Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #1 from acmesh-official/master 

fetch
pull/3139/head
flywithu 5 years ago
committed by GitHub
parent
a28c10f6e7 f2d350002e
commit
6a7ad0f901
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 567 additions and 250 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 99
      .github/workflows/LetsEncrypt.yml
  2. 14
      .github/workflows/PebbleStrict.yml
  3. 56
      .github/workflows/dockerhub.yml
  4. 23
      .github/workflows/shellcheck.yml
  5. 37
      .travis.yml
  6. 5
      Dockerfile
  7. 13
      README.md
  8. 254
      acme.sh
  9. 296
      dnsapi/dns_dynv6.sh
  10. 4
      dnsapi/dns_misaka.sh
  11. 2
      dnsapi/dns_nic.sh
  12. 10
      dnsapi/dns_regru.sh

99
.github/workflows/LetsEncrypt.yml
View File

@ -0,0 +1,99 @@
name: LetsEncrypt
on:
push:
branches:
- '*'
paths:
- '**.sh'
- '**.yml'
pull_request:
branches:
- dev
paths:
- '**.sh'
- '**.yml'
jobs:
CheckToken:
runs-on: ubuntu-latest
outputs:
hasToken: ${{ steps.step_one.outputs.hasToken }}
env:
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
steps:
- name: Set the value
id: step_one
run: |
if [ "$NGROK_TOKEN" ] ; then
echo "::set-output name=hasToken::true"
else
echo "::set-output name=hasToken::false"
fi
- name: Check the value
run: echo ${{ steps.step_one.outputs.hasToken }}
Ubuntu:
runs-on: ubuntu-latest
needs: CheckToken
if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
env:
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
TEST_LOCAL: 1
steps:
- uses: actions/checkout@v2
- name: Install tools
run: sudo apt-get install -y socat
- name: Clone acmetest
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: cd ../acmetest && sudo --preserve-env ./letest.sh
MacOS:
runs-on: macos-latest
needs: Ubuntu
env:
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
TEST_LOCAL: 1
steps:
- uses: actions/checkout@v2
- name: Install tools
run: brew update && brew install socat;
- name: Clone acmetest
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: cd ../acmetest && sudo --preserve-env ./letest.sh
Windows:
runs-on: windows-latest
needs: MacOS
env:
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
TEST_LOCAL: 1
#The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port.
Le_HTTPPort: 8888
steps:
- name: Set git to use LF
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v2
- name: Install cygwin base packages with chocolatey
run: |
choco config get cacheLocation
choco install --no-progress cygwin
shell: cmd
- name: Install cygwin additional packages
run: |
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
shell: cmd
- name: Set ENV
run: |
echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin'
- name: Clone acmetest
shell: cmd
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
shell: cmd
run: cd ../acmetest && bash.exe -c ./letest.sh

14
.github/workflows/PebbleStrict.yml
View File

@ -1,5 +1,17 @@
name: PebbleStrict name: PebbleStrict
on: [push, pull_request]
on:
push:
branches:
- '*'
paths:
- '**.sh'
- '**.yml'
pull_request:
branches:
- dev
paths:
- '**.sh'
- '**.yml'
jobs: jobs:
PebbleStrict: PebbleStrict:

56
.github/workflows/dockerhub.yml
View File

@ -2,15 +2,65 @@
name: Build DockerHub name: Build DockerHub
on: on:
push: push:
branches: [ master, dev ]
branches:
- '*'
tags:
- '*'
jobs: jobs:
CheckToken:
runs-on: ubuntu-latest
outputs:
hasToken: ${{ steps.step_one.outputs.hasToken }}
env:
DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }}
steps:
- name: Set the value
id: step_one
run: |
if [ "$DOCKER_PASSWORD" ] ; then
echo "::set-output name=hasToken::true"
else
echo "::set-output name=hasToken::false"
fi
- name: Check the value
run: echo ${{ steps.step_one.outputs.hasToken }}
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: CheckToken
if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
steps: steps:
- name: trigger
run: curl -X POST https://hub.docker.com/api/build/v1/source/1813a660-2ee5-4583-a238-dd54e9a6ebac/trigger/c8cd9f1f-f269-45bc-9750-a08327257f62/call/
- name: checkout code
uses: actions/checkout@v2
- name: install buildx
id: buildx
uses: crazy-max/ghaction-docker-buildx@v3
with:
buildx-version: latest
qemu-version: latest
- name: login to docker hub
run: |
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
- name: build and push the image
run: |
DOCKER_IMAGE=neilpang/acme.sh
if [[ $GITHUB_REF == refs/tags/* ]]; then
DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/}
fi
if [[ $GITHUB_REF == refs/heads/* ]]; then
DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/}
if [[ $DOCKER_IMAGE_TAG == master ]]; then
DOCKER_IMAGE_TAG=latest
AUTO_UPGRADE=1
fi
fi
docker buildx build \
--tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
--output "type=image,push=true" \
--build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
--platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 .

