diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 507755c9..be9d3aae 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -1,5 +1,6 @@ name: DNS on: + workflow_dispatch: push: paths: - 'dnsapi/*.sh' @@ -65,7 +66,7 @@ jobs: TokenName4: ${{ secrets.TokenName4}} TokenName5: ${{ secrets.TokenName5}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Set env file @@ -113,7 +114,7 @@ jobs: TokenName4: ${{ secrets.TokenName4}} TokenName5: ${{ secrets.TokenName5}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install tools run: brew install socat - name: Clone acmetest @@ -164,7 +165,7 @@ jobs: - name: Set git to use LF run: | git config --global core.autocrlf false - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install cygwin base packages with chocolatey run: | choco config get cacheLocation @@ -204,7 +205,7 @@ jobs: FreeBSD: - runs-on: macos-12 + runs-on: ubuntu-latest needs: Windows env: TEST_DNS : ${{ secrets.TEST_DNS }} @@ -223,10 +224,10 @@ jobs: TokenName4: ${{ secrets.TokenName4}} TokenName5: ${{ secrets.TokenName5}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0 + - uses: vmactions/freebsd-vm@v1 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -255,7 +256,7 @@ jobs: OpenBSD: - runs-on: macos-12 + runs-on: ubuntu-latest needs: FreeBSD env: TEST_DNS : ${{ secrets.TEST_DNS }} @@ -274,13 +275,13 @@ jobs: TokenName4: ${{ secrets.TokenName4}} TokenName5: ${{ secrets.TokenName5}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0 + - uses: vmactions/openbsd-vm@v1 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: pkg_add socat curl + prepare: pkg_add socat curl libiconv usesh: true copyback: false run: | @@ -306,7 +307,7 @@ jobs: NetBSD: - runs-on: macos-12 + runs-on: ubuntu-latest needs: OpenBSD env: TEST_DNS : ${{ secrets.TEST_DNS }} @@ -325,14 +326,14 @@ jobs: TokenName4: ${{ secrets.TokenName4}} TokenName5: ${{ secrets.TokenName5}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0 + - uses: vmactions/netbsd-vm@v1 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | - pkg_add curl socat + /usr/sbin/pkg_add curl socat usesh: true copyback: false run: | @@ -358,7 +359,7 @@ jobs: DragonFlyBSD: - runs-on: macos-12 + runs-on: ubuntu-latest needs: NetBSD env: TEST_DNS : ${{ secrets.TEST_DNS }} @@ -377,10 +378,10 @@ jobs: TokenName4: ${{ secrets.TokenName4}} TokenName5: ${{ secrets.TokenName5}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/dragonflybsd-vm@v0 + - uses: vmactions/dragonflybsd-vm@v1 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | @@ -413,7 +414,7 @@ jobs: Solaris: - runs-on: macos-12 + runs-on: ubuntu-latest needs: DragonFlyBSD env: TEST_DNS : ${{ secrets.TEST_DNS }} @@ -433,10 +434,10 @@ jobs: TokenName4: ${{ secrets.TokenName4}} TokenName5: ${{ secrets.TokenName5}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0 + - uses: vmactions/solaris-vm@v1 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' copyback: false @@ -463,3 +464,52 @@ jobs: ./letest.sh + Omnios: + runs-on: ubuntu-latest + needs: Solaris + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Omnios doesn't accept the expired ISRG X1 root + TokenName1: ${{ secrets.TokenName1}} + TokenName2: ${{ secrets.TokenName2}} + TokenName3: ${{ secrets.TokenName3}} + TokenName4: ${{ secrets.TokenName4}} + TokenName5: ${{ secrets.TokenName5}} + steps: + - uses: actions/checkout@v4 + - name: Clone acmetest + run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/omnios-vm@v1 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + copyback: false + prepare: pkg install socat + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" + fi + cd ../acmetest + ./letest.sh + + diff --git a/.github/workflows/DragonFlyBSD.yml b/.github/workflows/DragonFlyBSD.yml index 5a0d81ba..5c56168f 100644 --- a/.github/workflows/DragonFlyBSD.yml +++ b/.github/workflows/DragonFlyBSD.yml @@ -1,71 +1,71 @@ -name: DragonFlyBSD -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/DragonFlyBSD.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/DragonFlyBSD.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - - -jobs: - DragonFlyBSD: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - steps: - - uses: actions/checkout@v3 - - uses: vmactions/cf-tunnel@v0 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/dragonflybsd-vm@v0 - with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' - copyback: "false" - nat: | - "8080": "80" - prepare: | - pkg install -y curl socat libnghttp2 - usesh: true - run: | - cd ../acmetest \ - && ./letest.sh - - +name: DragonFlyBSD +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '.github/workflows/DragonFlyBSD.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '.github/workflows/DragonFlyBSD.yml' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + + + +jobs: + DragonFlyBSD: + strategy: + matrix: + include: + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" + runs-on: ubuntu-latest + env: + TEST_LOCAL: 1 + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} + steps: + - uses: actions/checkout@v4 + - uses: vmactions/cf-tunnel@v0 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/dragonflybsd-vm@v1 + with: + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' + nat: | + "8080": "80" + prepare: | + pkg install -y curl socat libnghttp2 + usesh: true + copyback: false + run: | + cd ../acmetest \ + && ./letest.sh + + diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 0fa55fd4..961907e8 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -29,19 +29,19 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" # CA_EMAIL: "githubtest@acme.sh" # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 + runs-on: ubuntu-latest env: TEST_LOCAL: 1 TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} @@ -51,7 +51,7 @@ jobs: TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: vmactions/cf-tunnel@v0 id: tunnel with: @@ -61,7 +61,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0 + - uses: vmactions/freebsd-vm@v1 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' nat: | diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 156fa5df..c74e9d3e 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -26,14 +26,14 @@ jobs: Linux: strategy: matrix: - os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:7", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] + os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] runs-on: ubuntu-latest env: TEST_LOCAL: 1 - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) TEST_ACME_Server: "LetsEncrypt.org_test" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Clone acmetest run: | cd .. \ diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index c1f29769..f5d73ec9 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -29,7 +29,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" @@ -44,7 +44,7 @@ jobs: CA_EMAIL: ${{ matrix.CA_EMAIL }} TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install tools run: brew install socat - name: Clone acmetest diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index 25872c42..a4f90f68 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -1,71 +1,71 @@ -name: NetBSD -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/NetBSD.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/NetBSD.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - - -jobs: - NetBSD: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - steps: - - uses: actions/checkout@v3 - - uses: vmactions/cf-tunnel@v0 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0 - with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' - nat: | - "8080": "80" - prepare: | - pkg_add curl socat - usesh: true - copyback: false - run: | - cd ../acmetest \ - && ./letest.sh - - +name: NetBSD +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '.github/workflows/NetBSD.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '.github/workflows/NetBSD.yml' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + + + +jobs: + NetBSD: + strategy: + matrix: + include: + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" + runs-on: ubuntu-latest + env: + TEST_LOCAL: 1 + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} + steps: + - uses: actions/checkout@v4 + - uses: vmactions/cf-tunnel@v0 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/netbsd-vm@v1 + with: + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' + nat: | + "8080": "80" + prepare: | + /usr/sbin/pkg_add curl socat + usesh: true + copyback: false + run: | + cd ../acmetest \ + && ./letest.sh + + diff --git a/.github/workflows/Omnios.yml b/.github/workflows/Omnios.yml new file mode 100644 index 00000000..882cedf6 --- /dev/null +++ b/.github/workflows/Omnios.yml @@ -0,0 +1,75 @@ +name: Omnios +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '.github/workflows/Omnios.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '.github/workflows/Omnios.yml' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + + + +jobs: + Omnios: + strategy: + matrix: + include: + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) + ACME_USE_WGET: 1 + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" + runs-on: ubuntu-latest + env: + TEST_LOCAL: 1 + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} + steps: + - uses: actions/checkout@v4 + - uses: vmactions/cf-tunnel@v0 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/omnios-vm@v1 + with: + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' + nat: | + "8080": "80" + prepare: pkg install socat wget + copyback: false + run: | + cd ../acmetest \ + && ./letest.sh + + diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 745a9408..d5697c10 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -29,19 +29,19 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" # CA_EMAIL: "githubtest@acme.sh" # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 + runs-on: ubuntu-latest env: TEST_LOCAL: 1 TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} @@ -51,7 +51,7 @@ jobs: TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: vmactions/cf-tunnel@v0 id: tunnel with: @@ -61,7 +61,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0 + - uses: vmactions/openbsd-vm@v1 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' nat: | diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index 9f3a98ce..b0326332 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -33,11 +33,11 @@ jobs: TEST_CA: "Pebble Intermediate CA" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install tools run: sudo apt-get install -y socat - name: Run Pebble - run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d + run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker compose up -d - name: Set up Pebble run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4 - name: Clone acmetest @@ -58,7 +58,7 @@ jobs: TEST_IPCERT: 1 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install tools run: sudo apt-get install -y socat - name: Run Pebble diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 34d31a59..95bcd8d1 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -1,74 +1,75 @@ -name: Solaris -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/Solaris.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/Solaris.yml' - - - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - Solaris: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - ACME_USE_WGET: 1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} - steps: - - uses: actions/checkout@v3 - - uses: vmactions/cf-tunnel@v0 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0 - with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' - copyback: "false" - nat: | - "8080": "80" - prepare: pkgutil -y -i socat curl wget - run: | - cd ../acmetest \ - && ./letest.sh - +name: Solaris +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '.github/workflows/Solaris.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '.github/workflows/Solaris.yml' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + + + +jobs: + Solaris: + strategy: + matrix: + include: + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) + ACME_USE_WGET: 1 + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" + runs-on: ubuntu-latest + env: + TEST_LOCAL: 1 + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} + steps: + - uses: actions/checkout@v4 + - uses: vmactions/cf-tunnel@v0 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/solaris-vm@v1 + with: + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' + nat: | + "8080": "80" + prepare: pkgutil -y -i socat curl wget + copyback: false + run: | + cd ../acmetest \ + && ./letest.sh + + diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 4bf2ba29..e580828f 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -29,12 +29,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) ACME_USE_WGET: 1 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" @@ -70,7 +70,7 @@ jobs: TestingDomain: ${{ matrix.TestingDomain }} ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install tools run: sudo apt-get install -y socat wget - name: Start StepCA diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index c02e2f77..c1fd1085 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -29,7 +29,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" @@ -49,7 +49,7 @@ jobs: - name: Set git to use LF run: | git config --global core.autocrlf false - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install cygwin base packages with chocolatey run: | choco config get cacheLocation diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index 48c44429..435fd6b5 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -15,6 +15,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +env: + DOCKER_IMAGE: neilpang/acme.sh jobs: CheckToken: @@ -41,9 +43,14 @@ jobs: if: "contains(needs.CheckToken.outputs.hasToken, 'true')" steps: - name: checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v2 + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5.5.1 + with: + images: ${DOCKER_IMAGE} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: login to docker hub @@ -51,8 +58,6 @@ jobs: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - name: build and push the image run: | - DOCKER_IMAGE=neilpang/acme.sh - if [[ $GITHUB_REF == refs/tags/* ]]; then DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/} fi @@ -66,8 +71,14 @@ jobs: fi fi + DOCKER_LABELS=() + while read -r label; do + DOCKER_LABELS+=(--label "${label}") + done <<<"${DOCKER_METADATA_OUTPUT_LABELS}" + docker buildx build \ --tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \ + "${DOCKER_LABELS[@]}" \ --output "type=image,push=true" \ --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \ --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386,linux/ppc64le,linux/s390x . diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml index 5faa9105..58630e8b 100644 --- a/.github/workflows/pr_dns.yml +++ b/.github/workflows/pr_dns.yml @@ -4,8 +4,6 @@ on: pull_request_target: types: - opened - branches: - - 'dev' paths: - 'dnsapi/*.sh' @@ -22,9 +20,12 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, body: `**Welcome** - Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). + First thing: don't send PR to the master branch, please send to the dev branch instead. + Please make sure you've read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). Then reply on this message, otherwise, your code will not be reviewed or merged. + Please also make sure to add/update the usage here: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2 We look forward to reviewing your Pull request shortly ✨ + 注意: 必须通过了 [DNS-API-Test](../wiki/DNS-API-Test) 才会被 review. 无论是修改, 还是新加的 dns api, 都必须确保通过这个测试. ` }) diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml index 4844e297..b6b03c67 100644 --- a/.github/workflows/pr_notify.yml +++ b/.github/workflows/pr_notify.yml @@ -1,4 +1,4 @@ -name: Check dns api +name: Check notify api on: pull_request_target: @@ -22,7 +22,7 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, body: `**Welcome** - Please make sure you're read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify). + Please make sure you've read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify). Then reply on this message, otherwise, your code will not be reviewed or merged. We look forward to reviewing your Pull request shortly ✨ ` diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index a5a08bbf..746727d4 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -22,7 +22,7 @@ jobs: ShellCheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Shellcheck run: sudo apt-get install -y shellcheck - name: DoShellcheck @@ -31,7 +31,7 @@ jobs: shfmt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install shfmt run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt - name: shfmt diff --git a/README.md b/README.md index 717ecf5f..9a5c106b 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ [![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml) [![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml) [![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml) - +[![Omnios](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml) ![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) ![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) @@ -73,20 +73,21 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD |8|[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)|NetBSD |9|[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)|DragonFlyBSD -|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian -|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS -|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE -|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) -|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux -|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora -|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux -|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux -|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia -|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux -|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux -|11|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 -|22|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) -|23|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) +|10|[![Omnios](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml)|Omnios +|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian +|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS +|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE +|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) +|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux +|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora +|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux +|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux +|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia +|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux +|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux +|22|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 +|23|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) +|24|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) Check our [testing project](https://github.com/acmesh-official/acmetest): diff --git a/acme.sh b/acme.sh index bce7a41d..9842e3f1 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=3.0.7 +VER=3.1.0 PROJECT_NAME="acme.sh" @@ -231,11 +231,11 @@ _dlg_versions() { echo "$ACME_OPENSSL_BIN doesn't exist." fi - echo "apache:" + echo "Apache:" if [ "$_APACHECTL" ] && _exists "$_APACHECTL"; then $_APACHECTL -V 2>&1 else - echo "apache doesn't exist." + echo "Apache doesn't exist." fi echo "nginx:" @@ -672,8 +672,10 @@ _hex_dump() { #0 1 2 3 4 5 6 7 8 9 - _ . ~ #30 31 32 33 34 35 36 37 38 39 2d 5f 2e 7e +#_url_encode [upper-hex] the encoded hex will be upper-case if the argument upper-hex is followed #stdin stdout _url_encode() { + _upper_hex=$1 _hex_str=$(_hex_dump) _debug3 "_url_encode" _debug3 "_hex_str" "$_hex_str" @@ -883,6 +885,9 @@ _url_encode() { ;; #other hex *) + if [ "$_upper_hex" = "upper-hex" ]; then + _hex_code=$(printf "%s" "$_hex_code" | _upper_case) + fi printf '%%%s' "$_hex_code" ;; esac @@ -931,7 +936,7 @@ fi _egrep_o() { if [ "$__USE_EGREP" ]; then - egrep -o -- "$1" + egrep -o -- "$1" 2>/dev/null else sed -n 's/.*\('"$1"'\).*/\1/p' fi @@ -949,7 +954,7 @@ _getfile() { i="$(grep -n -- "$startline" "$filename" | cut -d : -f 1)" if [ -z "$i" ]; then - _err "Can not find start line: $startline" + _err "Cannot find start line: $startline" return 1 fi i="$(_math "$i" + 1)" @@ -957,7 +962,7 @@ _getfile() { j="$(grep -n -- "$endline" "$filename" | cut -d : -f 1)" if [ -z "$j" ]; then - _err "Can not find end line: $endline" + _err "Cannot find end line: $endline" return 1 fi j="$(_math "$j" - 1)" @@ -1065,7 +1070,7 @@ _sign() { if ! _signedECText="$($_sign_openssl -sha$__ECC_KEY_LEN | ${ACME_OPENSSL_BIN:-openssl} asn1parse -inform DER)"; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" - _err "Key content:$(wc -l <"$keyfile") lines" + _err "Key content: $(wc -l <"$keyfile") lines" return 1 fi _debug3 "_signedECText" "$_signedECText" @@ -1145,14 +1150,14 @@ _createkey() { length=2048 fi - _debug "Use length $length" + _debug "Using length $length" if ! [ -e "$f" ]; then if ! touch "$f" >/dev/null 2>&1; then _f_path="$(dirname "$f")" _debug _f_path "$_f_path" if ! mkdir -p "$_f_path"; then - _err "Can not create path: $_f_path" + _err "Cannot create path: $_f_path" return 1 fi fi @@ -1163,11 +1168,11 @@ _createkey() { fi if _isEccKey "$length"; then - _debug "Using ec name: $eccname" + _debug "Using EC name: $eccname" if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -noout -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else - _err "error ecc key name: $eccname" + _err "Error encountered for ECC key named $eccname" return 1 fi else @@ -1179,13 +1184,13 @@ _createkey() { if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then echo "$_opkey" >"$f" else - _err "error rsa key: $length" + _err "Error encountered for RSA key of length $length" return 1 fi fi if [ "$?" != "0" ]; then - _err "Create key error." + _err "Key creation error." return 1 fi } @@ -1243,7 +1248,14 @@ _createcsr() { _debug2 csr "$csr" _debug2 csrconf "$csrconf" - printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nextendedKeyUsage=serverAuth,clientAuth\n" >"$csrconf" + printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]" >"$csrconf" + + if [ "$Le_ExtKeyUse" ]; then + _savedomainconf Le_ExtKeyUse "$Le_ExtKeyUse" + printf "\nextendedKeyUsage=$Le_ExtKeyUse\n" >>"$csrconf" + else + printf "\nextendedKeyUsage=serverAuth,clientAuth\n" >>"$csrconf" + fi if [ "$acmeValidationv1" ]; then domainlist="$(_idn "$domainlist")" @@ -1430,6 +1442,9 @@ _toPkcs() { else ${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$_cpfx" -inkey "$_ckey" -in "$_ccert" -certfile "$_cca" fi + if [ "$?" = "0" ]; then + _savedomainconf "Le_PFXPassword" "$pfxPassword" + fi } @@ -1449,7 +1464,7 @@ toPkcs() { _toPkcs "$CERT_PFX_PATH" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$pfxPassword" if [ "$?" = "0" ]; then - _info "Success, Pfx is exported to: $CERT_PFX_PATH" + _info "Success, PFX has been exported to: $CERT_PFX_PATH" fi } @@ -1493,7 +1508,7 @@ _create_account_key() { length=$1 if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ]; then - _debug "Use default length $DEFAULT_ACCOUNT_KEY_LENGTH" + _debug "Using default length $DEFAULT_ACCOUNT_KEY_LENGTH" length="$DEFAULT_ACCOUNT_KEY_LENGTH" fi @@ -1502,15 +1517,15 @@ _create_account_key() { mkdir -p "$CA_DIR" if [ -s "$ACCOUNT_KEY_PATH" ]; then - _info "Account key exists, skip" + _info "Account key exists, skipping" return 0 else #generate account key if _createkey "$length" "$ACCOUNT_KEY_PATH"; then - _info "Create account key ok." + _info "Account key creation OK." return 0 else - _err "Create account key error." + _err "Account key creation error." return 1 fi fi @@ -1529,7 +1544,7 @@ createDomainKey() { _cdl=$2 if [ -z "$_cdl" ]; then - _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" + _debug "Using DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" _cdl="$DEFAULT_DOMAIN_KEY_LENGTH" fi @@ -1541,16 +1556,16 @@ createDomainKey() { _info "The domain key is here: $(__green $CERT_KEY_PATH)" return 0 else - _err "Can not create domain key" + _err "Cannot create domain key" return 1 fi else if [ "$_ACME_IS_RENEW" ]; then - _info "Domain key exists, skip" + _info "Domain key exists, skipping" return 0 else - _err "Domain key exists, do you want to overwrite the key?" - _err "Add '--force', and try again." + _err "Domain key exists, do you want to overwrite it?" + _err "If so, add '--force' and try again." return 1 fi fi @@ -1559,7 +1574,7 @@ createDomainKey() { # domain domainlist isEcc createCSR() { - _info "Creating csr" + _info "Creating CSR" if [ -z "$1" ]; then _usage "Usage: $PROJECT_ENTRY --create-csr --domain [--domain ...] [--ecc]" return @@ -1572,13 +1587,13 @@ createCSR() { _initpath "$domain" "$_isEcc" if [ -f "$CSR_PATH" ] && [ "$_ACME_IS_RENEW" ] && [ -z "$FORCE" ]; then - _info "CSR exists, skip" + _info "CSR exists, skipping" return fi if [ ! -f "$CERT_KEY_PATH" ]; then - _err "The key file is not found: $CERT_KEY_PATH" - _err "Please create the key file first." + _err "This key file was not found: $CERT_KEY_PATH" + _err "Please create it first." return 1 fi _createcsr "$domain" "$domainlist" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" @@ -1613,6 +1628,11 @@ _time2str() { return fi + #Omnios + if date -u -r "$1" +"%Y-%m-%dT%H:%M:%SZ" 2>/dev/null; then + return + fi + #Solaris if printf "%(%Y-%m-%dT%H:%M:%SZ)T\n" $1 2>/dev/null; then return @@ -1722,7 +1742,7 @@ _calcjwk() { __ECC_KEY_LEN=512 ;; *) - _err "ECC oid : $crv_oid" + _err "ECC oid: $crv_oid" return 1 ;; esac @@ -1765,7 +1785,7 @@ _calcjwk() { JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "ES'$__ECC_KEY_LEN'"' else - _err "Only RSA or EC key is supported. keyfile=$keyfile" + _err "Only RSA or EC keys are supported. keyfile=$keyfile" _debug2 "$(cat "$keyfile")" return 1 fi @@ -1795,7 +1815,15 @@ _date2time() { if date -u -j -f "%Y-%m-%d %H:%M:%S" "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then return fi - _err "Can not parse _date2time $1" + #Omnios + if python3 -c "import datetime; print(int(datetime.datetime.strptime(\"$1\", \"%Y-%m-%d %H:%M:%S\").replace(tzinfo=datetime.timezone.utc).timestamp()))" 2>/dev/null; then + return + fi + #Omnios + if python3 -c "import datetime; print(int(datetime.datetime.strptime(\"$1\", \"%Y-%m-%dT%H:%M:%SZ\").replace(tzinfo=datetime.timezone.utc).timestamp()))" 2>/dev/null; then + return + fi + _err "Cannot parse _date2time $1" return 1 } @@ -1819,7 +1847,7 @@ _mktemp() { echo "/$LE_TEMP_DIR/wefADf24sf.$(_time).tmp" return 0 fi - _err "Can not create temp file." + _err "Cannot create temp file." } #clear all the https envs to cause _inithttp() to run next time. @@ -2008,7 +2036,7 @@ _post() { _ret="$?" if [ "$_ret" = "8" ]; then _ret=0 - _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." + _debug "wget returned 8 as the server returned a 'Bad Request' response. Let's process the response later." fi if [ "$_ret" != "0" ]; then _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" @@ -2022,7 +2050,7 @@ _post() { _sed_i 's/^ //g' "$HTTP_HEADER" else _ret="$?" - _err "Neither curl nor wget is found, can not do $httpmethod." + _err "Neither curl nor wget have been found, cannot make $httpmethod request." fi _debug "_ret" "$_ret" printf "%s" "$response" @@ -2091,14 +2119,14 @@ _get() { ret=$? if [ "$ret" = "8" ]; then ret=0 - _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." + _debug "wget returned 8 as the server returned a 'Bad Request' response. Let's process the response later." fi if [ "$ret" != "0" ]; then _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" fi else ret=$? - _err "Neither curl nor wget is found, can not do GET." + _err "Neither curl nor wget have been found, cannot make GET request." fi _debug "ret" "$ret" return $ret @@ -2130,7 +2158,7 @@ _send_signed_request() { if [ -z "$keyfile" ]; then keyfile="$ACCOUNT_KEY_PATH" fi - _debug "=======Begin Send Signed Request=======" + _debug "=======Sending Signed Request=======" _debug url "$url" _debug payload "$payload" @@ -2174,9 +2202,8 @@ _send_signed_request() { _debug2 _headers "$_headers" _CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" fi - _debug2 _CACHED_NONCE "$_CACHED_NONCE" if [ "$?" != "0" ]; then - _err "Can not connect to $nonceurl to get nonce." + _err "Cannot connect to $nonceurl to get nonce." return 1 fi else @@ -2219,7 +2246,7 @@ _send_signed_request() { _CACHED_NONCE="" if [ "$?" != "0" ]; then - _err "Can not post to $url" + _err "Cannot make POST request to $url" return 1 fi @@ -2251,21 +2278,21 @@ _send_signed_request() { _sleep_overload_retry_sec=5 fi if [ $_sleep_overload_retry_sec -le 600 ]; then - _info "It seems the CA server is currently overloaded, let's wait and retry. Sleeping $_sleep_overload_retry_sec seconds." + _info "It seems the CA server is currently overloaded, let's wait and retry. Sleeping for $_sleep_overload_retry_sec seconds." _sleep $_sleep_overload_retry_sec continue else - _info "The retryafter=$_retryafter is too large > 600, not retry anymore." + _info "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." fi fi if _contains "$_body" "JWS has invalid anti-replay nonce" || _contains "$_body" "JWS has an invalid anti-replay nonce"; then - _info "It seems the CA server is busy now, let's wait and retry. Sleeping $_sleep_retry_sec seconds." + _info "It seems the CA server is busy now, let's wait and retry. Sleeping for $_sleep_retry_sec seconds." _CACHED_NONCE="" _sleep $_sleep_retry_sec continue fi if _contains "$_body" "The Replay Nonce is not recognized"; then - _info "The replay Nonce is not valid, let's get a new one, Sleeping $_sleep_retry_sec seconds." + _info "The replay nonce is not valid, let's get a new one. Sleeping for $_sleep_retry_sec seconds." _CACHED_NONCE="" _sleep $_sleep_retry_sec continue @@ -2337,7 +2364,7 @@ _save_conf() { if [ "$_s_c_f" ]; then _setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'" else - _err "config file is empty, can not save $_sdkey=$_sdvalue" + _err "Config file is empty, cannot save $_sdkey=$_sdvalue" fi } @@ -2347,9 +2374,9 @@ _clear_conf() { _sdkey="$2" if [ "$_c_c_f" ]; then _conf_data="$(cat "$_c_c_f")" - echo "$_conf_data" | sed "s/^$_sdkey *=.*$//" >"$_c_c_f" + echo "$_conf_data" | sed "/^$_sdkey *=.*$/d" >"$_c_c_f" else - _err "config file is empty, can not clear" + _err "Config file is empty, cannot clear" fi } @@ -2367,7 +2394,7 @@ _read_conf() { fi printf "%s" "$_sdv" else - _debug "config file is empty, can not read $_sdkey" + _debug "Config file is empty, cannot read $_sdkey" fi } @@ -2392,13 +2419,18 @@ _migratedomainconf() { _old_key="$1" _new_key="$2" _b64encode="$3" - _value=$(_readdomainconf "$_old_key") - if [ -z "$_value" ]; then - return 1 # oldkey is not found - fi - _savedomainconf "$_new_key" "$_value" "$_b64encode" + _old_value=$(_readdomainconf "$_old_key") _cleardomainconf "$_old_key" - _debug "Domain config $_old_key has been migrated to $_new_key" + if [ -z "$_old_value" ]; then + return 1 # migrated failed: old value is empty + fi + _new_value=$(_readdomainconf "$_new_key") + if [ -n "$_new_value" ]; then + _debug "Domain config new key exists, old key $_old_key='$_old_value' has been removed." + return 1 # migrated failed: old value replaced by new value + fi + _savedomainconf "$_new_key" "$_old_value" "$_b64encode" + _debug "Domain config $_old_key has been migrated to $_new_key." } #_migratedeployconf oldkey newkey base64encode @@ -2495,10 +2527,10 @@ _startserver() { _debug Le_Listen_V6 "$Le_Listen_V6" _NC="socat" - if [ "$Le_Listen_V4" ]; then - _NC="$_NC -4" - elif [ "$Le_Listen_V6" ]; then + if [ "$Le_Listen_V6" ]; then _NC="$_NC -6" + else + _NC="$_NC -4" fi if [ "$DEBUG" ] && [ "$DEBUG" -gt "1" ]; then @@ -2515,22 +2547,34 @@ _startserver() { _content_len="$(printf "%s" "$content" | wc -c)" _debug _content_len "$_content_len" _debug "_NC" "$_NC $SOCAT_OPTIONS" + export _SOCAT_ERR="$(_mktemp)" $_NC $SOCAT_OPTIONS SYSTEM:"sleep 1; \ echo 'HTTP/1.0 200 OK'; \ echo 'Content-Length\: $_content_len'; \ echo ''; \ -printf '%s' '$content';" & +printf '%s' '$content';" 2>"$_SOCAT_ERR" & serverproc="$!" + if [ -f "$_SOCAT_ERR" ]; then + if grep "Permission denied" "$_SOCAT_ERR" >/dev/null; then + _err "socat: $(cat $_SOCAT_ERR)" + _err "Can not listen for user: $(whoami)" + _err "Maybe try with root again?" + rm -f "$_SOCAT_ERR" + return 1 + fi + fi } _stopserver() { pid="$1" _debug "pid" "$pid" if [ -z "$pid" ]; then + rm -f "$_SOCAT_ERR" return fi kill $pid + rm -f "$_SOCAT_ERR" } @@ -2568,7 +2612,7 @@ _starttlsserver() { #create key TLS_KEY if ! _createkey "2048" "$TLS_KEY"; then - _err "Create tls validation key error." + _err "Error creating TLS validation key." return 1 fi @@ -2578,13 +2622,13 @@ _starttlsserver() { alt="$alt,$san_b" fi if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$acmeValidationv1"; then - _err "Create tls validation csr error." + _err "Error creating TLS validation CSR." return 1 fi #self signed if ! _signcsr "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$TLS_CERT"; then - _err "Create tls validation cert error." + _err "Error creating TLS validation cert." return 1 fi @@ -2638,7 +2682,7 @@ _conapath() { __initHome() { if [ -z "$_SCRIPT_HOME" ]; then if _exists readlink && _exists dirname; then - _debug "Lets find script dir." + _debug "Let's find the script directory." _debug "_SCRIPT_" "$_SCRIPT_" _script="$(_readlink "$_SCRIPT_")" _debug "_script" "$_script" @@ -2647,7 +2691,7 @@ __initHome() { if [ -d "$_script_home" ]; then export _SCRIPT_HOME="$_script_home" else - _err "It seems the script home is not correct:$_script_home" + _err "It seems the script home is not correct: $_script_home" fi fi fi @@ -2662,7 +2706,7 @@ __initHome() { # fi if [ -z "$LE_WORKING_DIR" ]; then - _debug "Using default home:$DEFAULT_INSTALL_HOME" + _debug "Using default home: $DEFAULT_INSTALL_HOME" LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" fi export LE_WORKING_DIR @@ -2670,7 +2714,7 @@ __initHome() { if [ -z "$LE_CONFIG_HOME" ]; then LE_CONFIG_HOME="$LE_WORKING_DIR" fi - _debug "Using config home:$LE_CONFIG_HOME" + _debug "Using config home: $LE_CONFIG_HOME" export LE_CONFIG_HOME _DEFAULT_ACCOUNT_CONF_PATH="$LE_CONFIG_HOME/account.conf" @@ -2707,7 +2751,7 @@ _clearAPI() { #server _initAPI() { _api_server="${1:-$ACME_DIRECTORY}" - _debug "_init api for server: $_api_server" + _debug "_init API for server: $_api_server" MAX_API_RETRY_TIMES=10 _sleep_retry_sec=10 @@ -2717,8 +2761,8 @@ _initAPI() { response=$(_get "$_api_server") if [ "$?" != "0" ]; then _debug2 "response" "$response" - _info "Can not init api for: $_api_server." - _info "Sleep $_sleep_retry_sec and retry." + _info "Cannot init API for: $_api_server." + _info "Sleeping for $_sleep_retry_sec seconds and retrying." _sleep "$_sleep_retry_sec" continue fi @@ -2756,13 +2800,13 @@ _initAPI() { if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then return 0 fi - _info "Sleep $_sleep_retry_sec and retry." + _info "Sleeping for $_sleep_retry_sec seconds and retrying." _sleep "$_sleep_retry_sec" done if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then return 0 fi - _err "Can not init api, for $_api_server" + _err "Cannot init API for $_api_server" return 1 } @@ -2894,7 +2938,7 @@ _initpath() { DOMAIN_PATH="$domainhomeecc" elif [ -z "$__SELECTED_RSA_KEY" ]; then if [ ! -d "$domainhome" ] && [ -d "$domainhomeecc" ]; then - _info "The domain '$domain' seems to have a ECC cert already, lets use ecc cert." + _info "The domain '$domain' seems to already have an ECC cert, let's use it." DOMAIN_PATH="$domainhomeecc" fi fi @@ -2957,7 +3001,7 @@ _apachePath() { if _exists apache2ctl; then _APACHECTL="apache2ctl" else - _err "'apachectl not found. It seems that apache is not installed, or you are not root user.'" + _err "'apachectl not found. It seems that Apache is not installed or you are not root.'" _err "Please use webroot mode to try again." return 1 fi @@ -2976,7 +3020,7 @@ _apachePath() { _debug httpdconfname "$httpdconfname" if [ -z "$httpdconfname" ]; then - _err "Can not read apache config file." + _err "Cannot read Apache config file." return 1 fi @@ -2993,7 +3037,7 @@ _apachePath() { _debug httpdconf "$httpdconf" _debug httpdconfname "$httpdconfname" if [ ! -f "$httpdconf" ]; then - _err "Apache Config file not found" "$httpdconf" + _err "Apache config file not found" "$httpdconf" return 1 fi return 0 @@ -3016,7 +3060,7 @@ _restoreApache() { cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" >"$httpdconf" _debug "Restored: $httpdconf." if ! $_APACHECTL -t; then - _err "Sorry, restore apache config error, please contact me." + _err "Sorry, there's been an error restoring the Apache config. Please ask for support on $PROJECT." return 1 fi _debug "Restored successfully." @@ -3031,26 +3075,26 @@ _setApache() { fi #test the conf first - _info "Checking if there is an error in the apache config file before starting." + _info "Checking if there is an error in the Apache config file before starting." if ! $_APACHECTL -t >/dev/null; then - _err "The apache config file has error, please fix it first, then try again." - _err "Don't worry, there is nothing changed to your system." + _err "The Apache config file has errors, please fix them first then try again." + _err "Don't worry, no changes to your system have been made." return 1 else _info "OK" fi #backup the conf - _debug "Backup apache config file" "$httpdconf" + _debug "Backing up Apache config file" "$httpdconf" if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then - _err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed." - _err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT" + _err "Cannot backup Apache config file, aborting. Don't worry, the Apache config has not been changed." + _err "This might be an $PROJECT_NAME bug, please open an issue on $PROJECT" return 1 fi - _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname" - _info "In case there is an error that can not be restored automatically, you may try restore it yourself." - _info "The backup file will be deleted on success, just forget it." + _info "Config file $httpdconf has been backed up to $APACHE_CONF_BACKUP_DIR/$httpdconfname" + _info "In case an error causes it to not be restored automatically, you can restore it yourself." + _info "You do not need to do anything on success, as the backup file will automatically be deleted." #add alias @@ -3080,11 +3124,11 @@ Allow from all _msg="$($_APACHECTL -t 2>&1)" if [ "$?" != "0" ]; then - _err "Sorry, apache config error" + _err "Sorry, an Apache config error has occurred" if _restoreApache; then - _err "The apache config file is restored." + _err "The Apache config file has been restored." else - _err "Sorry, the apache config file can not be restored, please report bug." + _err "Sorry, the Apache config file cannot be restored, please open an issue on $PROJECT." fi return 1 fi @@ -3095,7 +3139,7 @@ Allow from all fi if ! $_APACHECTL graceful; then - _err "$_APACHECTL graceful error, please contact me." + _err "$_APACHECTL graceful error, please open an issue on $PROJECT." _restoreApache return 1 fi @@ -3119,10 +3163,10 @@ _setNginx() { _start_f="$(echo "$_croot" | cut -d : -f 2)" _debug _start_f "$_start_f" if [ -z "$_start_f" ]; then - _debug "find start conf from nginx command" + _debug "Finding config using the nginx command" if [ -z "$NGINX_CONF" ]; then if ! _exists "nginx"; then - _err "nginx command is not found." + _err "nginx command not found." return 1 fi NGINX_CONF="$(nginx -V 2>&1 | _egrep_o "\-\-conf-path=[^ ]* " | tr -d " ")" @@ -3130,7 +3174,7 @@ _setNginx() { NGINX_CONF="$(echo "$NGINX_CONF" | cut -d = -f 2)" _debug NGINX_CONF "$NGINX_CONF" if [ -z "$NGINX_CONF" ]; then - _err "Can not find nginx conf." + _err "Cannot find nginx config." NGINX_CONF="" return 1 fi @@ -3139,16 +3183,16 @@ _setNginx() { NGINX_CONF="" return 1 fi - _debug "Found nginx conf file:$NGINX_CONF" + _debug "Found nginx config file: $NGINX_CONF" fi _start_f="$NGINX_CONF" fi - _debug "Start detect nginx conf for $_d from:$_start_f" + _debug "Detecting nginx conf for $_d from: $_start_f" if ! _checkConf "$_d" "$_start_f"; then - _err "Can not find conf file for domain $d" + _err "Cannot find config file for domain $d" return 1 fi - _info "Found conf file: $FOUND_REAL_NGINX_CONF" + _info "Found config file: $FOUND_REAL_NGINX_CONF" _ln=$FOUND_REAL_NGINX_CONF_LN _debug "_ln" "$_ln" @@ -3158,7 +3202,7 @@ _setNginx() { _start_tag="$(sed -n "$_lnn,${_lnn}p" "$FOUND_REAL_NGINX_CONF")" _debug "_start_tag" "$_start_tag" if [ "$_start_tag" = "$NGINX_START" ]; then - _info "The domain $_d is already configured, skip" + _info "The domain $_d is already configured, skipping" FOUND_REAL_NGINX_CONF="" return 0 fi @@ -3167,27 +3211,28 @@ _setNginx() { _backup_conf="$DOMAIN_BACKUP_PATH/$_d.nginx.conf" _debug _backup_conf "$_backup_conf" BACKUP_NGINX_CONF="$_backup_conf" - _info "Backup $FOUND_REAL_NGINX_CONF to $_backup_conf" + _info "Backing $FOUND_REAL_NGINX_CONF up to $_backup_conf" if ! cp "$FOUND_REAL_NGINX_CONF" "$_backup_conf"; then - _err "backup error." + _err "Backup error." FOUND_REAL_NGINX_CONF="" return 1 fi if ! _exists "nginx"; then - _err "nginx command is not found." + _err "nginx command not found." return 1 fi - _info "Check the nginx conf before setting up." - if ! nginx -t >/dev/null; then + _info "Checking the nginx config before setting up." + if ! nginx -t >/dev/null 2>&1; then + _err "It seems that the nginx config is not correct, cannot continue." return 1 fi - _info "OK, Set up nginx config file" + _info "OK, setting up the nginx config file" if ! sed -n "1,${_ln}p" "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"; then cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" - _err "write nginx conf error, but don't worry, the file is restored to the original version." + _err "Error writing nginx config. Restoring it to its original version." return 1 fi @@ -3201,20 +3246,20 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" { if ! sed -n "${_lnn},99999p" "$_backup_conf" >>"$FOUND_REAL_NGINX_CONF"; then cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" - _err "write nginx conf error, but don't worry, the file is restored." + _err "Error writing nginx config. Restoring it to its original version." return 1 fi _debug3 "Modified config:$(cat $FOUND_REAL_NGINX_CONF)" - _info "nginx conf is done, let's check it again." - if ! nginx -t >/dev/null; then - _err "It seems that nginx conf was broken, let's restore." + _info "nginx config has been written, let's check it again." + if ! nginx -t >/dev/null 2>&1; then + _err "There seems to be a problem with the nginx config, let's restore it to its original version." cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" return 1 fi - _info "Reload nginx" - if ! nginx -s reload >/dev/null; then - _err "It seems that nginx reload error, let's restore." + _info "Reloading nginx" + if ! nginx -s reload >/dev/null 2>&1; then + _err "There seems to be a problem with the nginx config, let's restore it to its original version." cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" return 1 fi @@ -3226,7 +3271,7 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" { _checkConf() { _d="$1" _c_file="$2" - _debug "Start _checkConf from:$_c_file" + _debug "Starting _checkConf from: $_c_file" if [ ! -f "$2" ] && ! echo "$2" | grep '*$' >/dev/null && echo "$2" | grep '*' >/dev/null; then _debug "wildcard" for _w_f in $2; do @@ -3239,14 +3284,14 @@ _checkConf() { elif [ -f "$2" ]; then _debug "single" if _isRealNginxConf "$1" "$2"; then - _debug "$2 is found." + _debug "$2 found." FOUND_REAL_NGINX_CONF="$2" return 0 fi if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then - _debug "Try include files" + _debug "Trying include files" for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do - _debug "check included $included" + _debug "Checking included $included" if ! _startswith "$included" "/" && _exists dirname; then _relpath="$(dirname "$2")" _debug "_relpath" "$_relpath" @@ -3322,7 +3367,7 @@ _isRealNginxConf() { #restore all the nginx conf _restoreNginx() { if [ -z "$NGINX_RESTORE_VLIST" ]; then - _debug "No need to restore nginx, skip." + _debug "No need to restore nginx config, skipping." return fi _debug "_restoreNginx" @@ -3337,9 +3382,9 @@ _restoreNginx() { cat "$_ngbackupconf" >"$_ngconf" done - _info "Reload nginx" + _info "Reloading nginx" if ! nginx -s reload >/dev/null; then - _err "It seems that nginx reload error, please report bug." + _err "An error occurred while reloading nginx, please open an issue on $PROJECT." return 1 fi return 0 @@ -3364,7 +3409,7 @@ _clearupdns() { _debug "dns_entries" "$dns_entries" if [ -z "$dns_entries" ]; then - _debug "skip dns." + _debug "Skipping dns." return fi _info "Removing DNS records." @@ -3387,7 +3432,7 @@ _clearupdns() { fi if [ -z "$d_api" ]; then - _info "Not Found domain api file: $d_api" + _info "Domain API file was not found: $d_api" continue fi @@ -3397,21 +3442,21 @@ _clearupdns() { ( if ! . "$d_api"; then - _err "Load file $d_api error. Please check your api file and try again." + _err "Error loading file $d_api. Please check your API file and try again." return 1 fi rmcommand="${_currentRoot}_rm" if ! _exists "$rmcommand"; then - _err "It seems that your api file doesn't define $rmcommand" + _err "It seems that your API file doesn't define $rmcommand" return 1 fi _info "Removing txt: $txt for domain: $txtdomain" if ! $rmcommand "$txtdomain" "$txt"; then - _err "Error removing txt for domain:$txtdomain" + _err "Error removing txt for domain: $txtdomain" return 1 fi - _info "Removed: Success" + _info "Successfully removed" ) done @@ -3421,7 +3466,7 @@ _clearupdns() { _clearupwebbroot() { __webroot="$1" if [ -z "$__webroot" ]; then - _debug "no webroot specified, skip" + _debug "No webroot specified, skipping" return 0 fi @@ -3433,12 +3478,12 @@ _clearupwebbroot() { elif [ "$2" = '3' ]; then _rmpath="$__webroot/.well-known/acme-challenge/$3" else - _debug "Skip for removelevel:$2" + _debug "Skipping for removelevel: $2" fi if [ "$_rmpath" ]; then if [ "$DEBUG" ]; then - _debug "Debugging, skip removing: $_rmpath" + _debug "Debugging, not removing: $_rmpath" else rm -rf "$_rmpath" fi @@ -3459,13 +3504,13 @@ _on_before_issue() { _debug _chk_alt_domains "$_chk_alt_domains" #run pre hook if [ "$_chk_pre_hook" ]; then - _info "Run pre hook:'$_chk_pre_hook'" + _info "Runing pre hook:'$_chk_pre_hook'" if ! ( export Le_Domain="$_chk_main_domain" export Le_Alt="$_chk_alt_domains" cd "$DOMAIN_PATH" && eval "$_chk_pre_hook" ); then - _err "Error when run pre hook." + _err "Error occurred when running pre hook." return 1 fi fi @@ -3490,7 +3535,7 @@ _on_before_issue() { if [ -z "$d" ]; then break fi - _debug "Check for domain" "$d" + _debug "Checking for domain" "$d" _currentRoot="$(_getfield "$_chk_web_roots" $_index)" _debug "_currentRoot" "$_currentRoot" _index=$(_math $_index + 1) @@ -3537,7 +3582,7 @@ _on_before_issue() { if _hasfield "$_chk_web_roots" "apache"; then if ! _setApache; then - _err "set up apache error. Report error to me." + _err "Error setting up Apache. Please open an issue on $PROJECT." return 1 fi else @@ -3554,17 +3599,17 @@ _on_issue_err() { if [ "$LOG_FILE" ]; then _err "Please check log file for more details: $LOG_FILE" else - _err "Please add '--debug' or '--log' to check more details." + _err "Please add '--debug' or '--log' to see more information." _err "See: $_DEBUG_WIKI" fi #run the post hook if [ "$_chk_post_hook" ]; then - _info "Run post hook:'$_chk_post_hook'" + _info "Running post hook: '$_chk_post_hook'" if ! ( cd "$DOMAIN_PATH" && eval "$_chk_post_hook" ); then - _err "Error when run post hook." + _err "Error encountered while running post hook." return 1 fi fi @@ -3603,7 +3648,7 @@ _on_issue_success() { #run the post hook if [ "$_chk_post_hook" ]; then - _info "Run post hook:'$_chk_post_hook'" + _info "Running post hook:'$_chk_post_hook'" if ! ( export CERT_PATH export CERT_KEY_PATH @@ -3612,14 +3657,14 @@ _on_issue_success() { export Le_Domain="$_main_domain" cd "$DOMAIN_PATH" && eval "$_chk_post_hook" ); then - _err "Error when run post hook." + _err "Error encountered while running post hook." return 1 fi fi #run renew hook if [ "$_ACME_IS_RENEW" ] && [ "$_chk_renew_hook" ]; then - _info "Run renew hook:'$_chk_renew_hook'" + _info "Running renew hook: '$_chk_renew_hook'" if ! ( export CERT_PATH export CERT_KEY_PATH @@ -3628,7 +3673,7 @@ _on_issue_success() { export Le_Domain="$_main_domain" cd "$DOMAIN_PATH" && eval "$_chk_renew_hook" ); then - _err "Error when run renew hook." + _err "Error encountered while running renew hook." return 1 fi fi @@ -3684,7 +3729,7 @@ _regAccount() { if [ ! -f "$ACCOUNT_KEY_PATH" ]; then if ! _create_account_key "$_reg_length"; then - _err "Create account key error." + _err "Error creating account key." return 1 fi fi @@ -3707,7 +3752,7 @@ _regAccount() { if [ "$ACME_DIRECTORY" = "$CA_ZEROSSL" ]; then if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then - _info "No EAB credentials found for ZeroSSL, let's get one" + _info "No EAB credentials found for ZeroSSL, let's obtain them" if [ -z "$_email" ]; then _info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")" _info "$(__green "Please update your account with an email address first.")" @@ -3718,20 +3763,20 @@ _regAccount() { _eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT) if [ "$?" != "0" ]; then _debug2 "$_eabresp" - _err "Can not get EAB credentials from ZeroSSL." + _err "Cannot get EAB credentials from ZeroSSL." return 1 fi _secure_debug2 _eabresp "$_eabresp" _eab_id="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" _secure_debug2 _eab_id "$_eab_id" if [ -z "$_eab_id" ]; then - _err "Can not resolve _eab_id" + _err "Cannot resolve _eab_id" return 1 fi _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')" _secure_debug2 _eab_hmac_key "$_eab_hmac_key" if [ -z "$_eab_hmac_key" ]; then - _err "Can not resolve _eab_hmac_key" + _err "Cannot resolve _eab_hmac_key" return 1 fi _savecaconf CA_EAB_KEY_ID "$_eab_id" @@ -3751,7 +3796,7 @@ _regAccount() { eab_sign_t="$eab_protected64.$eab_payload64" _debug3 eab_sign_t "$eab_sign_t" - key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 multi | _hex_dump | tr -d ' ')" + key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')" _debug3 key_hex "$key_hex" eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace) @@ -3768,7 +3813,7 @@ _regAccount() { _info "Registering account: $ACME_DIRECTORY" if ! _send_signed_request "${ACME_NEW_ACCOUNT}" "$regjson"; then - _err "Register account Error: $response" + _err "Error registering account: $response" return 1 fi @@ -3779,10 +3824,10 @@ _regAccount() { elif [ "$code" = '409' ] || [ "$code" = '200' ]; then _info "Already registered" elif [ "$code" = '400' ] && _contains "$response" 'The account is not awaiting external account binding'; then - _info "Already register EAB." + _info "EAB already registered" _eabAlreadyBound=1 else - _err "Register account Error: $response" + _err "Account registration error: $response" return 1 fi @@ -3791,7 +3836,7 @@ _regAccount() { _accUri="$(echo "$responseHeaders" | grep -i "^Location:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n ")" _debug "_accUri" "$_accUri" if [ -z "$_accUri" ]; then - _err "Can not find account id url." + _err "Cannot find account id url." _err "$responseHeaders" return 1 fi @@ -3806,7 +3851,7 @@ _regAccount() { _savecaconf CA_KEY_HASH "$CA_KEY_HASH" if [ "$code" = '403' ]; then - _err "It seems that the account key is already deactivated, please use a new account key." + _err "It seems that the account key has been deactivated, please use a new account key." return 1 fi @@ -3819,7 +3864,7 @@ updateaccount() { _initpath if [ ! -f "$ACCOUNT_KEY_PATH" ]; then - _err "Account key is not found at: $ACCOUNT_KEY_PATH" + _err "Account key not found at: $ACCOUNT_KEY_PATH" return 1 fi @@ -3827,8 +3872,7 @@ updateaccount() { _debug _accUri "$_accUri" if [ -z "$_accUri" ]; then - _err "The account url is empty, please run '--update-account' first to update the account info first," - _err "Then try again." + _err "The account URL is empty, please run '--update-account' first to update the account info, then try again." return 1 fi @@ -3850,8 +3894,11 @@ updateaccount() { if [ "$code" = '200' ]; then echo "$response" >"$ACCOUNT_JSON_PATH" _info "Account update success for $_accUri." + + ACCOUNT_THUMBPRINT="$(__calc_account_thumbprint)" + _info "ACCOUNT_THUMBPRINT" "$ACCOUNT_THUMBPRINT" else - _info "Error. The account was not updated." + _info "An error occurred and the account was not updated." return 1 fi } @@ -3861,7 +3908,7 @@ deactivateaccount() { _initpath if [ ! -f "$ACCOUNT_KEY_PATH" ]; then - _err "Account key is not found at: $ACCOUNT_KEY_PATH" + _err "Account key not found at: $ACCOUNT_KEY_PATH" return 1 fi @@ -3869,8 +3916,7 @@ deactivateaccount() { _debug _accUri "$_accUri" if [ -z "$_accUri" ]; then - _err "The account url is empty, please run '--update-account' first to update the account info first," - _err "Then try again." + _err "The account URL is empty, please run '--update-account' first to update the account info, then try again." return 1 fi @@ -3882,13 +3928,13 @@ deactivateaccount() { _djson="{\"status\":\"deactivated\"}" if _send_signed_request "$_accUri" "$_djson" && _contains "$response" '"deactivated"'; then - _info "Deactivate account success for $_accUri." + _info "Successfully deactivated account $_accUri." _accid=$(echo "$response" | _egrep_o "\"id\" *: *[^,]*," | cut -d : -f 2 | tr -d ' ,') elif [ "$code" = "403" ]; then _info "The account is already deactivated." _accid=$(_getfield "$_accUri" "999" "/") else - _err "Deactivate: account failed for $_accUri." + _err "Account deactivation failed for $_accUri." return 1 fi @@ -3902,7 +3948,7 @@ deactivateaccount() { mv "$ACCOUNT_JSON_PATH" "$_deactivated_account_path/" mv "$ACCOUNT_KEY_PATH" "$_deactivated_account_path/" else - _err "Can not create dir: $_deactivated_account_path, try to remove the deactivated account key." + _err "Cannot create dir: $_deactivated_account_path, try to remove the deactivated account key." rm -f "$CA_CONF" rm -f "$ACCOUNT_JSON_PATH" rm -f "$ACCOUNT_KEY_PATH" @@ -3945,28 +3991,28 @@ __get_domain_new_authz() { _Max_new_authz_retry_times=5 _authz_i=0 while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ]; do - _debug "Try new-authz for the $_authz_i time." + _debug "Trying new-authz, attempt number $_authz_i." if ! _send_signed_request "${ACME_NEW_AUTHZ}" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}"; then - _err "Can not get domain new authz." + _err "Cannot get new authz for domain." return 1 fi if _contains "$response" "No registration exists matching provided key"; then - _err "It seems there is an error, but it's recovered now, please try again." - _err "If you see this message for a second time, please report bug: $(__green "$PROJECT")" + _err "There has been an error, but it might now be resolved, please try again." + _err "If you see this message for a second time, please report this as a bug: $(__green "$PROJECT")" _clearcaconf "CA_KEY_HASH" break fi if ! _contains "$response" "An error occurred while processing your request"; then - _info "The new-authz request is ok." + _info "new-authz request successful." break fi _authz_i="$(_math "$_authz_i" + 1)" - _info "The server is busy, Sleep $_authz_i to retry." + _info "The server is busy, sleeping for $_authz_i seconds and retrying." _sleep "$_authz_i" done if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then - _err "new-authz retry reach the max $_Max_new_authz_retry_times times." + _err "new-authz has been retried $_Max_new_authz_retry_times times, stopping." fi if [ "$code" ] && [ "$code" != '201' ]; then @@ -4022,7 +4068,7 @@ _ns_lookup_cf() { _ns_purge_cf() { _cf_d="$1" _cf_d_type="$2" - _debug "Cloudflare purge $_cf_d_type record for domain $_cf_d" + _debug "Purging Cloudflare $_cf_d_type record for domain $_cf_d" _cf_purl="https://cloudflare-dns.com/api/v1/purge?domain=$_cf_d&type=$_cf_d_type" response="$(_post "" "$_cf_purl")" _debug2 response "$response" @@ -4087,21 +4133,21 @@ _ns_lookup_dp() { _ns_select_doh() { if [ -z "$DOH_USE" ]; then - _debug "Detect dns server first." + _debug "Detecting DNS server first." if _ns_is_available_cf; then - _debug "Use cloudflare doh server" + _debug "Using Cloudflare doh server" export DOH_USE=$DOH_CLOUDFLARE elif _ns_is_available_google; then - _debug "Use google doh server" + _debug "Using Google DOH server" export DOH_USE=$DOH_GOOGLE elif _ns_is_available_ali; then - _debug "Use aliyun doh server" + _debug "Using Aliyun DOH server" export DOH_USE=$DOH_ALI elif _ns_is_available_dp; then - _debug "Use dns pod doh server" + _debug "Using DNS POD DOH server" export DOH_USE=$DOH_DP else - _err "No doh" + _err "No DOH" fi fi } @@ -4118,7 +4164,7 @@ _ns_lookup() { elif [ "$DOH_USE" = "$DOH_DP" ]; then _ns_lookup_dp "$@" else - _err "Unknown doh provider: DOH_USE=$DOH_USE" + _err "Unknown DOH provider: DOH_USE=$DOH_USE" fi } @@ -4144,7 +4190,7 @@ __purge_txt() { if [ "$DOH_USE" = "$DOH_CLOUDFLARE" ] || [ -z "$DOH_USE" ]; then _ns_purge_cf "$_p_txtdomain" "TXT" else - _debug "no purge api for this doh api, just sleep 5 secs" + _debug "No purge API for this DOH API, just sleeping for 5 seconds" _sleep 5 fi @@ -4175,17 +4221,17 @@ _check_dns_entries() { _debug "d_api" "$d_api" _info "Checking $d for $aliasDomain" if _contains "$_success_txt" ",$txt,"; then - _info "Already success, continue next one." + _info "Already succeeded, continuing." continue fi if __check_txt "$txtdomain" "$aliasDomain" "$txt"; then - _info "Domain $d '$aliasDomain' success." + _info "Success for domain $d '$aliasDomain'." _success_txt="$_success_txt,$txt," continue fi _left=1 - _info "Not valid yet, let's wait 10 seconds and check next one." + _info "Not valid yet, let's wait for 10 seconds then check the next one." __purge_txt "$txtdomain" if [ "$txtdomain" != "$aliasDomain" ]; then __purge_txt "$aliasDomain" @@ -4193,10 +4239,10 @@ _check_dns_entries() { _sleep 10 done if [ "$_left" ]; then - _info "Let's wait 10 seconds and check again". + _info "Let's wait for 10 seconds and check again". _sleep 10 else - _info "All success, let's return" + _info "All checks succeeded" return 0 fi done @@ -4312,14 +4358,14 @@ _convertValidaty() { elif _endswith "$_dateTo" "d"; then _v_end=$(_math "$_v_begin + 60 * 60 * 24 * $(echo "$_dateTo" | tr -d '+d')") else - _err "Not recognized format for _dateTo: $_dateTo" + _err "Unrecognized format for _dateTo: $_dateTo" return 1 fi _debug2 "_v_end" "$_v_end" _time2str "$_v_end" else if [ "$(_time)" -gt "$(_date2time "$_dateTo")" ]; then - _err "The validaty to is in the past: _dateTo = $_dateTo" + _err "The validity end date is in the past: _dateTo = $_dateTo" return 1 fi echo "$_dateTo" @@ -4383,7 +4429,7 @@ issue() { _valid_to_saved=$(_readdomainconf Le_Valid_to) if [ "$_valid_to_saved" ] && ! _startswith "$_valid_to_saved" "+"; then _info "The domain is set to be valid to: $_valid_to_saved" - _info "It can not be renewed automatically" + _info "It cannot be renewed automatically" _info "See: $_VALIDITY_WIKI" return $RENEW_SKIP fi @@ -4399,8 +4445,8 @@ issue() { if [ "$_normized_saved_domains" = "$_normized_domains" ]; then _info "Domains not changed." - _info "Skip, Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" - _info "Add '$(__red '--force')' to force to renew." + _info "Skipping. Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" + _info "Add '$(__red '--force')' to force renewal." return $RENEW_SKIP else _info "Domains have changed." @@ -4459,7 +4505,7 @@ issue() { return 1 fi else - _debug "_saved_account_key_hash is not changed, skip register account." + _debug "_saved_account_key_hash was not changed, skipping account registration." fi export Le_Next_Domain_Key="$CERT_KEY_PATH.next" @@ -4473,15 +4519,15 @@ issue() { if [ -z "$_key" ]; then _key=2048 fi - _debug "Read key length:$_key" + _debug "Read key length: $_key" if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then if [ "$Le_ForceNewDomainKey" = "1" ] && [ -f "$Le_Next_Domain_Key" ]; then - _info "Using pre generated key: $Le_Next_Domain_Key" + _info "Using pre-generated key: $Le_Next_Domain_Key" cat "$Le_Next_Domain_Key" >"$CERT_KEY_PATH" echo "" >"$Le_Next_Domain_Key" else if ! createDomainKey "$_main_domain" "$_key_length"; then - _err "Create domain key error." + _err "Error creating domain key." _clearup _on_issue_err "$_post_hook" return 1 @@ -4489,18 +4535,18 @@ issue() { fi fi if [ "$Le_ForceNewDomainKey" ]; then - _info "Generate next pre-generate key." + _info "Generating next pre-generate key." if [ ! -e "$Le_Next_Domain_Key" ]; then touch "$Le_Next_Domain_Key" chmod 600 "$Le_Next_Domain_Key" fi if ! _createkey "$_key_length" "$Le_Next_Domain_Key"; then - _err "Can not pre generate domain key" + _err "Cannot pre-generate domain key" return 1 fi fi if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then - _err "Create CSR error." + _err "Error creating CSR." _clearup _on_issue_err "$_post_hook" return 1 @@ -4511,7 +4557,7 @@ issue() { vlist="$Le_Vlist" _cleardomainconf "Le_Vlist" - _info "Getting domain auth token for each domain" + _debug "Getting domain auth token for each domain" sep='#' dvsep=',' if [ -z "$vlist" ]; then @@ -4536,7 +4582,7 @@ issue() { _debug2 "_valid_from" "$_valid_from" _notBefore="$(_convertValidaty "" "$_valid_from")" if [ "$?" != "0" ]; then - _err "Can not parse _valid_from: $_valid_from" + _err "Cannot parse _valid_from: $_valid_from" return 1 fi if [ "$(_time)" -gt "$(_date2time "$_notBefore")" ]; then @@ -4552,7 +4598,7 @@ issue() { _savedomainconf "Le_Valid_To" "$_valid_to" _notAfter="$(_convertValidaty "$_notBefore" "$_valid_to")" if [ "$?" != "0" ]; then - _err "Can not parse _valid_to: $_valid_to" + _err "Cannot parse _valid_to: $_valid_to" return 1 fi else @@ -4567,19 +4613,29 @@ issue() { if [ "$_notAfter" ]; then _newOrderObj="$_newOrderObj,\"notAfter\": \"$_notAfter\"" fi + _debug "STEP 1, Ordering a Certificate" if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then - _err "Create new order error." + _err "Error creating new order." _clearup _on_issue_err "$_post_hook" return 1 fi + if _contains "$response" "invalid"; then + if echo "$response" | _normalizeJson | grep '"status":"invalid"' >/dev/null 2>&1; then + _err "Create new order with invalid status." + _err "$response" + _clearup + _on_issue_err "$_post_hook" + return 1 + fi + fi Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)" _debug Le_LinkOrder "$Le_LinkOrder" Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)" _debug Le_OrderFinalize "$Le_OrderFinalize" if [ -z "$Le_OrderFinalize" ]; then - _err "Create new order error. Le_OrderFinalize not found. $response" + _err "Error creating new order. Le_OrderFinalize not found. $response" _clearup _on_issue_err "$_post_hook" return 1 @@ -4597,14 +4653,16 @@ issue() { return 1 fi + _debug "STEP 2, Get the authorizations of each domain" #domain and authz map _authorizations_map="" for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do _debug2 "_authz_url" "$_authz_url" if ! _send_signed_request "$_authz_url"; then - _err "get to authz error." + _err "Error getting authz." _err "_authorizations_seg" "$_authorizations_seg" _err "_authz_url" "$_authz_url" + _err "$response" _clearup _on_issue_err "$_post_hook" return 1 @@ -4612,6 +4670,14 @@ issue() { response="$(echo "$response" | _normalizeJson)" _debug2 response "$response" + if echo "$response" | grep '"status":"invalid"' >/dev/null 2>&1; then + _err "get authz objec with invalid status, please try again later." + _err "_authorizations_seg" "$_authorizations_seg" + _err "$response" + _clearup + _on_issue_err "$_post_hook" + return 1 + fi _d="$(echo "$response" | _egrep_o '"value" *: *"[^"]*"' | cut -d : -f 2- | tr -d ' "')" if _contains "$response" "\"wildcard\" *: *true"; then _d="*.$_d" @@ -4666,7 +4732,7 @@ $_authorizations_map" response="$(echo "$_candidates" | sed "s/$_idn_d,//")" _debug2 "response" "$response" if [ -z "$response" ]; then - _err "get to authz error." + _err "Error getting authz." _err "_authorizations_map" "$_authorizations_map" _clearup _on_issue_err "$_post_hook" @@ -4690,10 +4756,10 @@ $_authorizations_map" _debug entry "$entry" if [ -z "$keyauthorization" -a -z "$entry" ]; then - _err "Error, can not get domain token entry $d for $vtype" + _err "Cannot get domain token entry $d for $vtype" _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" if [ "$_supported_vtypes" ]; then - _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" + _err "Supported validation types are: $_supported_vtypes, but you specified: $vtype" fi _clearup _on_issue_err "$_post_hook" @@ -4705,7 +4771,7 @@ $_authorizations_map" _debug token "$token" if [ -z "$token" ]; then - _err "Error, can not get domain token $entry" + _err "Cannot get domain token $entry" _clearup _on_issue_err "$_post_hook" return 1 @@ -4716,7 +4782,7 @@ $_authorizations_map" _debug uri "$uri" if [ -z "$uri" ]; then - _err "Error, can not get domain uri. $entry" + _err "Cannot get domain URI $entry" _clearup _on_issue_err "$_post_hook" return 1 @@ -4745,7 +4811,7 @@ $_authorizations_map" _authz_url=$(echo "$ventry" | cut -d "$sep" -f 6) _debug d "$d" if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then - _debug "$d is already verified, skip $vtype." + _debug "$d has already been verified, skipping $vtype." _alias_index="$(_math "$_alias_index" + 1)" continue fi @@ -4782,37 +4848,37 @@ $_authorizations_map" dns_entry="$dns_entry$dvsep$txt${dvsep}$d_api" _debug2 dns_entry "$dns_entry" if [ "$d_api" ]; then - _debug "Found domain api file: $d_api" + _debug "Found domain API file: $d_api" else if [ "$_currentRoot" != "$W_DNS" ]; then - _err "Can not find dns api hook for: $_currentRoot" - _info "You need to add the txt record manually." + _err "Cannot find DNS API hook for: $_currentRoot" + _info "You need to add the TXT record manually." fi _info "$(__red "Add the following TXT record:")" _info "$(__red "Domain: '$(__green "$txtdomain")'")" _info "$(__red "TXT value: '$(__green "$txt")'")" - _info "$(__red "Please be aware that you prepend _acme-challenge. before your domain")" - _info "$(__red "so the resulting subdomain will be: $txtdomain")" + _info "$(__red "Please make sure to prepend '_acme-challenge.' to your domain")" + _info "$(__red "so that the resulting subdomain is: $txtdomain")" continue fi ( if ! . "$d_api"; then - _err "Load file $d_api error. Please check your api file and try again." + _err "Error loading file $d_api. Please check your API file and try again." return 1 fi addcommand="${_currentRoot}_add" if ! _exists "$addcommand"; then - _err "It seems that your api file is not correct, it must have a function named: $addcommand" + _err "It seems that your API file is incorrect. Make sure it has a function named: $addcommand" return 1 fi - _info "Adding txt value: $txt for domain: $txtdomain" + _info "Adding TXT value: $txt for domain: $txtdomain" if ! $addcommand "$txtdomain" "$txt"; then - _err "Error add txt for domain:$txtdomain" + _err "Error adding TXT record to domain: $txtdomain" return 1 fi - _info "The txt record is added: Success." + _info "The TXT record has been successfully added." ) if [ "$?" != "0" ]; then @@ -4829,7 +4895,7 @@ $_authorizations_map" if [ "$dnsadded" = '0' ]; then _savedomainconf "Le_Vlist" "$vlist" - _debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit." + _debug "DNS record not yet added. Will save to $DOMAIN_CONF and exit." _err "Please add the TXT records to the domains, and re-run with --renew." _on_issue_err "$_post_hook" _clearup @@ -4842,23 +4908,23 @@ $_authorizations_map" if [ "$dns_entries" ]; then if [ -z "$Le_DNSSleep" ]; then - _info "Let's check each DNS record now. Sleep 20 seconds first." + _info "Let's check each DNS record now. Sleeping for 20 seconds first." _sleep 20 if ! _check_dns_entries; then - _err "check dns error." + _err "Error checking DNS." _on_issue_err "$_post_hook" _clearup return 1 fi else _savedomainconf "Le_DNSSleep" "$Le_DNSSleep" - _info "Sleep $(__green $Le_DNSSleep) seconds for the txt records to take effect" + _info "Sleeping for $(__green $Le_DNSSleep) seconds to wait for the the TXT records to take effect" _sleep "$Le_DNSSleep" fi fi NGINX_RESTORE_VLIST="" - _debug "ok, let's start to verify" + _debug "OK, let's start verification" _ncIndex=1 ventries=$(echo "$vlist" | tr "$dvsep" ' ') @@ -4870,7 +4936,7 @@ $_authorizations_map" _currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) _authz_url=$(echo "$ventry" | cut -d "$sep" -f 6) if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then - _info "$d is already verified, skip $vtype." + _info "$d is already verified, skipping $vtype." continue fi @@ -4898,10 +4964,10 @@ $_authorizations_map" sleep 1 _debug serverproc "$serverproc" elif [ "$_currentRoot" = "$MODE_STATELESS" ]; then - _info "Stateless mode for domain:$d" + _info "Stateless mode for domain: $d" _sleep 1 elif _startswith "$_currentRoot" "$NGINX"; then - _info "Nginx mode for domain:$d" + _info "Nginx mode for domain: $d" #set up nginx server FOUND_REAL_NGINX_CONF="" BACKUP_NGINX_CONF="" @@ -4934,26 +5000,26 @@ $_authorizations_map" _debug wellknown_path "$wellknown_path" - _debug "writing token:$token to $wellknown_path/$token" + _debug "Writing token: $token to $wellknown_path/$token" mkdir -p "$wellknown_path" if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then - _err "$d:Can not write token to file : $wellknown_path/$token" + _err "$d: Cannot write token to file: $wellknown_path/$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" return 1 fi if ! chmod a+r "$wellknown_path/$token"; then - _debug "chmod failed, but we just continue." + _debug "chmod failed, will just continue." fi fi elif [ "$vtype" = "$VTYPE_ALPN" ]; then acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")" _debug acmevalidationv1 "$acmevalidationv1" if ! _starttlsserver "$d" "" "$Le_TLSPort" "$keyauthorization" "$_ncaddr" "$acmevalidationv1"; then - _err "Start tls server error." + _err "Error starting TLS server." _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -4962,7 +5028,7 @@ $_authorizations_map" fi if ! __trigger_validation "$uri" "$keyauthorization" "$vtype"; then - _err "$d:Can not get challenge: $response" + _err "$d: Cannot get challenge: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -4971,9 +5037,9 @@ $_authorizations_map" if [ "$code" ] && [ "$code" != '202' ]; then if [ "$code" = '200' ]; then - _debug "trigger validation code: $code" + _debug "Trigger validation code: $code" else - _err "$d:Challenge error: $response" + _err "$d: Challenge error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -4986,11 +5052,11 @@ $_authorizations_map" MAX_RETRY_TIMES=30 fi - _debug "Lets check the status of the authz" + _debug "Let's check the authz status" while true; do waittimes=$(_math "$waittimes" + 1) if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ]; then - _err "$d:Timeout" + _err "$d: Timeout" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -5010,13 +5076,13 @@ $_authorizations_map" errordetail="$(echo "$error" | _egrep_o '"detail": *"[^"]*' | cut -d '"' -f 4)" _debug2 errordetail "$errordetail" if [ "$errordetail" ]; then - _err "Invalid status, $d:Verify error detail:$errordetail" + _err "$d: Invalid status. Verification error details: $errordetail" else - _err "Invalid status, $d:Verify error:$error" + _err "$d: Invalid status, Verification error: $error" fi if [ "$DEBUG" ]; then