Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch 'dev' into add-zone-dns-api

pull/2151/head
tambetliiv 7 years ago
committed by GitHub
parent
a32c1170e0 9d64b35ed8
commit
6b76934a87
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 277 additions and 27 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      README.md
  2. 135
      acme.sh
  3. 17
      dnsapi/README.md
  4. 1
      dnsapi/dns_hostingde.sh
  5. 131
      dnsapi/dns_nederhost.sh

2
README.md
View File

@ -359,7 +359,9 @@ You don't have to do anything manually!
1. Online.net API (https://online.net/) 1. Online.net API (https://online.net/)
1. MyDevil.net (https://www.mydevil.net/) 1. MyDevil.net (https://www.mydevil.net/)
1. Core-Networks.de (https://core-networks.de) 1. Core-Networks.de (https://core-networks.de)
1. NederHost API (https://www.nederhost.nl/)
1. Zone.ee (zone.eu) API (https://api.zone.eu/v2) 1. Zone.ee (zone.eu) API (https://api.zone.eu/v2)
And: And:
**lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api **lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api

135
acme.sh
View File

@ -9,6 +9,9 @@ PROJECT_ENTRY="acme.sh"
PROJECT="https://github.com/Neilpang/$PROJECT_NAME" PROJECT="https://github.com/Neilpang/$PROJECT_NAME"
DEFAULT_INSTALL_HOME="$HOME/.$PROJECT_NAME" DEFAULT_INSTALL_HOME="$HOME/.$PROJECT_NAME"
_WINDOWS_SCHEDULER_NAME="$PROJECT_NAME.cron"
_SCRIPT_="$0" _SCRIPT_="$0"
_SUB_FOLDERS="dnsapi deploy" _SUB_FOLDERS="dnsapi deploy"
@ -19,8 +22,8 @@ LETSENCRYPT_STAGING_CA_V1="https://acme-staging.api.letsencrypt.org/directory"
LETSENCRYPT_CA_V2="https://acme-v02.api.letsencrypt.org/directory" LETSENCRYPT_CA_V2="https://acme-v02.api.letsencrypt.org/directory"
LETSENCRYPT_STAGING_CA_V2="https://acme-staging-v02.api.letsencrypt.org/directory" LETSENCRYPT_STAGING_CA_V2="https://acme-staging-v02.api.letsencrypt.org/directory"
DEFAULT_CA=$LETSENCRYPT_CA_V1
DEFAULT_STAGING_CA=$LETSENCRYPT_STAGING_CA_V1
DEFAULT_CA=$LETSENCRYPT_CA_V2
DEFAULT_STAGING_CA=$LETSENCRYPT_STAGING_CA_V2
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)" DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
DEFAULT_ACCOUNT_EMAIL="" DEFAULT_ACCOUNT_EMAIL=""
@ -1974,7 +1977,7 @@ _save_conf() {
_sdkey="$2" _sdkey="$2"
_sdvalue="$3" _sdvalue="$3"
_b64encode="$4" _b64encode="$4"
if [ "$_b64encode" ]; then
if [ "$_sdvalue" ] && [ "$_b64encode" ]; then
_sdvalue="${B64CONF_START}$(printf "%s" "${_sdvalue}" | _base64)${B64CONF_END}" _sdvalue="${B64CONF_START}$(printf "%s" "${_sdvalue}" | _base64)${B64CONF_END}"
fi fi
if [ "$_s_c_f" ]; then if [ "$_s_c_f" ]; then
@ -3665,8 +3668,12 @@ issue() {
_cleardomainconf "Le_ChallengeAlias" _cleardomainconf "Le_ChallengeAlias"
fi fi
if [ "$ACME_DIRECTORY" != "$DEFAULT_CA" ]; then
Le_API="$ACME_DIRECTORY" Le_API="$ACME_DIRECTORY"
_savedomainconf "Le_API" "$Le_API" _savedomainconf "Le_API" "$Le_API"
else
_cleardomainconf Le_API
fi
if [ "$_alt_domains" = "$NO_VALUE" ]; then if [ "$_alt_domains" = "$NO_VALUE" ]; then