23
.github/workflows/shellcheck.yml
View File

@ -1,8 +1,20 @@
name: shellcheck
on: [push, pull_request]
name: Shellcheck
on:
push:
branches:
- '*'
paths:
- '**.sh'
- '**.yml'
pull_request:
branches:
- dev
paths:
- '**.sh'
- '**.yml'
jobs: jobs:
formatCheck:
ShellCheck:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -10,6 +22,11 @@ jobs:
run: sudo apt-get install -y shellcheck run: sudo apt-get install -y shellcheck
- name: DoShellcheck - name: DoShellcheck
run: shellcheck -V && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" run: shellcheck -V && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK"
shfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install shfmt - name: Install shfmt
run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
- name: shfmt - name: shfmt

37
.travis.yml
View File

@ -1,37 +0,0 @@
language: shell
dist: bionic
os:
- linux
- osx
services:
- docker
env:
global:
- SHFMT_URL=https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64
install:
- if [ "$TRAVIS_OS_NAME" = 'osx' ]; then
brew update && brew install socat;
export PATH="/usr/local/opt/openssl@1.1/bin:$PATH" ;
fi
script:
- echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)"
- command -V openssl && openssl version
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt && chmod +x ~/shfmt && ~/shfmt -l -w -i 2 . ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then git diff --exit-code && echo "shfmt OK" ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi
- cd ..
- git clone --depth 1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest
- if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi
- if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi
matrix:
fast_finish: true

5
Dockerfile
View File

@ -15,7 +15,9 @@ RUN apk update -f \
ENV LE_CONFIG_HOME /acme.sh ENV LE_CONFIG_HOME /acme.sh
ENV AUTO_UPGRADE 1
ARG AUTO_UPGRADE=1
ENV AUTO_UPGRADE $AUTO_UPGRADE
#Install #Install
ADD ./ /install_acme.sh/ ADD ./ /install_acme.sh/
@ -52,6 +54,7 @@ RUN for verb in help \
deactivate \ deactivate \
deactivate-account \ deactivate-account \
set-notify \ set-notify \
set-default-ca \
; do \ ; do \
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
; done ; done

13
README.md
View File

@ -1,13 +1,16 @@
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)
# An ACME Shell script: acme.sh
![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)
![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> <a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a>
[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") [![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") [![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg)
![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
acme.sh is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial
- An ACME protocol client written purely in Shell (Unix shell) language. - An ACME protocol client written purely in Shell (Unix shell) language.
@ -73,7 +76,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) |17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris |18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris
|19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux |19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux
|20|[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)|Mac OSX
|20|[![Build Status](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX
|21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux |21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux
For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest): For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest):

