rm() { _info "Using dynv6 API" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" -<<<<<<< HEAD -<<<<<<< HEAD - _get_authentication - if [ "$dynv6_token" ]; then - _dns_dynv6_rm_http - return $? - else -======= _get_authentication if [ "$dynv6_token" ]; then _dns_dynv6_rm_http return $? -<<<<<<< HEAD - else ->>>>>>> no supporting HTTP API as well -======= else ->>>>>>> formatting _info "using key file $dynv6_keyfile" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" if ! _get_domain "$fulldomain" "$_your_hosts"; then @@ -104,23 +62,7 @@ dns_dynv6_rm() { _debug "found host on your account" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" return 0 -<<<<<<< HEAD - fi -======= - _get_keyfile - _info "using keyfile $dynv6_keyfile" - _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" - if ! _get_domain "$fulldomain" "$_your_hosts"; then - _err "Host not found on your account" - return 1 - fi - _debug "found host on your account" - _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" - return 0 ->>>>>>> first attempt to make travis happy -======= fi ->>>>>>> no supporting HTTP API as well } #################### Private functions below ################################## #Usage: No Input required @@ -167,8 +109,6 @@ _get_domain() { #returns #dynv6_keyfile path to the key that will be used _get_authentication() { -<<<<<<< HEAD -<<<<<<< HEAD dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}" if [ "$dynv6_token" ]; then _debug "Found HTTP Token. Going to use the HTTP API and not the SSH API" @@ -176,26 +116,6 @@ _get_authentication() { _saveaccountconf_mutable dynv6_token "$dynv6_token" fi else -======= - if [ "$DYNV6_TOKEN" ]; then - _debug "Going to use the HTTP Token you specifed and saving it for futur use" - _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" - dynv6_token="$DYNV6_TOKEN" - elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then - _debug "Found a previously used HTTP token going to use that" - dynv6_token="$(_readaccountconf_mutable dynv6_token)" - else ->>>>>>> no supporting HTTP API as well -======= - if [ "$DYNV6_TOKEN" ]; then - _debug "Going to use the HTTP Token you specifed and saving it for futur use" - _saveaccountconf_mutable dynv6_token "$DYNV6_TOKEN" - dynv6_token="$DYNV6_TOKEN" - elif [ "$(_readaccountconf_mutable dynv6_token)" ]; then - _debug "Found a previously used HTTP token going to use that" - dynv6_token="$(_readaccountconf_mutable dynv6_token)" - else ->>>>>>> formatting _debug "no HTTP token found. Looking for an SSH key" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" _debug "Your key is $dynv6_keyfile" @@ -212,152 +132,7 @@ _get_authentication() { dynv6_keyfile="$KEY" fi _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" -<<<<<<< HEAD - fi - fi -} - -_dns_dynv6_add_http() { - _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" - if ! _get_zone_id "$fulldomain"; then - _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" - return 1 - fi - _get_zone_name "$_zone_id" - record="${fulldomain%%.$_zone_name}" - _set_record TXT "$record" "$txtvalue" - if _contains "$response" "$txtvalue"; then - _info "Successfully added record" - return 0 - else - _err "Something went wrong while adding the record" - return 1 - fi -} - -_dns_dynv6_rm_http() { - _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" - if ! _get_zone_id "$fulldomain"; then - _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" - return 1 - fi - _get_zone_name "$_zone_id" - record="${fulldomain%%.$_zone_name}" - _get_record_id "$_zone_id" "$record" "$txtvalue" - _del_record "$_zone_id" "$_record_id" - if [ -z "$response" ]; then - _info "Successfully deleted record" - return 0 - else - _err "Something went wrong while deleting the record" - return 1 - fi -} - -#get the zoneid for a specifc record or zone -#usage: _get_zone_id §record -#where $record is the record to get the id for -#returns _zone_id the id of the zone -_get_zone_id() { - record="$1" - _debug "getting zone id for $record" - _dynv6_rest GET zones - - zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" - #echo $zones - - selected="" - for z in $zones; do - z="${z#name:}" - _debug zone: "$z" - if _contains "$record" "$z"; then - _debug "$z found in $record" - selected="$z" - fi - done - if [ -z "$selected" ]; then - _err "no zone found" - return 1 - fi - - zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" - _zone_id="${zone_id#id:}" - _debug "zone id: $_zone_id" -} - -_get_zone_name() { - _zone_id="$1" - _dynv6_rest GET zones/"$_zone_id" - _zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')" - _zone_name="${_zone_name#name:}" -} - -#usaage _get_record_id $zone_id $record -# where zone_id is thevalue returned by _get_zone_id -# and record ist in the form _acme.www for an fqdn of _acme.www.example.com -# returns _record_id -_get_record_id() { - _zone_id="$1" - record="$2" - value="$3" - _dynv6_rest GET "zones/$_zone_id/records" - if ! _get_record_id_from_response "$response"; then - _err "no such record $record found in zone $_zone_id" - return 1 - fi -} - -_get_record_id_from_response() { - response="$1" - _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')" - #_record_id="${_record_id#id:}" - if [ -z "$_record_id" ]; then - _err "no such record: $record found in zone $_zone_id" - return 1 - fi - _debug "record id: $_record_id" - return 0 -} -#usage: _set_record TXT _acme_challenge.www longvalue 12345678 -#zone id is optional can also be set as vairable bevor calling this method -_set_record() { - type="$1" - record="$2" - value="$3" - if [ "$4" ]; then - _zone_id="$4" - fi - data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" - #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' - echo "$data" - #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" - _dynv6_rest POST "zones/$_zone_id/records" "$data" -} -_del_record() { - _zone_id=$1 - _record_id=$2 - _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id" -} - -_dynv6_rest() { - m=$1 #method GET,POST,DELETE or PUT - ep="$2" #the endpoint - data="$3" - _debug "$ep" - - token_trimmed=$(echo "$dynv6_token" | tr -d '"') - - export _H1="Authorization: Bearer $token_trimmed" - export _H2="Content-Type: application/json" - - if [ "$m" != "GET" ]; then - _debug data "$data" - response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" - else - response="$(_get "$dynv6_api/$ep")" -======= fi ->>>>>>> no supporting HTTP API as well fi } From 4242354c036d42547eb5309d0892f0d055e6d2f4 Mon Sep 17 00:00:00 2001 From: StefanAbl Date: Fri, 28 Aug 2020 19:46:45 +0200 Subject: [PATCH 70/81] fix shfmt error --- dnsapi/dns_dynv6.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index e51e118a..9efc9aeb 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -260,7 +260,7 @@ _del_record() { _dynv6_rest() { m=$1 #method GET,POST,DELETE or PUT - ep="$2" #the endpoint + ep="$2" #the endpoint data="$3" _debug "$ep" From d73438a3979b303d19b3669bf3d73bbef22eb8dd Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 1 Sep 2020 21:30:56 +0800 Subject: [PATCH 71/81] update comments --- .github/workflows/LetsEncrypt.yml | 5 ++++- acme.sh | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index afa4da68..5994fd9b 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -72,6 +72,9 @@ jobs: #The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port. Le_HTTPPort: 8888 steps: + - name: Set git to use LF + run: | + git config --global core.autocrlf false - uses: actions/checkout@v2 - name: Install cygwin base packages with chocolatey run: | @@ -87,7 +90,7 @@ jobs: echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' - name: Clone acmetest shell: cmd - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ && sed -i 's/\r//g' acmetest/acme.sh/acme.sh + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest shell: cmd run: cd ../acmetest && bash.exe -c ./letest.sh diff --git a/acme.sh b/acme.sh index c36ce80e..4c9fa96e 100755 --- a/acme.sh +++ b/acme.sh @@ -4978,7 +4978,7 @@ $_authorizations_map" fi } -#in_out_cert out_fullchain out out_ca +#in_out_cert out_fullchain out_ca _split_cert_chain() { _certf="$1" _fullchainf="$2" From d25b2890becb69edd2661d63074db0f6b450ab65 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 1 Sep 2020 21:34:44 +0800 Subject: [PATCH 72/81] split shellcheck --- .github/workflows/LetsEncrypt.yml | 2 +- .github/workflows/shellcheck.yml | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 5994fd9b..16e42902 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -73,7 +73,7 @@ jobs: Le_HTTPPort: 8888 steps: - name: Set git to use LF - run: | + run: | git config --global core.autocrlf false - uses: actions/checkout@v2 - name: Install cygwin base packages with chocolatey diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 402492ad..099b9f7d 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -12,7 +12,7 @@ on: - '**.sh' jobs: - formatCheck: + ShellCheck: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -20,6 +20,11 @@ jobs: run: sudo apt-get install -y shellcheck - name: DoShellcheck run: shellcheck -V && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" + + shfmt: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 - name: Install shfmt run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt - name: shfmt From 1f5b6a6a35c25785cf4681462138630c00ba9b03 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 1 Sep 2020 21:39:44 +0800 Subject: [PATCH 73/81] fix filter to *.yml --- .github/workflows/LetsEncrypt.yml | 1 + .github/workflows/PebbleStrict.yml | 2 ++ .github/workflows/shellcheck.yml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 16e42902..9a0175b5 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -11,6 +11,7 @@ on: - dev paths: - '**.sh' + - '**.yml' jobs: diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index ffc2ccdc..976e5373 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -5,11 +5,13 @@ on: - '*' paths: - '**.sh' + - '**.yml' pull_request: branches: - dev paths: - '**.sh' + - '**.yml' jobs: PebbleStrict: diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 099b9f7d..b22a2fd8 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -5,11 +5,13 @@ on: - '*' paths: - '**.sh' + - '**.yml' pull_request: branches: - dev paths: - '**.sh' + - '**.yml' jobs: ShellCheck: From 0c9c1ae673812c14aa4e8ac83831b31961ab9ade Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 2 Sep 2020 18:22:39 +0800 Subject: [PATCH 74/81] fix https://github.com/acmesh-official/acme.sh/issues/3140 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 4c9fa96e..40621515 100755 --- a/acme.sh +++ b/acme.sh @@ -4714,7 +4714,7 @@ $_authorizations_map" return 1 fi if [ -z "$Le_LinkOrder" ]; then - Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d ":" -f 2-)" + Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n \t" | cut -d ":" -f 2-)" fi _savedomainconf "Le_LinkOrder" "$Le_LinkOrder" From b5c382f929afc9dd7e4fcc3055079909e066d7be Mon Sep 17 00:00:00 2001 From: Siyuan Miao Date: Thu, 3 Sep 2020 21:45:26 +0800 Subject: [PATCH 75/81] fix misaka.io api: breaking changes introduced by apiv1 --- dnsapi/dns_misaka.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_misaka.sh b/dnsapi/dns_misaka.sh index eed4170e..36ba5cfd 100755 --- a/dnsapi/dns_misaka.sh +++ b/dnsapi/dns_misaka.sh @@ -47,7 +47,7 @@ dns_misaka_add() { if [ "$count" = "0" ]; then _info "Adding record" - if _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then + if _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then _debug response "$response" if _contains "$response" "$_sub_domain"; then _info "Added" @@ -61,7 +61,7 @@ dns_misaka_add() { else _info "Updating record" - _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}" + _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}" if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then _info "Updated!" #todo: check if the record takes effect From 2c7d2230b3c2f07127ef3ac4584e75b5f6d8a5b2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Sep 2020 18:25:00 +0800 Subject: [PATCH 76/81] minor --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 40621515..3be3849d 100755 --- a/acme.sh +++ b/acme.sh @@ -956,9 +956,9 @@ _dbase64() { _checkcert() { _cf="$1" if [ "$DEBUG" ]; then - openssl x509 -noout -text -in "$_cf" + ${ACME_OPENSSL_BIN:-openssl} x509 -noout -text -in "$_cf" else - openssl x509 -noout -text -in "$_cf" >/dev/null 2>&1 + ${ACME_OPENSSL_BIN:-openssl} x509 -noout -text -in "$_cf" >/dev/null 2>&1 fi } @@ -3994,7 +3994,7 @@ _check_dns_entries() { _get_cert_issuers() { _cfile="$1" if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7"; then - ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | openssl pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 else ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 fi From 1e4ea900214e99f5676898948cf89139158a0278 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 6 Sep 2020 11:26:53 +0800 Subject: [PATCH 77/81] add zerossl test --- .github/workflows/ZeroSSL.yml | 47 +++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/ZeroSSL.yml diff --git a/.github/workflows/ZeroSSL.yml b/.github/workflows/ZeroSSL.yml new file mode 100644 index 00000000..97cb798b --- /dev/null +++ b/.github/workflows/ZeroSSL.yml @@ -0,0 +1,47 @@ +name: ZeroSSL +on: + push: + branches: + - '*' + paths: + - '**.sh' + - '**.yml' + + +jobs: + CheckToken: + runs-on: ubuntu-latest + outputs: + hasToken: ${{ steps.step_one.outputs.hasToken }} + env: + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + steps: + - name: Set the value + id: step_one + run: | + if [ "$NGROK_TOKEN" ] ; then + echo "::set-output name=hasToken::true" + else + echo "::set-output name=hasToken::false" + fi + - name: Check the value + run: echo ${{ steps.step_one.outputs.hasToken }} + + ZeroSSL: + runs-on: ubuntu-latest + needs: CheckToken + if: "contains(needs.CheckToken.outputs.hasToken, 'true')" + env: + ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90 + TEST_LOCAL: 1 + TEST_CA: "ZeroSSL" + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + + steps: + - uses: actions/checkout@v2 + - name: Install tools + run: sudo apt-get install -y socat + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + run: cd ../acmetest && ./letest.sh From 98124de362422b750ad3545eb68b595f4cf5597f Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 6 Sep 2020 11:31:22 +0800 Subject: [PATCH 78/81] add email for zerossl --- .github/workflows/ZeroSSL.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ZeroSSL.yml b/.github/workflows/ZeroSSL.yml index 97cb798b..fd92d0fc 100644 --- a/.github/workflows/ZeroSSL.yml +++ b/.github/workflows/ZeroSSL.yml @@ -36,6 +36,7 @@ jobs: TEST_LOCAL: 1 TEST_CA: "ZeroSSL" NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + ACCOUNT_EMAIL: githubCI@acme.sh steps: - uses: actions/checkout@v2 From f405f4bbc445c49b304dcf37be4bbf52e6b9396f Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 6 Sep 2020 12:22:09 +0800 Subject: [PATCH 79/81] fix zerossl --- .github/workflows/ZeroSSL.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ZeroSSL.yml b/.github/workflows/ZeroSSL.yml index fd92d0fc..e812ca13 100644 --- a/.github/workflows/ZeroSSL.yml +++ b/.github/workflows/ZeroSSL.yml @@ -45,4 +45,4 @@ jobs: - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && ./letest.sh + run: cd ../acmetest && sudo --preserve-env ./letest.sh From 6f62995c96029f1ef8d06d67bec5c1fd0d93d200 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 6 Sep 2020 12:29:23 +0800 Subject: [PATCH 80/81] remove ZeroSSL test --- .github/workflows/ZeroSSL.yml | 48 ----------------------------------- 1 file changed, 48 deletions(-) delete mode 100644 .github/workflows/ZeroSSL.yml diff --git a/.github/workflows/ZeroSSL.yml b/.github/workflows/ZeroSSL.yml deleted file mode 100644 index e812ca13..00000000 --- a/.github/workflows/ZeroSSL.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: ZeroSSL -on: - push: - branches: - - '*' - paths: - - '**.sh' - - '**.yml' - - -jobs: - CheckToken: - runs-on: ubuntu-latest - outputs: - hasToken: ${{ steps.step_one.outputs.hasToken }} - env: - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} - steps: - - name: Set the value - id: step_one - run: | - if [ "$NGROK_TOKEN" ] ; then - echo "::set-output name=hasToken::true" - else - echo "::set-output name=hasToken::false" - fi - - name: Check the value - run: echo ${{ steps.step_one.outputs.hasToken }} - - ZeroSSL: - runs-on: ubuntu-latest - needs: CheckToken - if: "contains(needs.CheckToken.outputs.hasToken, 'true')" - env: - ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90 - TEST_LOCAL: 1 - TEST_CA: "ZeroSSL" - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} - ACCOUNT_EMAIL: githubCI@acme.sh - - steps: - - uses: actions/checkout@v2 - - name: Install tools - run: sudo apt-get install -y socat - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - run: cd ../acmetest && sudo --preserve-env ./letest.sh From fabd26f85b40d0a6c9163c587672a5417c3075e5 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 8 Sep 2020 22:44:43 +0800 Subject: [PATCH 81/81] check token first --- .github/workflows/dockerhub.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index cf65f4a6..92308218 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -8,8 +8,28 @@ on: - '*' jobs: + CheckToken: + runs-on: ubuntu-latest + outputs: + hasToken: ${{ steps.step_one.outputs.hasToken }} + env: + DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }} + steps: + - name: Set the value + id: step_one + run: | + if [ "$DOCKER_PASSWORD" ] ; then + echo "::set-output name=hasToken::true" + else + echo "::set-output name=hasToken::false" + fi + - name: Check the value + run: echo ${{ steps.step_one.outputs.hasToken }} + build: runs-on: ubuntu-latest + needs: CheckToken + if: "contains(needs.CheckToken.outputs.hasToken, 'true')" steps: - name: checkout code uses: actions/checkout@v2