if [ "$vtype" = "$VTYPE_HTTP" ]; then - _debug "Debug: get token url." + _debug "Debug: GET token URL." _get "http://$d/.well-known/acme-challenge/$token" "" 1 fi fi @@ -5035,46 +5101,59 @@ $_authorizations_map" fi if _contains "$status" "pending"; then - _info "Pending, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)" + _info "Pending. The CA is processing your order, please wait. ($waittimes/$MAX_RETRY_TIMES)" elif _contains "$status" "processing"; then - _info "Processing, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)" + _info "Processing. The CA is processing your order, please wait. ($waittimes/$MAX_RETRY_TIMES)" else - _err "Unknown status: $status, $d:Verify error:$response" + _err "$d: Unknown status: $status. Verification error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" return 1 fi - _debug "sleep 2 secs to verify again" + _debug "Sleep 2 seconds before verifying again" _sleep 2 - _debug "checking" + _debug "Checking" _send_signed_request "$_authz_url" if [ "$?" != "0" ]; then - _err "Invalid code, $d:Verify error:$response" + _err "$d: Invalid code. Verification error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" return 1 fi + _retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *: *[0-9]\+ *" | cut -d : -f 2 | tr -d ' ' | tr -d '\r') + _sleep_overload_retry_sec=$_retryafter + if [ "$_sleep_overload_retry_sec" ]; then + if [ $_sleep_overload_retry_sec -le 600 ]; then + _sleep $_sleep_overload_retry_sec + else + _info "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." + _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearup + _on_issue_err "$_post_hook" "$vlist" + return 1 + fi + fi done done _clearup - _info "Verify finished, start to sign." + _info "Verification finished, beginning signing." der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)" - _info "Lets finalize the order." + _info "Let's finalize the order." _info "Le_OrderFinalize" "$Le_OrderFinalize" if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then - _err "Sign failed." + _err "Signing failed." _on_issue_err "$_post_hook" return 1 fi if [ "$code" != "200" ]; then - _err "Sign failed, finalize code is not 200." + _err "Signing failed. Finalize code was not 200." _err "$response" _on_issue_err "$_post_hook" return 1 @@ -5093,38 +5172,38 @@ $_authorizations_map" Le_LinkCert="$(echo "$response" | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)" _debug Le_LinkCert "$Le_LinkCert" if [ -z "$Le_LinkCert" ]; then - _err "Sign error, can not find Le_LinkCert" + _err "A signing error occurred: could not find Le_LinkCert" _err "$response" _on_issue_err "$_post_hook" return 1 fi break elif _contains "$response" "\"processing\""; then - _info "Order status is processing, lets sleep and retry." + _info "Order status is 'processing', let's sleep and retry." _retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *:" | cut -d : -f 2 | tr -d ' ' | tr -d '\r') _debug "_retryafter" "$_retryafter" if [ "$_retryafter" ]; then - _info "Retry after: $_retryafter" + _info "Sleeping for $_retryafter seconds then retrying" _sleep $_retryafter else _sleep 2 fi else - _err "Sign error, wrong status" + _err "Signing error: wrong status" _err "$response" _on_issue_err "$_post_hook" return 1 fi #the order is processing, so we are going to poll order status if [ -z "$Le_LinkOrder" ]; then - _err "Sign error, can not get order link location header" + _err "Signing error: could not get order link location header" _err "responseHeaders" "$responseHeaders" _on_issue_err "$_post_hook" return 1 fi _info "Polling order status: $Le_LinkOrder" if ! _send_signed_request "$Le_LinkOrder"; then - _err "Sign failed, can not post to Le_LinkOrder cert:$Le_LinkOrder." + _err "Signing failed. Could not make POST request to Le_LinkOrder for cert: $Le_LinkOrder." _err "$response" _on_issue_err "$_post_hook" return 1 @@ -5133,7 +5212,7 @@ $_authorizations_map" done if [ -z "$Le_LinkCert" ]; then - _err "Sign failed, can not get Le_LinkCert, retry time limit." + _err "Signing failed. Could not get Le_LinkCert, and stopped retrying after reaching the retry limit." _err "$response" _on_issue_err "$_post_hook" return 1 @@ -5141,7 +5220,7 @@ $_authorizations_map" _info "Downloading cert." _info "Le_LinkCert" "$Le_LinkCert" if ! _send_signed_request "$Le_LinkCert"; then - _err "Sign failed, can not download cert:$Le_LinkCert." + _err "Signing failed. Could not download cert: $Le_LinkCert." _err "$response" _on_issue_err "$_post_hook" return 1 @@ -5154,15 +5233,15 @@ $_authorizations_map" fi if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then if [ "$DEBUG" ]; then - _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" + _debug "Default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" fi if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" _debug2 "rels" "$rels" for rel in $rels; do - _info "Try rel: $rel" + _info "Trying rel: $rel" if ! _send_signed_request "$rel"; then - _err "Sign failed, can not download cert:$rel" + _err "Signing failed, could not download cert: $rel" _err "$response" continue fi @@ -5196,7 +5275,7 @@ $_authorizations_map" if [ -z "$Le_LinkCert" ] || ! _checkcert "$CERT_PATH"; then response="$(echo "$response" | _dbase64 "multiline" | tr -d '\0' | _normalizeJson)" - _err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" + _err "Signing failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" _on_issue_err "$_post_hook" return 1 fi @@ -5218,9 +5297,9 @@ $_authorizations_map" fi [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")" - [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")" + [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full-chain cert is in: $(__green "$CERT_FULLCHAIN_PATH")" if [ "$Le_ForceNewDomainKey" ] && [ -e "$Le_Next_Domain_Key" ]; then - _info "Your pre-generated next key for future cert key change is in: $(__green "$Le_Next_Domain_Key")" + _info "Your pre-generated key for future cert key changes is in: $(__green "$Le_Next_Domain_Key")" fi Le_CertCreateTime=$(_time) @@ -5270,8 +5349,8 @@ $_authorizations_map" Le_NextRenewTime=$(_date2time "$_notAfter") Le_NextRenewTimeStr="$_notAfter" if [ "$_valid_to" ] && ! _startswith "$_valid_to" "+"; then - _info "The domain is set to be valid to: $_valid_to" - _info "It can not be renewed automatically" + _info "The domain is set to be valid until: $_valid_to" + _info "It cannot be renewed automatically" _info "See: $_VALIDITY_WIKI" else _now=$(_time) @@ -5296,6 +5375,12 @@ $_authorizations_map" _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" + #convert to pkcs12 + if [ "$Le_PFXPassword" ]; then + _toPkcs "$CERT_PFX_PATH" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$Le_PFXPassword" + fi + export CERT_PFX_PATH + if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then _savedomainconf "Le_RealCertPath" "$_real_cert" _savedomainconf "Le_RealCACertPath" "$_real_ca" @@ -5308,7 +5393,7 @@ $_authorizations_map" fi if ! _on_issue_success "$_post_hook" "$_renew_hook"; then - _err "Call hook error." + _err "Error calling hook." return 1 fi } @@ -5344,9 +5429,9 @@ renew() { _initpath "$Le_Domain" "$_isEcc" _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} - _info "$(__green "Renew: '$Le_Domain'")" + _info "$(__green "Renewing: '$Le_Domain'")" if [ ! -f "$DOMAIN_CONF" ]; then - _info "'$Le_Domain' is not an issued domain, skip." + _info "'$Le_Domain' is not an issued domain, skipping." return $RENEW_SKIP fi @@ -5375,7 +5460,7 @@ renew() { if [ "$_server" ]; then Le_API="$_server" fi - _info "Renew to Le_API=$Le_API" + _info "Renewing using Le_API=$Le_API" _clearAPI _clearCA @@ -5386,8 +5471,8 @@ renew() { _initpath "$Le_Domain" "$_isEcc" if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then - _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" - _info "Add '$(__red '--force')' to force to renew." + _info "Skipping. Next renewal time is: $(__green "$Le_NextRenewTimeStr")" + _info "Add '$(__red '--force')' to force renewal." if [ -z "$_ACME_IN_RENEWALL" ]; then if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then _send_notify "Renew $Le_Domain skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" @@ -5397,7 +5482,7 @@ renew() { fi if [ "$_ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then - _info "Skip invalid cert for: $Le_Domain" + _info "Skipping invalid cert for: $Le_Domain" return $RENEW_SKIP fi @@ -5463,7 +5548,7 @@ renewAll() { for di in "${CERT_HOME}"/*.*/; do _debug di "$di" if ! [ -d "$di" ]; then - _debug "Not a directory, skip: $di" + _debug "Not a directory, skipping: $di" continue fi d=$(basename "$di") @@ -5521,12 +5606,12 @@ renewAll() { _error_msg="${_error_msg} $d " if [ "$_stopRenewOnError" ]; then - _err "Error renew $d, stop now." + _err "Error renewing $d, stopping." _ret="$rc" break else _ret="$rc" - _err "Error renew $d." + _err "Error renewing $d." fi fi done @@ -5537,13 +5622,13 @@ renewAll() { _msg_subject="Renew" if [ "$_error_msg" ]; then _msg_subject="${_msg_subject} Error" - _msg_data="Error certs: + _msg_data="Errored certs: ${_error_msg} " fi if [ "$_success_msg" ]; then _msg_subject="${_msg_subject} Success" - _msg_data="${_msg_data}Success certs: + _msg_data="${_msg_data}Successful certs: ${_success_msg} " fi @@ -5584,18 +5669,18 @@ signcsr() { _csrsubj=$(_readSubjectFromCSR "$_csrfile") if [ "$?" != "0" ]; then - _err "Can not read subject from csr: $_csrfile" + _err "Cannot read subject from CSR: $_csrfile" return 1 fi _debug _csrsubj "$_csrsubj" if _contains "$_csrsubj" ' ' || ! _contains "$_csrsubj" '.'; then - _info "It seems that the subject: $_csrsubj is not a valid domain name. Drop it." + _info "It seems that the subject $_csrsubj is not a valid domain name. Dropping it." _csrsubj="" fi _csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile") if [ "$?" != "0" ]; then - _err "Can not read domain list from csr: $_csrfile" + _err "Cannot read domain list from CSR: $_csrfile" return 1 fi _debug "_csrdomainlist" "$_csrdomainlist" @@ -5608,20 +5693,20 @@ signcsr() { fi if [ -z "$_csrsubj" ]; then - _err "Can not read subject from csr: $_csrfile" + _err "Cannot read subject from CSR: $_csrfile" return 1 fi _csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then - _err "Can not read key length from csr: $_csrfile" + _err "Cannot read key length from CSR: $_csrfile" return 1 fi _initpath "$_csrsubj" "$_csrkeylength" mkdir -p "$DOMAIN_PATH" - _info "Copy csr to: $CSR_PATH" + _info "Copying CSR to: $CSR_PATH" cp "$_csrfile" "$CSR_PATH" issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain" @@ -5640,18 +5725,18 @@ showcsr() { _csrsubj=$(_readSubjectFromCSR "$_csrfile") if [ "$?" != "0" ]; then - _err "Can not read subject from csr: $_csrfile" + _err "Cannot read subject from CSR: $_csrfile" return 1 fi if [ -z "$_csrsubj" ]; then - _info "The Subject is empty" + _info "The subject is empty" fi _info "Subject=$_csrsubj" _csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile") if [ "$?" != "0" ]; then - _err "Can not read domain list from csr: $_csrfile" + _err "Cannot read domain list from CSR: $_csrfile" return 1 fi _debug "_csrdomainlist" "$_csrdomainlist" @@ -5660,7 +5745,7 @@ showcsr() { _csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then - _err "Can not read key length from csr: $_csrfile" + _err "Cannot read key length from CSR: $_csrfile" return 1 fi _info "KeyLength=$_csrkeylength" @@ -5716,29 +5801,29 @@ _deploy() { for _d_api in $(echo "$_hooks" | tr ',' " "); do _deployApi="$(_findHook "$_d" $_SUB_FOLDER_DEPLOY "$_d_api")" if [ -z "$_deployApi" ]; then - _err "The deploy hook $_d_api is not found." + _err "The deploy hook $_d_api was not found." return 1 fi _debug _deployApi "$_deployApi" if ! ( if ! . "$_deployApi"; then - _err "Load file $_deployApi error. Please check your api file and try again." + _err "Error loading file $_deployApi. Please check your API file and try again." return 1 fi d_command="${_d_api}_deploy" if ! _exists "$d_command"; then - _err "It seems that your api file is not correct, it must have a function named: $d_command" + _err "It seems that your API file is not correct. Make sure it has a function named: $d_command" return 1 fi if ! $d_command "$_d" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then - _err "Error deploy for domain:$_d" + _err "Error deploying for domain: $_d" return 1 fi ); then - _err "Deploy error." + _err "Error encountered while deploying." return 1 else _info "$(__green Success)" @@ -5759,7 +5844,7 @@ deploy() { _initpath "$_d" "$_isEcc" if [ ! -d "$DOMAIN_PATH" ]; then _err "The domain '$_d' is not a cert name. You must use the cert name to specify the cert to install." - _err "Can not find path:'$DOMAIN_PATH'" + _err "Cannot find path: '$DOMAIN_PATH'" return 1 fi @@ -5788,7 +5873,7 @@ installcert() { _initpath "$_main_domain" "$_isEcc" if [ ! -d "$DOMAIN_PATH" ]; then _err "The domain '$_main_domain' is not a cert name. You must use the cert name to specify the cert to install." - _err "Can not find path:'$DOMAIN_PATH'" + _err "Cannot find path: '$DOMAIN_PATH'" return 1 fi @@ -5883,7 +5968,7 @@ _installcert() { fi if [ "$_reload_cmd" ]; then - _info "Run reload cmd: $_reload_cmd" + _info "Running reload cmd: $_reload_cmd" if ( export CERT_PATH export CERT_KEY_PATH @@ -5894,9 +5979,9 @@ _installcert() { export Le_Next_Domain_Key cd "$DOMAIN_PATH" && eval "$_reload_cmd" ); then - _info "$(__green "Reload success")" + _info "$(__green "Reload successful")" else - _err "Reload error for :$Le_Domain" + _err "Reload error for: $Le_Domain" fi fi @@ -5924,25 +6009,25 @@ _install_win_taskscheduler() { return 1 fi if ! _exists schtasks; then - _err "schtasks.exe is not found, are you on Windows?" + _err "schtasks.exe was not found, are you on Windows?" return 1 fi _winbash="$(cygpath -w $(which bash))" _debug _winbash "$_winbash" if [ -z "$_winbash" ]; then - _err "can not find bash path" + _err "Cannot find bash path" return 1 fi _myname="$(whoami)" _debug "_myname" "$_myname" if [ -z "$_myname" ]; then - _err "can not find my user name" + _err "Can not find own username" return 1 fi _debug "_lesh" "$_lesh" - _info "To install scheduler task in your Windows account, you must input your windows password." - _info "$PROJECT_NAME doesn't save your password." + _info "To install the scheduler task to your Windows account, you must input your Windows password." + _info "$PROJECT_NAME will not save your password." _info "Please input your Windows password for: $(__green "$_myname")" _password="$(__read_password)" #SCHTASKS.exe '/create' '/SC' 'DAILY' '/TN' "$_WINDOWS_SCHEDULER_NAME" '/F' '/ST' "00:$_randomminute" '/RU' "$_myname" '/RP' "$_password" '/TR' "$_winbash -l -c '$_lesh --cron --home \"$LE_WORKING_DIR\" $_centry'" >/dev/null @@ -5953,11 +6038,11 @@ _install_win_taskscheduler() { _uninstall_win_taskscheduler() { if ! _exists schtasks; then - _err "schtasks.exe is not found, are you on Windows?" + _err "schtasks.exe was not found, are you on Windows?" return 1 fi if ! echo SCHTASKS /query /tn "$_WINDOWS_SCHEDULER_NAME" | cmd.exe >/dev/null; then - _debug "scheduler $_WINDOWS_SCHEDULER_NAME is not found." + _debug "scheduler $_WINDOWS_SCHEDULER_NAME was not found." else _info "Removing $_WINDOWS_SCHEDULER_NAME" echo SCHTASKS /delete /f /tn "$_WINDOWS_SCHEDULER_NAME" | cmd.exe >/dev/null @@ -5976,10 +6061,10 @@ installcronjob() { _script="$(_readlink "$_SCRIPT_")" _debug _script "$_script" if [ -f "$_script" ]; then - _info "Using the current script from: $_script" + _info "Usinging the current script from: $_script" lesh="$_script" else - _err "Can not install cronjob, $PROJECT_ENTRY not found." + _err "Cannot install cronjob, $PROJECT_ENTRY not found." return 1 fi fi @@ -5996,18 +6081,18 @@ installcronjob() { if ! _exists "$_CRONTAB"; then if _exists cygpath && _exists schtasks.exe; then - _info "It seems you are on Windows, let's install Windows scheduler task." + _info "It seems you are on Windows, let's install the Windows scheduler task." if _install_win_taskscheduler "$lesh" "$_c_entry" "$random_minute"; then - _info "Install Windows scheduler task success." + _info "Successfully installed Windows scheduler task." return 0 else - _err "Install Windows scheduler task failed." + _err "Failed to install Windows scheduler task." return 1 fi fi - _err "crontab/fcrontab doesn't exist, so, we can not install cron jobs." - _err "All your certs will not be renewed automatically." - _err "You must add your own cron job to call '$PROJECT_ENTRY --cron' everyday." + _err "crontab/fcrontab doesn't exist, so we cannot install cron jobs." + _err "Your certs will not be renewed automatically." + _err "You must add your own cron job to call '$PROJECT_ENTRY --cron' every day." return 1 fi _info "Installing cron job" @@ -6023,8 +6108,8 @@ installcronjob() { } | $_CRONTAB_STDIN fi if [ "$?" != "0" ]; then - _err "Install cron job failed. You need to manually renew your certs." - _err "Or you can add cronjob by yourself:" + _err "Failed to install cron job. You need to manually renew your certs." + _err "Alternatively, you can add a cron job by yourself:" _err "$lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" return 1 fi @@ -6038,12 +6123,12 @@ uninstallcronjob() { if ! _exists "$_CRONTAB"; then if _exists cygpath && _exists schtasks.exe; then - _info "It seems you are on Windows, let's uninstall Windows scheduler task." + _info "It seems you are on Windows, let's uninstall the Windows scheduler task." if _uninstall_win_taskscheduler; then - _info "Uninstall Windows scheduler task success." + _info "Successfully uninstalled Windows scheduler task." return 0 else - _err "Uninstall Windows scheduler task failed." + _err "Failed to uninstall Windows scheduler task." return 1 fi fi @@ -6083,12 +6168,12 @@ revoke() { fi _initpath "$Le_Domain" "$_isEcc" if [ ! -f "$DOMAIN_CONF" ]; then - _err "$Le_Domain is not a issued domain, skip." + _err "$Le_Domain is not an issued domain, skipping." return 1 fi if [ ! -f "$CERT_PATH" ]; then - _err "Cert for $Le_Domain $CERT_PATH is not found, skip." + _err "Cert for $Le_Domain $CERT_PATH was not found, skipping." return 1 fi @@ -6112,7 +6197,7 @@ revoke() { cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _url_replace)" if [ -z "$cert" ]; then - _err "Cert for $Le_Domain is empty found, skip." + _err "Cert for $Le_Domain is empty, skipping." return 1 fi @@ -6122,31 +6207,31 @@ revoke() { uri="${ACME_REVOKE_CERT}" - _info "Try account key first." + _info "Trying account key first." if _send_signed_request "$uri" "$data" "" "$ACCOUNT_KEY_PATH"; then if [ -z "$response" ]; then - _info "Revoke success." + _info "Successfully revoked." rm -f "$CERT_PATH" cat "$CERT_KEY_PATH" >"$CERT_KEY_PATH.revoked" cat "$CSR_PATH" >"$CSR_PATH.revoked" return 0 else - _err "Revoke error." + _err "Error revoking." _debug "$response" fi fi if [ -f "$CERT_KEY_PATH" ]; then - _info "Try domain key." + _info "Trying domain key." if _send_signed_request "$uri" "$data" "" "$CERT_KEY_PATH"; then if [ -z "$response" ]; then - _info "Revoke success." + _info "Successfully revoked." rm -f "$CERT_PATH" cat "$CERT_KEY_PATH" >"$CERT_KEY_PATH.revoked" cat "$CSR_PATH" >"$CSR_PATH.revoked" return 0 else - _err "Revoke error by domain key." + _err "Error revoking using domain key." _err "$response" fi fi @@ -6170,19 +6255,19 @@ remove() { _removed_conf="$DOMAIN_CONF.removed" if [ ! -f "$DOMAIN_CONF" ]; then if [ -f "$_removed_conf" ]; then - _err "$Le_Domain is already removed, You can remove the folder by yourself: $DOMAIN_PATH" + _err "$Le_Domain has already been removed. You can remove the folder by yourself: $DOMAIN_PATH" else - _err "$Le_Domain is not a issued domain, skip." + _err "$Le_Domain is not an issued domain, skipping." fi return 1 fi if mv "$DOMAIN_CONF" "$_removed_conf"; then - _info "$Le_Domain is removed, the key and cert files are in $(__green $DOMAIN_PATH)" + _info "$Le_Domain has been removed. The key and cert files are in $(__green $DOMAIN_PATH)" _info "You can remove them by yourself." return 0 else - _err "Remove $Le_Domain failed." + _err "Failed to remove $Le_Domain." return 1 fi } @@ -6212,7 +6297,7 @@ _deactivate() { _identifiers="{\"type\":\"$(_getIdType "$_d_domain")\",\"value\":\"$_d_domain\"}" if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then - _err "Can not get domain new order." + _err "Cannot get new order for domain." return 1 fi _authorizations_seg="$(echo "$response" | _egrep_o '"authorizations" *: *\[[^\]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')" @@ -6227,7 +6312,7 @@ _deactivate() { authzUri="$_authorizations_seg" _debug2 "authzUri" "$authzUri" if ! _send_signed_request "$authzUri"; then - _err "get to authz error." + _err "Error making GET request for authz." _err "_authorizations_seg" "$_authorizations_seg" _err "authzUri" "$authzUri" _clearup @@ -6250,7 +6335,7 @@ _deactivate() { entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" if [ -z "$entry" ]; then - _err "Error, can not get domain token $d" + _err "$d: Cannot get domain token" return 1 fi token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" @@ -6268,13 +6353,13 @@ _deactivate() { _d_i=0 _d_max_retry=$(echo "$entries" | wc -l) while [ "$_d_i" -lt "$_d_max_retry" ]; do - _info "Deactivate: $_d_domain" + _info "Deactivating $_d_domain" _d_i="$(_math $_d_i + 1)" entry="$(echo "$entries" | sed -n "${_d_i}p")" _debug entry "$entry" if [ -z "$entry" ]; then - _info "No more valid entry found." + _info "No more valid entries found." break fi @@ -6286,27 +6371,27 @@ _deactivate() { _debug uri "$uri" if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ]; then - _info "Skip $_vtype" + _info "Skipping $_vtype" continue fi - _info "Deactivate: $_vtype" + _info "Deactivating $_vtype" _djson="{\"status\":\"deactivated\"}" if _send_signed_request "$authzUri" "$_djson" && _contains "$response" '"deactivated"'; then - _info "Deactivate: $_vtype success." + _info "Successfully deactivated $_vtype." else - _err "Can not deactivate $_vtype." + _err "Could not deactivate $_vtype." break fi done _debug "$_d_i" if [ "$_d_i" -eq "$_d_max_retry" ]; then - _info "Deactivated success!" + _info "Successfully deactivated!" else - _err "Deactivate failed." + _err "Deactivation failed." fi } @@ -6387,17 +6472,17 @@ _precheck() { _nocron="$1" if ! _exists "curl" && ! _exists "wget"; then - _err "Please install curl or wget first, we need to access http resources." + _err "Please install curl or wget first to enable access to HTTP resources." return 1 fi if [ -z "$_nocron" ]; then if ! _exists "crontab" && ! _exists "fcrontab"; then if _exists cygpath && _exists schtasks.exe; then - _info "It seems you are on Windows, we will install Windows scheduler task." + _info "It seems you are on Windows, we will install the Windows scheduler task." else - _err "It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'." - _err "We need to set cron job to renew the certs automatically." + _err "It is recommended to install crontab first. Try to install 'cron', 'crontab', 'crontabs' or 'vixie-cron'." + _err "We need to set a cron job to renew the certs automatically." _err "Otherwise, your certs will not be able to be renewed automatically." if [ -z "$FORCE" ]; then _err "Please add '--force' and try install again to go without crontab." @@ -6416,8 +6501,8 @@ _precheck() { if ! _exists "socat"; then _err "It is recommended to install socat first." - _err "We use socat for standalone server if you use standalone mode." - _err "If you don't use standalone mode, just ignore this warning." + _err "We use socat for the standalone server, which is used for standalone mode." + _err "If you don't want to use standalone mode, you may ignore this warning." fi return 0 @@ -6465,9 +6550,9 @@ _installalias() { _debug "Found profile: $_profile" _info "Installing alias to '$_profile'" _setopt "$_profile" ". \"$_envfile\"" - _info "OK, Close and reopen your terminal to start using $PROJECT_NAME" + _info "Close and reopen your terminal to start using $PROJECT_NAME" else - _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME" + _info "No profile has been found, you will need to change your working directory to $LE_WORKING_DIR to use $PROJECT_NAME" fi #for csh @@ -6516,12 +6601,12 @@ install() { return 1 fi if [ "$_nocron" ]; then - _debug "Skip install cron job" + _debug "Skipping cron job installation" fi if [ "$_ACME_IN_CRON" != "1" ]; then if ! _precheck "$_nocron"; then - _err "Pre-check failed, can not install." + _err "Pre-check failed, cannot install." return 1 fi fi @@ -6551,7 +6636,7 @@ install() { if [ ! -d "$LE_WORKING_DIR" ]; then if ! mkdir -p "$LE_WORKING_DIR"; then - _err "Can not create working dir: $LE_WORKING_DIR" + _err "Cannot create working dir: $LE_WORKING_DIR" return 1 fi @@ -6560,7 +6645,7 @@ install() { if [ ! -d "$LE_CONFIG_HOME" ]; then if ! mkdir -p "$LE_CONFIG_HOME"; then - _err "Can not create config dir: $LE_CONFIG_HOME" + _err "Cannot create config dir: $LE_CONFIG_HOME" return 1 fi @@ -6570,7 +6655,7 @@ install() { cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" if [ "$?" != "0" ]; then - _err "Install failed, can not copy $PROJECT_ENTRY" + _err "Installation failed, cannot copy $PROJECT_ENTRY" return 1 fi @@ -6616,7 +6701,7 @@ install() { fi fi if [ "$_bash_path" ]; then - _info "Good, bash is found, so change the shebang to use bash as preferred." + _info "bash has been found. Changing the shebang to use bash as preferred." _shebang='#!'"$_bash_path" _setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang" for subf in $_SUB_FOLDERS; do @@ -6647,7 +6732,7 @@ uninstall() { _uninstallalias rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY" - _info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\", you can remove them by yourself." + _info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\". You can remove them by yourself." } @@ -6685,7 +6770,7 @@ cron() { export LE_WORKING_DIR ( if ! upgrade; then - _err "Cron:Upgrade failed!" + _err "Cron: Upgrade failed!" return 1 fi ) @@ -6695,7 +6780,7 @@ cron() { __INTERACTIVE="1" fi - _info "Auto upgraded to: $VER" + _info "Automatically upgraded to: $VER" fi renewAll _ret="$?" @@ -6717,12 +6802,12 @@ _send_notify() { _nerror="$4" if [ "$NOTIFY_LEVEL" = "$NOTIFY_LEVEL_DISABLE" ]; then - _debug "The NOTIFY_LEVEL is $NOTIFY_LEVEL, disabled, just return." + _debug "The NOTIFY_LEVEL is $NOTIFY_LEVEL, which means it's disabled, so will just return." return 0 fi if [ -z "$_nhooks" ]; then - _debug "The NOTIFY_HOOK is empty, just return." + _debug "The NOTIFY_HOOK is empty, will just return." return 0 fi @@ -6739,29 +6824,29 @@ _send_notify() { _info "Sending via: $_n_hook" _debug "Found $_n_hook_file for $_n_hook" if [ -z "$_n_hook_file" ]; then - _err "Can not find the hook file for $_n_hook" + _err "Cannot find the hook file for $_n_hook" continue fi if ! ( if ! . "$_n_hook_file"; then - _err "Load file $_n_hook_file error. Please check your api file and try again." + _err "Error loading file $_n_hook_file. Please check your API file and try again." return 1 fi d_command="${_n_hook}_send" if ! _exists "$d_command"; then - _err "It seems that your api file is not correct, it must have a function named: $d_command" + _err "It seems that your API file is not correct. Make sure it has a function named: $d_command" return 1 fi if ! $d_command "$_nsubject" "$_ncontent" "$_nerror"; then - _err "Error send message by $d_command" + _err "Error sending message using $d_command" return 1 fi return 0 ); then - _err "Set $_n_hook_file error." + _err "Error setting $_n_hook_file." _send_err=1 else _info "$_n_hook $(__green Success)" @@ -6818,7 +6903,7 @@ setnotify() { if [ "$_nhook" ]; then _info "Set notify hook to: $_nhook" if [ "$_nhook" = "$NO_VALUE" ]; then - _info "Clear notify hook" + _info "Clearing notify hook" _clearaccountconf "NOTIFY_HOOK" else if _set_notify_hook "$_nhook"; then @@ -6826,7 +6911,7 @@ setnotify() { _saveaccountconf "NOTIFY_HOOK" "$NOTIFY_HOOK" return 0 else - _err "Can not set notify hook to: $_nhook" + _err "Cannot set notify hook to: $_nhook" return 1 fi fi @@ -6846,7 +6931,7 @@ Commands: --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. --issue Issue a cert. --deploy Deploy the cert to your server. - -i, --install-cert Install the issued cert to apache/nginx or any other server. + -i, --install-cert Install the issued cert to Apache/nginx or any other server. -r, --renew Renew a cert. --renew-all Renew all the certs. --revoke Revoke a cert. @@ -6902,7 +6987,7 @@ Parameters: --stateless Use stateless mode. See: $_STATELESS_WIKI - --apache Use apache mode. + --apache Use Apache mode. --dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted. See: $_DNS_API_WIKI @@ -6917,7 +7002,7 @@ Parameters: --eab-hmac-key HMAC key for External Account Binding. - These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: + These parameters are to install the cert to nginx/Apache or any other server after issue/renew a cert: --cert-file Path to copy the cert file to after issue/renew. --key-file Path to copy the key file to after issue/renew. @@ -6956,6 +7041,7 @@ Parameters: --post-hook Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed. --renew-hook Command to be run after each successfully renewed certificate. --deploy-hook The hook file to deploy cert + --extended-key-usage Manually define the CSR extended key usage value. The default is serverAuth,clientAuth. --ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension. --always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default. --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted. @@ -7024,8 +7110,8 @@ installOnline() { _getRepoHash() { _hash_path=$1 shift - _hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/$_hash_path" - _get $_hash_url | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4 + _hash_url="${PROJECT_API:-https://api.github.com/repos/acmesh-official}/$PROJECT_NAME/git/refs/$_hash_path" + _get "$_hash_url" "" 30 | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4 } _getUpgradeHash() { @@ -7041,12 +7127,12 @@ _getUpgradeHash() { upgrade() { if ( _initpath - [ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0 + [ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already up to date!" && exit 0 export LE_WORKING_DIR cd "$LE_WORKING_DIR" installOnline "--nocron" "--noprofile" ); then - _info "Upgrade success!" + _info "Upgrade successful!" exit 0 else _err "Upgrade failed!" @@ -7082,7 +7168,7 @@ _processAccountConf() { } _checkSudo() { - if [ -z "__INTERACTIVE" ]; then + if [ -z "$__INTERACTIVE" ]; then #don't check if it's not in an interactive shell return 0 fi @@ -7162,7 +7248,7 @@ _getCAShortName() { #set default ca to $ACME_DIRECTORY setdefaultca() { if [ -z "$ACME_DIRECTORY" ]; then - _err "Please give a --server parameter." + _err "Please provide a --server parameter." return 1 fi _saveaccountconf "DEFAULT_ACME_SERVER" "$ACME_DIRECTORY" @@ -7174,7 +7260,7 @@ setdefaultchain() { _initpath _preferred_chain="$1" if [ -z "$_preferred_chain" ]; then - _err "Please give a '--preferred-chain value' value." + _err "Please provide a value for '--preferred-chain'." return 1 fi mkdir -p "$CA_DIR" @@ -7372,7 +7458,7 @@ _process() { return 1 fi if _is_idn "$_dvalue" && ! _exists idn; then - _err "It seems that $_dvalue is an IDN( Internationalized Domain Names), please install 'idn' command first." + _err "It seems that $_dvalue is an IDN (Internationalized Domain Names), please install the 'idn' command first." return 1 fi @@ -7647,6 +7733,10 @@ _process() { _deploy_hook="$_deploy_hook$2," shift ;; + --extended-key-usage) + Le_ExtKeyUse="$2" + shift + ;; --ocsp-must-staple | --ocsp) Le_OCSP_Staple="1" ;; @@ -7734,7 +7824,7 @@ _process() { --notify-level) _nlevel="$2" if _startswith "$_nlevel" "-"; then - _err "'$_nlevel' is not a integer for '$1'" + _err "'$_nlevel' is not an integer for '$1'" return 1 fi _notify_level="$_nlevel" @@ -7743,7 +7833,7 @@ _process() { --notify-mode) _nmode="$2" if _startswith "$_nmode" "-"; then - _err "'$_nmode' is not a integer for '$1'" + _err "'$_nmode' is not an integer for '$1'" return 1 fi _notify_mode="$_nmode" @@ -7752,7 +7842,7 @@ _process() { --notify-source) _nsource="$2" if _startswith "$_nsource" "-"; then - _err "'$_nsource' is not valid host name for '$1'" + _err "'$_nsource' is not a valid host name for '$1'" return 1 fi _notify_source="$_nsource" @@ -7761,7 +7851,7 @@ _process() { --revoke-reason) _revoke_reason="$2" if _startswith "$_revoke_reason" "-"; then - _err "'$_revoke_reason' is not a integer for '$1'" + _err "'$_revoke_reason' is not an integer for '$1'" return 1 fi shift @@ -7779,7 +7869,7 @@ _process() { shift ;; *) - _err "Unknown parameter : $1" + _err "Unknown parameter: $1" return 1 ;; esac @@ -7796,7 +7886,7 @@ _process() { if [ "$__INTERACTIVE" ] && ! _checkSudo; then if [ -z "$FORCE" ]; then #Use "echo" here, instead of _info. it's too early - echo "It seems that you are using sudo, please read this link first:" + echo "It seems that you are using sudo, please read this page first:" echo "$_SUDO_WIKI" return 1 fi @@ -7826,7 +7916,7 @@ _process() { fi SYS_LOG="$_syslog" else - _err "The 'logger' command is not found, can not enable syslog." + _err "The 'logger' command was not found, cannot enable syslog." _clearaccountconf "SYS_LOG" SYS_LOG="" fi @@ -7953,7 +8043,7 @@ _process() { _saveaccountconf "SYS_LOG" "$_syslog" fi else - _err "The 'logger' command is not found, can not enable syslog." + _err "The 'logger' command was not found, cannot enable syslog." _clearaccountconf "SYS_LOG" SYS_LOG="" fi diff --git a/deploy/ali_cdn.sh b/deploy/ali_cdn.sh new file mode 100644 index 00000000..70a2e532 --- /dev/null +++ b/deploy/ali_cdn.sh @@ -0,0 +1,88 @@ +#!/usr/bin/env sh +# shellcheck disable=SC2034,SC2154 + +# Script to create certificate to Alibaba Cloud CDN +# +# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun +# +# This deployment required following variables +# export Ali_Key="ALIACCESSKEY" +# export Ali_Secret="ALISECRETKEY" +# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi +# +# To specify the CDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates +# export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com" +# If you have multiple CDN domains using the same certificate, just +# export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com" +# +# For DCDN, see ali_dcdn deploy hook + +Ali_CDN_API="https://cdn.aliyuncs.com/" + +ali_cdn_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # Load dnsapi/dns_ali.sh to reduce the duplicated codes + # https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 + dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)" + # shellcheck source=/dev/null + if ! . "$dnsapi_ali"; then + _err "Error loading file $dnsapi_ali. Please check your API file and try again." + return 1 + fi + + _prepare_ali_credentials || return 1 + + _getdeployconf DEPLOY_ALI_CDN_DOMAIN + if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then + _savedeployconf DEPLOY_ALI_CDN_DOMAIN "$DEPLOY_ALI_CDN_DOMAIN" + else + DEPLOY_ALI_CDN_DOMAIN="$_cdomain" + fi + + # read cert and key files and urlencode both + _cert=$(_url_encode upper-hex <"$_cfullchain") + _key=$(_url_encode upper-hex <"$_ckey") + + _debug2 _cert "$_cert" + _debug2 _key "$_key" + + ## update domain ssl config + for domain in $DEPLOY_ALI_CDN_DOMAIN; do + _set_cdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key" + if _ali_rest "Set CDN domain SSL certificate for $domain" "" POST; then + _info "Domain $domain certificate has been deployed successfully" + fi + done + + return 0 +} + +# domain pub pri +_set_cdn_domain_ssl_certificate_query() { + endpoint=$Ali_CDN_API + query='' + query=$query'AccessKeyId='$Ali_Key + query=$query'&Action=SetCdnDomainSSLCertificate' + query=$query'&CertType=upload' + query=$query'&DomainName='$1 + query=$query'&Format=json' + query=$query'&SSLPri='$3 + query=$query'&SSLProtocol=on' + query=$query'&SSLPub='$2 + query=$query'&SignatureMethod=HMAC-SHA1' + query=$query"&SignatureNonce=$(_ali_nonce)" + query=$query'&SignatureVersion=1.0' + query=$query'&Timestamp='$(_timestamp) + query=$query'&Version=2018-05-10' +} diff --git a/deploy/ali_dcdn.sh b/deploy/ali_dcdn.sh new file mode 100644 index 00000000..14ac500a --- /dev/null +++ b/deploy/ali_dcdn.sh @@ -0,0 +1,88 @@ +#!