254
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=2.8.7
VER=2.8.8
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -956,9 +956,9 @@ _dbase64() {
_checkcert() { _checkcert() {
_cf="$1" _cf="$1"
if [ "$DEBUG" ]; then if [ "$DEBUG" ]; then
openssl x509 -noout -text -in "$_cf"
${ACME_OPENSSL_BIN:-openssl} x509 -noout -text -in "$_cf"
else else
openssl x509 -noout -text -in "$_cf" >/dev/null 2>&1
${ACME_OPENSSL_BIN:-openssl} x509 -noout -text -in "$_cf" >/dev/null 2>&1
fi fi
} }
@ -1375,7 +1375,7 @@ toPkcs() {
domain="$1" domain="$1"
pfxPassword="$2" pfxPassword="$2"
if [ -z "$domain" ]; then if [ -z "$domain" ]; then
_usage "Usage: $PROJECT_ENTRY --toPkcs -d domain [--password pfx-password]"
_usage "Usage: $PROJECT_ENTRY --to-pkcs12 --domain <domain.tld> [--password <password>] [--ecc]"
return 1 return 1
fi fi
@ -1396,7 +1396,7 @@ toPkcs8() {
domain="$1" domain="$1"
if [ -z "$domain" ]; then if [ -z "$domain" ]; then
_usage "Usage: $PROJECT_ENTRY --toPkcs8 -d domain [--ecc]"
_usage "Usage: $PROJECT_ENTRY --to-pkcs8 --domain <domain.tld> [--ecc]"
return 1 return 1
fi fi
@ -1416,7 +1416,7 @@ toPkcs8() {
createAccountKey() { createAccountKey() {
_info "Creating account key" _info "Creating account key"
if [ -z "$1" ]; then if [ -z "$1" ]; then
_usage "Usage: $PROJECT_ENTRY --createAccountKey --accountkeylength 2048"
_usage "Usage: $PROJECT_ENTRY --create-account-key [--accountkeylength <bits>]"
return return
fi fi
@ -1459,7 +1459,7 @@ _create_account_key() {
createDomainKey() { createDomainKey() {
_info "Creating domain key" _info "Creating domain key"
if [ -z "$1" ]; then if [ -z "$1" ]; then
_usage "Usage: $PROJECT_ENTRY --createDomainKey -d domain.com [ --keylength 2048 ]"
_usage "Usage: $PROJECT_ENTRY --create-domain-key --domain <domain.tld> [--keylength <bits>]"
return return
fi fi
@ -1499,7 +1499,7 @@ createDomainKey() {
createCSR() { createCSR() {
_info "Creating csr" _info "Creating csr"
if [ -z "$1" ]; then if [ -z "$1" ]; then
_usage "Usage: $PROJECT_ENTRY --createCSR -d domain1.com [-d domain2.com -d domain3.com ... ]"
_usage "Usage: $PROJECT_ENTRY --create-csr --domain <domain.tld> [--domain <domain2.tld> ...]"
return return
fi fi
@ -2888,7 +2888,7 @@ Allow from all
if _restoreApache; then if _restoreApache; then
_err "The apache config file is restored." _err "The apache config file is restored."
else else
_err "Sorry, The apache config file can not be restored, please report bug."
_err "Sorry, the apache config file can not be restored, please report bug."
fi fi
return 1 return 1
fi fi
@ -3994,7 +3994,7 @@ _check_dns_entries() {
_get_cert_issuers() { _get_cert_issuers() {
_cfile="$1" _cfile="$1"
if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7"; then if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7"; then
${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | openssl pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
else else
${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
fi fi
@ -4006,13 +4006,18 @@ _match_issuer() {
_missuer="$2" _missuer="$2"
_fissuers="$(_get_cert_issuers $_cfile)" _fissuers="$(_get_cert_issuers $_cfile)"
_debug2 _fissuers "$_fissuers" _debug2 _fissuers "$_fissuers"
if _contains "$_fissuers" "$_missuer"; then
return 0
fi
_fissuers="$(echo "$_fissuers" | _lower_case)"
_missuer="$(echo "$_missuer" | _lower_case)"
_contains "$_fissuers" "$_missuer" _contains "$_fissuers" "$_missuer"
} }
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ]; then if [ -z "$2" ]; then
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ "
_usage "Usage: $PROJECT_ENTRY --issue --domain <domain.tld> --webroot <directory>"
return 1 return 1
fi fi
if [ -z "$1" ]; then if [ -z "$1" ]; then
@ -4709,7 +4714,7 @@ $_authorizations_map"
return 1 return 1
fi fi
if [ -z "$Le_LinkOrder" ]; then if [ -z "$Le_LinkOrder" ]; then
Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d ":" -f 2-)"
Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n \t" | cut -d ":" -f 2-)"
fi fi
_savedomainconf "Le_LinkOrder" "$Le_LinkOrder" _savedomainconf "Le_LinkOrder" "$Le_LinkOrder"
@ -4973,7 +4978,7 @@ $_authorizations_map"
fi fi
} }
#in_out_cert out_fullchain out out_ca
#in_out_cert out_fullchain out_ca
_split_cert_chain() { _split_cert_chain() {
_certf="$1" _certf="$1"
_fullchainf="$2" _fullchainf="$2"
@ -4993,7 +4998,7 @@ _split_cert_chain() {
renew() { renew() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ]; then if [ -z "$Le_Domain" ]; then
_usage "Usage: $PROJECT_ENTRY --renew -d domain.com [--ecc]"
_usage "Usage: $PROJECT_ENTRY --renew --domain <domain.tld> [--ecc]"
return 1 return 1
fi fi
@ -5003,7 +5008,7 @@ renew() {
_info "$(__green "Renew: '$Le_Domain'")" _info "$(__green "Renew: '$Le_Domain'")"
if [ ! -f "$DOMAIN_CONF" ]; then if [ ! -f "$DOMAIN_CONF" ]; then
_info "'$Le_Domain' is not a issued domain, skip."
_info "'$Le_Domain' is not an issued domain, skip."
return $RENEW_SKIP return $RENEW_SKIP
fi fi
@ -5082,7 +5087,7 @@ renewAll() {
for di in "${CERT_HOME}"/*.*/; do for di in "${CERT_HOME}"/*.*/; do
_debug di "$di" _debug di "$di"
if ! [ -d "$di" ]; then if ! [ -d "$di" ]; then
_debug "Not directory, skip: $di"
_debug "Not a directory, skip: $di"
continue continue
fi fi
d=$(basename "$di") d=$(basename "$di")
@ -5185,7 +5190,7 @@ signcsr() {
_csrfile="$1" _csrfile="$1"
_csrW="$2" _csrW="$2"
if [ -z "$_csrfile" ] || [ -z "$_csrW" ]; then if [ -z "$_csrfile" ] || [ -z "$_csrW" ]; then
_usage "Usage: $PROJECT_ENTRY --signcsr --csr mycsr.csr -w /path/to/webroot/a.com/ "
_usage "Usage: $PROJECT_ENTRY --sign-csr --csr <csr-file> --webroot <directory>"
return 1 return 1
fi fi
@ -5253,7 +5258,7 @@ showcsr() {
_csrfile="$1" _csrfile="$1"
_csrd="$2" _csrd="$2"
if [ -z "$_csrfile" ] && [ -z "$_csrd" ]; then if [ -z "$_csrfile" ] && [ -z "$_csrd" ]; then
_usage "Usage: $PROJECT_ENTRY --showcsr --csr mycsr.csr"
_usage "Usage: $PROJECT_ENTRY --show-csr --csr <csr-file>"
return 1 return 1
fi fi
@ -5370,7 +5375,7 @@ deploy() {
_hooks="$2" _hooks="$2"
_isEcc="$3" _isEcc="$3"
if [ -z "$_hooks" ]; then if [ -z "$_hooks" ]; then
_usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] "
_usage "Usage: $PROJECT_ENTRY --deploy --domain <domain.tld> --deploy-hook <hookname> [--ecc] "
return 1 return 1
fi fi
@ -5391,7 +5396,7 @@ deploy() {