_alt_domains="" _alt_domains=""
@ -4500,6 +4507,16 @@ renew() {
. "$DOMAIN_CONF" . "$DOMAIN_CONF"
_debug Le_API "$Le_API" _debug Le_API "$Le_API"
if [ "$Le_API" = "$LETSENCRYPT_CA_V1" ]; then
_cleardomainconf Le_API
Le_API="$DEFAULT_CA"
fi
if [ "$Le_API" = "$LETSENCRYPT_STAGING_CA_V1" ]; then
_cleardomainconf Le_API
Le_API="$DEFAULT_STAGING_CA"
fi
if [ "$Le_API" ]; then if [ "$Le_API" ]; then
if [ "$_OLD_CA_HOST" = "$Le_API" ]; then if [ "$_OLD_CA_HOST" = "$Le_API" ]; then
export Le_API="$DEFAULT_CA" export Le_API="$DEFAULT_CA"
@ -4909,35 +4926,107 @@ _installcert() {
} }
__read_password() {
unset _pp
prompt="Enter Password:"
while IFS= read -p "$prompt" -r -s -n 1 char; do
if [ "$char" = $'\0' ]; then
break
fi
prompt='*'
_pp="$_pp$char"
done
echo "$_pp"
}
_install_win_taskscheduler() {
_lesh="$1"
_centry="$2"
_randomminute="$3"
if ! _exists cygpath; then
_err "cygpath not found"
return 1
fi
if ! _exists schtasks; then
_err "schtasks.exe is not found, are you on Windows?"
return 1
fi
_winbash="$(cygpath -w $(which bash))"
_debug _winbash "$_winbash"
if [ -z "$_winbash" ]; then
_err "can not find bash path"
return 1
fi
_myname="$(whoami)"
_debug "_myname" "$_myname"
if [ -z "$_myname" ]; then
_err "can not find my user name"
return 1
fi
_debug "_lesh" "$_lesh"
_info "To install scheduler task in your Windows account, you must input your windows password."
_info "$PROJECT_NAME doesn't save your password."
_info "Please input your Windows password for: $(__green "$_myname")"
_password="$(__read_password)"
#SCHTASKS.exe '/create' '/SC' 'DAILY' '/TN' "$_WINDOWS_SCHEDULER_NAME" '/F' '/ST' "00:$_randomminute" '/RU' "$_myname" '/RP' "$_password" '/TR' "$_winbash -l -c '$_lesh --cron --home \"$LE_WORKING_DIR\" $_centry'" >/dev/null
echo SCHTASKS.exe '/create' '/SC' 'DAILY' '/TN' "$_WINDOWS_SCHEDULER_NAME" '/F' '/ST' "00:$_randomminute" '/RU' "$_myname" '/RP' "$_password" '/TR' "\"$_winbash -l -c '$_lesh --cron --home \"$LE_WORKING_DIR\" $_centry'\"" | cmd.exe >/dev/null
echo
}
_uninstall_win_taskscheduler() {
if ! _exists schtasks; then
_err "schtasks.exe is not found, are you on Windows?"
return 1
fi
if ! echo SCHTASKS /query /tn "$_WINDOWS_SCHEDULER_NAME" | cmd.exe >/dev/null; then
_debug "scheduler $_WINDOWS_SCHEDULER_NAME is not found."
else
_info "Removing $_WINDOWS_SCHEDULER_NAME"
echo SCHTASKS /delete /f /tn "$_WINDOWS_SCHEDULER_NAME" | cmd.exe >/dev/null
fi
}
#confighome #confighome
installcronjob() { installcronjob() {
_c_home="$1" _c_home="$1"
_initpath _initpath
_CRONTAB="crontab" _CRONTAB="crontab"
if ! _exists "$_CRONTAB" && _exists "fcrontab"; then
_CRONTAB="fcrontab"
fi
if ! _exists "$_CRONTAB"; then
_err "crontab/fcrontab doesn't exist, so, we can not install cron jobs."
_err "All your certs will not be renewed automatically."
_err "You must add your own cron job to call '$PROJECT_ENTRY --cron' everyday."
return 1
fi
_info "Installing cron job"
if ! $_CRONTAB -l | grep "$PROJECT_ENTRY --cron"; then