/usr/bin/env sh +# shellcheck disable=SC2034,SC2154 + +# Script to create certificate to Alibaba Cloud DCDN +# +# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun +# +# This deployment required following variables +# export Ali_Key="ALIACCESSKEY" +# export Ali_Secret="ALISECRETKEY" +# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi +# +# To specify the DCDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates +# export DEPLOY_ALI_DCDN_DOMAIN="dcdn.example.com" +# If you have multiple CDN domains using the same certificate, just +# export DEPLOY_ALI_DCDN_DOMAIN="dcdn1.example.com dcdn2.example.com" +# +# For regular CDN, see ali_cdn deploy hook + +Ali_DCDN_API="https://dcdn.aliyuncs.com/" + +ali_dcdn_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # Load dnsapi/dns_ali.sh to reduce the duplicated codes + # https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 + dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)" + # shellcheck source=/dev/null + if ! . "$dnsapi_ali"; then + _err "Error loading file $dnsapi_ali. Please check your API file and try again." + return 1 + fi + + _prepare_ali_credentials || return 1 + + _getdeployconf DEPLOY_ALI_DCDN_DOMAIN + if [ "$DEPLOY_ALI_DCDN_DOMAIN" ]; then + _savedeployconf DEPLOY_ALI_DCDN_DOMAIN "$DEPLOY_ALI_DCDN_DOMAIN" + else + DEPLOY_ALI_DCDN_DOMAIN="$_cdomain" + fi + + # read cert and key files and urlencode both + _cert=$(_url_encode upper-hex <"$_cfullchain") + _key=$(_url_encode upper-hex <"$_ckey") + + _debug2 _cert "$_cert" + _debug2 _key "$_key" + + ## update domain ssl config + for domain in $DEPLOY_ALI_DCDN_DOMAIN; do + _set_dcdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key" + if _ali_rest "Set DCDN domain SSL certificate for $domain" "" POST; then + _info "Domain $domain certificate has been deployed successfully" + fi + done + + return 0 +} + +# domain pub pri +_set_dcdn_domain_ssl_certificate_query() { + endpoint=$Ali_DCDN_API + query='' + query=$query'AccessKeyId='$Ali_Key + query=$query'&Action=SetDcdnDomainSSLCertificate' + query=$query'&CertType=upload' + query=$query'&DomainName='$1 + query=$query'&Format=json' + query=$query'&SSLPri='$3 + query=$query'&SSLProtocol=on' + query=$query'&SSLPub='$2 + query=$query'&SignatureMethod=HMAC-SHA1' + query=$query"&SignatureNonce=$(_ali_nonce)" + query=$query'&SignatureVersion=1.0' + query=$query'&Timestamp='$(_timestamp) + query=$query'&Version=2018-01-15' +} diff --git a/deploy/exim4.sh b/deploy/exim4.sh index 260b8798..cf664d79 100644 --- a/deploy/exim4.sh +++ b/deploy/exim4.sh @@ -109,6 +109,5 @@ exim4_deploy() { fi return 1 fi - return 0 } diff --git a/deploy/haproxy.sh b/deploy/haproxy.sh index c255059d..c8491d92 100644 --- a/deploy/haproxy.sh +++ b/deploy/haproxy.sh @@ -36,6 +36,19 @@ # Note: This functionality requires HAProxy was compiled against # a version of OpenSSL that supports this. # +# export DEPLOY_HAPROXY_HOT_UPDATE="yes" +# export DEPLOY_HAPROXY_STATS_SOCKET="UNIX:/run/haproxy/admin.sock" +# +# OPTIONAL: Deploy the certificate over the HAProxy stats socket without +# needing to reload HAProxy. Default is "no". +# +# Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat +# address format. +# +# export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock" +# +# OPTIONAL: To use the master CLI with DEPLOY_HAPROXY_HOT_UPDATE="yes" instead +# of a stats socket, use this variable. ######## Public functions ##################### @@ -46,6 +59,7 @@ haproxy_deploy() { _ccert="$3" _cca="$4" _cfullchain="$5" + _cmdpfx="" # Some defaults DEPLOY_HAPROXY_PEM_PATH_DEFAULT="/etc/haproxy" @@ -53,6 +67,8 @@ haproxy_deploy() { DEPLOY_HAPROXY_BUNDLE_DEFAULT="no" DEPLOY_HAPROXY_ISSUER_DEFAULT="no" DEPLOY_HAPROXY_RELOAD_DEFAULT="true" + DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT="no" + DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT="UNIX:/run/haproxy/admin.sock" _debug _cdomain "${_cdomain}" _debug _ckey "${_ckey}" @@ -86,6 +102,11 @@ haproxy_deploy() { _savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}" elif [ -z "${Le_Deploy_haproxy_pem_name}" ]; then Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}" + # We better not have '*' as the first character + if [ "${Le_Deploy_haproxy_pem_name%%"${Le_Deploy_haproxy_pem_name#?}"}" = '*' ]; then + # removes the first characters and add a _ instead + Le_Deploy_haproxy_pem_name="_${Le_Deploy_haproxy_pem_name#?}" + fi fi # BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}" @@ -118,6 +139,36 @@ haproxy_deploy() { Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD_DEFAULT}" fi + # HOT_UPDATE is optional. If not provided then assume "${DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT}" + _getdeployconf DEPLOY_HAPROXY_HOT_UPDATE + _debug2 DEPLOY_HAPROXY_HOT_UPDATE "${DEPLOY_HAPROXY_HOT_UPDATE}" + if [ -n "${DEPLOY_HAPROXY_HOT_UPDATE}" ]; then + Le_Deploy_haproxy_hot_update="${DEPLOY_HAPROXY_HOT_UPDATE}" + _savedomainconf Le_Deploy_haproxy_hot_update "${Le_Deploy_haproxy_hot_update}" + elif [ -z "${Le_Deploy_haproxy_hot_update}" ]; then + Le_Deploy_haproxy_hot_update="${DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT}" + fi + + # STATS_SOCKET is optional. If not provided then assume "${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}" + _getdeployconf DEPLOY_HAPROXY_STATS_SOCKET + _debug2 DEPLOY_HAPROXY_STATS_SOCKET "${DEPLOY_HAPROXY_STATS_SOCKET}" + if [ -n "${DEPLOY_HAPROXY_STATS_SOCKET}" ]; then + Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET}" + _savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}" + elif [ -z "${Le_Deploy_haproxy_stats_socket}" ]; then + Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}" + fi + + # MASTER_CLI is optional. No defaults are used. When the master CLI is used, + # all commands are sent with a prefix. + _getdeployconf DEPLOY_HAPROXY_MASTER_CLI + _debug2 DEPLOY_HAPROXY_MASTER_CLI "${DEPLOY_HAPROXY_MASTER_CLI}" + if [ -n "${DEPLOY_HAPROXY_MASTER_CLI}" ]; then + Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_MASTER_CLI}" + _savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}" + _cmdpfx="@1 " # command prefix used for master CLI only. + fi + # Set the suffix depending if we are creating a bundle or not if [ "${Le_Deploy_haproxy_bundle}" = "yes" ]; then _info "Bundle creation requested" @@ -142,12 +193,13 @@ haproxy_deploy() { _issuer="${_pem}.issuer" _ocsp="${_pem}.ocsp" _reload="${Le_Deploy_haproxy_reload}" + _statssock="${Le_Deploy_haproxy_stats_socket}" _info "Deploying PEM file" # Create a temporary PEM file _temppem="$(_mktemp)" _debug _temppem "${_temppem}" - cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}" + cat "${_ccert}" "${_cca}" "${_ckey}" | grep . >"${_temppem}" _ret="$?" # Check that we could create the temporary file @@ -265,15 +317,86 @@ haproxy_deploy() { fi fi - # Reload HAProxy - _debug _reload "${_reload}" - eval "${_reload}" - _ret=$? - if [ "${_ret}" != "0" ]; then - _err "Error code ${_ret} during reload" - return ${_ret} + if [ "${Le_Deploy_haproxy_hot_update}" = "yes" ]; then + # set the socket name for messages + if [ -n "${_cmdpfx}" ]; then + _socketname="master CLI" + else + _socketname="stats socket" + fi + + # Update certificate over HAProxy stats socket or master CLI. + if _exists socat; then + # look for the certificate on the stats socket, to chose between updating or creating one + _socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'" + _debug _socat_cert_cmd "${_socat_cert_cmd}" + eval "${_socat_cert_cmd}" + _ret=$? + if [ "${_ret}" != "0" ]; then + _newcert="1" + _info "Creating new certificate '${_pem}' over HAProxy ${_socketname}." + # certificate wasn't found, it's a new one. We should check if the crt-list exists and creates/inserts the certificate. + _socat_crtlist_show_cmd="echo '${_cmdpfx}show ssl crt-list' | socat '${_statssock}' - | grep -q '^${Le_Deploy_haproxy_pem_path}$'" + _debug _socat_crtlist_show_cmd "${_socat_crtlist_show_cmd}" + eval "${_socat_crtlist_show_cmd}" + _ret=$? + if [ "${_ret}" != "0" ]; then + _err "Couldn't find '${Le_Deploy_haproxy_pem_path}' in haproxy 'show ssl crt-list'" + return "${_ret}" + fi + # create a new certificate + _socat_new_cmd="echo '${_cmdpfx}new ssl cert ${_pem}' | socat '${_statssock}' - | grep -q 'New empty'" + _debug _socat_new_cmd "${_socat_new_cmd}" + eval "${_socat_new_cmd}" + _ret=$? + if [ "${_ret}" != "0" ]; then + _err "Couldn't create '${_pem}' in haproxy" + return "${_ret}" + fi + else + _info "Update existing certificate '${_pem}' over HAProxy ${_socketname}." + fi + _socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'" + _debug _socat_cert_set_cmd "${_socat_cert_set_cmd}" + eval "${_socat_cert_set_cmd}" + _ret=$? + if [ "${_ret}" != "0" ]; then + _err "Can't update '${_pem}' in haproxy" + return "${_ret}" + fi + _socat_cert_commit_cmd="echo '${_cmdpfx}commit ssl cert ${_pem}' | socat '${_statssock}' - | grep -q '^Success!$'" + _debug _socat_cert_commit_cmd "${_socat_cert_commit_cmd}" + eval "${_socat_cert_commit_cmd}" + _ret=$? + if [ "${_ret}" != "0" ]; then + _err "Can't commit '${_pem}' in haproxy" + return ${_ret} + fi + if [ "${_newcert}" = "1" ]; then + # if this is a new certificate, it needs to be inserted into the crt-list` + _socat_cert_add_cmd="echo '${_cmdpfx}add ssl crt-list ${Le_Deploy_haproxy_pem_path} ${_pem}' | socat '${_statssock}' - | grep -q 'Success!'" + _debug _socat_cert_add_cmd "${_socat_cert_add_cmd}" + eval "${_socat_cert_add_cmd}" + _ret=$? + if [ "${_ret}" != "0" ]; then + _err "Can't update '${_pem}' in haproxy" + return "${_ret}" + fi + fi + else + _err "'socat' is not available, couldn't update over ${_socketname}" + fi else - _info "Reload successful" + # Reload HAProxy + _debug _reload "${_reload}" + eval "${_reload}" + _ret=$? + if [ "${_ret}" != "0" ]; then + _err "Error code ${_ret} during reload" + return ${_ret} + else + _info "Reload successful" + fi fi return 0 diff --git a/deploy/panos.sh b/deploy/panos.sh index 89458e5f..0dc1b2f0 100644 --- a/deploy/panos.sh +++ b/deploy/panos.sh @@ -12,6 +12,9 @@ # export PANOS_USER="" #User *MUST* have Commit and Import Permissions in XML API for Admin Role # export PANOS_PASS="" # +# OPTIONAL +# export PANOS_TEMPLATE="" #Template Name of panorama managed devices +# # The script will automatically generate a new API key if # no key is found, or if a saved key has expired or is invalid. @@ -78,6 +81,9 @@ deployer() { content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" + if [ "$_panos_template" ]; then + content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template" + fi fi if [ "$type" = 'key' ]; then panos_url="${panos_url}?type=import" @@ -87,6 +93,9 @@ deployer() { content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cdomain.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" + if [ "$_panos_template" ]; then + content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template" + fi fi #Close multipart content="$content${nl}--$delim--${nl}${nl}" @@ -173,10 +182,20 @@ panos_deploy() { unset _panos_key fi + # PANOS_TEMPLATE + if [ "$PANOS_TEMPLATE" ]; then + _debug "Detected ENV variable PANOS_TEMPLATE. Saving to file." + _savedeployconf PANOS_TEMPLATE "$PANOS_TEMPLATE" 1 + else + _debug "Attempting to load variable PANOS_TEMPLATE from file." + _getdeployconf PANOS_TEMPLATE + fi + #Store variables _panos_host=$PANOS_HOST _panos_user=$PANOS_USER _panos_pass=$PANOS_PASS + _panos_template=$PANOS_TEMPLATE #Test API Key if found. If the key is invalid, the variable _panos_key will be unset. if [ "$_panos_host" ] && [ "$_panos_key" ]; then diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 216a8fc7..f9de590c 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -99,11 +99,11 @@ proxmoxve_deploy() { _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" fi - _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key + _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY "$_proxmoxve_api_token_key" # PVE API Token header value. Used in "Authorization: PVEAPIToken". _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" - _debug2 "Auth Header" _proxmoxve_header_api_token + _debug2 "Auth Header" "$_proxmoxve_header_api_token" # Ugly. I hate putting heredocs inside functions because heredocs don't # account for whitespace correctly but it _does_ work and is several times @@ -124,8 +124,8 @@ HEREDOC ) _debug2 Payload "$_json_payload" - # Push certificates to server. - export _HTTPS_INSECURE=1 + _info "Push certificates to server" + export HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" _post "$_json_payload" "$_target_url" "" POST "application/json" diff --git a/deploy/routeros.sh b/deploy/routeros.sh index c4c9470d..90f0ad1a 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -137,7 +137,8 @@ routeros_deploy() { return $_err_code fi - DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USERNAME \ + DEPLOY_SCRIPT_CMD=":do {/system script remove \"LECertDeploy-$_cdomain\" } on-error={ }; \ +/system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \ comment=\"generated by routeros deploy script in acme.sh\" \ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ \n/certificate remove [ find name=$_cdomain.cer_1 ];\ @@ -146,8 +147,8 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ \n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\ \n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\ \ndelay 1;\ -\n/file remove $_cdomain.cer;\ -\n/file remove $_cdomain.key;\ +\n:do {/file remove $_cdomain.cer; } on-error={ }\ +\n:do {/file remove $_cdomain.key; } on-error={ }\ \ndelay 2;\ \n/ip service set www-ssl certificate=$_cdomain.cer_0;\ \n$ROUTER_OS_ADDITIONAL_SERVICES;\ @@ -158,11 +159,11 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ return $_err_code fi - if ! _ssh_remote_cmd "/system script run \"LE Cert Deploy - $_cdomain\""; then + if ! _ssh_remote_cmd "/system script run \"LECertDeploy-$_cdomain\""; then return $_err_code fi - if ! _ssh_remote_cmd "/system script remove \"LE Cert Deploy - $_cdomain\""; then + if ! _ssh_remote_cmd "/system script remove \"LECertDeploy-$_cdomain\""; then return $_err_code fi diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh new file mode 100755 index 00000000..f62e2fc0 --- /dev/null +++ b/deploy/ruckus.sh @@ -0,0 +1,172 @@ +#!/usr/bin/env sh + +# Here is a script to deploy cert to Ruckus ZoneDirector / Unleashed. +# +# Public domain, 2024, Tony Rielly +# +# ```sh +# acme.sh --deploy -d ruckus.example.com --deploy-hook ruckus +# ``` +# +# Then you need to set the environment variables for the +# deploy script to work. +# +# ```sh +# export RUCKUS_HOST=myruckus.example.com +# export RUCKUS_USER=myruckususername +# export RUCKUS_PASS=myruckuspassword +# +# acme.sh --deploy -d myruckus.example.com --deploy-hook ruckus +# ``` +# +# returns 0 means success, otherwise error. + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +ruckus_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + _err_code=0 + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + _getdeployconf RUCKUS_HOST + _getdeployconf RUCKUS_USER + _getdeployconf RUCKUS_PASS + + if [ -z "$RUCKUS_HOST" ]; then + _debug "Using _cdomain as RUCKUS_HOST, please set if not correct." + RUCKUS_HOST="$_cdomain" + fi + + if [ -z "$RUCKUS_USER" ]; then + _err "Need to set the env variable RUCKUS_USER" + return 1 + fi + + if [ -z "$RUCKUS_PASS" ]; then + _err "Need to set the env variable RUCKUS_PASS" + return 1 + fi + + _savedeployconf RUCKUS_HOST "$RUCKUS_HOST" + _savedeployconf RUCKUS_USER "$RUCKUS_USER" + _savedeployconf RUCKUS_PASS "$RUCKUS_PASS" + + _debug RUCKUS_HOST "$RUCKUS_HOST" + _debug RUCKUS_USER "$RUCKUS_USER" + _secure_debug RUCKUS_PASS "$RUCKUS_PASS" + + export ACME_HTTP_NO_REDIRECTS=1 + + _info "Discovering the login URL" + _get "https://$RUCKUS_HOST" >/dev/null + _login_url="$(_response_header 'Location')" + if [ -n "$_login_url" ]; then + _login_path=$(echo "$_login_url" | sed 's|https\?://[^/]\+||') + if [ -z "$_login_path" ]; then + # redirect was to a different host + _err "Connection failed: redirected to a different host. Configure Unleashed with a Preferred Master or Management Interface." + return 1 + fi + fi + + if [ -z "${_login_url}" ]; then + _err "Connection failed: couldn't find login page." + return 1 + fi + + _base_url=$(dirname "$_login_url") + _login_page=$(basename "$_login_url") + + if [ "$_login_page" = "index.html" ]; then + _err "Connection temporarily unavailable: Unleashed Rebuilding." + return 1 + fi + + if [ "$_login_page" = "wizard.jsp" ]; then + _err "Connection failed: Setup Wizard not complete." + return 1 + fi + + _info "Login" + _username_encoded="$(printf "%s" "$RUCKUS_USER" | _url_encode)" + _password_encoded="$(printf "%s" "$RUCKUS_PASS" | _url_encode)" + _login_query="$(printf "%s" "username=${_username_encoded}&password=${_password_encoded}&ok=Log+In")" + _post "$_login_query" "$_login_url" >/dev/null + + _login_code="$(_response_code)" + if [ "$_login_code" = "200" ]; then + _err "Login failed: incorrect credentials." + return 1 + fi + + _info "Collect Session Cookie" + _H1="Cookie: $(_response_cookie)" + export _H1 + _info "Collect CSRF Token" + _H2="X-CSRF-Token: $(_response_header 'HTTP_X_CSRF_TOKEN')" + export _H2 + + _info "Uploading certificate" + _post_upload "uploadcert" "$_cfullchain" + + _info "Uploading private key" + _post_upload "uploadprivatekey" "$_ckey" + + _info "Replacing certificate" + _replace_cert_ajax='' + _post "$_replace_cert_ajax" "$_base_url/_cmdstat.jsp" >/dev/null + + _info "Rebooting" + _cert_reboot_ajax='' + _post "$_cert_reboot_ajax" "$_base_url/_cmdstat.jsp" >/dev/null + + return 0 +} + +_response_code() { + _egrep_o <"$HTTP_HEADER" "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n" | _egrep_o "^[0-9]*" +} + +_response_header() { + grep <"$HTTP_HEADER" -i "^$1:" | cut -d ':' -f 2- | tr -d "\r\n\t " +} + +_response_cookie() { + _response_header 'Set-Cookie' | sed 's/;.*//' +} + +_post_upload() { + _post_action="$1" + _post_file="$2" + + _post_boundary="----FormBoundary$(date "+%s%N")" + + _post_data="$({ + printf -- "--%s\r\n" "$_post_boundary" + printf -- "Content-Disposition: form-data; name=\"u\"; filename=\"%s\"\r\n" "$_post_action" + printf -- "Content-Type: application/octet-stream\r\n\r\n" + printf -- "%s\r\n" "$(cat "$_post_file")" + + printf -- "--%s\r\n" "$_post_boundary" + printf -- "Content-Disposition: form-data; name=\"action\"\r\n\r\n" + printf -- "%s\r\n" "$_post_action" + + printf -- "--%s\r\n" "$_post_boundary" + printf -- "Content-Disposition: form-data; name=\"callback\"\r\n\r\n" + printf -- "%s\r\n" "uploader_$_post_action" + + printf -- "--%s--\r\n\r\n" "$_post_boundary" + })" + + _post "$_post_data" "$_base_url/_upload.jsp?request_type=xhr" "" "" "multipart/form-data; boundary=$_post_boundary" >/dev/null +} diff --git a/deploy/strongswan.sh b/deploy/strongswan.sh index 3d5f1b34..14567d17 100644 --- a/deploy/strongswan.sh +++ b/deploy/strongswan.sh @@ -10,46 +10,89 @@ #domain keyfile certfile cafile fullchain strongswan_deploy() { - _cdomain="$1" - _ckey="$2" - _ccert="$3" - _cca="$4" - _cfullchain="$5" - + _cdomain="${1}" + _ckey="${2}" + _ccert="${3}" + _cca="${4}" + _cfullchain="${5}" _info "Using strongswan" - - if [ -x /usr/sbin/ipsec ]; then - _ipsec=/usr/sbin/ipsec - elif [ -x /usr/sbin/strongswan ]; then - _ipsec=/usr/sbin/strongswan - elif [ -x /usr/local/sbin/ipsec ]; then - _ipsec=/usr/local/sbin/ipsec - else + if _exists ipsec; then + _ipsec=ipsec + elif _exists strongswan; then + _ipsec=strongswan + fi + if _exists swanctl; then + _swanctl=swanctl + fi + # For legacy stroke mode + if [ -n "${_ipsec}" ]; then + _info "${_ipsec} command detected" + _confdir=$(${_ipsec} --confdir) + if [ -z "${_confdir}" ]; then + _err "no strongswan --confdir is detected" + return 1 + fi + _info _confdir "${_confdir}" + __deploy_cert "$@" "stroke" "${_confdir}" + ${_ipsec} reload + fi + # For modern vici mode + if [ -n "${_swanctl}" ]; then + _info "${_swanctl} command detected" + for _dir in /usr/local/etc/swanctl /etc/swanctl /etc/strongswan/swanctl; do + if [ -d ${_dir} ]; then + _confdir=${_dir} + _info _confdir "${_confdir}" + break + fi + done + if [ -z "${_confdir}" ]; then + _err "no swanctl config dir is found" + return 1 + fi + __deploy_cert "$@" "vici" "${_confdir}" + ${_swanctl} --load-creds + fi + if [ -z "${_swanctl}" ] && [ -z "${_ipsec}" ]; then _err "no strongswan or ipsec command is detected" + _err "no swanctl is detected" return 1 fi +} - _info _ipsec "$_ipsec" +#################### Private functions below ################################## - _confdir=$($_ipsec --confdir) - if [ $? -ne 0 ] || [ -z "$_confdir" ]; then - _err "no strongswan --confdir is detected" +__deploy_cert() { + _cdomain="${1}" + _ckey="${2}" + _ccert="${3}" + _cca="${4}" + _cfullchain="${5}" + _swan_mode="${6}" + _confdir="${7}" + _debug _cdomain "${_cdomain}" + _debug _ckey "${_ckey}" + _debug _ccert "${_ccert}" + _debug _cca "${_cca}" + _debug _cfullchain "${_cfullchain}" + _debug _swan_mode "${_swan_mode}" + _debug _confdir "${_confdir}" + if [ "${_swan_mode}" = "vici" ]; then + _dir_private="private" + _dir_cert="x509" + _dir_ca="x509ca" + elif [ "${_swan_mode}" = "stroke" ]; then + _dir_private="ipsec.d/private" + _dir_cert="ipsec.d/certs" + _dir_ca="ipsec.d/cacerts" + else + _err "unknown StrongSwan mode ${_swan_mode}" return 1 fi - - _info _confdir "$_confdir" - - _debug _cdomain "$_cdomain" - _debug _ckey "$_ckey" - _debug _ccert "$_ccert" - _debug _cca "$_cca" - _debug _cfullchain "$_cfullchain" - - cat "$_ckey" >"${_confdir}/ipsec.d/private/$(basename "$_ckey")" - cat "$_ccert" >"${_confdir}/ipsec.d/certs/$(basename "$_ccert")" - cat "$_cca" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cca")" - cat "$_cfullchain" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cfullchain")" - - $_ipsec reload - + cat "${_ckey}" >"${_confdir}/${_dir_private}/$(basename "${_ckey}")" + cat "${_ccert}" >"${_confdir}/${_dir_cert}/$(basename "${_ccert}")" + cat "${_cca}" >"${_confdir}/${_dir_ca}/$(basename "${_cca}")" + if [ "${_swan_mode}" = "stroke" ]; then + cat "${_cfullchain}" >"${_confdir}/${_dir_ca}/$(basename "${_cfullchain}")" + fi } diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 10da861a..0d01e199 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -8,20 +8,38 @@ # Updated: 2023-07-03 # Issues: https://github.com/acmesh-official/acme.sh/issues/2727 ################################################################################ -# Usage: -# 1. export SYNO_Username="adminUser" -# 2. export SYNO_Password="adminPassword" -# Optional exports (shown values are the defaults): -# - export SYNO_Certificate="" to replace a specific certificate via description -# - export SYNO_Scheme="http" -# - export SYNO_Hostname="localhost" -# - export SYNO_Port="5000" -# - export SYNO_Device_Name="CertRenewal" - required for skipping 2FA-OTP -# - export SYNO_Device_ID="" - required for skipping 2FA-OTP -# 3. acme.sh --deploy --deploy-hook synology_dsm -d example.com +# Usage (shown values are the examples): +# 1. Set required environment variables: +# - use automatically created temp admin user to authenticate +# export SYNO_USE_TEMP_ADMIN=1 +# - or provide your own admin user credential to authenticate +# 1. export SYNO_USERNAME="adminUser" +# 2. export SYNO_PASSWORD="adminPassword" +# 2. Set optional environment variables +# - common optional variables +# - export SYNO_SCHEME="http" - defaults to "http" +# - export SYNO_HOSTNAME="localhost" - defaults to "localhost" +# - export SYNO_PORT="5000" - defaults to "5000" +# - export SYNO_CREATE=1 - to allow creating the cert if it doesn't exist +# - export SYNO_CERTIFICATE="" - to replace a specific cert by its +# description +# - temp admin optional variables +# - export SYNO_LOCAL_HOSTNAME=1 - if set to 1, force to treat hostname is +# targeting current local machine (since +# this method only locally supported) +# - exsiting admin 2FA-OTP optional variables +# - export SYNO_OTP_CODE="XXXXXX" - if set, script won't require to +# interactive input the OTP code +# - export SYNO_DEVICE_NAME="CertRenewal" - if set, script won't require to +# interactive input the device name +# - export SYNO_DEVICE_ID="" - (deprecated, auth with OTP code instead) +# required for omitting 2FA-OTP +# 3. Run command: +# acme.sh --deploy --deploy-hook synology_dsm -d example.com ################################################################################ # Dependencies: -# - jq & curl +# - curl +# - synouser & synogroup & synosetkeyvalue (Required for SYNO_USE_TEMP_ADMIN=1) ################################################################################ # Return value: # 0 means success, otherwise error. @@ -37,59 +55,89 @@ synology_dsm_deploy() { _debug _cdomain "$_cdomain" - # Get username & password, but don't save until we authenticated successfully - _getdeployconf SYNO_Username - _getdeployconf SYNO_Password - _getdeployconf SYNO_Create - _getdeployconf SYNO_DID - _getdeployconf SYNO_TOTP_SECRET - _getdeployconf SYNO_Device_Name - _getdeployconf SYNO_Device_ID - if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then - _err "SYNO_Username & SYNO_Password must be set" - return 1 + # Get username and password, but don't save until we authenticated successfully + _migratedeployconf SYNO_Username SYNO_USERNAME + _migratedeployconf SYNO_Password SYNO_PASSWORD + _migratedeployconf SYNO_Device_ID SYNO_DEVICE_ID + _migratedeployconf SYNO_Device_Name SYNO_DEVICE_NAME + _getdeployconf SYNO_USERNAME + _getdeployconf SYNO_PASSWORD + _getdeployconf SYNO_DEVICE_ID + _getdeployconf SYNO_DEVICE_NAME + + # Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set + _getdeployconf SYNO_USE_TEMP_ADMIN + _check2cleardeployconfexp SYNO_USE_TEMP_ADMIN + _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN" + + if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then + if ! _exists synouser || ! _exists synogroup || ! _exists synosetkeyvalue; then + _err "Missing required tools to creat temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead." + _err "Notice: temp admin user authorization method only supports local deployment on DSM." + return 1 + fi + if synouser --help 2>&1 | grep -q 'Permission denied'; then + _err "For creating temp admin user, the deploy script must be run as root." + return 1 + fi + + [ -n "$SYNO_USERNAME" ] || _savedeployconf SYNO_USERNAME "" + [ -n "$SYNO_PASSWORD" ] || _savedeployconf SYNO_PASSWORD "" + + _debug "Setting temp admin user credential..." + SYNO_USERNAME=sc-acmesh-tmp + SYNO_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16) + # Set 2FA-OTP settings to empty consider they won't be needed. + SYNO_DEVICE_ID= + SYNO_DEVICE_NAME= + SYNO_OTP_CODE= + else + _debug2 SYNO_USERNAME "$SYNO_USERNAME" + _secure_debug2 SYNO_PASSWORD "$SYNO_PASSWORD" + _debug2 SYNO_DEVICE_NAME "$SYNO_DEVICE_NAME" + _secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID" fi - if [ -n "${SYNO_Device_Name:-}" ] && [ -z "${SYNO_Device_ID:-}" ]; then - _err "SYNO_Device_Name set, but SYNO_Device_ID is empty" + + if [ -z "$SYNO_USERNAME" ] || [ -z "$SYNO_PASSWORD" ]; then + _err "You must set either SYNO_USE_TEMP_ADMIN, or set both SYNO_USERNAME and SYNO_PASSWORD." return 1 fi - _debug2 SYNO_Username "$SYNO_Username" - _secure_debug2 SYNO_Password "$SYNO_Password" - _debug2 SYNO_Create "$SYNO_Create" - _debug2 SYNO_Device_Name "$SYNO_Device_Name" - _secure_debug2 SYNO_Device_ID "$SYNO_Device_ID" - - # Optional scheme, hostname & port for Synology DSM - _getdeployconf SYNO_Scheme - _getdeployconf SYNO_Hostname - _getdeployconf SYNO_Port - - # Default values for scheme, hostname & port - # Defaulting to localhost & http, because it's localhost… - [ -n "${SYNO_Scheme}" ] || SYNO_Scheme="http" - [ -n "${SYNO_Hostname}" ] || SYNO_Hostname="localhost" - [ -n "${SYNO_Port}" ] || SYNO_Port="5000" - _savedeployconf SYNO_Scheme "$SYNO_Scheme" - _savedeployconf SYNO_Hostname "$SYNO_Hostname" - _savedeployconf SYNO_Port "$SYNO_Port" - _debug2 SYNO_Scheme "$SYNO_Scheme" - _debug2 SYNO_Hostname "$SYNO_Hostname" - _debug2 SYNO_Port "$SYNO_Port" + + # Optional scheme, hostname and port for Synology DSM + _migratedeployconf SYNO_Scheme SYNO_SCHEME + _migratedeployconf SYNO_Hostname SYNO_HOSTNAME + _migratedeployconf SYNO_Port SYNO_PORT + _getdeployconf SYNO_SCHEME + _getdeployconf SYNO_HOSTNAME + _getdeployconf SYNO_PORT + + # Default values for scheme, hostname and port + # Defaulting to localhost and http, because it's localhost… + [ -n "$SYNO_SCHEME" ] || SYNO_SCHEME=http + [ -n "$SYNO_HOSTNAME" ] || SYNO_HOSTNAME=localhost + [ -n "$SYNO_PORT" ] || SYNO_PORT=5000 + _savedeployconf SYNO_SCHEME "$SYNO_SCHEME" + _savedeployconf SYNO_HOSTNAME "$SYNO_HOSTNAME" + _savedeployconf SYNO_PORT "$SYNO_PORT" + _debug2 SYNO_SCHEME "$SYNO_SCHEME" + _debug2 SYNO_HOSTNAME "$SYNO_HOSTNAME" + _debug2 SYNO_PORT "$SYNO_PORT" # Get the certificate description, but don't save it until we verify it's real - _getdeployconf SYNO_Certificate - _debug SYNO_Certificate "${SYNO_Certificate:-}" + _migratedeployconf SYNO_Certificate SYNO_CERTIFICATE "base64" + _getdeployconf SYNO_CERTIFICATE + _check2cleardeployconfexp SYNO_CERTIFICATE + _debug SYNO_CERTIFICATE "${SYNO_CERTIFICATE:-}" # shellcheck disable=SC1003 # We are not trying to escape a single quote - if printf "%s" "$SYNO_Certificate" | grep '\\'; then + if printf "%s" "$SYNO_CERTIFICATE" | grep '\\'; then _err "Do not use a backslash (\) in your certificate description" return 1 fi - _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port" + _debug "Getting API version..." + _base_url="$SYNO_SCHEME://$SYNO_HOSTNAME:$SYNO_PORT" _debug _base_url "$_base_url" - - _debug "Getting API version" response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth") api_path=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"path" *: *"\([^"]*\)".*/\1/p') api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p') @@ -97,63 +145,167 @@ synology_dsm_deploy() { _debug3 api_path "$api_path" _debug3 api_version "$api_version" - # Login, get the session ID & SynoToken from JSON - _info "Logging into $SYNO_Hostname:$SYNO_Port" - encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)" - encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)" + # Login, get the session ID and SynoToken from JSON + _info "Logging into $SYNO_HOSTNAME:$SYNO_PORT..." + encoded_username="$(printf "%s" "$SYNO_USERNAME" | _url_encode)" + encoded_password="$(printf "%s" "$SYNO_PASSWORD" | _url_encode)" + + # ## START ## - DEPRECATED, for backward compatibility + _getdeployconf SYNO_TOTP_SECRET - otp_code="" - # START - DEPRECATED, only kept for legacy compatibility reasons if [ -n "$SYNO_TOTP_SECRET" ]; then _info "WARNING: Usage of SYNO_TOTP_SECRET is deprecated!" _info " See synology_dsm.sh script or ACME.sh Wiki page for details:" _info " https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide" - DEPRECATED_otp_code="" - if _exists oathtool; then - DEPRECATED_otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)" - else + if ! _exists oathtool; then _err "oathtool could not be found, install oathtool to use SYNO_TOTP_SECRET" return 1 fi + DEPRECATED_otp_code="$(oathtool --base32 --totp "$SYNO_TOTP_SECRET" 2>/dev/null)" - if [ -n "$SYNO_DID" ]; then - _H1="Cookie: did=$SYNO_DID" + if [ -z "$SYNO_DEVICE_ID" ]; then + _getdeployconf SYNO_DID + [ -n "$SYNO_DID" ] || SYNO_DEVICE_ID="$SYNO_DID" + fi + if [ -n "$SYNO_DEVICE_ID" ]; then + _H1="Cookie: did=$SYNO_DEVICE_ID" export _H1 _debug3 H1 "${_H1}" fi - response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes") + response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/$api_path?enable_syno_token=yes") _debug3 response "$response" - # END - DEPRECATED, only kept for legacy compatibility reasons - # Get device ID if still empty first, otherwise log in right away - elif [ -z "${SYNO_Device_ID:-}" ]; then - printf "Enter OTP code for user '%s': " "$SYNO_Username" - read -r otp_code - if [ -z "${SYNO_Device_Name:-}" ]; then + # ## END ## - DEPRECATED, for backward compatibility + # If SYNO_DEVICE_ID or SYNO_OTP_CODE is set, we treat current account enabled 2FA-OTP. + # Notice that if SYNO_USE_TEMP_ADMIN=1, both variables will be unset + else + if [ -n "$SYNO_DEVICE_ID" ] || [ -n "$SYNO_OTP_CODE" ]; then + response='{"error":{"code":403}}' + # Assume the current account disabled 2FA-OTP, try to log in right away. + else + if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then + _getdeployconf SYNO_LOCAL_HOSTNAME + _debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}" + if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then + if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then + _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun." + return 1 + fi + fi + _debug "Creating temp admin user in Synology DSM..." + if synogroup --help | grep -q '\-\-memberadd '; then + _temp_admin_create "$SYNO_USERNAME" "$SYNO_PASSWORD" + synogroup --memberadd administrators "$SYNO_USERNAME" >/dev/null + elif synogroup --help | grep -q '\-\-member '; then + # For supporting DSM 6.x which only has `--member` parameter. + cur_admins=$(synogroup --get administrators | awk -F '[][]' '/Group Members/,0{if(NF>1)printf "%s ", $2}') + if [ -n "$cur_admins" ]; then + _temp_admin_create "$SYNO_USERNAME" "$SYNO_PASSWORD" + _secure_debug3 admin_users "$cur_admins$SYNO_USERNAME" + # shellcheck disable=SC2086 + synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null + else + _err "The tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead." + return 1 + fi + else + _err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead." + return 1 + fi + # havig a workaround to temporary disable enforce 2FA-OTP, will restore + # it soon (after a single request), though if any accident occurs like + # unexpected interruption, this setting can be easily reverted manually. + otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option) + if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then + synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none + _info "Enforcing 2FA-OTP has been disabled to complete temp admin authentication." + _info "Notice: it will be restored soon, if not, you can restore it manually via Control Panel." + _info "previous_otp_enforce_option" "$otp_enforce_option" + else + otp_enforce_option="" + fi + fi + response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes") + if [ -n "$SYNO_USE_TEMP_ADMIN" ] && [ -n "$otp_enforce_option" ]; then + synosetkeyvalue /etc/synoinfo.conf otp_enforce_option "$otp_enforce_option" + _info "Restored previous enforce 2FA-OTP option." + fi + _debug3 response "$response" + fi + fi + + error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*') + _debug2 error_code "$error_code" + # Account has 2FA-OTP enabled, since error 403 reported. + # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Os/DSM/All/enu/DSM_Login_Web_API_Guide_enu.pdf + if [ "$error_code" == "403" ]; then + if [ -z "$SYNO_DEVICE_NAME" ]; then printf "Enter device name or leave empty for default (CertRenewal): " - read -r SYNO_Device_Name - [ -n "${SYNO_Device_Name}" ] || SYNO_Device_Name="CertRenewal" + read -r SYNO_DEVICE_NAME + [ -n "$SYNO_DEVICE_NAME" ] || SYNO_DEVICE_NAME="CertRenewal" fi - response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&otp_code=$otp_code&enable_syno_token=yes&enable_device_token=yes&device_name=$SYNO_Device_Name") - _secure_debug3 response "$response" + if [ -n "$SYNO_DEVICE_ID" ]; then + # Omit OTP code with SYNO_DEVICE_ID. + response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_name=$SYNO_DEVICE_NAME&device_id=$SYNO_DEVICE_ID") + _secure_debug3 response "$response" + else + # Require the OTP code if still unset. + if [ -z "$SYNO_OTP_CODE" ]; then + printf "Enter OTP code for user '%s': " "$SYNO_USERNAME" + read -r SYNO_OTP_CODE + fi + _secure_debug SYNO_OTP_CODE "${SYNO_OTP_CODE:-}" - id_property='device_id' - [ "${api_version}" -gt '6' ] || id_property='did' - SYNO_Device_ID=$(echo "$response" | grep "$id_property" | sed -n 's/.