installcert() { installcert() {
_main_domain="$1" _main_domain="$1"
if [ -z "$_main_domain" ]; then if [ -z "$_main_domain" ]; then
_usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--cert-file cert-file-path] [--key-file key-file-path] [--ca-file ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchain-file fullchain-path]"
_usage "Usage: $PROJECT_ENTRY --install-cert --domain <domain.tld> [--ecc] [--cert-file <file>] [--key-file <file>] [--ca-file <file>] [ --reloadcmd <command>] [--fullchain-file <file>]"
return 1 return 1
fi fi
@ -5670,7 +5675,7 @@ uninstallcronjob() {
revoke() { revoke() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ]; then if [ -z "$Le_Domain" ]; then
_usage "Usage: $PROJECT_ENTRY --revoke -d domain.com [--ecc]"
_usage "Usage: $PROJECT_ENTRY --revoke --domain <domain.tld> [--ecc]"
return 1 return 1
fi fi
@ -5741,7 +5746,7 @@ revoke() {
remove() { remove() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ]; then if [ -z "$Le_Domain" ]; then
_usage "Usage: $PROJECT_ENTRY --remove -d domain.com [--ecc]"
_usage "Usage: $PROJECT_ENTRY --remove --domain <domain.tld> [--ecc]"
return 1 return 1
fi fi
@ -5901,7 +5906,7 @@ deactivate() {
_initAPI _initAPI
_debug _d_domain_list "$_d_domain_list" _debug _d_domain_list "$_d_domain_list"
if [ -z "$(echo $_d_domain_list | cut -d , -f 1)" ]; then if [ -z "$(echo $_d_domain_list | cut -d , -f 1)" ]; then
_usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com [-d domain.com]"
_usage "Usage: $PROJECT_ENTRY --deactivate --domain <domain.tld> [--domain <domain2.tld> ...]"
return 1 return 1
fi fi
for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do
@ -6361,7 +6366,7 @@ setnotify() {
_initpath _initpath
if [ -z "$_nhook$_nlevel$_nmode" ]; then if [ -z "$_nhook$_nlevel$_nmode" ]; then
_usage "Usage: $PROJECT_ENTRY --set-notify [--notify-hook mailgun] [--notify-level $NOTIFY_LEVEL_DEFAULT] [--notify-mode $NOTIFY_MODE_DEFAULT]"
_usage "Usage: $PROJECT_ENTRY --set-notify [--notify-hook <hookname>] [--notify-level <0|1|2|3>] [--notify-mode <0|1>]"
_usage "$_NOTIFY_WIKI" _usage "$_NOTIFY_WIKI"
return 1 return 1
fi fi
@ -6400,146 +6405,141 @@ setnotify() {
showhelp() { showhelp() {
_initpath _initpath
version version
echo "Usage: $PROJECT_ENTRY command ...[parameters]....
echo "Usage: $PROJECT_ENTRY <command> ... [parameters ...]
Commands: Commands:
--help, -h Show this help message.
--version, -v Show version info.
-h, --help Show this help message.
-v, --version Show version info.
--install Install $PROJECT_NAME to your system. --install Install $PROJECT_NAME to your system.
--uninstall Uninstall $PROJECT_NAME, and uninstall the cron job. --uninstall Uninstall $PROJECT_NAME, and uninstall the cron job.
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT.
--issue Issue a cert. --issue Issue a cert.
--signcsr Issue a cert from an existing csr.
--deploy Deploy the cert to your server. --deploy Deploy the cert to your server.
--install-cert Install the issued cert to apache/nginx or any other server.
--renew, -r Renew a cert.
-i, --install-cert Install the issued cert to apache/nginx or any other server.
-r, --renew Renew a cert.
--renew-all Renew all the certs. --renew-all Renew all the certs.
--revoke Revoke a cert. --revoke Revoke a cert.
--remove Remove the cert from list of certs known to $PROJECT_NAME. --remove Remove the cert from list of certs known to $PROJECT_NAME.
--list List all the certs. --list List all the certs.
--showcsr Show the content of a csr.
--install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
--uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
--cron Run cron job to renew all the certs.
--toPkcs Export the certificate and key to a pfx file.
--toPkcs8 Convert to pkcs8 format.
--to-pkcs12 Export the certificate and key to a pfx file.
--to-pkcs8 Convert to pkcs8 format.
--sign-csr Issue a cert from an existing csr.
--show-csr Show the content of a csr.
-ccr, --create-csr Create CSR, professional use.
--create-domain-key Create an domain private key, professional use.
--update-account Update account info. --update-account Update account info.
--register-account Register account key. --register-account Register account key.
--deactivate-account Deactivate the account. --deactivate-account Deactivate the account.
--create-account-key Create an account private key, professional use. --create-account-key Create an account private key, professional use.
--create-domain-key Create an domain private key, professional use.
--createCSR, -ccsr Create CSR , professional use.
--deactivate Deactivate the domain authz, professional use.
--install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
--uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
--cron Run cron job to renew all the certs.
--set-notify Set the cron notification hook, level or mode. --set-notify Set the cron notification hook, level or mode.
--set-default-ca Used with '--server' , to set the default CA to use to use.
--deactivate Deactivate the domain authz, professional use.
--set-default-ca Used with '--server', Set the default CA to use.
See: $_SERVER_WIKI
Parameters: Parameters:
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
--challenge-alias domain.tld The challenge domain alias for DNS alias mode.
-d, --domain <domain.tld> Specifies a domain, used to issue, renew or revoke etc.
--challenge-alias <domain.tld> The challenge domain alias for DNS alias mode.
See: $_DNS_ALIAS_WIKI See: $_DNS_ALIAS_WIKI
--domain-alias domain.tld The domain alias for DNS alias mode.
--domain-alias <domain.tld> The domain alias for DNS alias mode.
See: $_DNS_ALIAS_WIKI See: $_DNS_ALIAS_WIKI
--preferred-chain CHAIN If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
--preferred-chain <chain> If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
If no match, the default offered chain will be used. (default: empty) If no match, the default offered chain will be used. (default: empty)
See: $_PREFERRED_CHAIN_WIKI See: $_PREFERRED_CHAIN_WIKI
--force, -f Used to force to install or force to renew a cert immediately.
--staging, --test Use staging server, just for test.
--debug Output debug info.
-f, --force Force install, force cert renewal or override sudo restrictions.
--staging, --test Use staging server, for testing.
--debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted.
--output-insecure Output all the sensitive messages. --output-insecure Output all the sensitive messages.
By default all the credentials/sensitive messages are hidden from the output/debug/log for security. By default all the credentials/sensitive messages are hidden from the output/debug/log for security.
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
-w, --webroot <directory> Specifies the web root folder for web root mode.
--standalone Use standalone mode. --standalone Use standalone mode.
--alpn Use standalone alpn mode. --alpn Use standalone alpn mode.
--stateless Use stateless mode. --stateless Use stateless mode.
See: $_STATELESS_WIKI See: $_STATELESS_WIKI
--apache Use apache mode. --apache Use apache mode.
--dns [dns_hook] Use dns mode or dns api.
--dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted.
See: $_DNS_API_WIKI See: $_DNS_API_WIKI
--dnssleep 300 The time in seconds to wait for all the txt records to propagate in dns api mode.
--dnssleep <seconds> The time in seconds to wait for all the txt records to propagate in dns api mode.
It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically. It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically.
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
--accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
--log-level 1|2 Specifies the log level, default is 1.
--syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
--eab-kid EAB_KID Key Identifier for External Account Binding.
--eab-hmac-key EAB_HMAC_KEY HMAC key for External Account Binding.
-k, --keylength <bits> Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
-ak, --accountkeylength <bits> Specifies the account key length: 2048, 3072, 4096
--log [file] Specifies the log file. Defaults to \"$DEFAULT_LOG_FILE\" if argument is omitted.
--log-level <1|2> Specifies the log level, default is 1.
--syslog <0|3|6|7> Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
--eab-kid <eab_key_id> Key Identifier for External Account Binding.
--eab-hmac-key <eab_hmac_key> HMAC key for External Account Binding.
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file After issue/renew, the cert will be copied to this path.
--key-file After issue/renew, the key will be copied to this path.
--ca-file After issue/renew, the intermediate cert will be copied to this path.
--fullchain-file After issue/renew, the fullchain cert will be copied to this path.
--reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
--cert-file <file> Path to copy the cert file to after issue/renew..
--key-file <file> Path to copy the key file to after issue/renew.
--ca-file <file> Path to copy the intermediate cert file to after issue/renew.
--fullchain-file <file> Path to copy the fullchain cert file to after issue/renew.
--reloadcmd <command> Command to execute after issue/renew to reload the server.
--server SERVER ACME Directory Resource URI. (default: $DEFAULT_CA)
--server <server_uri> ACME Directory Resource URI. (default: $DEFAULT_CA)
See: $_SERVER_WIKI See: $_SERVER_WIKI
--accountconf Specifies a customized account config file.
--home Specifies the home dir for $PROJECT_NAME.
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home Specifies the home dir to save all the configurations.
--useragent Specifies the user agent string. it will be saved for future use too.
--accountemail, -m Specifies the account email, only valid for the '--install' and '--update-account' command.
--accountkey Specifies the account key path, only valid for the '--install' command.
--days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--accountconf <file> Specifies a customized account config file.
--home <directory> Specifies the home dir for $PROJECT_NAME.
--cert-home <directory> Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home <directory> Specifies the home dir to save all the configurations.
--useragent <string> Specifies the user agent string. it will be saved for future use too.
-m, --accountemail <email> Specifies the account email, only valid for the '--install' and '--update-account' command.
--accountkey <file> Specifies the account key path, only valid for the '--install' command.
--days <ndays> Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
--httpport <port> Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--tlsport <port> Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address <ip> Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--listraw Only used for '--list' command, list the certs in raw format. --listraw Only used for '--list' command, list the certs in raw format.
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
-se, --stop-renew-on-error Only valid for '--renew-all' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
--ca-bundle <file> Specifies the path to the CA certificate bundle to verify api server's certificate.
--ca-path <directory> Specifies directory containing CA certificates in PEM format, used by wget or curl.
--nocron Only valid for '--install' command, which means: do not install the default cron job. --nocron Only valid for '--install' command, which means: do not install the default cron job.
In this case, the certs will not be renewed automatically. In this case, the certs will not be renewed automatically.
--noprofile Only valid for '--install' command, which means: do not install aliases to user profile. --noprofile Only valid for '--install' command, which means: do not install aliases to user profile.
--no-color Do not output color text. --no-color Do not output color text.
--force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails. --force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
--csr Specifies the input csr.
--pre-hook Command to be run before obtaining any certificates.
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed.
--renew-hook Command to be run once for each successfully renewed certificate.
--deploy-hook The hook file to deploy cert
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
--always-force-new-domain-key Generate new domain key when renewal. Otherwise, the domain key is not changed by default.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future.
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--to-pkcs12' and '--create-csr'