if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then
lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY" lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY"
else else
_err "Can not install cronjob, $PROJECT_ENTRY not found." _err "Can not install cronjob, $PROJECT_ENTRY not found."
return 1 return 1
fi fi
if [ "$_c_home" ]; then if [ "$_c_home" ]; then
_c_entry="--config-home \"$_c_home\" " _c_entry="--config-home \"$_c_home\" "
fi fi
_t=$(_time) _t=$(_time)
random_minute=$(_math $_t % 60) random_minute=$(_math $_t % 60)
if ! _exists "$_CRONTAB" && _exists "fcrontab"; then
_CRONTAB="fcrontab"
fi
if ! _exists "$_CRONTAB"; then
if _exists cygpath && _exists schtasks.exe; then
_info "It seems you are on Windows, let's install Windows scheduler task."
if _install_win_taskscheduler "$lesh" "$_c_entry" "$random_minute"; then
_info "Install Windows scheduler task success."
return 0
else
_err "Install Windows scheduler task failed."
return 1
fi
fi
_err "crontab/fcrontab doesn't exist, so, we can not install cron jobs."
_err "All your certs will not be renewed automatically."
_err "You must add your own cron job to call '$PROJECT_ENTRY --cron' everyday."
return 1
fi
_info "Installing cron job"
if ! $_CRONTAB -l | grep "$PROJECT_ENTRY --cron"; then
if _exists uname && uname -a | grep SunOS >/dev/null; then if _exists uname && uname -a | grep SunOS >/dev/null; then
$_CRONTAB -l | { $_CRONTAB -l | {
cat cat
@ -4965,6 +5054,16 @@ uninstallcronjob() {
fi fi
if ! _exists "$_CRONTAB"; then if ! _exists "$_CRONTAB"; then
if _exists cygpath && _exists schtasks.exe; then
_info "It seems you are on Windows, let's uninstall Windows scheduler task."
if _uninstall_win_taskscheduler; then
_info "Uninstall Windows scheduler task success."
return 0
else
_err "Uninstall Windows scheduler task failed."
return 1
fi
fi
return return
fi fi
_info "Removing cron job" _info "Removing cron job"
@ -5292,6 +5391,9 @@ _precheck() {
if [ -z "$_nocron" ]; then if [ -z "$_nocron" ]; then
if ! _exists "crontab" && ! _exists "fcrontab"; then if ! _exists "crontab" && ! _exists "fcrontab"; then
if _exists cygpath && _exists schtasks.exe; then
_info "It seems you are on Windows, we will install Windows scheduler task."
else
_err "It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'." _err "It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'."
_err "We need to set cron job to renew the certs automatically." _err "We need to set cron job to renew the certs automatically."
_err "Otherwise, your certs will not be able to be renewed automatically." _err "Otherwise, your certs will not be able to be renewed automatically."
@ -5302,6 +5404,7 @@ _precheck() {
fi fi
fi fi
fi fi
fi
if ! _exists "${ACME_OPENSSL_BIN:-openssl}"; then if ! _exists "${ACME_OPENSSL_BIN:-openssl}"; then
_err "Please install openssl first. ACME_OPENSSL_BIN=$ACME_OPENSSL_BIN" _err "Please install openssl first. ACME_OPENSSL_BIN=$ACME_OPENSSL_BIN"