*"'$id_property'" *: *"\([^"]*\).*/\1/p') - _secure_debug2 SYNO_Device_ID "$SYNO_Device_ID" - else - response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_name=$SYNO_Device_Name&device_id=$SYNO_Device_ID") - _debug3 response "$response" + if [ -z "$SYNO_OTP_CODE" ]; then + response='{"error":{"code":404}}' + else + response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&enable_device_token=yes&device_name=$SYNO_DEVICE_NAME&otp_code=$SYNO_OTP_CODE") + _secure_debug3 response "$response" + + id_property='device_id' + [ "${api_version}" -gt '6' ] || id_property='did' + SYNO_DEVICE_ID=$(echo "$response" | grep "$id_property" | sed -n 's/.*"'$id_property'" *: *"\([^"]*\).*/\1/p') + _secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID" + fi + fi + error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*') + _debug2 error_code "$error_code" + fi + + if [ -n "$error_code" ]; then + if [ "$error_code" == "403" ] && [ -n "$SYNO_DEVICE_ID" ]; then + _cleardeployconf SYNO_DEVICE_ID + _err "Failed to authenticate with SYNO_DEVICE_ID (may expired or invalid), please try again in a new terminal window." + elif [ "$error_code" == "404" ]; then + _err "Failed to authenticate with provided 2FA-OTP code, please try again in a new terminal window." + elif [ "$error_code" == "406" ]; then + if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then + _err "Failed with unexcepted error, please report this by providing full log with '--debug 3'." + else + _err "Enforce auth with 2FA-OTP enabled, please configure the user to enable 2FA-OTP to continue." + fi + elif [ "$error_code" == "400" ]; then + _err "Failed to authenticate, no such account or incorrect password." + elif [ "$error_code" == "401" ]; then + _err "Failed to authenticate with a non-existent account." + elif [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then + _err "Failed to authenticate, the account password has expired or must be changed." + else + _err "Failed to authenticate with error: $error_code." + fi + _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME" + return 1 fi sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p') token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p') _debug "Session ID" "$sid" _debug SynoToken "$token" - if [ -z "$SYNO_DID" ] && [ -z "$SYNO_Device_ID" ] || [ -z "$sid" ] || [ -z "$token" ]; then - _err "Unable to authenticate to $_base_url - check your username & password." - _err "If two-factor authentication is enabled for the user, set SYNO_Device_ID." + if [ -z "$sid" ] || [ -z "$token" ]; then + # Still can't get necessary info even got no errors, may Synology have API updated? + _err "Unable to authenticate to $_base_url, you may report this by providing full log with '--debug 3'." + _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME" return 1 fi @@ -161,36 +313,62 @@ synology_dsm_deploy() { export _H1 _debug2 H1 "${_H1}" - # Now that we know the username & password are good, save them - _savedeployconf SYNO_Username "$SYNO_Username" - _savedeployconf SYNO_Password "$SYNO_Password" - _savedeployconf SYNO_Device_Name "$SYNO_Device_Name" - _savedeployconf SYNO_Device_ID "$SYNO_Device_ID" + # Now that we know the username and password are good, save them if not in temp admin mode. + if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then + _cleardeployconf SYNO_USERNAME + _cleardeployconf SYNO_PASSWORD + _cleardeployconf SYNO_DEVICE_ID + _cleardeployconf SYNO_DEVICE_NAME + _savedeployconf SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN" + _savedeployconf SYNO_LOCAL_HOSTNAME "$SYNO_HOSTNAME" + else + _savedeployconf SYNO_USERNAME "$SYNO_USERNAME" + _savedeployconf SYNO_PASSWORD "$SYNO_PASSWORD" + _savedeployconf SYNO_DEVICE_ID "$SYNO_DEVICE_ID" + _savedeployconf SYNO_DEVICE_NAME "$SYNO_DEVICE_NAME" + fi - _info "Getting certificates in Synology DSM" + _info "Getting certificates in Synology DSM..." response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi") _debug3 response "$response" - escaped_certificate="$(printf "%s" "$SYNO_Certificate" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')" + escaped_certificate="$(printf "%s" "$SYNO_CERTIFICATE" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')" _debug escaped_certificate "$escaped_certificate" id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p") _debug2 id "$id" - if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then - _err "Unable to find certificate: $SYNO_Certificate & \$SYNO_Create is not set" + error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*') + _debug2 error_code "$error_code" + if [ -n "$error_code" ]; then + if [ "$error_code" -eq 105 ]; then + _err "Current user is not administrator and does not have sufficient permission for deploying." + else + _err "Failed to fetch certificate info: $error_code, please try again or contact Synology to learn more." + fi + _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME" + return 1 + fi + + _migratedeployconf SYNO_Create SYNO_CREATE + _getdeployconf SYNO_CREATE + _debug2 SYNO_CREATE "$SYNO_CREATE" + + if [ -z "$id" ] && [ -z "$SYNO_CREATE" ]; then + _err "Unable to find certificate: $SYNO_CERTIFICATE and $SYNO_CREATE is not set." + _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME" return 1 fi # We've verified this certificate description is a thing, so save it - _savedeployconf SYNO_Certificate "$SYNO_Certificate" "base64" + _savedeployconf SYNO_CERTIFICATE "$SYNO_CERTIFICATE" "base64" - _info "Generate form POST request" + _info "Generating form POST request..." nl="\0015\0012" delim="--------------------------$(_utc_date | tr -d -- '-: ')" content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\0012" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\0012" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id" - content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}" + content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_CERTIFICATE}" if echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then _debug2 default "This is the default certificate" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}true" @@ -201,21 +379,22 @@ synology_dsm_deploy() { content="$(printf "%b_" "$content")" content="${content%_}" # protect trailing \n - _info "Upload certificate to the Synology DSM" + _info "Upload certificate to the Synology DSM." response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}") _debug3 response "$response" if ! echo "$response" | grep '"error":' >/dev/null; then if echo "$response" | grep '"restart_httpd":true' >/dev/null; then - _info "Restarting HTTP services succeeded" + _info "Restart HTTP services succeeded." else - _info "Restarting HTTP services failed" + _info "Restart HTTP services failed." fi - + _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME" _logout return 0 else - _err "Unable to update certificate, error code $response" + _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME" + _err "Unable to update certificate, got error response: $response." _logout return 1 fi @@ -223,7 +402,44 @@ synology_dsm_deploy() { #################### Private functions below ################################## _logout() { - # Logout to not occupy a permanent session, e.g. in DSM's "Connected Users" widget - response=$(_get "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version&method=logout") + # Logout CERT user only to not occupy a permanent session, e.g. in DSM's "Connected Users" widget (based on previous variables) + response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=logout&_sid=$sid") _debug3 response "$response" } + +_temp_admin_create() { + _username="$1" + _password="$2" + synouser --del "$_username" >/dev/null 2>/dev/null + synouser --add "$_username" "$_password" "" 0 "scruelt@hotmail.com" 0 >/dev/null +} + +_temp_admin_cleanup() { + _flag=$1 + _username=$2 + + if [ -n "${_flag}" ]; then + _debug "Cleanuping temp admin info..." + synouser --del "$_username" >/dev/null + fi +} + +#_cleardeployconf key +_cleardeployconf() { + _cleardomainconf "SAVED_$1" +} + +# key +_check2cleardeployconfexp() { + _key="$1" + _clear_key="CLEAR_$_key" + # Clear saved settings if explicitly requested + if [ -n "$(eval echo \$"$_clear_key")" ]; then + _debug2 "$_key: value cleared from config, exported value will be ignored." + _cleardeployconf "$_key" + eval "$_key"= + export "$_key"= + eval SAVED_"$_key"= + export SAVED_"$_key"= + fi +} diff --git a/deploy/truenas.sh b/deploy/truenas.sh index c79e6dac..407395a3 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -9,7 +9,7 @@ # # Following environment variables must be set: # -# export DEPLOY_TRUENAS_APIKEY="/dev/null 2>&1; then + cp -f /usr/lib/unifi/data/system.properties /usr/lib/unifi/data/system.properties_original + _info "Updating system configuration for cipher compatibility." + _info "Saved original system config to /usr/lib/unifi/data/system.properties_original" + sed -i '/unifi\.https\.ciphers/d' /usr/lib/unifi/data/system.properties + echo "unifi.https.ciphers=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256" >>/usr/lib/unifi/data/system.properties + sed -i '/unifi\.https\.sslEnabledProtocols/d' /usr/lib/unifi/data/system.properties + echo "unifi.https.sslEnabledProtocols=TLSv1.3,TLSv1.2" >>/usr/lib/unifi/data/system.properties + _info "System configuration updated." fi + rm "$_import_pkcs12" + + # Restarting unifi-core will bring up unifi, doing it out of order results in + # a certificate error, and breaks wifiman. + # Restart if we aren't doing unifi-core, otherwise stop for later restart. if systemctl -q is-active unifi; then - _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart" + if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi" + else + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl stop unifi" + fi fi _services_updated="${_services_updated} unifi" _info "Install Unifi Controller certificate success!" @@ -165,6 +212,11 @@ unifi_deploy() { return 1 fi + # Save the existing certs in case something goes wrong. + cp -f "${_unifi_core_config}"/unifi-core.crt "${_unifi_core_config}"/unifi-core_original.crt + cp -f "${_unifi_core_config}"/unifi-core.key "${_unifi_core_config}"/unifi-core_original.key + _info "Previous certificate and key saved to ${_unifi_core_config}/unifi-core_original.crt/key." + cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" diff --git a/deploy/vault.sh b/deploy/vault.sh index 569faba2..03a0de83 100644 --- a/deploy/vault.sh +++ b/deploy/vault.sh @@ -70,10 +70,10 @@ vault_deploy() { # JSON does not allow multiline strings. # So replacing new-lines with "\n" here - _ckey=$(sed -z 's/\n/\\n/g' <"$2") - _ccert=$(sed -z 's/\n/\\n/g' <"$3") - _cca=$(sed -z 's/\n/\\n/g' <"$4") - _cfullchain=$(sed -z 's/\n/\\n/g' <"$5") + _ckey=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$2") + _ccert=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$3") + _cca=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$4") + _cfullchain=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$5") export _H1="X-Vault-Token: $VAULT_TOKEN" diff --git a/deploy/vsftpd.sh b/deploy/vsftpd.sh index 8cf24e4f..570495cc 100644 --- a/deploy/vsftpd.sh +++ b/deploy/vsftpd.sh @@ -106,5 +106,5 @@ vsftpd_deploy() { fi return 1 fi - return 0 + } diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 2c6b2e4f..906ea443 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -1,22 +1,18 @@ #!/usr/bin/env sh -# This file name is "dns_1984hosting.sh" -# So, here must be a method dns_1984hosting_add() -# Which will be called by acme.sh to add the txt record to your api system. -# returns 0 means success, otherwise error. - -# Author: Adrian Fedoreanu -# Report Bugs here: https://github.com/acmesh-official/acme.sh -# or here... https://github.com/acmesh-official/acme.sh/issues/2851 +# shellcheck disable=SC2034 +dns_1984hosting_info='1984.hosting +Domains: 1984.is +Site: 1984.hosting +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_1984hosting +Options: + One984HOSTING_Username Username + One984HOSTING_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2851 +Author: Adrian Fedoreanu +' ######## Public functions ##################### -# Export 1984HOSTING username and password in following variables -# -# One984HOSTING_Username=username -# One984HOSTING_Password=password -# -# username/password and csrftoken/sessionid cookies are saved in ~/.acme.sh/account.conf - # Usage: dns_1984hosting_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Add a text record. dns_1984hosting_add() { @@ -128,7 +124,7 @@ _1984hosting_login() { _debug "Login to 1984Hosting as user $One984HOSTING_Username." username=$(printf '%s' "$One984HOSTING_Username" | _url_encode) password=$(printf '%s' "$One984HOSTING_Password" | _url_encode) - url="https://1984.hosting/accounts/checkuserauth/" + url="https://1984.hosting/api/auth/" _get "https://1984.hosting/accounts/login/" | grep "csrfmiddlewaretoken" csrftoken="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')" @@ -185,7 +181,7 @@ _check_cookies() { return 1 fi - _authget "https://1984.hosting/accounts/loginstatus/" + _authget "https://1984.hosting/api/auth/" if _contains "$_response" '"ok": true'; then _debug "Cached cookies still valid." return 0 @@ -215,8 +211,8 @@ _get_root() { return 1 fi - _authget "https://1984.hosting/domains/soacheck/?zone=$h&nameserver=ns0.1984.is." - if _contains "$_response" "serial" && ! _contains "$_response" "null"; then + _authget "https://1984.hosting/domains/zonestatus/$h/?cached=no" + if _contains "$_response" '"ok": true'; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 @@ -250,7 +246,6 @@ _authget() { } # Truncate huge HTML response -# Echo: Argument list too long _htmlget() { export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE" _response=$(_get "$1" | grep "$2") diff --git a/dnsapi/dns_acmedns.sh b/dnsapi/dns_acmedns.sh index 057f9742..f3f50233 100755 --- a/dnsapi/dns_acmedns.sh +++ b/dnsapi/dns_acmedns.sh @@ -1,18 +1,18 @@ #!/usr/bin/env sh -# -#Author: Wolfgang Ebner -#Author: Sven Neubuaer -#Report Bugs here: https://github.com/dampfklon/acme.sh -# -# Usage: -# export ACMEDNS_BASE_URL="https://auth.acme-dns.io" -# -# You can optionally define an already existing account: -# -# export ACMEDNS_USERNAME="" -# export ACMEDNS_PASSWORD="" -# export ACMEDNS_SUBDOMAIN="" -# +# shellcheck disable=SC2034 +dns_acmedns_info='acme-dns Server API + The acme-dns is a limited DNS server with RESTful API to handle ACME DNS challenges. +Site: github.com/joohoi/acme-dns +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_acmedns +Options: + ACMEDNS_USERNAME Username. Optional. + ACMEDNS_PASSWORD Password. Optional. + ACMEDNS_SUBDOMAIN Subdomain. Optional. + ACMEDNS_BASE_URL API endpoint. Default: "https://auth.acme-dns.io". +Issues: github.com/dampfklon/acme.sh +Author: Wolfgang Ebner, Sven Neubuaer +' + ######## Public functions ##################### #Usage: dns_acmedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_acmeproxy.sh b/dnsapi/dns_acmeproxy.sh old mode 100644 new mode 100755 index 9d5533f9..a699f645 --- a/dnsapi/dns_acmeproxy.sh +++ b/dnsapi/dns_acmeproxy.sh @@ -1,9 +1,17 @@ #!/usr/bin/env sh - -## Acmeproxy DNS provider to be used with acmeproxy (https://github.com/mdbraber/acmeproxy) -## API integration by Maarten den Braber -## -## Report any bugs via https://github.com/mdbraber/acme.sh +# shellcheck disable=SC2034 +dns_acmeproxy_info='AcmeProxy Server API + AcmeProxy can be used to as a single host in your network to request certificates through a DNS API. + Clients can connect with the one AcmeProxy host so you do not need to store DNS API credentials on every single host. +Site: github.com/mdbraber/acmeproxy +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_acmeproxy +Options: + ACMEPROXY_ENDPOINT API Endpoint + ACMEPROXY_USERNAME Username + ACMEPROXY_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/2251 +Author: Maarten den Braber +' dns_acmeproxy_add() { fulldomain="${1}" diff --git a/dnsapi/dns_active24.sh b/dnsapi/dns_active24.sh index 862f734f..c56dd363 100755 --- a/dnsapi/dns_active24.sh +++ b/dnsapi/dns_active24.sh @@ -1,6 +1,13 @@ #!/usr/bin/env sh - -#ACTIVE24_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_active24_info='Active24.com +Site: Active24.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_active24 +Options: + ACTIVE24_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2059 +Author: Milan Pála +' ACTIVE24_Api="https://api.active24.com" @@ -76,10 +83,10 @@ _get_root() { return 1 fi - i=2 + i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug "h" "$h" if [ -z "$h" ]; then #not valid @@ -87,7 +94,7 @@ _get_root() { fi if _contains "$response" "\"$h\"" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_ad.sh b/dnsapi/dns_ad.sh index fc4a664b..850af5b4 100755 --- a/dnsapi/dns_ad.sh +++ b/dnsapi/dns_ad.sh @@ -1,12 +1,13 @@ #!/usr/bin/env sh - -# -#AD_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" - -#This is the Alwaysdata api wrapper for acme.sh -# -#Author: Paul Koppen -#Report Bugs here: https://github.com/wpk-/acme.sh +# shellcheck disable=SC2034 +dns_ad_info='AlwaysData.com +Site: AlwaysData.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ad +Options: + AD_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/pull/503 +Author: Paul Koppen +' AD_API_URL="https://$AD_API_KEY:@api.alwaysdata.com/v1" @@ -94,7 +95,7 @@ _get_root() { if _ad_rest GET "domain/"; then response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -105,7 +106,7 @@ _get_root() { if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_ali.sh b/dnsapi/dns_ali.sh index c69839dc..53a82f91 100755 --- a/dnsapi/dns_ali.sh +++ b/dnsapi/dns_ali.sh @@ -1,27 +1,27 @@ #!/usr/bin/env sh - -Ali_API="https://alidns.aliyuncs.com/" - -#Ali_Key="LTqIA87hOKdjevsf5" -#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2" +# shellcheck disable=SC2034 +dns_ali_info='AlibabaCloud.com +Domains: Aliyun.com +Site: AlibabaCloud.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ali +Options: + Ali_Key API Key + Ali_Secret API Secret +' + +# NOTICE: +# This file is referenced by Alibaba Cloud Services deploy hooks +# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 +# Be careful when modifying this file, especially when making breaking changes for common functions + +Ali_DNS_API="https://alidns.aliyuncs.com/" #Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_ali_add() { fulldomain=$1 txtvalue=$2 - Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" - Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}" - if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then - Ali_Key="" - Ali_Secret="" - _err "You don't specify aliyun api key and secret yet." - return 1 - fi - - #save the api key and secret to the account conf file. - _saveaccountconf_mutable Ali_Key "$Ali_Key" - _saveaccountconf_mutable Ali_Secret "$Ali_Secret" + _prepare_ali_credentials || return 1 _debug "First detect the root zone" if ! _get_root "$fulldomain"; then @@ -46,14 +46,74 @@ dns_ali_rm() { _clean } -#################### Private functions below ################################## +#################### Alibaba Cloud common functions below #################### + +_prepare_ali_credentials() { + Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" + Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}" + if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then + Ali_Key="" + Ali_Secret="" + _err "You don't specify aliyun api key and secret yet." + return 1 + fi + + #save the api key and secret to the account conf file. + _saveaccountconf_mutable Ali_Key "$Ali_Key" + _saveaccountconf_mutable Ali_Secret "$Ali_Secret" +} + +# act ign mtd +_ali_rest() { + act="$1" + ign="$2" + mtd="${3:-GET}" + + signature=$(printf "%s" "$mtd&%2F&$(printf "%s" "$query" | _url_encode upper-hex)" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64) + signature=$(printf "%s" "$signature" | _url_encode upper-hex) + url="$endpoint?Signature=$signature" + + if [ "$mtd" = "GET" ]; then + url="$url&$query" + response="$(_get "$url")" + else + response="$(_post "$query" "$url" "" "$mtd" "application/x-www-form-urlencoded")" + fi + + _ret="$?" + _debug2 response "$response" + if [ "$_ret" != "0" ]; then + _err "Error <$act>" + return 1 + fi + + if [ -z "$ign" ]; then + message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" + if [ "$message" ]; then + _err "$message" + return 1 + fi + fi +} + +_ali_nonce() { + #_head_n 1 " - return 1 - fi - - _debug2 response "$response" - if [ -z "$2" ]; then - message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" - if [ "$message" ]; then - _err "$message" - return 1 - fi - fi -} - -_ali_urlencode() { - _str="$1" - _str_len=${#_str} - _u_i=1 - while [ "$_u_i" -le "$_str_len" ]; do - _str_c="$(printf "%s" "$_str" | cut -c "$_u_i")" - case $_str_c in [a-zA-Z0-9.~_-]) - printf "%s" "$_str_c" - ;; - *) - printf "%%%02X" "'$_str_c" - ;; - esac - _u_i="$(_math "$_u_i" + 1)" - done -} - -_ali_nonce() { - #_head_n 1 1" >/dev/null; then _zone="$(echo "$autodns_response" | _egrep_o '[^<]*' | cut -d '>' -f 2 | cut -d '<' -f 1)" _system_ns="$(echo "$autodns_response" | _egrep_o '[^<]*' | cut -d '>' -f 2 | cut -d '<' -f 1)" - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") return 0 fi diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 50c93260..c88c9d9c 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -1,13 +1,15 @@ #!/usr/bin/env sh - -# -#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#AWS_SECRET_ACCESS_KEY="xxxxxxx" - -#This is the Amazon Route53 api wrapper for acme.sh -#All `_sleep` commands are included to avoid Route53 throttling, see -#https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests +# shellcheck disable=SC2034 +dns_aws_info='Amazon AWS Route53 domain API +Site: docs.aws.amazon.com/route53/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_aws +Options: + AWS_ACCESS_KEY_ID API Key ID + AWS_SECRET_ACCESS_KEY API Secret +' + +# All `_sleep` commands are included to avoid Route53 throttling, see +# https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests AWS_HOST="route53.amazonaws.com" AWS_URL="https://$AWS_HOST" @@ -145,7 +147,6 @@ dns_aws_rm() { fi _sleep 1 return 1 - } #################### Private functions below ################################## @@ -157,7 +158,7 @@ _get_root() { # iterate over names (a.b.c.d -> b.c.d -> c.d -> d) while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100 | sed 's/\./\\./g') _debug "Checking domain: $h" if [ -z "$h" ]; then _error "invalid domain" @@ -173,7 +174,7 @@ _get_root() { if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o ".*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>") if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi @@ -207,24 +208,40 @@ _use_container_role() { } _use_instance_role() { - _url="http://169.254.169.254/latest/meta-data/iam/security-credentials/" - _debug "_url" "$_url" - if ! _get "$_url" true 1 | _head_n 1 | grep -Fq 200; then + _instance_role_name_url="http://169.254.169.254/latest/meta-data/iam/security-credentials/" + + if _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 401; then + _debug "Using IMDSv2" + _token_url="http://169.254.169.254/latest/api/token" + export _H1="X-aws-ec2-metadata-token-ttl-seconds: 21600" + _token="$(_post "" "$_token_url" "" "PUT")" + _secure_debug3 "_token" "$_token" + if [ -z "$_token" ]; then + _debug "Unable to fetch IMDSv2 token from instance metadata" + return 1 + fi + export _H1="X-aws-ec2-metadata-token: $_token" + fi + + if ! _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 200; then _debug "Unable to fetch IAM role from instance metadata" return 1 fi - _aws_role=$(_get "$_url" "" 1) - _debug "_aws_role" "$_aws_role" - _use_metadata "$_url$_aws_role" + + _instance_role_name=$(_get "$_instance_role_name_url" "" 1) + _debug "_instance_role_name" "$_instance_role_name" + _use_metadata "$_instance_role_name_url$_instance_role_name" "$_token" + } _use_metadata() { + export _H1="X-aws-ec2-metadata-token: $2" _aws_creds="$( _get "$1" "" 1 | _normalizeJson | tr '{,}' '\n' | while read -r _line; do - _key="$(echo "${_line%%:*}" | tr -d '"')" + _key="$(echo "${_line%%:*}" | tr -d '\"')" _value="${_line#*:}" _debug3 "_key" "$_key" _secure_debug3 "_value" "$_value" diff --git a/dnsapi/dns_azion.sh b/dnsapi/dns_azion.sh index f215686d..1375e32f 100644 --- a/dnsapi/dns_azion.sh +++ b/dnsapi/dns_azion.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -#AZION_Email="" -#AZION_Password="" -# +# shellcheck disable=SC2034 +dns_azion_info='Azion.om +Site: Azion.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_azion +Options: + AZION_Email Email + AZION_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/3555 +' AZION_Api="https://api.azionapi.net" @@ -96,7 +100,7 @@ _get_root() { fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then # not valid @@ -107,7 +111,7 @@ _get_root() { _domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 1c33c13a..3f0dfa3d 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -1,13 +1,25 @@ #!/usr/bin/env sh - -WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS" +# shellcheck disable=SC2034 +dns_azure_info='Azure +Site: Azure.microsoft.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_azure +Options: + AZUREDNS_SUBSCRIPTIONID Subscription ID + AZUREDNS_TENANTID Tenant ID + AZUREDNS_APPID App ID. App ID of the service principal + AZUREDNS_CLIENTSECRET Client Secret. Secret from creating the service principal + AZUREDNS_MANAGEDIDENTITY Use Managed Identity. Use Managed Identity assigned to a resource instead of a service principal. "true"/"false" + AZUREDNS_BEARERTOKEN Optional Bearer Token. Used instead of service principal credentials or managed identity +' + +wiki=https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS ######## Public functions ##################### # Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Used to add txt record # -# Ref: https://docs.microsoft.com/en-us/rest/api/dns/recordsets/createorupdate +# Ref: https://learn.microsoft.com/en-us/rest/api/dns/record-sets/create-or-update?view=rest-dns-2018-05-01&tabs=HTTP # dns_azure_add() { @@ -20,6 +32,7 @@ dns_azure_add() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure Subscription ID" return 1 fi @@ -34,37 +47,45 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_TENANTID "" _saveaccountconf_mutable AZUREDNS_APPID "" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "" + _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "" else - _info "You didn't ask to use Azure managed identity, checking service principal credentials" + _info "You didn't ask to use Azure managed identity, checking service principal credentials or provided bearer token" AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_TENANTID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" + _err "You didn't specify the Azure Tenant ID " + return 1 + fi - if [ -z "$AZUREDNS_TENANTID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Tenant ID " - return 1 - fi - - if [ -z "$AZUREDNS_APPID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure App ID" - return 1 - fi + if [ -z "$AZUREDNS_APPID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" + _err "You didn't specify the Azure App ID" + return 1 + fi - if [ -z "$AZUREDNS_CLIENTSECRET" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Client Secret" - return 1 + if [ -z "$AZUREDNS_CLIENTSECRET" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" + _err "You didn't specify the Azure Client Secret" + return 1 + fi + else + _info "Using provided bearer token" fi #save account details to account conf file, don't opt in for azure manages identity check. @@ -72,9 +93,14 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" + _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "$AZUREDNS_BEARERTOKEN" fi - accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + else + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") + fi if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" @@ -124,7 +150,7 @@ dns_azure_add() { # Usage: fulldomain txtvalue # Used to remove the txt record after validation # -# Ref: https://docs.microsoft.com/en-us/rest/api/dns/recordsets/delete +# Ref: https://learn.microsoft.com/en-us/rest/api/dns/record-sets/delete?view=rest-dns-2018-05-01&tabs=HTTP # dns_azure_rm() { fulldomain=$1 @@ -136,6 +162,7 @@ dns_azure_rm() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure Subscription ID " return 1 fi @@ -144,40 +171,51 @@ dns_azure_rm() { if [ "$AZUREDNS_MANAGEDIDENTITY" = true ]; then _info "Using Azure managed identity" else - _info "You didn't ask to use Azure managed identity, checking service principal credentials" + _info "You didn't ask to use Azure managed identity, checking service principal credentials or provided bearer token" AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_TENANTID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" + _err "You didn't specify the Azure Tenant ID " + return 1 + fi - if [ -z "$AZUREDNS_TENANTID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Tenant ID " - return 1 - fi - - if [ -z "$AZUREDNS_APPID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure App ID" - return 1 - fi + if [ -z "$AZUREDNS_APPID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" + _err "You didn't specify the Azure App ID" + return 1 + fi - if [ -z "$AZUREDNS_CLIENTSECRET" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Client Secret" - return 1 + if [ -z "$AZUREDNS_CLIENTSECRET" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" + _err "You didn't specify the Azure Client Secret" + return 1 + fi + else + _info "Using provided bearer token" fi fi - accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + else + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") + fi if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" @@ -256,10 +294,10 @@ _azure_rest() { if [ "$_code" = "401" ]; then # we have an invalid access token set to expired _saveaccountconf_mutable AZUREDNS_TOKENVALIDTO "0" - _err "access denied make sure your Azure settings are correct. See $WIKI" + _err "Access denied. Invalid access token. Make sure your Azure settings are correct. See: $wiki" return 1 fi - # See https://docs.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes + # See https://learn.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes if [ "$_ret" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then _request_retry_times="$(_math "$_request_retry_times" + 1)" _info "REST call error $_code retrying $ep in $_request_retry_times s" @@ -277,14 +315,14 @@ _azure_rest() { return 0 } -## Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token +## Ref: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#request-an-access-token _azure_getaccess_token() { managedIdentity=$1 tenantID=$2 clientID=$3 clientSecret=$4 - accesstoken="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" + accesstoken="${AZUREDNS_ACCESSTOKEN:-$(_readaccountconf_mutable AZUREDNS_ACCESSTOKEN)}" expires_on="${AZUREDNS_TOKENVALIDTO:-$(_readaccountconf_mutable AZUREDNS_TOKENVALIDTO)}" # can we reuse the bearer token? @@ -301,7 +339,7 @@ _azure_getaccess_token() { _debug "getting new bearer token" if [ "$managedIdentity" = true ]; then - # https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http + # https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http export _H1="Metadata: true" response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)" response="$(echo "$response" | _normalizeJson)" @@ -321,14 +359,14 @@ _azure_getaccess_token() { fi if [ -z "$accesstoken" ]; then - _err "no acccess token received. Check your Azure settings see $WIKI" + _err "No acccess token received. Check your Azure settings. See: $wiki" return 1 fi if [ "$_ret" != "0" ]; then _err "error $response" return 1 fi - _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "$accesstoken" + _saveaccountconf_mutable AZUREDNS_ACCESSTOKEN "$accesstoken" _saveaccountconf_mutable AZUREDNS_TOKENVALIDTO "$expires_on" printf "%s" "$accesstoken" return 0 @@ -341,15 +379,18 @@ _get_root() { i=1 p=1 - ## Ref: https://docs.microsoft.com/en-us/rest/api/dns/zones/list - ## returns up to 100 zones in one response therefore handling more results is not not implemented - ## (ZoneListResult with continuation token for the next page of results) - ## Per https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#dns-limits you are limited to 100 Zone/subscriptions anyways + ## Ref: https://learn.microsoft.com/en-us/rest/api/dns/zones/list?view=rest-dns-2018-05-01&tabs=HTTP + ## returns up to 100 zones in one response. Handling more results is not implemented + ## (ZoneListResult with continuation token for the next page of results) + ## + ## TODO: handle more than 100 results, as per: + ## https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-dns-limits + ## The new limit is 250 Public DNS zones per subscription, while the old limit was only 100 ## _azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\$top=500&api-version=2017-09-01" "" "$accesstoken" # Find matching domain name in Json response while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug2 "Checking domain: $h" if [ -z "$h" ]; then #not valid @@ -364,7 +405,7 @@ _get_root() { #create the record at the domain apex (@) if only the domain name was provided as --domain-alias _sub_domain="@" else - _sub_domain=$(echo "$domain" | cut -d . -f 1-$p) + _sub_domain=$(echo "$domain" | cut -d . -f 1-"$p") fi _domain=$h return 0 diff --git a/dnsapi/dns_bookmyname.sh b/dnsapi/dns_bookmyname.sh index 62548fd0..668cf074 100644 --- a/dnsapi/dns_bookmyname.sh +++ b/dnsapi/dns_bookmyname.sh @@ -1,18 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_bookmyname_info='BookMyName.com +Site: BookMyName.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bookmyname +Options: + BOOKMYNAME_USERNAME Username + BOOKMYNAME_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/3209 +Author: Neilpang +' -#Here is a sample custom api script. -#This file name is "dns_bookmyname.sh" -#So, here must be a method dns_bookmyname_add() -#Which will be called by acme.sh to add the txt record to your api system. -#returns 0 means success, otherwise error. -# -#Author: Neilpang -#Report Bugs here: https://github.com/acmesh-official/acme.sh -# ######## Public functions ##################### -# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide - # BookMyName urls: # https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' # https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' diff --git a/dnsapi/dns_bunny.sh b/dnsapi/dns_bunny.sh index a9b1ea5a..780198e1 100644 --- a/dnsapi/dns_bunny.sh +++ b/dnsapi/dns_bunny.sh @@ -1,16 +1,13 @@ #!