--csr <file> Specifies the input csr.
--pre-hook <command> Command to be run before obtaining any certificates.
--post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
--renew-hook <command> Command to be run after each successfully renewed certificate.
--deploy-hook <hookname> The hook file to deploy cert
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
--listen-v4 Force standalone/tls server to listen at ipv4. --listen-v4 Force standalone/tls server to listen at ipv4.
--listen-v6 Force standalone/tls server to listen at ipv6. --listen-v6 Force standalone/tls server to listen at ipv6.
--openssl-bin Specifies a custom openssl bin location.
--openssl-bin <file> Specifies a custom openssl bin location.
--use-wget Force to use wget, if you have both curl and wget installed. --use-wget Force to use wget, if you have both curl and wget installed.
--yes-I-know-dns-manual-mode-enough-go-ahead-please Force to use dns manual mode.
--yes-I-know-dns-manual-mode-enough-go-ahead-please Force use of dns manual mode.
See: $_DNS_MANUAL_WIKI See: $_DNS_MANUAL_WIKI
--branch, -b Only valid for '--upgrade' command, specifies the branch name to upgrade to.
--notify-level 0|1|2|3 Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
0: disabled, no notification will be sent.
1: send notifications only when there is an error.
2: send notifications when a cert is successfully renewed, or there is an error.
3: send notifications when a cert is skipped, renewed, or error.
--notify-mode 0|1 Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.
0: Bulk mode. Send all the domain's notifications in one message(mail).
1: Cert mode. Send a message for every single cert.
--notify-hook [hookname] Set the notify hook
--revoke-reason [0-10] The reason for '--revoke' command.
-b, --branch <branch> Only valid for '--upgrade' command, specifies the branch name to upgrade to.
--notify-level <0|1|2|3> Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
0: disabled, no notification will be sent.
1: send notifications only when there is an error.
2: send notifications when a cert is successfully renewed, or there is an error.
3: send notifications when a cert is skipped, renewed, or error.
--notify-mode <0|1> Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.
0: Bulk mode. Send all the domain's notifications in one message(mail).
1: Cert mode. Send a message for every single cert.
--notify-hook <hookname> Set the notify hook
--revoke-reason <0-10> The reason for revocation, can be used in conjunction with the '--revoke' command.
See: $_REVOKE_WIKI See: $_REVOKE_WIKI
--password <password> Add a password to exported pfx file. Use with --to-pkcs12.
" "
} }
@ -6797,19 +6797,19 @@ _process() {
--deploy) --deploy)
_CMD="deploy" _CMD="deploy"
;; ;;
--signcsr)
--sign-csr | --signcsr)
_CMD="signcsr" _CMD="signcsr"
;; ;;
--showcsr)
--show-csr | --showcsr)
_CMD="showcsr" _CMD="showcsr"
;; ;;
--installcert | -i | --install-cert)
-i | --install-cert | --installcert)
_CMD="installcert" _CMD="installcert"
;; ;;
--renew | -r) --renew | -r)
_CMD="renew" _CMD="renew"
;; ;;
--renewAll | --renewall | --renew-all)
--renew-all | --renewAll | --renewall)
_CMD="renewAll" _CMD="renewAll"
;; ;;
--revoke) --revoke)
@ -6821,37 +6821,37 @@ _process() {
--list) --list)
_CMD="list" _CMD="list"
;; ;;
--installcronjob | --install-cronjob)
--install-cronjob | --installcronjob)
_CMD="installcronjob" _CMD="installcronjob"
;; ;;
--uninstallcronjob | --uninstall-cronjob)
--uninstall-cronjob | --uninstallcronjob)
_CMD="uninstallcronjob" _CMD="uninstallcronjob"
;; ;;
--cron) --cron)
_CMD="cron" _CMD="cron"
;; ;;
--toPkcs)
--to-pkcs12 | --to-pkcs | --toPkcs)
_CMD="toPkcs" _CMD="toPkcs"
;; ;;
--toPkcs8)
--to-pkcs8 | --toPkcs8)
_CMD="toPkcs8" _CMD="toPkcs8"
;; ;;
--createAccountKey | --createaccountkey | -cak | --create-account-key)
--create-account-key | --createAccountKey | --createaccountkey | -cak)
_CMD="createAccountKey" _CMD="createAccountKey"
;; ;;
--createDomainKey | --createdomainkey | -cdk | --create-domain-key)
--create-domain-key | --createDomainKey | --createdomainkey | -cdk)
_CMD="createDomainKey" _CMD="createDomainKey"
;; ;;
--createCSR | --createcsr | -ccr)
-ccr | --create-csr | --createCSR | --createcsr)
_CMD="createCSR" _CMD="createCSR"
;; ;;
--deactivate) --deactivate)
_CMD="deactivate" _CMD="deactivate"
;; ;;
--updateaccount | --update-account)
--update-account | --updateaccount)
_CMD="updateaccount" _CMD="updateaccount"
;; ;;
--registeraccount | --register-account)
--register-account | --registeraccount)
_CMD="registeraccount" _CMD="registeraccount"
;; ;;
--deactivate-account) --deactivate-account)
@ -6863,7 +6863,7 @@ _process() {
--set-default-ca) --set-default-ca)
_CMD="setdefaultca" _CMD="setdefaultca"
;; ;;
--domain | -d)
-d | --domain)
_dvalue="$2" _dvalue="$2"
if [ "$_dvalue" ]; then if [ "$_dvalue" ]; then
@ -6894,7 +6894,7 @@ _process() {
shift shift
;; ;;
--force | -f)
-f | --force)
FORCE="1" FORCE="1"
;; ;;
--staging | --test) --staging | --test)
@ -6916,7 +6916,7 @@ _process() {
--output-insecure) --output-insecure)
export OUTPUT_INSECURE=1 export OUTPUT_INSECURE=1
;; ;;
--webroot | -w)
-w | --webroot)
wvalue="$2" wvalue="$2"
if [ -z "$_webroot" ]; then if [ -z "$_webroot" ]; then
_webroot="$wvalue" _webroot="$wvalue"
@ -7006,7 +7006,7 @@ _process() {
_keylength="$2" _keylength="$2"
shift shift
;; ;;
--accountkeylength | -ak)
-ak | --accountkeylength)
_accountkeylength="$2" _accountkeylength="$2"
shift shift
;; ;;
@ -7044,7 +7044,7 @@ _process() {
LE_WORKING_DIR="$2" LE_WORKING_DIR="$2"
shift shift
;; ;;
--certhome | --cert-home)
--cert-home | --certhome)
_certhome="$2" _certhome="$2"
CERT_HOME="$_certhome" CERT_HOME="$_certhome"
shift shift
@ -7059,7 +7059,7 @@ _process() {
USER_AGENT="$_useragent" USER_AGENT="$_useragent"
shift shift
;; ;;
--accountemail | -m)
-m | --accountemail)
_accountemail="$2" _accountemail="$2"
ACCOUNT_EMAIL="$_accountemail" ACCOUNT_EMAIL="$_accountemail"
shift shift
@ -7087,7 +7087,7 @@ _process() {
--listraw) --listraw)
_listraw="raw" _listraw="raw"
;; ;;
--stopRenewOnError | --stoprenewonerror | -se)
-se | --stop-renew-on-error | --stopRenewOnError | --stoprenewonerror)
_stopRenewOnError="1" _stopRenewOnError="1"
;; ;;
--insecure) --insecure)