17
dnsapi/README.md
View File

@ -1296,7 +1296,21 @@ acme.sh --issue --dns dns_cn -d example.com -d www.example.com
The `CN_User` and `CN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. The `CN_User` and `CN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
## 68. Use Zone.ee DNS API
## 68. Use NederHost API
Create an API token in Mijn NederHost.
Set your API key:
```
export NederHost_Key='xxx'
```
To issue a certificate run:
```
acme.sh --issue --dns dns_nederhost -d example.com -d *.example.com
```
## 69. Use Zone.ee DNS API
First, you'll need to retrive your API key. Estonian insructions https://help.zone.eu/kb/zoneid-api-v2/ First, you'll need to retrive your API key. Estonian insructions https://help.zone.eu/kb/zoneid-api-v2/
@ -1312,7 +1326,6 @@ acme.sh --issue -d example.com -d www.example.com --dns dns_zone
``` ```
`ZONE_Username` and `ZONE_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. `ZONE_Username` and `ZONE_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
# Use custom API # Use custom API
If your API is not supported yet, you can write your own DNS API. If your API is not supported yet, you can write your own DNS API.

1
dnsapi/dns_hostingde.sh
View File

@ -28,6 +28,7 @@ dns_hostingde_rm() {
_hostingde_apiKey() { _hostingde_apiKey() {
HOSTINGDE_APIKEY="${HOSTINGDE_APIKEY:-$(_readaccountconf_mutable HOSTINGDE_APIKEY)}" HOSTINGDE_APIKEY="${HOSTINGDE_APIKEY:-$(_readaccountconf_mutable HOSTINGDE_APIKEY)}"
HOSTINGDE_ENDPOINT="${HOSTINGDE_ENDPOINT:-$(_readaccountconf_mutable HOSTINGDE_ENDPOINT)}"
if [ -z "$HOSTINGDE_APIKEY" ] || [ -z "$HOSTINGDE_ENDPOINT" ]; then if [ -z "$HOSTINGDE_APIKEY" ] || [ -z "$HOSTINGDE_ENDPOINT" ]; then
HOSTINGDE_APIKEY="" HOSTINGDE_APIKEY=""
HOSTINGDE_ENDPOINT="" HOSTINGDE_ENDPOINT=""

131
dnsapi/dns_nederhost.sh
View File

@ -0,0 +1,131 @@
#!/usr/bin/env sh
#NederHost_Key="sdfgikogfdfghjklkjhgfcdcfghjk"
NederHost_Api="https://api.nederhost.nl/dns/v1"
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_nederhost_add() {
fulldomain=$1
txtvalue=$2
NederHost_Key="${NederHost_Key:-$(_readaccountconf_mutable NederHost_Key)}"
if [ -z "$NederHost_Key" ]; then
NederHost_Key=""
_err "You didn't specify a NederHost api key."
_err "You can get yours from https://www.nederhost.nl/mijn_nederhost"
return 1
fi
#save the api key and email to the account conf file.
_saveaccountconf_mutable NederHost_Key "$NederHost_Key"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_info "Adding record"
if _nederhost_rest PATCH "zones/$_domain/records/$fulldomain/TXT" "[{\"content\":\"$txtvalue\",\"ttl\":60}]"; then
if _contains "$response" "$fulldomain"; then
_info "Added, OK"
return 0
else
_err "Add txt record error."
return 1
fi
fi
_err "Add txt record error."
return 1
}
#fulldomain txtvalue
dns_nederhost_rm() {
fulldomain=$1
txtvalue=$2
NederHost_Key="${NederHost_Key:-$(_readaccountconf_mutable NederHost_Key)}"
if [ -z "$NederHost_Key" ]; then
NederHost_Key=""
_err "You didn't specify a NederHost api key."
_err "You can get yours from https://www.nederhost.nl/mijn_nederhost"
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Removing txt record"
_nederhost_rest DELETE "zones/${_domain}/records/$fulldomain/TXT?content=$txtvalue"
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
domain=$1
i=2
p=1
while true; do
_domain=$(printf "%s" "$domain" | cut -d . -f $i-100)
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_debug _domain "$_domain"
if [ -z "$_domain" ]; then
#not valid
return 1
fi
if _nederhost_rest GET "zones/${_domain}"; then
if [ "${_code}" = "204" ]; then
return 0
fi
else
return 1
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
_nederhost_rest() {
m=$1
ep="$2"
data="$3"
_debug "$ep"
export _H1="Authorization: Bearer $NederHost_Key"
export _H2="Content-Type: application/json"
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$NederHost_Api/$ep" "" "$m")"
else
response="$(_get "$NederHost_Api/$ep")"
fi
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
_debug "http response code $_code"
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
return 0
}
Write Preview
Loading…
Cancel
Save