/usr/bin/env sh - -## Will be called by acme.sh to add the TXT record via the Bunny DNS API. -## returns 0 means success, otherwise error. - -## Author: nosilver4u -## GitHub: https://github.com/nosilver4u/acme.sh - -## -## Environment Variables Required: -## -## BUNNY_API_KEY="75310dc4-ca77-9ac3-9a19-f6355db573b49ce92ae1-2655-3ebd-61ac-3a3ae34834cc" -## +# shellcheck disable=SC2034 +dns_bunny_info='Bunny.net +Site: Bunny.net/dns/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bunny +Options: + BUNNY_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/4296 +Author: +' ##################### Public functions ##################### @@ -199,7 +196,7 @@ _get_base_domain() { _debug2 domain_list "$domain_list" i=1 - while [ $i -gt 0 ]; do + while [ "$i" -gt 0 ]; do ## get next longest domain _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM") ## check we got something back from our cut (or are we at the end) @@ -211,7 +208,7 @@ _get_base_domain() { ## check if it exists if [ -n "$found" ]; then ## exists - exit loop returning the parts - sub_point=$(_math $i - 1) + sub_point=$(_math "$i" - 1) _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") _domain_id="$(echo "$found" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")" _debug _domain_id "$_domain_id" @@ -221,11 +218,11 @@ _get_base_domain() { return 0 fi ## increment cut point $i - i=$(_math $i + 1) + i=$(_math "$i" + 1) done if [ -z "$found" ]; then - page=$(_math $page + 1) + page=$(_math "$page" + 1) nextpage="https://api.bunny.net/dnszone?page=$page" ## Find the next page if we don't have a match. hasnextpage="$(echo "$domain_list" | _egrep_o "\"HasMoreItems\"\s*:\s*true")" diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index cd8d9a8d..736742f3 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -1,13 +1,16 @@ #!/usr/bin/env sh - -# -#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#CF_Email="xxxx@sss.com" - -#CF_Token="xxxx" -#CF_Account_ID="xxxx" -#CF_Zone_ID="xxxx" +# shellcheck disable=SC2034 +dns_cf_info='CloudFlare +Site: CloudFlare.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf +Options: + CF_Key API Key + CF_Email Your account email +OptionsAlt: + CF_Token API Token + CF_Account_ID Account ID + CF_Zone_ID Zone ID. Optional. +' CF_Api="https://api.cloudflare.com/client/v4" @@ -183,7 +186,7 @@ _get_root() { fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -203,7 +206,7 @@ _get_root() { if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_clouddns.sh b/dnsapi/dns_clouddns.sh index 31ae4ee9..b78d70a4 100755 --- a/dnsapi/dns_clouddns.sh +++ b/dnsapi/dns_clouddns.sh @@ -1,10 +1,15 @@ #!/usr/bin/env sh - -# Author: Radek Sprta - -#CLOUDDNS_EMAIL=XXXXX -#CLOUDDNS_PASSWORD="YYYYYYYYY" -#CLOUDDNS_CLIENT_ID=XXXXX +# shellcheck disable=SC2034 +dns_clouddns_info='vshosting.cz CloudDNS +Site: github.com/vshosting/clouddns +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_clouddns +Options: + CLOUDDNS_EMAIL Email + CLOUDDNS_PASSWORD Password + CLOUDDNS_CLIENT_ID Client ID +Issues: github.com/acmesh-official/acme.sh/issues/2699 +Author: Radek Sprta +' CLOUDDNS_API='https://admin.vshosting.cloud/clouddns' CLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login' diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 8d7fd437..8bb0e00d 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -1,12 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_cloudns_info='ClouDNS.net +Site: ClouDNS.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cloudns +Options: + CLOUDNS_AUTH_ID Regular auth ID + CLOUDNS_SUB_AUTH_ID Sub auth ID + CLOUDNS_AUTH_PASSWORD Auth Password +Author: Boyan Peychev +' -# Author: Boyan Peychev -# Repository: https://github.com/ClouDNS/acme.sh/ -# Editor: I Komang Suryadana - -#CLOUDNS_AUTH_ID=XXXXX -#CLOUDNS_SUB_AUTH_ID=XXXXX -#CLOUDNS_AUTH_PASSWORD="YYYYYYYYY" CLOUDNS_API="https://api.cloudns.net" DOMAIN_TYPE= DOMAIN_MASTER= @@ -161,7 +164,7 @@ _dns_cloudns_get_zone_info() { _dns_cloudns_get_zone_name() { i=2 while true; do - zoneForCheck=$(printf "%s" "$1" | cut -d . -f $i-100) + zoneForCheck=$(printf "%s" "$1" | cut -d . -f "$i"-100) if [ -z "$zoneForCheck" ]; then return 1 diff --git a/dnsapi/dns_cn.sh b/dnsapi/dns_cn.sh index 38d1f4aa..79698e88 100644 --- a/dnsapi/dns_cn.sh +++ b/dnsapi/dns_cn.sh @@ -1,7 +1,14 @@ #!/usr/bin/env sh - -# DNS API for acme.sh for Core-Networks (https://beta.api.core-networks.de/doc/). -# created by 5ll and francis +# shellcheck disable=SC2034 +dns_cn_info='Core-Networks.de +Site: beta.api.Core-Networks.de/doc/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cn +Options: + CN_User User + CN_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2142 +Author: 5ll, francis +' CN_API="https://beta.api.core-networks.de" @@ -124,7 +131,7 @@ _cn_get_root() { p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" _debug _H1 "${_H1}" @@ -142,7 +149,7 @@ _cn_get_root() { fi if _contains "$_cn_zonelist" "\"name\":\"$h\"" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 else diff --git a/dnsapi/dns_conoha.sh b/dnsapi/dns_conoha.sh index ddc32074..ecd56fc8 100755 --- a/dnsapi/dns_conoha.sh +++ b/dnsapi/dns_conoha.sh @@ -1,4 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_conoha_info='ConoHa.jp +Domains: ConoHa.io +Site: ConoHa.jp +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_conoha +Options: + CONOHA_Username Username + CONOHA_Password Password + CONOHA_TenantId TenantId + CONOHA_IdentityServiceApi Identity Service API. E.g. "https://identity.xxxx.conoha.io/v2.0" +' CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\." @@ -226,7 +237,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100). + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100). _debug h "$h" if [ -z "$h" ]; then #not valid @@ -240,7 +251,7 @@ _get_root() { if _contains "$response" "\"name\":\"$h\"" >/dev/null; then _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index 69d216f0..6a50e199 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -1,10 +1,16 @@ #!/usr/bin/env sh - -# Author: Wout Decre +# shellcheck disable=SC2034 +dns_constellix_info='Constellix.com +Site: Constellix.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_constellix +Options: + CONSTELLIX_Key API Key + CONSTELLIX_Secret API Secret +Issues: github.com/acmesh-official/acme.sh/issues/2724 +Author: Wout Decre +' CONSTELLIX_Api="https://api.dns.constellix.com/v1" -#CONSTELLIX_Key="XXX" -#CONSTELLIX_Secret="XXX" ######## Public functions ##################### @@ -116,7 +122,7 @@ _get_root() { p=1 _debug "Detecting root zone" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then return 1 fi @@ -128,7 +134,7 @@ _get_root() { if _contains "$response" "\"name\":\"$h\""; then _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2) if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-"$p") _domain="$h" _debug _domain_id "$_domain_id" diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index f6126bcb..a6991403 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -1,18 +1,18 @@ #!/usr/bin/env sh -# -#Author: Bjarne Saltbaek -#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 -# -# +# shellcheck disable=SC2034 +dns_cpanel_info='cPanel Server API + Manage DNS via cPanel Dashboard. +Site: cPanel.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_cpanel +Options: + cPanel_Username Username + cPanel_Apitoken API Token + cPanel_Hostname Server URL. E.g. "https://hostname:port" +Issues: github.com/acmesh-official/acme.sh/issues/3732 +Author: Bjarne Saltbaek +' + ######## Public functions ##################### -# -# Export CPANEL username,api token and hostname in the following variables -# -# cPanel_Username=username -# cPanel_Apitoken=apitoken -# cPanel_Hostname=hostname -# -# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Used to add txt record dns_cpanel_add() { diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 4b39f365..f57afa1f 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -1,9 +1,15 @@ #!/usr/bin/env sh - -#Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management. -#Requires api credentials with scope: dns -#Author: Peter L. Hansen -#Version 1.0 +# shellcheck disable=SC2034 +dns_curanet_info='Curanet.dk +Domains: scannet.dk wannafind.dk dandomain.dk +Site: Curanet.dk +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_curanet +Options: + CURANET_AUTHCLIENTID Auth ClientID. Requires scope dns + CURANET_AUTHSECRET Auth Secret +Issues: github.com/acmesh-official/acme.sh/issues/3933 +Author: Peter L. Hansen +' CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token" @@ -136,7 +142,7 @@ _get_root() { i=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid diff --git a/dnsapi/dns_cyon.sh b/dnsapi/dns_cyon.sh index 830e8831..04a515aa 100644 --- a/dnsapi/dns_cyon.sh +++ b/dnsapi/dns_cyon.sh @@ -1,21 +1,15 @@ #!/usr/bin/env sh - -######## -# Custom cyon.ch DNS API for use with [acme.sh](https://github.com/acmesh-official/acme.sh) -# -# Usage: acme.sh --issue --dns dns_cyon -d www.domain.com -# -# Dependencies: -# ------------- -# - oathtool (When using 2 Factor Authentication) -# -# Issues: -# ------- -# Any issues / questions / suggestions can be posted here: -# https://github.com/noplanman/cyon-api/issues -# -# Author: Armando Lüscher -######## +# shellcheck disable=SC2034 +dns_cyon_info='cyon.ch +Site: cyon.ch +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cyon +Options: + CY_Username Username + CY_Password API Token + CY_OTP_Secret OTP token. Only required if using 2FA +Issues: github.com/noplanman/cyon-api/issues +Author: Armando Lüscher +' dns_cyon_add() { _cyon_load_credentials && diff --git a/dnsapi/dns_da.sh b/dnsapi/dns_da.sh index 4d3e09b1..36251b05 100755 --- a/dnsapi/dns_da.sh +++ b/dnsapi/dns_da.sh @@ -1,31 +1,14 @@ #!/usr/bin/env sh -# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*- -# vim: et ts=2 sw=2 -# -# DirectAdmin 1.41.0 API -# The DirectAdmin interface has it's own Let's encrypt functionality, but this -# script can be used to generate certificates for names which are not hosted on -# DirectAdmin -# -# User must provide login data and URL to DirectAdmin incl. port. -# You can create login key, by using the Login Keys function -# ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to -# - CMD_API_DNS_CONTROL -# - CMD_API_SHOW_DOMAINS -# -# See also https://www.directadmin.com/api.php and -# https://www.directadmin.com/features.php?id=1298 -# -# Report bugs to https://github.com/TigerP/acme.sh/issues -# -# Values to export: -# export DA_Api="https://remoteUser:remotePassword@da.example.com:8443" -# export DA_Api_Insecure=1 -# -# Set DA_Api_Insecure to 1 for insecure and 0 for secure -> difference is -# whether ssl cert is checked for validity (0) or whether it is just accepted -# (1) -# +# shellcheck disable=SC2034 +dns_da_info='DirectAdmin Server API +Site: DirectAdmin.com/api.php +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_da +Options: + DA_Api API Server URL. E.g. "https://remoteUser:remotePassword@da.domain.tld:8443" + DA_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept +Issues: github.com/TigerP/acme.sh/issues +' + ######## Public functions ##################### # Usage: dns_myapi_add _acme-challenge.www.example.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -78,7 +61,7 @@ _get_root() { # response will contain "list[]=example.com&list[]=example.org" _da_api CMD_API_SHOW_DOMAINS "" "${domain}" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then # not valid @@ -86,7 +69,7 @@ _get_root() { return 1 fi if _contains "$response" "$h" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_ddnss.sh b/dnsapi/dns_ddnss.sh index b9da33ff..118b148b 100644 --- a/dnsapi/dns_ddnss.sh +++ b/dnsapi/dns_ddnss.sh @@ -1,16 +1,13 @@ #!/usr/bin/env sh - -#Created by RaidenII, to use DuckDNS's API to add/remove text records -#modified by helbgd @ 03/13/2018 to support ddnss.de -#modified by mod242 @ 04/24/2018 to support different ddnss domains -#Please note: the Wildcard Feature must be turned on for the Host record -#and the checkbox for TXT needs to be enabled - -# Pass credentials before "acme.sh --issue --dns dns_ddnss ..." -# -- -# export DDNSS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" -# -- -# +# shellcheck disable=SC2034 +dns_ddnss_info='DDNSS.de +Site: DDNSS.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ddnss +Options: + DDNSS_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2230 +Author: RaidenII, helbgd, mod242 +' DDNSS_DNS_API="https://ddnss.de/upd.php" diff --git a/dnsapi/dns_desec.sh b/dnsapi/dns_desec.sh index 495a6780..d6b9c355 100644 --- a/dnsapi/dns_desec.sh +++ b/dnsapi/dns_desec.sh @@ -1,11 +1,13 @@ #!/usr/bin/env sh -# -# deSEC.io Domain API -# -# Author: Zheng Qian -# -# deSEC API doc -# https://desec.readthedocs.io/en/latest/ +# shellcheck disable=SC2034 +dns_desec_info='deSEC.io +Site: desec.readthedocs.io/en/latest/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_desec +Options: + DDNSS_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2180 +Author: Zheng Qian +' REST_API="https://desec.io/api/v1/domains" @@ -174,7 +176,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -186,7 +188,7 @@ _get_root() { fi if _contains "$response" "\"name\":\"$h\"" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_df.sh b/dnsapi/dns_df.sh index c0499ddf..513e350c 100644 --- a/dnsapi/dns_df.sh +++ b/dnsapi/dns_df.sh @@ -1,18 +1,15 @@ #!/usr/bin/env sh - -######################################################################## -# https://dyndnsfree.de hook script for acme.sh -# -# Environment variables: -# -# - $DF_user (your dyndnsfree.de username) -# - $DF_password (your dyndnsfree.de password) -# -# Author: Thilo Gass -# Git repo: https://github.com/ThiloGa/acme.sh - -#-- dns_df_add() - Add TXT record -------------------------------------- -# Usage: dns_df_add _acme-challenge.subdomain.domain.com "XyZ123..." +# shellcheck disable=SC2034 +dns_df_info='DynDnsFree.de +Domains: dynup.de +Site: DynDnsFree.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_df +Options: + DF_user Username + DF_password Password +Issues: github.com/acmesh-official/acme.sh/issues/2897 +Author: Thilo Gass +' dyndnsfree_api="https://dynup.de/acme.php" diff --git a/dnsapi/dns_dgon.sh b/dnsapi/dns_dgon.sh index afe1b32e..cb887cfa 100755 --- a/dnsapi/dns_dgon.sh +++ b/dnsapi/dns_dgon.sh @@ -1,16 +1,12 @@ #!/usr/bin/env sh - -## Will be called by acme.sh to add the txt record to your api system. -## returns 0 means success, otherwise error. - -## Author: thewer -## GitHub: https://github.com/gitwer/acme.sh - -## -## Environment Variables Required: -## -## DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc" -## +# shellcheck disable=SC2034 +dns_dgon_info='DigitalOcean.com +Site: DigitalOcean.com/help/api/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dgon +Options: + DO_API_KEY API Key +Author: +' ##################### Public functions ##################### @@ -207,7 +203,7 @@ _get_base_domain() { _debug2 domain_list "$domain_list" i=1 - while [ $i -gt 0 ]; do + while [ "$i" -gt 0 ]; do ## get next longest domain _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM") ## check we got something back from our cut (or are we at the end) @@ -219,14 +215,14 @@ _get_base_domain() { ## check if it exists if [ -n "$found" ]; then ## exists - exit loop returning the parts - sub_point=$(_math $i - 1) + sub_point=$(_math "$i" - 1) _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") _debug _domain "$_domain" _debug _sub_domain "$_sub_domain" return 0 fi ## increment cut point $i - i=$(_math $i + 1) + i=$(_math "$i" + 1) done if [ -z "$found" ]; then diff --git a/dnsapi/dns_dnsexit.sh b/dnsapi/dns_dnsexit.sh index 62d7d757..ec3b07a4 100644 --- a/dnsapi/dns_dnsexit.sh +++ b/dnsapi/dns_dnsexit.sh @@ -1,13 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_dnsexit_info='DNSExit.com +Site: DNSExit.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsexit +Options: + DNSEXIT_API_KEY API Key + DNSEXIT_AUTH_USER Username + DNSEXIT_AUTH_PASS Password +Issues: github.com/acmesh-official/acme.sh/issues/4719 +Author: Samuel Jimenez +' -#use dns-01 at DNSExit.com - -#Author: Samuel Jimenez -#Report Bugs here: https://github.com/acmesh-official/acme.sh - -#DNSEXIT_API_KEY=ABCDEFGHIJ0123456789abcdefghij -#DNSEXIT_AUTH_USER=login@email.address -#DNSEXIT_AUTH_PASS=aStrongPassword DNSEXIT_API_URL="https://api.dnsexit.com/dns/" DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp" @@ -81,7 +84,7 @@ _get_root() { domain=$1 i=1 while true; do - _domain=$(printf "%s" "$domain" | cut -d . -f $i-100) + _domain=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$_domain" if [ -z "$_domain" ]; then return 1 diff --git a/dnsapi/dns_dnshome.sh b/dnsapi/dns_dnshome.sh index 99608769..59828796 100755 --- a/dnsapi/dns_dnshome.sh +++ b/dnsapi/dns_dnshome.sh @@ -1,15 +1,14 @@ #!/usr/bin/env sh - -# dnsHome.de API for acme.sh -# -# This Script adds the necessary TXT record to a Subdomain -# -# Author dnsHome.de (https://github.com/dnsHome-de) -# -# Report Bugs to https://github.com/acmesh-official/acme.sh/issues/3819 -# -# export DNSHOME_Subdomain="" -# export DNSHOME_SubdomainPassword="" +# shellcheck disable=SC2034 +dns_dnshome_info='dnsHome.de +Site: dnsHome.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnshome +Options: + DNSHOME_Subdomain Subdomain + DNSHOME_SubdomainPassword Subdomain Password +Issues: github.com/acmesh-official/acme.sh/issues/3819 +Author: dnsHome.de https://github.com/dnsHome-de +' # Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Used to add txt record diff --git a/dnsapi/dns_dnsimple.sh b/dnsapi/dns_dnsimple.sh index d831eb2b..10a3821d 100644 --- a/dnsapi/dns_dnsimple.sh +++ b/dnsapi/dns_dnsimple.sh @@ -1,12 +1,12 @@ #!/usr/bin/env sh - -# DNSimple domain api -# https://github.com/pho3nixf1re/acme.sh/issues -# -# This is your oauth token which can be acquired on the account page. Please -# note that this must be an _account_ token and not a _user_ token. -# https://dnsimple.com/a//account/access_tokens -# DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_dnsimple_info='DNSimple.com +Site: DNSimple.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dnsimple +Options: + DNSimple_OAUTH_TOKEN OAuth Token +Issues: github.com/pho3nixf1re/acme.sh/issues +' DNSimple_API="https://api.dnsimple.com/v2" @@ -92,7 +92,7 @@ _get_root() { i=2 previous=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then # not valid return 1 @@ -105,7 +105,7 @@ _get_root() { if _contains "$response" 'not found'; then _debug "$h not found" else - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$previous) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$previous") _domain="$h" _debug _domain "$_domain" diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 008153a4..44cc6f45 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -1,12 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_dnsservices_info='DNS.Services +Site: DNS.Services +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsservices +Options: + DnsServices_Username Username + DnsServices_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/4152 +Author: Bjarke Bruun +' -#This file name is "dns_dnsservices.sh" -#Script for Danish DNS registra and DNS hosting provider https://dns.services - -#Author: Bjarke Bruun -#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 - -# Global variable to connect to the DNS.Services API DNSServices_API=https://dns.services/api ######## Public functions ##################### diff --git a/dnsapi/dns_do.sh b/dnsapi/dns_do.sh deleted file mode 100755 index 3850890c..00000000 --- a/dnsapi/dns_do.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/env sh - -# DNS API for Domain-Offensive / Resellerinterface / Domainrobot - -# Report bugs at https://github.com/seidler2547/acme.sh/issues - -# set these environment variables to match your customer ID and password: -# DO_PID="KD-1234567" -# DO_PW="cdfkjl3n2" - -DO_URL="https://soap.resellerinterface.de/" - -######## Public functions ##################### - -#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_do_add() { - fulldomain=$1 - txtvalue=$2 - if _dns_do_authenticate; then - _info "Adding TXT record to ${_domain} as ${fulldomain}" - _dns_do_soap createRR origin "${_domain}" name "${fulldomain}" type TXT data "${txtvalue}" ttl 300 - if _contains "${response}" '>success<'; then - return 0 - fi - _err "Could not create resource record, check logs" - fi - return 1 -} - -#fulldomain -dns_do_rm() { - fulldomain=$1 - if _dns_do_authenticate; then - if _dns_do_list_rrs; then - _dns_do_had_error=0 - for _rrid in ${_rr_list}; do - _info "Deleting resource record $_rrid for $_domain" - _dns_do_soap deleteRR origin "${_domain}" rrid "${_rrid}" - if ! _contains "${response}" '>success<'; then - _dns_do_had_error=1 - _err "Could not delete resource record for ${_domain}, id ${_rrid}" - fi - done - return $_dns_do_had_error - fi - fi - return 1 -} - -#################### Private functions below ################################## -_dns_do_authenticate() { - _info "Authenticating as ${DO_PID}" - _dns_do_soap authPartner partner "${DO_PID}" password "${DO_PW}" - if _contains "${response}" '>success<'; then - _get_root "$fulldomain" - _debug "_domain $_domain" - return 0 - else - _err "Authentication failed, are DO_PID and DO_PW set correctly?" - fi - return 1 -} - -_dns_do_list_rrs() { - _dns_do_soap getRRList origin "${_domain}" - if ! _contains "${response}" 'SOAP-ENC:Array'; then - _err "getRRList origin ${_domain} failed" - return 1 - fi - _rr_list="$(echo "${response}" | - tr -d "\n\r\t" | - sed -e 's//\n/g' | - grep ">$(_regexcape "$fulldomain")" | - sed -e 's/<\/item>/\n/g' | - grep '>id[0-9]{1,16}<' | - tr -d '><')" - [ "${_rr_list}" ] -} - -_dns_do_soap() { - func="$1" - shift - # put the parameters to xml - body="" - while [ "$1" ]; do - _k="$1" - shift - _v="$1" - shift - body="$body<$_k>$_v" - done - body="$body" - _debug2 "SOAP request ${body}" - - # build SOAP XML - _xml=' - - '"$body"' -' - - # set SOAP headers - export _H1="SOAPAction: ${DO_URL}#${func}" - - if ! response="$(_post "${_xml}" "${DO_URL}")"; then - _err "Error <$1>" - return 1 - fi - _debug2 "SOAP response $response" - - # retrieve cookie header - _H2="$(_egrep_o 'Cookie: [^;]+' <"$HTTP_HEADER" | _head_n 1)" - export _H2 - - return 0 -} - -_get_root() { - domain=$1 - i=1 - - _dns_do_soap getDomainList - _all_domains="$(echo "${response}" | - tr -d "\n\r\t " | - _egrep_o 'domain]+>[^<]+' | - sed -e 's/^domain<\/key>]*>//g')" - - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if [ -z "$h" ]; then - return 1 - fi - - if _contains "${_all_domains}" "^$(_regexcape "$h")\$"; then - _domain="$h" - return 0 - fi - - i=$(_math $i + 1) - done - _debug "$domain not found" - - return 1 -} - -_regexcape() { - echo "$1" | sed -e 's/\([]\.$*^[]\)/\\\1/g' -} diff --git a/dnsapi/dns_doapi.sh b/dnsapi/dns_doapi.sh index a001d52c..0804f2e6 100755 --- a/dnsapi/dns_doapi.sh +++ b/dnsapi/dns_doapi.sh @@ -1,14 +1,16 @@ #!/usr/bin/env sh - -# Official Let's Encrypt API for do.de / Domain-Offensive -# -# This is different from the dns_do adapter, because dns_do is only usable for enterprise customers -# This API is also available to private customers/individuals -# -# Provide the required LetsEncrypt token like this: -# DO_LETOKEN="FmD408PdqT1E269gUK57" - -DO_API="https://www.do.de/api/letsencrypt" +# shellcheck disable=SC2034 +dns_doapi_info='Domain-Offensive do.de + Official LetsEncrypt API for do.de / Domain-Offensive. + This API is also available to private customers/individuals. +Site: do.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_doapi +Options: + DO_LETOKEN LetsEncrypt Token +Issues: github.com/acmesh-official/acme.sh/issues/2057 +' + +DO_API="https://my.do.de/api/letsencrypt" ######## Public functions ##################### diff --git a/dnsapi/dns_domeneshop.sh b/dnsapi/dns_domeneshop.sh index 9a3791f4..925ca335 100644 --- a/dnsapi/dns_domeneshop.sh +++ b/dnsapi/dns_domeneshop.sh @@ -1,4 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_domeneshop_info='DomeneShop.no +Site: DomeneShop.no +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_domeneshop +Options: + DOMENESHOP_Token Token + DOMENESHOP_Secret Secret +Issues: github.com/acmesh-official/acme.sh/issues/2457 +' DOMENESHOP_Api_Endpoint="https://api.domeneshop.no/v0" @@ -84,7 +93,7 @@ _get_domainid() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug "h" "$h" if [ -z "$h" ]; then #not valid @@ -93,7 +102,7 @@ _get_domainid() { if _contains "$response" "\"$h\"" >/dev/null; then # We have found the domain name. - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h _domainid=$(printf "%s" "$response" | _egrep_o "[^{]*\"domain\":\"$_domain\"[^}]*" | _egrep_o "\"id\":[0-9]+" | cut -d : -f 2) return 0 diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 9b8b7a8b..7bc331e2 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -1,10 +1,12 @@ #!/usr/bin/env sh - -# Dnspod.cn Domain api -# -#DP_Id="1234" -# -#DP_Key="sADDsdasdgdsf" +# shellcheck disable=SC2034 +dns_dp_info='DNSPod.cn +Site: DNSPod.cn +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dp +Options: + DP_Id Id + DP_Key Key +' REST_API="https://dnsapi.cn" @@ -107,7 +109,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -121,7 +123,7 @@ _get_root() { _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _debug _sub_domain "$_sub_domain" _domain="$h" _debug _domain "$_domain" diff --git a/dnsapi/dns_dpi.sh b/dnsapi/dns_dpi.sh index 2955effd..e8b9b5a5 100755 --- a/dnsapi/dns_dpi.sh +++ b/dnsapi/dns_dpi.sh @@ -1,10 +1,12 @@ #!/usr/bin/env sh - -# Dnspod.com Domain api -# -#DPI_Id="1234" -# -#DPI_Key="sADDsdasdgdsf" +# shellcheck disable=SC2034 +dns_dpi_info='DNSPod.com +Site: DNSPod.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dpi +Options: + DPI_Id Id + DPI_Key Key +' REST_API="https://api.dnspod.com" @@ -107,7 +109,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -121,7 +123,7 @@ _get_root() { _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _debug _sub_domain "$_sub_domain" _domain="$h" _debug _domain "$_domain" diff --git a/dnsapi/dns_dreamhost.sh b/dnsapi/dns_dreamhost.sh index a4017938..ce4fff87 100644 --- a/dnsapi/dns_dreamhost.sh +++ b/dnsapi/dns_dreamhost.sh @@ -1,10 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_dreamhost_info='DreamHost.com +Site: DreamHost.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dreamhost +Options: + DH_API_KEY API Key +Issues: github.com/RhinoLance/acme.sh +Author: RhinoLance +' -#Author: RhinoLance -#Report Bugs here: https://github.com/RhinoLance/acme.sh -# - -#define the api endpoint DH_API_ENDPOINT="https://api.dreamhost.com/" querystring="" diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index d6e1dbdc..71594873 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -1,14 +1,12 @@ #!/usr/bin/env sh - -#Created by RaidenII, to use DuckDNS's API to add/remove text records -#06/27/2017 - -# Pass credentials before "acme.sh --issue --dns dns_duckdns ..." -# -- -# export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" -# -- -# -# Due to the fact that DuckDNS uses StartSSL as cert provider, --insecure may need to be used with acme.sh +# shellcheck disable=SC2034 +dns_duckdns_info='DuckDNS.org +Site: www.DuckDNS.org +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns +Options: + DuckDNS_Token API Token +Author: RaidenII +' DuckDNS_API="https://www.duckdns.org/update" diff --git a/dnsapi/dns_durabledns.sh b/dnsapi/dns_durabledns.sh index 677ae24d..d71f0ccb 100644 --- a/dnsapi/dns_durabledns.sh +++ b/dnsapi/dns_durabledns.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh - -#DD_API_User="xxxxx" -#DD_API_Key="xxxxxx" +# shellcheck disable=SC2034 +dns_durabledns_info='DurableDNS.com +Site: DurableDNS.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_durabledns +Options: + DD_API_User API User + DD_API_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2281 +' _DD_BASE="https://durabledns.com/services/dns" @@ -104,7 +110,7 @@ _get_root() { i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -112,7 +118,7 @@ _get_root() { fi if _contains "$response" ">$h."; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_dyn.sh b/dnsapi/dns_dyn.sh index 024e0a38..94201923 100644 --- a/dnsapi/dns_dyn.sh +++ b/dnsapi/dns_dyn.sh @@ -1,10 +1,16 @@ #!/usr/bin/env sh -# -# Dyn.com Domain API -# -# Author: Gerd Naschenweng -# https://github.com/magicdude4eva -# +# shellcheck disable=SC2034 +dns_dyn_info='Dyn.com +Domains: dynect.net +Site: Dyn.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dyn +Options: + DYN_Customer Customer + DYN_Username API Username + DYN_Password Secret +Author: Gerd Naschenweng +' + # Dyn Managed DNS API # https://help.dyn.com/dns-api-knowledge-base/ # @@ -20,13 +26,6 @@ # ZoneRemoveNode # ZonePublish # -- -# -# Pass credentials before "acme.sh --issue --dns dns_dyn ..." -# -- -# export DYN_Customer="customer" -# export DYN_Username="apiuser" -# export DYN_Password="secret" -# -- DYN_API="https://api.dynect.net/REST" diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index 406ef17d..1d1fc311 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -1,20 +1,21 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_dynu_info='Dynu.com +Site: Dynu.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dynu +Options: + Dynu_ClientId Client ID + Dynu_Secret Secret +Issues: github.com/shar0119/acme.sh +Author: Dynu Systems Inc +' -#Client ID -#Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d" -# -#Secret -#Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9" -# #Token Dynu_Token="" # #Endpoint Dynu_EndPoint="https://api.dynu.com/v2" -# -#Author: Dynu Systems, Inc. -#Report Bugs here: https://github.com/shar0119/acme.sh -# + ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -125,7 +126,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -139,7 +140,7 @@ _get_root() { if _contains "$response" "\"domainName\":\"$h\"" >/dev/null; then dnsId=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 2 | cut -d : -f 2) _domain_name=$h - _node=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _node=$(printf "%s" "$domain" | cut -d . -f 1-"$p") return 0 fi p=$i diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 90814b1b..76af17f5 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -1,16 +1,23 @@ #!/usr/bin/env sh -#Author StefanAbl -#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"' -#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value" -#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub +# shellcheck disable=SC2034 +dns_dynv6_info='DynV6.com +Site: DynV6.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dynv6 +Options: + DYNV6_TOKEN REST API token. Get from https://DynV6.com/keys +OptionsAlt: + KEY Path to SSH private key file. E.g. "/root/.ssh/dynv6" +Issues: github.com/acmesh-official/acme.sh/issues/2702 +Author: StefanAbl +' dynv6_api="https://dynv6.com/api/v2" ######## Public functions ##################### # Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide #Usage: dns_dynv6_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dynv6_add() { - fulldomain=$1 - txtvalue=$2 + fulldomain="$(echo "$1" | _lower_case)" + txtvalue="$2" _info "Using dynv6 api" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" @@ -36,15 +43,14 @@ dns_dynv6_add() { _err "Something went wrong! it does not seem like the record was added successfully" return 1 fi - return 1 fi - return 1 + } #Usage: fulldomain txtvalue #Remove the txt record after validation. dns_dynv6_rm() { - fulldomain=$1 - txtvalue=$2 + fulldomain="$(echo "$1" | _lower_case)" + txtvalue="$2" _info "Using dynv6 API" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" @@ -199,7 +205,7 @@ _get_zone_id() { return 1 fi - zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" + zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep '"id":' | tr -d '"')" _zone_id="${zone_id#id:}" _debug "zone id: $_zone_id" } diff --git a/dnsapi/dns_easydns.sh b/dnsapi/dns_easydns.sh index ab47a0bc..1c96ac8f 100644 --- a/dnsapi/dns_easydns.sh +++ b/dnsapi/dns_easydns.sh @@ -1,14 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_easydns_info='easyDNS.net +Site: easyDNS.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_easydns +Options: + EASYDNS_Token API Token + EASYDNS_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2647 +Author: Neilpang, wurzelpanzer +' -####################################################### -# -# easyDNS REST API for acme.sh by Neilpang based on dns_cf.sh -# # API Documentation: https://sandbox.rest.easydns.net:3001/ -# -# Author: wurzelpanzer [wurzelpanzer@maximolider.net] -# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2647 -# + #################### Public functions ################# #EASYDNS_Key="xxxxxxxxxxxxxxxxxxxxxxxx" @@ -118,7 +121,7 @@ _get_root() { i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -130,7 +133,7 @@ _get_root() { fi if _contains "$response" "\"status\":200"; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 27650eb1..e88a1483 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -1,4 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_edgedns_info='Akamai.com Edge DNS +Site: techdocs.Akamai.com/edge-dns/reference/edge-dns-api +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_edgedns +Options: Specify individual credentials + AKAMAI_HOST Host + AKAMAI_ACCESS_TOKEN Access token + AKAMAI_CLIENT_TOKEN Client token + AKAMAI_CLIENT_SECRET Client secret +Issues: github.com/acmesh-official/acme.sh/issues/3157 +' # Akamai Edge DNS v2 API # User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to @@ -6,18 +17,10 @@ # Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support -# Values to export: -# --EITHER-- # *** TBD. NOT IMPLEMENTED YET *** -# specify Edgegrid credentials file and section -# AKAMAI_EDGERC= -# AKAMAI_EDGERC_SECTION="default" -## --OR-- -# specify indiviual credentials -# export AKAMAI_HOST = -# export AKAMAI_ACCESS_TOKEN = -# export AKAMAI_CLIENT_TOKEN = -# export AKAMAI_CLIENT_SECRET = +# Specify Edgegrid credentials file and section. +# AKAMAI_EDGERC Edge RC. Full file path +# AKAMAI_EDGERC_SECTION Edge RC Section. E.g. "default" ACME_EDGEDNS_VERSION="0.1.0" diff --git a/dnsapi/dns_euserv.sh b/dnsapi/dns_euserv.sh index cfb4b814..744f6ca6 100644 --- a/dnsapi/dns_euserv.sh +++ b/dnsapi/dns_euserv.sh @@ -1,18 +1,14 @@ #!/usr/bin/env sh - -#This is the euserv.eu api wrapper for acme.sh -# -#Author: Michael Brueckner -#Report Bugs: https://www.github.com/initit/acme.sh or mbr@initit.de - -# -#EUSERV_Username="username" -# -#EUSERV_Password="password" -# -# Dependencies: -# ------------- -# - none - +# shellcheck disable=SC2034 +dns_euserv_info='EUserv.com +Domains: EUserv.eu +Site: EUserv.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_euserv +Options: + EUSERV_Username Username + EUSERV_Password Password +Author: Michael Brueckner +' EUSERV_Api="https://api.euserv.net" @@ -155,7 +151,7 @@ _get_root() { response="$_euserv_domain_orders" while true; do - h=$(echo "$domain" | cut -d . -f $i-100) + h=$(echo "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -163,7 +159,7 @@ _get_root() { fi if _contains "$response" "$h"; then - _sub_domain=$(echo "$domain" | cut -d . -f 1-$p) + _sub_domain=$(echo "$domain" | cut -d . -f 1-"$p") _domain="$h" if ! _euserv_get_domain_id "$_domain"; then _err "invalid domain" diff --git a/dnsapi/dns_exoscale.sh b/dnsapi/dns_exoscale.sh index ccf05fc5..6898ce38 100755 --- a/dnsapi/dns_exoscale.sh +++ b/dnsapi/dns_exoscale.sh @@ -1,4 +1,12 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_exoscale_info='Exoscale.com +Site: Exoscale.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_exoscale +Options: + EXOSCALE_API_KEY API Key + EXOSCALE_SECRET_KEY API Secret key +' EXOSCALE_API=https://api.exoscale.com/dns/v1 @@ -111,7 +119,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -122,7 +130,7 @@ _get_root() { _domain_id=$(echo "$response" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "\"id\":[^,]+" | _head_n 1 | cut -d : -f 2 | tr -d \") _domain_token=$(echo "$response" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "\"token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") if [ "$_domain_token" ] && [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_fornex.sh b/dnsapi/dns_fornex.sh index 53be307a..91e5491b 100644 --- a/dnsapi/dns_fornex.sh +++ b/dnsapi/dns_fornex.sh @@ -1,8 +1,15 @@ #!/usr/bin/env sh - -#Author: Timur Umarov - -FORNEX_API_URL="https://fornex.com/api/dns/v0.1" +# shellcheck disable=SC2034 +dns_fornex_info='Fornex.com +Site: Fornex.