296
dnsapi/dns_dynv6.sh
View File

@ -1,35 +1,41 @@
#!/usr/bin/env sh #!/usr/bin/env sh
#Author StefanAbl #Author StefanAbl
#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"' #Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"'
#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value"
#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub #if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub
dynv6_api="https://dynv6.com/api/v2"
######## Public functions ##################### ######## Public functions #####################
# Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide # Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
#Usage: dns_dynv6_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_dynv6_add() { dns_dynv6_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_info "Using dynv6 api" _info "Using dynv6 api"
_debug fulldomain "$fulldomain" _debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue" _debug txtvalue "$txtvalue"
_get_keyfile
_info "using keyfile $dynv6_keyfile"
_get_domain "$fulldomain"
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
if ! _contains "$_your_hosts" "$_host"; then
_debug "The host is $_host and the record $_record"
_debug "Dynv6 returned $_your_hosts"
_err "The host $_host does not exist on your dynv6 account"
return 1
fi
_debug "found host on your account"
returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")"
_debug "Dynv6 returend this after record was added: $returnval"
if _contains "$returnval" "created"; then
return 0
elif _contains "$returnval" "updated"; then
return 0
_get_authentication
if [ "$dynv6_token" ]; then
_dns_dynv6_add_http
return $?
else else
_err "Something went wrong! it does not seem like the record was added succesfully"
_info "using key file $dynv6_keyfile"
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
if ! _get_domain "$fulldomain" "$_your_hosts"; then
_err "Host not found on your account"
return 1
fi
_debug "found host on your account"
returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")"
_debug "Dynv6 returned this after record was added: $returnval"
if _contains "$returnval" "created"; then
return 0
elif _contains "$returnval" "updated"; then
return 0
else
_err "Something went wrong! it does not seem like the record was added successfully"
return 1
fi
return 1 return 1
fi fi
return 1 return 1
@ -39,28 +45,29 @@ dns_dynv6_add() {
dns_dynv6_rm() { dns_dynv6_rm() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_info "Using dynv6 api"
_info "Using dynv6 API"
_debug fulldomain "$fulldomain" _debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue" _debug txtvalue "$txtvalue"
_get_keyfile
_info "using keyfile $dynv6_keyfile"
_get_domain "$fulldomain"
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
if ! _contains "$_your_hosts" "$_host"; then
_debug "The host is $_host and the record $_record"
_debug "Dynv6 returned $_your_hosts"
_err "The host $_host does not exist on your dynv6 account"
return 1
_get_authentication
if [ "$dynv6_token" ]; then
_dns_dynv6_rm_http
return $?
else
_info "using key file $dynv6_keyfile"
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
if ! _get_domain "$fulldomain" "$_your_hosts"; then
_err "Host not found on your account"
return 1
fi
_debug "found host on your account"
_info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)"
return 0
fi fi
_debug "found host on your account"
_info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)"
return 0
} }
#################### Private functions below ################################## #################### Private functions below ##################################
#Usage: No Input required #Usage: No Input required
#returns #returns
#dynv6_keyfile the path to the new keyfile that has been generated
#dynv6_keyfile the path to the new key file that has been generated
_generate_new_key() { _generate_new_key() {
dynv6_keyfile="$(eval echo ~"$USER")/.ssh/dynv6" dynv6_keyfile="$(eval echo ~"$USER")/.ssh/dynv6"
_info "Path to key file used: $dynv6_keyfile" _info "Path to key file used: $dynv6_keyfile"
@ -72,50 +79,207 @@ _generate_new_key() {
return 1 return 1
fi fi
} }
#Usage: _acme-challenge.www.example.dynv6.net
#Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts"
#where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts
#returns #returns
#_host= example.dynv6.net #_host= example.dynv6.net
#_record=_acme-challenge.www #_record=_acme-challenge.www
#aborts if not a valid domain #aborts if not a valid domain
_get_domain() { _get_domain() {
#_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)"
_full_domain="$1" _full_domain="$1"
_debug "getting domain for $_full_domain"
if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy' && ! _contains "$_full_domain" 'v6.rocks'; then
_err "The hosts does not seem to be a dynv6 host"
return 1
fi
_record="${_full_domain%.*}"
_record="${_record%.*}"
_record="${_record%.*}"
_debug "The record we are ging to use is $_record"
_host="$_full_domain"
while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do
_host="${_host#*.}"
done
_debug "And the host is $_host"
return 0
_your_hosts="$2"
_your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')"
for l in $_your_hosts; do
#echo "host: $l"
if test "${_full_domain#*$l}" != "$_full_domain"; then
_record="${_full_domain%.$l}"
_host=$l
_debug "The host is $_host and the record $_record"
return 0
fi
done
_err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key"
return 1
} }
# Usage: No input required # Usage: No input required
#returns #returns
#dynv6_keyfile path to the key that will be used #dynv6_keyfile path to the key that will be used
_get_keyfile() {
_debug "get keyfile method called"
dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}"
_debug Your key is "$dynv6_keyfile"
if [ -z "$dynv6_keyfile" ]; then
if [ -z "$KEY" ]; then
_err "You did not specify a key to use with dynv6"
_info "Creating new dynv6 api key to add to dynv6.com"
_generate_new_key
_info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")"
_info "Hit Enter to contiue"
read -r _
#save the credentials to the account conf file.
else
dynv6_keyfile="$KEY"
_get_authentication() {
dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}"
if [ "$dynv6_token" ]; then
_debug "Found HTTP Token. Going to use the HTTP API and not the SSH API"
if [ "$DYNV6_TOKEN" ]; then
_saveaccountconf_mutable dynv6_token "$dynv6_token"
fi
else
_debug "no HTTP token found. Looking for an SSH key"
dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}"
_debug "Your key is $dynv6_keyfile"
if [ -z "$dynv6_keyfile" ]; then
if [ -z "$KEY" ]; then
_err "You did not specify a key to use with dynv6"
_info "Creating new dynv6 API key to add to dynv6.com"
_generate_new_key
_info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")"
_info "Hit Enter to continue"
read -r _
#save the credentials to the account conf file.
else
dynv6_keyfile="$KEY"
fi
_saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile"
fi
fi
}
_dns_dynv6_add_http() {
_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API"
if ! _get_zone_id "$fulldomain"; then
_err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone"
return 1
fi
_get_zone_name "$_zone_id"
record="${fulldomain%%.$_zone_name}"
_set_record TXT "$record" "$txtvalue"
if _contains "$response" "$txtvalue"; then
_info "Successfully added record"
return 0
else
_err "Something went wrong while adding the record"
return 1
fi
}
_dns_dynv6_rm_http() {
_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API"
if ! _get_zone_id "$fulldomain"; then
_err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone"
return 1
fi
_get_zone_name "$_zone_id"
record="${fulldomain%%.$_zone_name}"
_get_record_id "$_zone_id" "$record" "$txtvalue"
_del_record "$_zone_id" "$_record_id"
if [ -z "$response" ]; then
_info "Successfully deleted record"
return 0
else
_err "Something went wrong while deleting the record"
return 1
fi
}
#get the zoneid for a specifc record or zone
#usage: _get_zone_id §record
#where $record is the record to get the id for
#returns _zone_id the id of the zone
_get_zone_id() {
record="$1"
_debug "getting zone id for $record"
_dynv6_rest GET zones
zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')"
#echo $zones
selected=""
for z in $zones; do
z="${z#name:}"
_debug zone: "$z"
if _contains "$record" "$z"; then
_debug "$z found in $record"
selected="$z"
fi fi
_saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile"
done
if [ -z "$selected" ]; then
_err "no zone found"
return 1
fi
zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')"
_zone_id="${zone_id#id:}"
_debug "zone id: $_zone_id"
}
_get_zone_name() {
_zone_id="$1"
_dynv6_rest GET zones/"$_zone_id"
_zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')"
_zone_name="${_zone_name#name:}"
}
#usaage _get_record_id $zone_id $record
# where zone_id is thevalue returned by _get_zone_id
# and record ist in the form _acme.www for an fqdn of _acme.www.example.com
# returns _record_id
_get_record_id() {
_zone_id="$1"
record="$2"
value="$3"
_dynv6_rest GET "zones/$_zone_id/records"
if ! _get_record_id_from_response "$response"; then
_err "no such record $record found in zone $_zone_id"
return 1
fi fi
} }
_get_record_id_from_response() {
response="$1"
_record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')"
#_record_id="${_record_id#id:}"
if [ -z "$_record_id" ]; then
_err "no such record: $record found in zone $_zone_id"
return 1
fi
_debug "record id: $_record_id"
return 0
}
#usage: _set_record TXT _acme_challenge.www longvalue 12345678
#zone id is optional can also be set as vairable bevor calling this method
_set_record() {
type="$1"
record="$2"
value="$3"
if [ "$4" ]; then
_zone_id="$4"
fi
data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}"
#data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}'
echo "$data"
#"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"
_dynv6_rest POST "zones/$_zone_id/records" "$data"
}
_del_record() {
_zone_id=$1
_record_id=$2
_dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id"
}
_dynv6_rest() {
m=$1 #method GET,POST,DELETE or PUT
ep="$2" #the endpoint
data="$3"
_debug "$ep"
token_trimmed=$(echo "$dynv6_token" | tr -d '"')
export _H1="Authorization: Bearer $token_trimmed"
export _H2="Content-Type: application/json"
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$dynv6_api/$ep" "" "$m")"
else
response="$(_get "$dynv6_api/$ep")"
fi
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
return 0
}