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_fornex +Options: + FORNEX_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/3998 +Author: Timur Umarov +' + +FORNEX_API_URL="https://fornex.com/api" ######## Public functions ##################### @@ -23,12 +30,10 @@ dns_fornex_add() { fi _info "Adding record" - if _rest POST "$_domain/entry_set/add/" "host=$fulldomain&type=TXT&value=$txtvalue&apikey=$FORNEX_API_KEY"; then + if _rest POST "dns/domain/$_domain/entry_set/" "{\"host\" : \"${fulldomain}\" , \"type\" : \"TXT\" , \"value\" : \"${txtvalue}\" , \"ttl\" : null}"; then _debug _response "$response" - if _contains "$response" '"ok": true' || _contains "$response" 'Такая запись уже существует.'; then - _info "Added, OK" - return 0 - fi + _info "Added, OK" + return 0 fi _err "Add txt record error." return 1 @@ -51,21 +56,21 @@ dns_fornex_rm() { fi _debug "Getting txt records" - _rest GET "$_domain/entry_set.json?apikey=$FORNEX_API_KEY" + _rest GET "dns/domain/$_domain/entry_set?type=TXT&q=$fulldomain" if ! _contains "$response" "$txtvalue"; then _err "Txt record not found" return 1 fi - _record_id="$(echo "$response" | _egrep_o "{[^{]*\"value\"*:*\"$txtvalue\"[^}]*}" | sed -n -e 's#.*"id": \([0-9]*\).*#\1#p')" + _record_id="$(echo "$response" | _egrep_o "\{[^\{]*\"value\"*:*\"$txtvalue\"[^\}]*\}" | sed -n -e 's#.*"id":\([0-9]*\).*#\1#p')" _debug "_record_id" "$_record_id" if [ -z "$_record_id" ]; then _err "can not find _record_id" return 1 fi - if ! _rest POST "$_domain/entry_set/$_record_id/delete/" "apikey=$FORNEX_API_KEY"; then + if ! _rest DELETE "dns/domain/$_domain/entry_set/$_record_id/"; then _err "Delete record error." return 1 fi @@ -83,18 +88,18 @@ _get_root() { i=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid return 1 fi - if ! _rest GET "domain_list.json?q=$h&apikey=$FORNEX_API_KEY"; then + if ! _rest GET "dns/domain/"; then return 1 fi - if _contains "$response" "\"$h\"" >/dev/null; then + if _contains "$response" "\"name\":\"$h\"" >/dev/null; then _domain=$h return 0 else @@ -127,7 +132,9 @@ _rest() { data="$3" _debug "$ep" - export _H1="Accept: application/json" + export _H1="Authorization: Api-Key $FORNEX_API_KEY" + export _H2="Content-Type: application/json" + export _H3="Accept: application/json" if [ "$m" != "GET" ]; then _debug data "$data" diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index 29cee430..114f30e0 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -1,14 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_freedns_info='FreeDNS +Site: FreeDNS.afraid.org +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_freedns +Options: + FREEDNS_User Username + FREEDNS_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2305 +Author: David Kerr +' -#This file name is "dns_freedns.sh" -#So, here must be a method dns_freedns_add() -#Which will be called by acme.sh to add the txt record to your api system. -#returns 0 means success, otherwise error. -# -#Author: David Kerr -#Report Bugs here: https://github.com/dkerr64/acme.sh -#or here... https://github.com/acmesh-official/acme.sh/issues/2305 -# ######## Public functions ##################### # Export FreeDNS userid and password in following variables... diff --git a/dnsapi/dns_gandi_livedns.sh b/dnsapi/dns_gandi_livedns.sh index 14939d7c..0516fee9 100644 --- a/dnsapi/dns_gandi_livedns.sh +++ b/dnsapi/dns_gandi_livedns.sh @@ -1,19 +1,22 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_gandi_livedns_info='Gandi.net LiveDNS +Site: Gandi.net/domain/dns +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gandi_livedns +Options: + GANDI_LIVEDNS_KEY API Key +Issues: github.com/fcrozat/acme.sh +Author: Frédéric Crozat , Dominik Röttsches +' # Gandi LiveDNS v5 API # https://api.gandi.net/docs/livedns/ # https://api.gandi.net/docs/authentication/ for token + apikey (deprecated) authentication # currently under beta -# -# Requires GANDI API KEY set in GANDI_LIVEDNS_KEY set as environment variable -# -#Author: Frédéric Crozat -# Dominik Röttsches -#Report Bugs here: https://github.com/fcrozat/acme.sh -# + ######## Public functions ##################### -GANDI_LIVEDNS_API="https://dns.api.gandi.net/api/v5" +GANDI_LIVEDNS_API="https://api.gandi.net/v5/livedns" #Usage: dns_gandi_livedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_gandi_livedns_add() { @@ -78,7 +81,7 @@ dns_gandi_livedns_rm() { _gandi_livedns_rest PUT \ "domains/$_domain/records/$_sub_domain/TXT" \ "{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" && - _contains "$response" '{"message": "DNS Record Created"}' && + _contains "$response" '{"message":"DNS Record Created"}' && _info "Removing record $(__green "success")" } @@ -92,7 +95,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -109,7 +112,7 @@ _get_root() { elif _contains "$response" '"code": 404'; then _debug "$h not found" else - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi @@ -134,7 +137,7 @@ _dns_gandi_append_record() { _debug new_rrset_values "$_rrset_values" _gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \ "{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" && - _contains "$response" '{"message": "DNS Record Created"}' && + _contains "$response" '{"message":"DNS Record Created"}' && _info "Adding record $(__green "success")" } @@ -144,11 +147,11 @@ _dns_gandi_existing_rrset_values() { if ! _gandi_livedns_rest GET "domains/$domain/records/$sub_domain"; then return 1 fi - if ! _contains "$response" '"rrset_type": "TXT"'; then + if ! _contains "$response" '"rrset_type":"TXT"'; then _debug "Does not have a _acme-challenge TXT record yet." return 1 fi - if _contains "$response" '"rrset_values": \[\]'; then + if _contains "$response" '"rrset_values":\[\]'; then _debug "Empty rrset_values for TXT record, no previous TXT record." return 1 fi @@ -169,7 +172,7 @@ _gandi_livedns_rest() { if [ -n "$GANDI_LIVEDNS_TOKEN" ]; then export _H2="Authorization: Bearer $GANDI_LIVEDNS_TOKEN" else - export _H2="X-Api-Key: $GANDI_LIVEDNS_KEY" + export _H2="Authorization: Apikey $GANDI_LIVEDNS_KEY" fi if [ "$m" = "GET" ]; then diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 2788ad59..a6016abc 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -1,6 +1,12 @@ #!/usr/bin/env sh - -# Author: Janos Lenart +# shellcheck disable=SC2034 +dns_gcloud_info='Google Cloud DNS +Site: Cloud.Google.com/dns +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcloud +Options: + CLOUDSDK_ACTIVE_CONFIG_NAME Active config name. E.g. "default" +Author: Janos Lenart +' ######## Public functions ##################### @@ -42,7 +48,7 @@ dns_gcloud_rm() { echo "$rrdatas" | grep -F -v -- "\"$txtvalue\"" | _dns_gcloud_add_rrs || return $? _dns_gcloud_execute_tr || return $? - _info "$fulldomain record added" + _info "$fulldomain record removed" } #################### Private functions below ################################## diff --git a/dnsapi/dns_gcore.sh b/dnsapi/dns_gcore.sh index d549a650..fbdba7ee 100755 --- a/dnsapi/dns_gcore.sh +++ b/dnsapi/dns_gcore.sh @@ -1,11 +1,15 @@ #!/usr/bin/env sh - -# -#GCORE_Key='773$7b7adaf2a2b32bfb1b83787b4ff32a67eb178e3ada1af733e47b1411f2461f7f4fa7ed7138e2772a46124377bad7384b3bb8d87748f87b3f23db4b8bbe41b2bb' -# - -GCORE_Api="https://api.gcorelabs.com/dns/v2" -GCORE_Doc="https://apidocs.gcore.com/dns" +# shellcheck disable=SC2034 +dns_gcore_info='Gcore.com +Site: Gcore.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcore +Options: + GCORE_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/4460 +' + +GCORE_Api="https://api.gcore.com/dns/v2" +GCORE_Doc="https://api.gcore.com/docs/dns" ######## Public functions ##################### @@ -24,7 +28,7 @@ dns_gcore_add() { fi #save the api key to the account conf file. - _saveaccountconf_mutable GCORE_Key "$GCORE_Key" + _saveaccountconf_mutable GCORE_Key "$GCORE_Key" "base64" _debug "First detect the zone name" if ! _get_root "$fulldomain"; then @@ -134,7 +138,7 @@ _get_root() { p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -148,7 +152,7 @@ _get_root() { if _contains "$response" "\"name\":\"$h\""; then _zone_name=$h if [ "$_zone_name" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index 1729115e..ee66ee19 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -1,12 +1,12 @@ #!/usr/bin/env sh - -#Godaddy domain api -# Get API key and secret from https://developer.godaddy.com/ -# -# GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# GD_Secret="asdfsdfsfsdfsdfdfsdf" -# -# Ex.: acme.sh --issue --staging --dns dns_gd -d "*.s.example.com" -d "s.example.com" +# shellcheck disable=SC2034 +dns_gd_info='GoDaddy.com +Site: GoDaddy.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gd +Options: + GD_Key API Key + GD_Secret API Secret +' GD_Api="https://api.godaddy.com/v1" @@ -148,7 +148,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -161,7 +161,7 @@ _get_root() { if _contains "$response" '"code":"NOT_FOUND"'; then _debug "$h not found" else - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_geoscaling.sh b/dnsapi/dns_geoscaling.sh index 6ccf4daf..05887c7e 100755 --- a/dnsapi/dns_geoscaling.sh +++ b/dnsapi/dns_geoscaling.sh @@ -1,12 +1,12 @@ #!/usr/bin/env sh - -######################################################################## -# Geoscaling hook script for acme.sh -# -# Environment variables: -# -# - $GEOSCALING_Username (your Geoscaling username - this is usually NOT an amail address) -# - $GEOSCALING_Password (your Geoscaling password) +# shellcheck disable=SC2034 +dns_geoscaling_info='GeoScaling.com +Site: GeoScaling.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_geoscaling +Options: + GEOSCALING_Username Username. This is usually NOT an email address + GEOSCALING_Password Password +' #-- dns_geoscaling_add() - Add TXT record -------------------------------------- # Usage: dns_geoscaling_add _acme-challenge.subdomain.domain.com "XyZ123..." @@ -202,7 +202,7 @@ find_zone() { # Walk through all possible zone names strip_counter=1 while true; do - attempted_zone=$(echo "${domain}" | cut -d . -f ${strip_counter}-) + attempted_zone=$(echo "${domain}" | cut -d . -f "${strip_counter}"-) # All possible zone names have been tried if [ -z "${attempted_zone}" ]; then diff --git a/dnsapi/dns_googledomains.sh b/dnsapi/dns_googledomains.sh index 63e3073b..07a37e07 100755 --- a/dnsapi/dns_googledomains.sh +++ b/dnsapi/dns_googledomains.sh @@ -1,10 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_googledomains_info='Google Domains +Site: Domains.Google.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_googledomains +Options: + GOOGLEDOMAINS_ACCESS_TOKEN API Access Token + GOOGLEDOMAINS_ZONE Zone +Issues: github.com/acmesh-official/acme.sh/issues/4545 +Author: Alex Leigh +' -# Author: Alex Leigh -# Created: 2023-03-02 - -#GOOGLEDOMAINS_ACCESS_TOKEN="xxxx" -#GOOGLEDOMAINS_ZONE="xxxx" GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets" ######## Public functions ######## @@ -127,7 +132,7 @@ _dns_googledomains_get_zone() { i=2 while true; do - curr=$(printf "%s" "$domain" | cut -d . -f $i-100) + curr=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug curr "$curr" if [ -z "$curr" ]; then diff --git a/dnsapi/dns_he.sh b/dnsapi/dns_he.sh index bf4a5030..a768f352 100755 --- a/dnsapi/dns_he.sh +++ b/dnsapi/dns_he.sh @@ -1,15 +1,14 @@ #!/usr/bin/env sh - -######################################################################## -# Hurricane Electric hook script for acme.sh -# -# Environment variables: -# -# - $HE_Username (your dns.he.net username) -# - $HE_Password (your dns.he.net password) -# -# Author: Ondrej Simek -# Git repo: https://github.com/angel333/acme.sh +# shellcheck disable=SC2034 +dns_he_info='Hurricane Electric HE.net +Site: dns.he.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_he +Options: + HE_Username Username + HE_Password Password +Issues: github.com/angel333/acme.sh/issues/ +Author: Ondrej Simek +' #-- dns_he_add() - Add TXT record -------------------------------------- # Usage: dns_he_add _acme-challenge.subdomain.domain.com "XyZ123..." @@ -144,7 +143,7 @@ _find_zone() { # Walk through all possible zone names _strip_counter=1 while true; do - _attempted_zone=$(echo "$_domain" | cut -d . -f ${_strip_counter}-) + _attempted_zone=$(echo "$_domain" | cut -d . -f "${_strip_counter}"-) # All possible zone names have been tried if [ -z "$_attempted_zone" ]; then diff --git a/dnsapi/dns_hetzner.sh b/dnsapi/dns_hetzner.sh index 911d4a35..5a9cf2d9 100644 --- a/dnsapi/dns_hetzner.sh +++ b/dnsapi/dns_hetzner.sh @@ -1,8 +1,12 @@ #!/usr/bin/env sh - -# -#HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" -# +# shellcheck disable=SC2034 +dns_hetzner_info='Hetzner.com +Site: Hetzner.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hetzner +Options: + HETZNER_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2943 +' HETZNER_Api="https://dns.hetzner.com/api/v1" @@ -177,7 +181,7 @@ _get_root() { _debug "Trying to get zone id by domain name for '$domain_without_acme'." while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -189,7 +193,7 @@ _get_root() { if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_entries":1'; then _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h HETZNER_Zone_ID=$_domain_id _savedomainconf "$domain_param_name" "$HETZNER_Zone_ID" diff --git a/dnsapi/dns_hexonet.sh b/dnsapi/dns_hexonet.sh index 525efe73..017641fd 100755 --- a/dnsapi/dns_hexonet.sh +++ b/dnsapi/dns_hexonet.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -# Hexonet_Login="username!roleId" -# -# Hexonet_Password="rolePassword" +# shellcheck disable=SC2034 +dns_hexonet_info='Hexonet.com +Site: Hexonet.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_hexonet +Options: + Hexonet_Login Login. E.g. "username!roleId" + Hexonet_Password Role Password +Issues: github.com/acmesh-official/acme.sh/issues/2389 +' Hexonet_Api="https://coreapi.1api.net/api/call.cgi" @@ -119,7 +123,7 @@ _get_root() { i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -131,7 +135,7 @@ _get_root() { fi if _contains "$response" "CODE=200"; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_hostingde.sh b/dnsapi/dns_hostingde.sh index 9e3e5664..41ccab2b 100644 --- a/dnsapi/dns_hostingde.sh +++ b/dnsapi/dns_hostingde.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh - -# hosting.de API - -# Values to export: -# export HOSTINGDE_ENDPOINT='https://secure.hosting.de' -# export HOSTINGDE_APIKEY='xxxxx' +# shellcheck disable=SC2034 +dns_hostingde_info='Hosting.de +Site: Hosting.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hostingde +Options: + HOSTINGDE_ENDPOINT Endpoint. E.g. "https://secure.hosting.de" + HOSTINGDE_APIKEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/2058 +' ######## Public functions ##################### diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index b61c1d43..ee2d2b8e 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -1,8 +1,14 @@ #!/usr/bin/env sh - -# HUAWEICLOUD_Username -# HUAWEICLOUD_Password -# HUAWEICLOUD_DomainName +# shellcheck disable=SC2034 +dns_huaweicloud_info='HuaweiCloud.com +Site: HuaweiCloud.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_huaweicloud +Options: + HUAWEICLOUD_Username Username + HUAWEICLOUD_Password Password + HUAWEICLOUD_DomainName DomainName +Issues: github.com/acmesh-official/acme.sh/issues/3265 +' iam_api="https://iam.myhuaweicloud.com" dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work @@ -204,7 +210,7 @@ _get_recordset_id() { _zoneid=$3 export _H1="X-Auth-Token: ${_token}" - response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") + response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}&status=ACTIVE") if _contains "${response}" '"id"'; then _id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")" printf "%s" "${_id}" @@ -221,7 +227,7 @@ _add_record() { # Get Existing Records export _H1="X-Auth-Token: ${_token}" - response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") + response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}&status=ACTIVE") _debug2 "${response}" _exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index 6bfd36ee..27f1e61e 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -1,8 +1,14 @@ #!/usr/bin/env sh - -## Infoblox API integration by Jason Keller and Elijah Tenai -## -## Report any bugs via https://github.com/jasonkeller/acme.sh +# shellcheck disable=SC2034 +dns_infoblox_info='Infoblox.com +Site: Infoblox.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_infoblox +Options: + Infoblox_Creds Credentials. E.g. "username:password" + Infoblox_Server Server hostname. IP or FQDN of infoblox appliance +Issues: github.com/jasonkeller/acme.sh +Author: Jason Keller, Elijah Tenai +' dns_infoblox_add() { diff --git a/dnsapi/dns_infomaniak.sh b/dnsapi/dns_infomaniak.sh index a005132c..ea5ef461 100755 --- a/dnsapi/dns_infomaniak.sh +++ b/dnsapi/dns_infomaniak.sh @@ -1,19 +1,20 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_infomaniak_info='Infomaniak.com +Site: Infomaniak.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak +Options: + INFOMANIAK_API_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/3188 +' -############################################################################### -# Infomaniak API integration -# # To use this API you need visit the API dashboard of your account # once logged into https://manager.infomaniak.com add /api/dashboard to the URL # -# Please report bugs to -# https://github.com/acmesh-official/acme.sh/issues/3188 -# # Note: the URL looks like this: # https://manager.infomaniak.com/v3//api/dashboard # Then generate a token with the scope Domain # this is given as an environment variable INFOMANIAK_API_TOKEN -############################################################################### # base variables diff --git a/dnsapi/dns_internetbs.sh b/dnsapi/dns_internetbs.sh index ae6b9e1e..4238bfe4 100755 --- a/dnsapi/dns_internetbs.sh +++ b/dnsapi/dns_internetbs.sh @@ -1,12 +1,14 @@ #!/usr/bin/env sh - -#This is the Internet.BS api wrapper for acme.sh -# -#Author: Ne-Lexa -#Report Bugs here: https://github.com/Ne-Lexa/acme.sh - -#INTERNETBS_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" -#INTERNETBS_API_PASSWORD="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_internetbs_info='InternetBS.net +Site: InternetBS.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_internetbs +Options: + INTERNETBS_API_KEY API Key + INTERNETBS_API_PASSWORD API Password +Issues: github.com/acmesh-official/acme.sh/issues/2261 +Author: Ne-Lexa +' INTERNETBS_API_URL="https://api.internet.bs" @@ -131,7 +133,7 @@ _get_root() { fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f ${i}-100) + h=$(printf "%s" "$domain" | cut -d . -f "${i}"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -139,7 +141,7 @@ _get_root() { fi if _contains "$response" "\"$h\""; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-${p}) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"${p}") _domain=${h} return 0 fi diff --git a/dnsapi/dns_inwx.sh b/dnsapi/dns_inwx.sh index e483c0e8..808fc3a9 100755 --- a/dnsapi/dns_inwx.sh +++ b/dnsapi/dns_inwx.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_inwx_info='INWX.de +Site: INWX.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_inwx +Options: + INWX_User Username + INWX_Password Password +' -# -#INWX_User="username" -# -#INWX_Password="password" -# # Dependencies: # ------------- # - oathtool (When using 2 Factor Authentication) @@ -160,6 +163,15 @@ _inwx_check_cookie() { return 1 } +_htmlEscape() { + _s="$1" + _s=$(echo "$_s" | sed "s/&/&/g") + _s=$(echo "$_s" | sed "s//\>/g") + _s=$(echo "$_s" | sed 's/"/\"/g') + printf -- %s "$_s" +} + _inwx_login() { if _inwx_check_cookie; then @@ -167,6 +179,8 @@ _inwx_login() { return 0 fi + XML_PASS=$(_htmlEscape "$INWX_Password") + xml_content=$(printf ' account.login @@ -190,7 +204,7 @@ _inwx_login() { - ' "$INWX_User" "$INWX_Password") + ' "$INWX_User" "$XML_PASS") response="$(_post "$xml_content" "$INWX_Api" "" "POST")" @@ -279,7 +293,7 @@ _get_root() { response="$(_post "$xml_content" "$INWX_Api" "" "POST")" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -287,7 +301,7 @@ _get_root() { fi if _contains "$response" "$h"; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index e4ad3318..9a464253 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -1,14 +1,13 @@ #!/usr/bin/env sh - -# Supports IONOS DNS API v1.0.1 -# -# Usage: -# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: -# -# $ export IONOS_PREFIX="..." -# $ export IONOS_SECRET="..." -# -# $ acme.sh --issue --dns dns_ionos ... +# shellcheck disable=SC2034 +dns_ionos_info='IONOS.de +Site: IONOS.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ionos +Options: + IONOS_PREFIX Prefix + IONOS_SECRET Secret +Issues: github.com/acmesh-official/acme.sh/issues/3379 +' IONOS_API="https://api.hosting.ionos.com/dns" IONOS_ROUTE_ZONES="/v1/zones" @@ -88,7 +87,7 @@ _get_root() { _response="$(echo "$_response" | tr -d "\n")" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then return 1 fi @@ -97,7 +96,7 @@ _get_root() { if [ "$_zone" ]; then _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') if [ "$_zone_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 diff --git a/dnsapi/dns_ionos_cloud.sh b/dnsapi/dns_ionos_cloud.sh new file mode 100644 index 00000000..f255092f --- /dev/null +++ b/dnsapi/dns_ionos_cloud.sh @@ -0,0 +1,147 @@ +#!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_ionos_cloud_info='IONOS Cloud DNS +Site: ionos.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ionos_cloud +Options: + IONOS_TOKEN API Token. +Issues: github.com/acmesh-official/acme.sh/issues/5243 +' + +# Supports IONOS Cloud DNS API v1.15.4 + +IONOS_CLOUD_API="https://dns.de-fra.ionos.com" +IONOS_CLOUD_ROUTE_ZONES="/zones" + +dns_ionos_cloud_add() { + fulldomain=$1 + txtvalue=$2 + + if ! _ionos_init; then + return 1 + fi + + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) + _body="{\"properties\":{\"name\":\"$_record_name\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}" + + if _ionos_cloud_rest POST "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "202" ]; then + _info "TXT record has been created successfully." + return 0 + fi + + return 1 +} + +dns_ionos_cloud_rm() { + fulldomain=$1 + txtvalue=$2 + + if ! _ionos_init; then + return 1 + fi + + if ! _ionos_cloud_get_record "$_zone_id" "$txtvalue" "$fulldomain"; then + _err "Could not find _acme-challenge TXT record." + return 1 + fi + + if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "202" ]; then + _info "TXT record has been deleted successfully." + return 0 + fi + + return 1 +} + +_ionos_init() { + IONOS_TOKEN="${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}" + + if [ -z "$IONOS_TOKEN" ]; then + _err "You didn't specify an IONOS token yet." + _err "Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token." + _err "You need to set it before calling acme.sh:" + _err "\$ export IONOS_TOKEN=\"...\"" + _err "\$ acme.sh --issue -d ... --dns dns_ionos_cloud" + return 1 + fi + + _saveaccountconf_mutable IONOS_TOKEN "$IONOS_TOKEN" + + if ! _get_cloud_zone "$fulldomain"; then + _err "Cannot find zone $zone in your IONOS account." + return 1 + fi + + return 0 +} + +_get_cloud_zone() { + domain=$1 + zone=$(printf "%s" "$domain" | cut -d . -f 2-) + + if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone"; then + _response="$(echo "$_response" | tr -d "\n")" + + _zone_list_items=$(echo "$_response" | _egrep_o "\"items\":.*") + + _zone_id=$(printf "%s\n" "$_zone_list_items" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + if [ "$_zone_id" ]; then + return 0 + fi + fi + + return 1 +} + +_ionos_cloud_get_record() { + zone_id=$1 + txtrecord=$2 + # this is to transform the domain to lower case + fulldomain=$(printf "%s" "$3" | _lower_case) + # this is to transform record name to lower case + # IONOS Cloud API transforms all record names to lower case + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | _lower_case) + + if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then + _response="$(echo "$_response" | tr -d "\n")" + + pattern="\{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":\{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"\},\"properties\":\{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"\}\}" + + _record="$(echo "$_response" | _egrep_o "$pattern")" + if [ "$_record" ]; then + _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + return 0 + fi + fi + + return 1 +} + +_ionos_cloud_rest() { + method="$1" + route="$2" + data="$3" + + export _H1="Authorization: Bearer $IONOS_TOKEN" + + # clear headers + : >"$HTTP_HEADER" + + if [ "$method" != "GET" ]; then + _response="$(_post "$data" "$IONOS_CLOUD_API$route" "" "$method" "application/json")" + else + _response="$(_get "$IONOS_CLOUD_API$route")" + fi + + _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" + + if [ "$?" != "0" ]; then + _err "Error $route: $_response" + return 1 + fi + + _debug2 "_response" "$_response" + _debug2 "_code" "$_code" + + return 0 +} diff --git a/dnsapi/dns_ipv64.sh b/dnsapi/dns_ipv64.sh index 54470119..51025d1e 100755 --- a/dnsapi/dns_ipv64.sh +++ b/dnsapi/dns_ipv64.sh @@ -1,13 +1,13 @@ #!/usr/bin/env sh - -#Created by Roman Lumetsberger, to use ipv64.net's API to add/remove text records -#2022/11/29 - -# Pass credentials before "acme.sh --issue --dns dns_ipv64 ..." -# -- -# export IPv64_Token="aaaaaaaaaaaaaaaaaaaaaaaaaa" -# -- -# +# shellcheck disable=SC2034 +dns_ipv64_info='IPv64.net +Site: IPv64.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ipv64 +Options: + IPv64_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/4419 +Author: Roman Lumetsberger +' IPv64_API="https://ipv64.net/api" diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index 560f073e..edc789e1 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -1,16 +1,21 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_ispconfig_info='ISPConfig Server API +Site: ISPConfig.org +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ispconfig +Options: + ISPC_User Remote User + ISPC_Password Remote Password + ISPC_Api API URL. E.g. "https://ispc.domain.tld:8080/remote/json.php" + ISPC_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept +' # ISPConfig 3.1 API -# User must provide login data and URL to the ISPConfig installation incl. port. The remote user in ISPConfig must have access to: +# User must provide login data and URL to the ISPConfig installation incl. port. +# The remote user in ISPConfig must have access to: # - DNS txt Functions - -# Report bugs to https://github.com/sjau/acme.sh - -# Values to export: -# export ISPC_User="remoteUser" -# export ISPC_Password="remotePassword" -# export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php" -# export ISPC_Api_Insecure=1 # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1) +# - DNS zone functions +# - Client functions ######## Public functions ##################### diff --git a/dnsapi/dns_jd.sh b/dnsapi/dns_jd.sh index d0f2a501..4b9067f2 100644 --- a/dnsapi/dns_jd.sh +++ b/dnsapi/dns_jd.sh @@ -1,9 +1,14 @@ #!/usr/bin/env sh - -# -#JD_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" -#JD_ACCESS_KEY_SECRET="xxxxxxx" -#JD_REGION="cn-north-1" +# shellcheck disable=SC2034 +dns_jd_info='jdcloud.com +Site: jdcloud.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_jd +Options: + JD_ACCESS_KEY_ID Access key ID + JD_ACCESS_KEY_SECRET Access key secret + JD_REGION Region. E.g. "cn-north-1" +Issues: github.com/acmesh-official/acme.sh/issues/2388 +' _JD_ACCOUNT="https://uc.jdcloud.com/account/accesskey" @@ -130,7 +135,7 @@ _get_root() { p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug2 "Checking domain: $h" if ! jd_rest GET "domain"; then _err "error get domain list" @@ -148,7 +153,7 @@ _get_root() { if [ "$hostedzone" ]; then _domain_id="$(echo "$hostedzone" | tr ',' '\n' | grep "\"id\":" | cut -d : -f 2)" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_joker.sh b/dnsapi/dns_joker.sh index 78399a1d..1fe33c67 100644 --- a/dnsapi/dns_joker.sh +++ b/dnsapi/dns_joker.sh @@ -1,27 +1,14 @@ #!/usr/bin/env sh - -# Joker.com API for acme.sh -# -# This script adds the necessary TXT record to a domain in Joker.com. -# -# You must activate Dynamic DNS in Joker.com DNS configuration first. -# Username and password below refer to Dynamic DNS authentication, -# not your Joker.com login credentials. -# See: https://joker.com/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html -# -# NOTE: This script does not support wildcard certificates, because -# Joker.com API does not support adding two TXT records with the same -# subdomain. Adding the second record will overwrite the first one. -# See: https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html -# "... this request will replace all TXT records for the specified -# label by the provided content" -# -# Author: aattww (https://github.com/aattww/) -# -# Report bugs to https://github.com/acmesh-official/acme.sh/issues/2840 -# -# JOKER_USERNAME="xxxx" -# JOKER_PASSWORD="xxxx" +# shellcheck disable=SC2034 +dns_joker_info='Joker.com +Site: Joker.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_joker +Options: + JOKER_USERNAME Username + JOKER_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/2840 +Author: +' JOKER_API="https://svc.joker.com/nic/replace" @@ -93,7 +80,7 @@ _get_root() { fulldomain=$1 i=1 while true; do - h=$(printf "%s" "$fulldomain" | cut -d . -f $i-100) + h=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then return 1 diff --git a/dnsapi/dns_kappernet.sh b/dnsapi/dns_kappernet.sh index 0a8951cb..762ba8b3 100644 --- a/dnsapi/dns_kappernet.sh +++ b/dnsapi/dns_kappernet.sh @@ -1,13 +1,13 @@ #!/usr/bin/env sh - -# kapper.net domain api -# for further questions please contact: support@kapper.net -# please report issues here: https://github.com/acmesh-official/acme.sh/issues/2977 - -#KAPPERNETDNS_Key="yourKAPPERNETapikey" -#KAPPERNETDNS_Secret="yourKAPPERNETapisecret" - -KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" +# shellcheck disable=SC2034 +dns_kappernet_info='kapper.net +Site: kapper.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kappernet +Options: + KAPPERNETDNS_Key API Key + KAPPERNETDNS_Secret API Secret +Issues: github.com/acmesh-official/acme.sh/issues/2977 +' ############################################################################### # called with @@ -19,10 +19,9 @@ dns_kappernet_add() { KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}" KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}" + KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then - KAPPERNETDNS_Key="" - KAPPERNETDNS_Secret="" _err "Please specify your kapper.net api key and secret." _err "If you have not received yours - send your mail to" _err "support@kapper.net to get your key and secret." @@ -41,7 +40,7 @@ dns_kappernet_add() { _debug _domain "DOMAIN: $_domain" _info "Trying to add TXT DNS Record" - data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D" + data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D" if _kappernet_api GET "action=new&subject=$_domain&data=$data"; then if _contains "$response" "{\"OK\":true"; then @@ -66,10 +65,9 @@ dns_kappernet_rm() { KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}" KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}" + KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then - KAPPERNETDNS_Key="" - KAPPERNETDNS_Secret="" _err "Please specify your kapper.net api key and secret." _err "If you have not received yours - send your mail to" _err "support@kapper.net to get your key and secret." @@ -81,7 +79,7 @@ dns_kappernet_rm() { _saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret" _info "Trying to remove the TXT Record: $fullhostname containing $txtvalue" - data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D" + data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D" if _kappernet_api GET "action=del&subject=$fullhostname&data=$data"; then if _contains "$response" "{\"OK\":true"; then return 0 @@ -104,7 +102,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -115,7 +113,7 @@ _get_root() { if _contains "$response" '"OK":false'; then _debug "$h not found" else - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi @@ -141,7 +139,7 @@ _kappernet_api() { if [ "$method" = "GET" ]; then response="$(_get "$url")" else - _err "Unsupported method" + _err "Unsupported method or missing Secret/Key" return 1 fi diff --git a/dnsapi/dns_kas.sh b/dnsapi/dns_kas.sh index 1253cf27..2164a8e8 100755 --- a/dnsapi/dns_kas.sh +++ b/dnsapi/dns_kas.sh @@ -1,19 +1,16 @@ #!/usr/bin/env sh -######################################################################## -# All-inkl Kasserver hook script for acme.sh -# -# Environment variables: -# -# - $KAS_Login (Kasserver API login name) -# - $KAS_Authtype (Kasserver API auth type. Default: plain) -# - $KAS_Authdata (Kasserver API auth data.) -# -# Last update: squared GmbH -# Credits: -# - dns_he.sh. Thanks a lot man! -# - Martin Kammerlander, Phlegx Systems OG -# - Marc-Oliver Lange -# - https://github.com/o1oo11oo/kasapi.sh +# shellcheck disable=SC2034 +dns_kas_info='All-inkl Kas Server +Site: kas.all-inkl.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kas +Options: + KAS_Login API login name + KAS_Authtype API auth type. Default: "plain" + KAS_Authdata API auth data +Issues: github.com/acmesh-official/acme.sh/issues/2715 +Author: squared GmbH , Martin Kammerlander , Marc-Oliver Lange +' + ######################################################################## KAS_Api_GET="$(_get "https://kasapi.kasserver.com/soap/wsdl/KasApi.wsdl")" KAS_Api="$(echo "$KAS_Api_GET" | tr -d ' ' | grep -i "//g")" diff --git a/dnsapi/dns_kinghost.sh b/dnsapi/dns_kinghost.sh index f640242f..0496008e 100644 --- a/dnsapi/dns_kinghost.sh +++ b/dnsapi/dns_kinghost.sh @@ -1,16 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_kinghost_info='King.host +Domains: KingHost.net KingHost.com.br +Site: King.host +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_kinghost +Options: + KINGHOST_Username Username + KINGHOST_Password Password +Author: Felipe Keller Braz +' -############################################################ # KingHost API support # # https://api.kinghost.net/doc/ # -# # -# Author: Felipe Keller Braz # -# Report Bugs here: https://github.com/kinghost/acme.sh # -# # -# Values to export: # -# export KINGHOST_Username="email@provider.com" # -# export KINGHOST_Password="xxxxxxxxxx" # -############################################################ KING_Api="https://api.kinghost.net/acme" diff --git a/dnsapi/dns_knot.sh b/dnsapi/dns_knot.sh index 729a89cb..5636804a 100644 --- a/dnsapi/dns_knot.sh +++ b/dnsapi/dns_knot.sh @@ -1,4 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_knot_info='Knot Server knsupdate +Site: www.knot-dns.cz/docs/2.5/html/man_knsupdate.html +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_knot +Options: + KNOT_SERVER Server hostname. Default: "localhost". + KNOT_KEY File path to TSIG key +' + +# See also dns_nsupdate.sh ######## Public functions ##################### diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh index 674df410..f19333c4 100644 --- a/dnsapi/dns_la.sh +++ b/dnsapi/dns_la.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh - -#LA_Id="test123" -#LA_Key="d1j2fdo4dee3948" +# shellcheck disable=SC2034 +dns_la_info='dns.la +Site: dns.la +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_la +Options: + LA_Id API ID + LA_Key API key +Issues: github.com/acmesh-official/acme.sh/issues/4257 +' LA_Api="https://api.dns.la/api" @@ -107,7 +113,7 @@ _get_root() { p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -120,7 +126,7 @@ _get_root() { if _contains "$response" '"domainid":'; then _domain_id=$(printf "%s" "$response" | grep '"domainid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_leaseweb.sh b/dnsapi/dns_leaseweb.sh index 4cd3a8f8..66b1f61f 100644 --- a/dnsapi/dns_leaseweb.sh +++ b/dnsapi/dns_leaseweb.sh @@ -1,8 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_leaseweb_info='Leaseweb.com +Site: Leaseweb.