4
dnsapi/dns_misaka.sh
View File

@ -47,7 +47,7 @@ dns_misaka_add() {
if [ "$count" = "0" ]; then if [ "$count" = "0" ]; then
_info "Adding record" _info "Adding record"
if _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then
if _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then
_debug response "$response" _debug response "$response"
if _contains "$response" "$_sub_domain"; then if _contains "$response" "$_sub_domain"; then
_info "Added" _info "Added"
@ -61,7 +61,7 @@ dns_misaka_add() {
else else
_info "Updating record" _info "Updating record"
_misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}"
_misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}"
if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then
_info "Updated!" _info "Updated!"
#todo: check if the record takes effect #todo: check if the record takes effect

2
dnsapi/dns_nic.sh
View File

@ -166,7 +166,7 @@ _get_root() {
if _contains "$_all_domains" "^$h$"; then if _contains "$_all_domains" "^$h$"; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h _domain=$h
_service=$(printf "%s" "$response" | grep "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
_service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
return 0 return 0
fi fi
p="$i" p="$i"

10
dnsapi/dns_regru.sh
View File

@ -33,8 +33,11 @@ dns_regru_add() {
fi fi
_debug _domain "$_domain" _debug _domain "$_domain"
_subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
_debug _subdomain "$_subdomain"
_info "Adding TXT record to ${fulldomain}" _info "Adding TXT record to ${fulldomain}"
_regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json"
_regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json"
if ! _contains "${response}" 'error'; then if ! _contains "${response}" 'error'; then
return 0 return 0
@ -64,8 +67,11 @@ dns_regru_rm() {
fi fi
_debug _domain "$_domain" _debug _domain "$_domain"
_subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
_debug _subdomain "$_subdomain"
_info "Deleting resource record $fulldomain" _info "Deleting resource record $fulldomain"
_regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json"
_regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json"
if ! _contains "${response}" 'error'; then if ! _contains "${response}" 'error'; then
return 0 return 0

Write Preview
Loading…
Cancel
Save