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_leaseweb +Options: + LSW_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2558 +Author: Rolph Haspers +' -#Author: Rolph Haspers -#Utilize leaseweb.com API to finish dns-01 verifications. -#Requires a Leaseweb API Key (export LSW_Key="Your Key") #See https://developer.leaseweb.com for more information. ######## Public functions ##################### diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 19702343..a4b2a801 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -1,8 +1,12 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_lexicon_info='Lexicon DNS client +Site: github.com/AnalogJ/lexicon +Docs: github.com/acmesh-official/acme.sh/wiki/How-to-use-lexicon-DNS-API +Options: + PROVIDER Provider +' -# dns api wrapper of lexicon for acme.sh - -# https://github.com/AnalogJ/lexicon lexicon_cmd="lexicon" wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-lexicon-dns-api" diff --git a/dnsapi/dns_limacity.sh b/dnsapi/dns_limacity.sh new file mode 100644 index 00000000..fb12f8c6 --- /dev/null +++ b/dnsapi/dns_limacity.sh @@ -0,0 +1,94 @@ +#!/usr/bin/env sh + +# Created by Laraveluser +# +# Pass credentials before "acme.sh --issue --dns dns_limacity ..." +# -- +# export LIMACITY_APIKEY="" +# -- +# +# Pleas note: APIKEY must have following roles: dns.admin, domains.reader + +######## Public functions ##################### + +LIMACITY_APIKEY="${LIMACITY_APIKEY:-$(_readaccountconf_mutable LIMACITY_APIKEY)}" +AUTH=$(printf "%s" "api:$LIMACITY_APIKEY" | _base64 -w 0) +export _H1="Authorization: Basic $AUTH" +export _H2="Content-Type: application/json" +APIBASE=https://www.lima-city.de/usercp + +#Usage: dns_limacity_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_limacity_add() { + _debug LIMACITY_APIKEY "$LIMACITY_APIKEY" + if [ "$LIMACITY_APIKEY" = "" ]; then + _err "No Credentials given" + return 1 + fi + + # save the dns server and key to the account conf file. + _saveaccountconf_mutable LIMACITY_APIKEY "${LIMACITY_APIKEY}" + + fulldomain=$1 + txtvalue=$2 + if ! _lima_get_domain_id "$fulldomain"; then return 1; fi + + msg=$(_post "{\"nameserver_record\":{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\",\"ttl\":60}}" "${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json" "" "POST") + _debug "$msg" + + if [ "$(echo "$msg" | _egrep_o "\"status\":\"ok\"")" = "" ]; then + _err "$msg" + return 1 + fi + + return 0 +} + +#Usage: dns_limacity_rm _acme-challenge.www.domain.com +dns_limacity_rm() { + + fulldomain=$1 + txtvalue=$2 + if ! _lima_get_domain_id "$fulldomain"; then return 1; fi + + for recordId in $(_get "${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json" | _egrep_o "{\"id\":[0-9]*[^}]*,\"name\":\"${fulldomain}\"" | _egrep_o "[0-9]*"); do + _post "" "${APIBASE}/domains/${LIMACITY_DOMAINID}/records/${recordId}" "" "DELETE" + done + + return 0 +} + +#################### Private functions below ################################## + +_lima_get_domain_id() { + domain="$1" + _debug "$domain" + i=2 + p=1 + + domains=$(_get "${APIBASE}/domains.json") + if [ "$(echo "$domains" | _egrep_o "\{.*""domains""")" ]; then + response="$(echo "$domains" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" + while true; do + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + hostedzone="$(echo "$response" | _egrep_o "\{.*""unicode_fqdn""[^,]+""$h"".*\}")" + if [ "$hostedzone" ]; then + LIMACITY_DOMAINID=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) + if [ "$LIMACITY_DOMAINID" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") + _domain=$h + return 0 + fi + return 1 + fi + p=$i + i=$(_math "$i" + 1) + done + fi + return 1 +} diff --git a/dnsapi/dns_linode.sh b/dnsapi/dns_linode.sh index ead5b164..d74d1fc8 100755 --- a/dnsapi/dns_linode.sh +++ b/dnsapi/dns_linode.sh @@ -1,6 +1,12 @@ #!/usr/bin/env sh - -#Author: Philipp Grosswiler +# shellcheck disable=SC2034 +dns_linode_info='Linode.com (Old) + Deprecated. Use dns_linode_v4 +Site: Linode.com +Options: + LINODE_API_KEY API Key +Author: Philipp Grosswiler +' LINODE_API_URL="https://api.linode.com/?api_key=$LINODE_API_KEY&api_action=" @@ -130,7 +136,7 @@ _get_root() { if _rest GET "domain.list"; then response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -141,7 +147,7 @@ _get_root() { if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"DOMAINID\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index 9504afbf..3c6997a0 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -1,7 +1,12 @@ #!/usr/bin/env sh - -#Original Author: Philipp Grosswiler -#v4 Update Author: Aaron W. Swenson +# shellcheck disable=SC2034 +dns_linode_v4_info='Linode.com +Site: Linode.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_linode_v4 +Options: + LINODE_V4_API_KEY API Key +Author: Philipp Grosswiler , Aaron W. Swenson +' LINODE_V4_API_URL="https://api.linode.com/v4/domains" @@ -71,7 +76,7 @@ dns_linode_v4_rm() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - if _rest GET "/$_domain_id/records" && [ -n "$response" ]; then + if _H4="X-Filter: { \"type\": \"TXT\", \"name\": \"$_sub_domain\" }" _rest GET "/$_domain_id/records" && [ -n "$response" ]; then response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" resource="$(echo "$response" | _egrep_o "\{.*\"name\": *\"$_sub_domain\".*}")" @@ -126,34 +131,42 @@ _Linode_API() { # _domain=domain.com # _domain_id=12345 _get_root() { - domain=$1 + full_host_str="$1" + i=2 p=1 + while true; do + # loop through the received string (e.g. _acme-challenge.sub3.sub2.sub1.domain.tld), + # starting from the lowest subdomain, and check if it's a hosted domain + tst_hosted_domain=$(printf "%s" "$full_host_str" | cut -d . -f "$i"-100) + _debug tst_hosted_domain "$tst_hosted_domain" + if [ -z "$tst_hosted_domain" ]; then + #not valid + _err "Couldn't get domain from string '$full_host_str'." + return 1 + fi - if _rest GET; then - response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - _debug h "$h" - if [ -z "$h" ]; then - #not valid - return 1 - fi - - hostedzone="$(echo "$response" | _egrep_o "\{.*\"domain\": *\"$h\".*}")" + _debug "Querying Linode APIv4 for hosted zone: $tst_hosted_domain" + if _H4="X-Filter: {\"domain\":\"$tst_hosted_domain\"}" _rest GET; then + _debug "Got response from API: $response" + response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" + hostedzone="$(echo "$response" | _egrep_o "\{.*\"domain\": *\"$tst_hosted_domain\".*}")" if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\": *[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) + _debug "Found domain hosted on Linode DNS. Zone: $tst_hosted_domain, id: $_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) - _domain=$h + _sub_domain=$(printf "%s" "$full_host_str" | cut -d . -f 1-"$p") + _domain=$tst_hosted_domain return 0 fi return 1 fi + p=$i i=$(_math "$i" + 1) - done - fi + fi + done + return 1 } diff --git a/dnsapi/dns_loopia.sh b/dnsapi/dns_loopia.sh index 60d072e0..98a4f3ab 100644 --- a/dnsapi/dns_loopia.sh +++ b/dnsapi/dns_loopia.sh @@ -1,11 +1,13 @@ #!/usr/bin/env sh - -# -#LOOPIA_User="username" -# -#LOOPIA_Password="password" -# -#LOOPIA_Api="https://api.loopia./RPCSERV" +# shellcheck disable=SC2034 +dns_loopia_info='Loopia.se +Site: Loopia.se +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_loopia +Options: + LOOPIA_Api API URL. E.g. "https://api.loopia./RPCSERV" where the is one of: com, no, rs, se. Default: "se". + LOOPIA_User Username + LOOPIA_Password Password +' LOOPIA_Api_Default="https://api.loopia.se/RPCSERV" @@ -178,14 +180,14 @@ _get_root() { response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" while true; do - h=$(echo "$domain" | cut -d . -f $i-100) + h=$(echo "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 fi if _contains "$response" "$h"; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index 30c15579..34cce6a1 100755 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -1,11 +1,14 @@ #!/usr/bin/env sh - -# bug reports to dev@1e.ca - -# -#LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#LUA_Email="user@luadns.net" +# shellcheck disable=SC2034 +dns_lua_info='LuaDNS.com +Domains: LuaDNS.net +Site: LuaDNS.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_lua +Options: + LUA_Key API key + LUA_Email Email +Author: +' LUA_Api="https://api.luadns.com/v1" @@ -107,7 +110,7 @@ _get_root() { return 1 fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -118,7 +121,7 @@ _get_root() { _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1) _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_maradns.sh b/dnsapi/dns_maradns.sh index 4ff6ca2d..9eefb175 100755 --- a/dnsapi/dns_maradns.sh +++ b/dnsapi/dns_maradns.sh @@ -1,4 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_maradns_info='MaraDNS Server +Site: MaraDNS.samiam.org +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_maradns +Options: + MARA_ZONE_FILE Zone file path. E.g. "/etc/maradns/db.domain.com" + MARA_DUENDE_PID_PATH Duende PID Path. E.g. "/run/maradns/etc_maradns_mararc.pid" +Issues: github.com/acmesh-official/acme.sh/issues/2072 +' #Usage: dns_maradns_add _acme-challenge.www.domain.com "token" dns_maradns_add() { @@ -63,7 +72,7 @@ _reload_maradns() { pidpath="$1" kill -s HUP -- "$(cat "$pidpath")" if [ $? -ne 0 ]; then - _err "Unable to reload MaraDNS, kill returned $?" + _err "Unable to reload MaraDNS, kill returned" return 1 fi } diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index 49007402..43c903cd 100644 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# bug reports to dev@1e.ca - -# ME_Key=qmlkdjflmkqdjf -# ME_Secret=qmsdlkqmlksdvnnpae +# shellcheck disable=SC2034 +dns_me_info='DnsMadeEasy.com +Site: DnsMadeEasy.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_me +Options: + ME_Key API Key + ME_Secret API Secret +Author: +' ME_Api=https://api.dnsmadeeasy.com/V2.0/dns/managed @@ -103,7 +107,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -116,7 +120,7 @@ _get_root() { if _contains "$response" "\"name\":\"$h\""; then _domain_id=$(printf "%s\n" "$response" | sed 's/^{//; s/}$//; s/{.*}//' | sed -r 's/^.*"id":([0-9]+).*$/\1/') if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_miab.sh b/dnsapi/dns_miab.sh index dad69bde..0824a4e7 100644 --- a/dnsapi/dns_miab.sh +++ b/dnsapi/dns_miab.sh @@ -1,24 +1,23 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_miab_info='Mail-in-a-Box +Site: MailInaBox.email +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_miab +Options: + MIAB_Username Admin username + MIAB_Password Admin password + MIAB_Server Server hostname. FQDN of your_MIAB Server +Issues: github.com/acmesh-official/acme.sh/issues/2550 +Author: Darven Dissek, William Gertz +' -# Name: dns_miab.sh -# -# Authors: -# Darven Dissek 2018 -# William Gertz 2019 -# -# Thanks to Neil Pang and other developers here for code reused from acme.sh from DNS-01 -# used to communicate with the MailinaBox Custom DNS API -# Report Bugs here: -# https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh) -# https://github.com/acmesh-official/acme.sh (for acme.sh) -# ######## Public functions ##################### #Usage: dns_miab_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_miab_add() { fulldomain=$1 txtvalue=$2 - _info "Using miab challange add" + _info "Using miab challenge add" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" @@ -27,7 +26,7 @@ dns_miab_add() { return 1 fi - #check domain and seperate into doamin and host + #check domain and seperate into domain and host if ! _get_root "$fulldomain"; then _err "Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}" return 1 @@ -56,7 +55,7 @@ dns_miab_rm() { fulldomain=$1 txtvalue=$2 - _info "Using miab challage delete" + _info "Using miab challenge delete" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" @@ -113,7 +112,7 @@ _get_root() { #cycle through the passed domain seperating out a test domain discarding # the subdomain by marching thorugh the dots while true; do - _test_domain=$(printf "%s" "$_passed_domain" | cut -d . -f ${_i}-100) + _test_domain=$(printf "%s" "$_passed_domain" | cut -d . -f "${_i}"-100) _debug _test_domain "$_test_domain" if [ -z "$_test_domain" ]; then @@ -123,7 +122,7 @@ _get_root() { #report found if the test domain is in the json response and # report the subdomain if _contains "$response" "\"$_test_domain\""; then - _sub_domain=$(printf "%s" "$_passed_domain" | cut -d . -f 1-${_p}) + _sub_domain=$(printf "%s" "$_passed_domain" | cut -d . -f 1-"${_p}") _domain=${_test_domain} return 0 fi diff --git a/dnsapi/dns_misaka.sh b/dnsapi/dns_misaka.sh index 36ba5cfd..50ed4360 100755 --- a/dnsapi/dns_misaka.sh +++ b/dnsapi/dns_misaka.sh @@ -1,11 +1,12 @@ #!/usr/bin/env sh - -# bug reports to support+acmesh@misaka.io -# based on dns_nsone.sh by dev@1e.ca - -# -#Misaka_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# +# shellcheck disable=SC2034 +dns_misaka_info='Misaka.io +Site: Misaka.io +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_misaka +Options: + Misaka_Key API Key +Author: +' Misaka_Api="https://dnsapi.misaka.io/dns" @@ -115,7 +116,7 @@ _get_root() { return 1 fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -123,7 +124,7 @@ _get_root() { fi if _contains "$response" "\"name\":\"$h\""; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_myapi.sh b/dnsapi/dns_myapi.sh index 7f3c5a86..c9f5eb9f 100755 --- a/dnsapi/dns_myapi.sh +++ b/dnsapi/dns_myapi.sh @@ -1,14 +1,21 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_myapi_info='Custom API Example + A sample custom DNS API script. +Domains: example.com +Site: github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns +Options: + MYAPI_Token API Token. Get API Token from https://example.com/api/. Optional. +Issues: github.com/acmesh-official/acme.sh +Author: Neil Pang +' -#Here is a sample custom api script. #This file name is "dns_myapi.sh" #So, here must be a method dns_myapi_add() #Which will be called by acme.sh to add the txt record to your api system. #returns 0 means success, otherwise error. -# -#Author: Neilpang -#Report Bugs here: https://github.com/acmesh-official/acme.sh -# + ######## Public functions ##################### # Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 953290af..e9b3d3c8 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -1,15 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_mydevil_info='MyDevil.net + MyDevil.net already supports automatic Lets Encrypt certificates, + except for wildcard domains. + This script depends on devil command that MyDevil.net provides, + which means that it works only on server side. +Site: MyDevil.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_mydevil +Issues: github.com/acmesh-official/acme.sh/issues/2079 +Author: Marcin Konicki +' -# MyDevil.net API (2019-02-03) -# -# MyDevil.net already supports automatic Let's Encrypt certificates, -# except for wildcard domains. -# -# This script depends on `devil` command that MyDevil.net provides, -# which means that it works only on server side. -# -# Author: Marcin Konicki -# ######## Public functions ##################### #Usage: dns_mydevil_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_mydnsjp.sh b/dnsapi/dns_mydnsjp.sh index 13866f70..336c4889 100755 --- a/dnsapi/dns_mydnsjp.sh +++ b/dnsapi/dns_mydnsjp.sh @@ -1,14 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_mydnsjp_info='MyDNS.JP +Site: MyDNS.JP +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_mydnsjp +Options: + MYDNSJP_MasterID Master ID + MYDNSJP_Password Password +Author: epgdatacapbon +' -#Here is a api script for MyDNS.JP. -#This file name is "dns_mydnsjp.sh" -#So, here must be a method dns_mydnsjp_add() -#Which will be called by acme.sh to add the txt record to your api system. -#returns 0 means success, otherwise error. -# -#Author: epgdatacapbon -#Report Bugs here: https://github.com/epgdatacapbon/acme.sh -# ######## Public functions ##################### # Export MyDNS.JP MasterID and Password in following variables... @@ -126,7 +126,7 @@ _get_root() { fi while true; do - _domain=$(printf "%s" "$fulldomain" | cut -d . -f $i-100) + _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-100) if [ -z "$_domain" ]; then # not valid @@ -134,7 +134,7 @@ _get_root() { fi if [ "$_domain" = "$_root_domain" ]; then - _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$p") return 0 fi diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 294ae84c..1529e1e7 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -1,4 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_mythic_beasts_info='Mythic-Beasts.com +Site: Mythic-Beasts.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_mythic_beasts +Options: + MB_AK API Key + MB_AS API Secret +Issues: github.com/acmesh-official/acme.sh/issues/3848 +' # Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication # To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com # Cannot retest once cert is issued @@ -98,7 +107,7 @@ _get_root() { _debug "Detect the root zone" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then _err "Domain exhausted" return 1 @@ -109,7 +118,7 @@ _get_root() { _mb_rest GET "$h/records" ret="$?" if [ "$ret" -eq 0 ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index a5f667a9..5527b357 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -1,12 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_namecheap_info='NameCheap.com +Site: NameCheap.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namecheap +Options: + NAMECHEAP_API_KEY API Key + NAMECHEAP_USERNAME Username + NAMECHEAP_SOURCEIP Source IP +Issues: github.com/acmesh-official/acme.sh/issues/2107 +' # Namecheap API # https://www.namecheap.com/support/api/intro.aspx -# -# Requires Namecheap API key set in -#NAMECHEAP_API_KEY, -#NAMECHEAP_USERNAME, -#NAMECHEAP_SOURCEIP # Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a backup of your records you could apply if any issue would arise. ######## Public functions ##################### @@ -104,7 +109,7 @@ _get_root_by_getList() { while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -118,7 +123,7 @@ _get_root_by_getList() { if ! _contains "$response" "$h"; then _debug "$h not found" else - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi @@ -132,14 +137,14 @@ _get_root_by_getHosts() { i=100 p=99 - while [ $p -ne 0 ]; do + while [ "$p" -ne 0 ]; do - h=$(printf "%s" "$1" | cut -d . -f $i-100) + h=$(printf "%s" "$1" | cut -d . -f "$i"-100) if [ -n "$h" ]; then if _contains "$h" "\\."; then _debug h "$h" if _namecheap_set_tld_sld "$h"; then - _sub_domain=$(printf "%s" "$1" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$1" | cut -d . -f 1-"$p") _domain="$h" return 0 else @@ -373,7 +378,7 @@ _namecheap_set_tld_sld() { while true; do - _tld=$(printf "%s" "$domain" | cut -d . -f $i-100) + _tld=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug tld "$_tld" if [ -z "$_tld" ]; then diff --git a/dnsapi/dns_namecom.sh b/dnsapi/dns_namecom.sh index 0d5dd2c4..44549c9e 100755 --- a/dnsapi/dns_namecom.sh +++ b/dnsapi/dns_namecom.sh @@ -1,9 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_namecom_info='Name.com +Site: Name.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namecom +Options: + Namecom_Username Username + Namecom_Token API Token +Author: RaidenII +' -#Author: RaidenII -#Created 06/28/2017 -#Updated 03/01/2018, rewrote to support name.com API v4 -#Utilize name.com API to finish dns-01 verifications. ######## Public functions ##################### Namecom_API="https://api.name.com/v4" @@ -154,15 +159,15 @@ _namecom_get_root() { # Need to exclude the last field (tld) numfields=$(echo "$domain" | _egrep_o "\." | wc -l) - while [ $i -le "$numfields" ]; do - host=$(printf "%s" "$domain" | cut -d . -f $i-100) + while [ "$i" -le "$numfields" ]; do + host=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug host "$host" if [ -z "$host" ]; then return 1 fi if _contains "$response" "$host"; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$host" return 0 fi diff --git a/dnsapi/dns_namesilo.sh b/dnsapi/dns_namesilo.sh index f961d0bd..b31e32a1 100755 --- a/dnsapi/dns_namesilo.sh +++ b/dnsapi/dns_namesilo.sh @@ -1,8 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_namesilo_info='NameSilo.com +Site: NameSilo.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namesilo +Options: + Namesilo_Key API Key +Author: meowthink +' -#Author: meowthink -#Created 01/14/2017 -#Utilize namesilo.com API to finish dns-01 verifications. +#Utilize API to finish dns-01 verifications. Namesilo_API="https://www.namesilo.com/api" @@ -103,15 +109,15 @@ _get_root() { # Need to exclude the last field (tld) numfields=$(echo "$domain" | _egrep_o "\." | wc -l) - while [ $i -le "$numfields" ]; do - host=$(printf "%s" "$domain" | cut -d . -f $i-100) + while [ "$i" -le "$numfields" ]; do + host=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug host "$host" if [ -z "$host" ]; then return 1 fi if _contains "$response" ">$host"; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$host" return 0 fi diff --git a/dnsapi/dns_nanelo.sh b/dnsapi/dns_nanelo.sh index 8ccc8c29..1ab47a89 100644 --- a/dnsapi/dns_nanelo.sh +++ b/dnsapi/dns_nanelo.sh @@ -1,9 +1,12 @@ #!/usr/bin/env sh - -# Official DNS API for Nanelo.com - -# Provide the required API Key like this: -# NANELO_TOKEN="FmD408PdqT1E269gUK57" +# shellcheck disable=SC2034 +dns_nanelo_info='Nanelo.com +Site: Nanelo.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nanelo +Options: + NANELO_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/4519 +' NANELO_API="https://api.nanelo.com/v1/" diff --git a/dnsapi/dns_nederhost.sh b/dnsapi/dns_nederhost.sh index abaae42b..b16c36ec 100755 --- a/dnsapi/dns_nederhost.sh +++ b/dnsapi/dns_nederhost.sh @@ -1,6 +1,12 @@ #!/usr/bin/env sh - -#NederHost_Key="sdfgikogfdfghjklkjhgfcdcfghj" +# shellcheck disable=SC2034 +dns_nederhost_info='NederHost.nl +Site: NederHost.nl +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nederhost +Options: + NederHost_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2089 +' NederHost_Api="https://api.nederhost.nl/dns/v1" @@ -82,8 +88,8 @@ _get_root() { i=2 p=1 while true; do - _domain=$(printf "%s" "$domain" | cut -d . -f $i-100) - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$(printf "%s" "$domain" | cut -d . -f "$i"-100) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _debug _domain "$_domain" if [ -z "$_domain" ]; then #not valid diff --git a/dnsapi/dns_neodigit.sh b/dnsapi/dns_neodigit.sh index 64ea8786..a31f8c9b 100644 --- a/dnsapi/dns_neodigit.sh +++ b/dnsapi/dns_neodigit.sh @@ -1,13 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_neodigit_info='Neodigit.net +Site: Neodigit.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_neodigit +Options: + NEODIGIT_API_TOKEN API Token +Author: Adrian Almenar +' -# -# NEODIGIT_API_TOKEN="jasdfhklsjadhflnhsausdfas" - -# This is Neodigit.net api wrapper for acme.sh -# -# Author: Adrian Almenar -# Report Bugs here: https://github.com/tecnocratica/acme.sh -# NEODIGIT_API_URL="https://api.neodigit.net/v1" # ######## Public functions ##################### @@ -126,7 +126,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -142,7 +142,7 @@ _get_root() { if _contains "$response" "\"name\":\"$h\"" >/dev/null; then _domain_id=$(echo "$response" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d: -f2 | cut -d, -f1) if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_netcup.sh b/dnsapi/dns_netcup.sh index 776fa02d..687b99bc 100644 --- a/dnsapi/dns_netcup.sh +++ b/dnsapi/dns_netcup.sh @@ -1,5 +1,15 @@ #!/usr/bin/env sh -#developed by linux-insideDE +# shellcheck disable=SC2034 +dns_netcup_info='netcup.eu +Domains: netcup.de netcup.net +Site: netcup.eu/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_netcup +Options: + NC_Apikey API Key + NC_Apipw API Password + NC_CID Customer Number +Author: linux-insideDE +' NC_Apikey="${NC_Apikey:-$(_readaccountconf_mutable NC_Apikey)}" NC_Apipw="${NC_Apipw:-$(_readaccountconf_mutable NC_Apipw)}" diff --git a/dnsapi/dns_netlify.sh b/dnsapi/dns_netlify.sh index 0e5dc327..322f10ad 100644 --- a/dnsapi/dns_netlify.sh +++ b/dnsapi/dns_netlify.sh @@ -1,6 +1,12 @@ #!/usr/bin/env sh - -#NETLIFY_ACCESS_TOKEN="xxxx" +# shellcheck disable=SC2034 +dns_netlify_info='Netlify.com +Site: Netlify.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_netlify +Options: + NETLIFY_ACCESS_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/3088 +' NETLIFY_HOST="api.netlify.com/api/v1/" NETLIFY_URL="https://$NETLIFY_HOST" @@ -49,8 +55,6 @@ dns_netlify_add() { return 1 fi - _err "Not fully implemented!" - return 1 } #Usage: dns_myapi_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -89,7 +93,6 @@ dns_netlify_rm() { _err "error removing validation value ($_code)" return 1 fi - return 0 fi return 1 } @@ -105,7 +108,7 @@ _get_root() { _netlify_rest GET "dns_zones" "" "$accesstoken" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug2 "Checking domain: $h" if [ -z "$h" ]; then #not valid @@ -120,7 +123,7 @@ _get_root() { #create the record at the domain apex (@) if only the domain name was provided as --domain-alias _sub_domain="@" else - _sub_domain=$(echo "$domain" | cut -d . -f 1-$p) + _sub_domain=$(echo "$domain" | cut -d . -f 1-"$p") fi _domain=$h return 0 diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 56170f87..5f3e7d5d 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -1,10 +1,15 @@ #!/usr/bin/env sh - -# -#NIC_ClientID='0dc0xxxxxxxxxxxxxxxxxxxxxxxxce88' -#NIC_ClientSecret='3LTtxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxnuW8' -#NIC_Username="000000/NIC-D" -#NIC_Password="xxxxxxx" +# shellcheck disable=SC2034 +dns_nic_info='nic.ru +Site: nic.ru +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nic +Options: + NIC_ClientID Client ID + NIC_ClientSecret Client Secret + NIC_Username Username + NIC_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2547 +' NIC_Api="https://api.nic.ru" @@ -164,7 +169,7 @@ _get_root() { fi if _contains "$_all_domains" "^$h$"; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h _service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/") return 0 diff --git a/dnsapi/dns_njalla.sh b/dnsapi/dns_njalla.sh index e9243288..c410447d 100644 --- a/dnsapi/dns_njalla.sh +++ b/dnsapi/dns_njalla.sh @@ -1,7 +1,12 @@ #!/usr/bin/env sh - -# -#NJALLA_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_njalla_info='Njalla +Site: Njal.la +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_njalla +Options: + NJALLA_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2913 +' NJALLA_Api="https://njal.la/api/1/" @@ -121,7 +126,7 @@ _get_root() { p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -135,7 +140,7 @@ _get_root() { if _contains "$response" "\"$h\""; then _domain_returned=$(echo "$response" | _egrep_o "\{\"name\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") if [ "$_domain_returned" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_nm.sh b/dnsapi/dns_nm.sh index 4dfcc777..1f818a29 100644 --- a/dnsapi/dns_nm.sh +++ b/dnsapi/dns_nm.sh @@ -1,15 +1,13 @@ #!/usr/bin/env sh - -######################################################################## -# https://namemaster.de hook script for acme.sh -# -# Environment variables: -# -# - $NM_user (your namemaster.de API username) -# - $NM_sha256 (your namemaster.de API password_as_sha256hash) -# -# Author: Thilo Gass -# Git repo: https://github.com/ThiloGa/acme.sh +# shellcheck disable=SC2034 +dns_nm_info='NameMaster.de +Site: NameMaster.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nm +Options: + NM_user API Username + NM_sha256 API Password as SHA256 hash +Author: Thilo Gass +' #-- dns_nm_add() - Add TXT record -------------------------------------- # Usage: dns_nm_add _acme-challenge.subdomain.domain.com "XyZ123..." diff --git a/dnsapi/dns_nsd.sh b/dnsapi/dns_nsd.sh index 0d29a485..3ddaa98c 100644 --- a/dnsapi/dns_nsd.sh +++ b/dnsapi/dns_nsd.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh - -#Nsd_ZoneFile="/etc/nsd/zones/example.com.zone" -#Nsd_Command="sudo nsd-control reload" +# shellcheck disable=SC2034 +dns_nsd_info='NLnetLabs NSD Server +Site: github.com/NLnetLabs/nsd +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#nsd +Options: + Nsd_ZoneFile Zone File path. E.g. "/etc/nsd/zones/example.com.zone" + Nsd_Command Command. E.g. "sudo nsd-control reload" +Issues: github.com/acmesh-official/acme.sh/issues/2245 +' # args: fulldomain txtvalue dns_nsd_add() { diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 9a998341..e1bfa531 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh - -# bug reports to dev@1e.ca - -# -#NS1_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# +# shellcheck disable=SC2034 +dns_nsone_info='ns1.com +Domains: ns1.net +Site: ns1.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nsone +Options: + NS1_Key API Key +Author: +' NS1_Api="https://api.nsone.net/v1" @@ -116,7 +119,7 @@ _get_root() { return 1 fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -124,7 +127,7 @@ _get_root() { fi if _contains "$response" "\"zone\":\"$h\""; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh index cd4b7140..d5dbbcbc 100755 --- a/dnsapi/dns_nsupdate.sh +++ b/dnsapi/dns_nsupdate.sh @@ -1,4 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_nsupdate_info='nsupdate RFC 2136 DynDNS client +Site: bind9.readthedocs.io/en/v9.18.19/manpages.html#nsupdate-dynamic-dns-update-utility +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nsupdate +Options: + NSUPDATE_SERVER Server hostname. Default: "localhost". + NSUPDATE_SERVER_PORT Server port. Default: "53". + NSUPDATE_KEY File path to TSIG key. + NSUPDATE_ZONE Domain zone to update. Optional. +' ######## Public functions ##################### @@ -10,6 +20,7 @@ dns_nsupdate_add() { NSUPDATE_SERVER_PORT="${NSUPDATE_SERVER_PORT:-$(_readaccountconf_mutable NSUPDATE_SERVER_PORT)}" NSUPDATE_KEY="${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}" NSUPDATE_ZONE="${NSUPDATE_ZONE:-$(_readaccountconf_mutable NSUPDATE_ZONE)}" + NSUPDATE_OPT="${NSUPDATE_OPT:-$(_readaccountconf_mutable NSUPDATE_OPT)}" _checkKeyFile || return 1 @@ -18,21 +29,25 @@ dns_nsupdate_add() { _saveaccountconf_mutable NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}" _saveaccountconf_mutable NSUPDATE_KEY "${NSUPDATE_KEY}" _saveaccountconf_mutable NSUPDATE_ZONE "${NSUPDATE_ZONE}" + _saveaccountconf_mutable NSUPDATE_OPT "${NSUPDATE_OPT}" [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53 + [ -n "${NSUPDATE_OPT}" ] || NSUPDATE_OPT="" _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\"" [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d" [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D" if [ -z "${NSUPDATE_ZONE}" ]; then - nsupdate -k "${NSUPDATE_KEY}" $nsdebug < NW_API_VERSION="0" @@ -157,7 +154,7 @@ _get_root() { _debug response "${response}" while true; do - h=$(printf "%s" "${domain}" | cut -d . -f $i-100) + h=$(printf "%s" "${domain}" | cut -d . -f "$i"-100) _debug h "${h}" if [ -z "${h}" ]; then #not valid @@ -168,7 +165,7 @@ _get_root() { if [ "${hostedzone}" ]; then _zone_id=$(printf "%s\n" "${hostedzone}" | _egrep_o "\"zone_id\": *[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) if [ "${_zone_id}" ]; then - _sub_domain=$(printf "%s" "${domain}" | cut -d . -f 1-${p}) + _sub_domain=$(printf "%s" "${domain}" | cut -d . -f 1-"${p}") _domain="${h}" return 0 fi diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index 3b81143f..c76a4565 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -1,6 +1,19 @@ #!/usr/bin/env sh -# -# Acme.sh DNS API plugin for Oracle Cloud Infrastructure +# shellcheck disable=SC2034 +dns_oci_info='Oracle Cloud Infrastructure (OCI) + If OCI CLI configuration file ~/.oci/config has a DEFAULT profile then it will be used. +Site: Cloud.Oracle.com +Docs: github.com/acmesh-official/acme.sh/wiki/How-to-use-Oracle-Cloud-Infrastructure-DNS +Options: + OCI_CLI_TENANCY OCID of tenancy that contains the target DNS zone. Optional. + OCI_CLI_USER OCID of user with permission to add/remove records from zones. Optional. + OCI_CLI_REGION Should point to the tenancy home region. Optional. + OCI_CLI_KEY_FILE Path to private API signing key file in PEM format. Optional. + OCI_CLI_KEY The private API signing key in PEM format. Optional. +Issues: github.com/acmesh-official/acme.sh/issues/3540 +Author: Avi Miller +' + # Copyright (c) 2021, Oracle and/or its affiliates # # The plugin will automatically use the default profile from an OCI SDK and CLI @@ -177,7 +190,7 @@ _get_zone() { p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then # not valid @@ -186,7 +199,7 @@ _get_zone() { _domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id") if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h _debug _domain_id "$_domain_id" diff --git a/dnsapi/dns_omglol.sh b/dnsapi/dns_omglol.sh new file mode 100644 index 00000000..5c137c3f --- /dev/null +++ b/dnsapi/dns_omglol.sh @@ -0,0 +1,391 @@ +#!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_omglol_info='omg.lol +Site: omg.lol +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_omglol +Options: + OMG_ApiKey API Key from omg.lol. This is accessible from the bottom of the account page at https://home.omg.lol/account + OMG_Address This is your omg.lol address, without the preceding @ - you can see your list on your dashboard at https://home.omg.lol/dashboard +Issues: github.com/acmesh-official/acme.sh/issues/5299 +Author: @Kholin +' + +# See API Docs https://api.omg.lol/ + +######## Public functions ##################### + +#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_omglol_add() { + fulldomain=$1 + txtvalue=$2 + OMG_ApiKey="${OMG_ApiKey:-$(_readaccountconf_mutable OMG_ApiKey)}" + OMG_Address="${OMG_Address:-$(_readaccountconf_mutable OMG_Address)}" + + # As omg.lol includes a leading @ for their addresses, pre-strip this before save + OMG_Address="$(echo "$OMG_Address" | tr -d '@')" + + _saveaccountconf_mutable OMG_ApiKey "$OMG_ApiKey" + _saveaccountconf_mutable OMG_Address "$OMG_Address" + + _info "Using omg.lol." + _debug "Function" "dns_omglol_add()" + _debug "Full Domain Name" "$fulldomain" + _debug "txt Record Value" "$txtvalue" + _secure_debug "omg.lol API key" "$OMG_ApiKey" + _debug "omg.lol Address" "$OMG_Address" + + omg_validate "$OMG_ApiKey" "$OMG_Address" "$fulldomain" + if [ ! $? ]; then + return 1 + fi + + dnsName=$(_getDnsRecordName "$fulldomain" "$OMG_Address") + authHeader="$(_createAuthHeader "$OMG_ApiKey")" + + _debug2 "dns_omglol_add(): Address" "$dnsName" + + omg_add "$OMG_Address" "$authHeader" "$dnsName" "$txtvalue" + +} + +#Usage: fulldomain txtvalue +#Remove the txt record after validation. +dns_omglol_rm() { + fulldomain=$1 + txtvalue=$2 + OMG_ApiKey="${OMG_ApiKey:-$(_readaccountconf_mutable OMG_ApiKey)}" + OMG_Address="${OMG_Address:-$(_readaccountconf_mutable OMG_Address)}" + + # As omg.lol includes a leading @ for their addresses, strip this in case provided + OMG_Address="$(echo "$OMG_Address" | tr -d '@')" + + _info "Using omg.lol" + _debug "Function" "dns_omglol_rm()" + _debug "Full Domain Name" "$fulldomain" + _debug "txt Record Value" "$txtvalue" + _secure_debug "omg.lol API key" "$OMG_ApiKey" + _debug "omg.lol Address" "$OMG_Address" + + omg_validate "$OMG_ApiKey" "$OMG_Address" "$fulldomain" + if [ ! $? ]; then + return 1 + fi + + dnsName=$(_getDnsRecordName "$fulldomain" "$OMG_Address") + authHeader="$(_createAuthHeader "$OMG_ApiKey")" + + omg_delete "$OMG_Address" "$authHeader" "$dnsName" "$txtvalue" +} + +#################### Private functions below ################################## +# Check that the minimum requirements are present. Close ungracefully if not +omg_validate() { + omg_apikey=$1 + omg_address=$2 + fulldomain=$3 + + _debug2 "Function" "dns_validate()" + _secure_debug2 "omg.lol API key" "$omg_apikey" + _debug2 "omg.lol Address" "$omg_address" + _debug2 "Full Domain Name" "$fulldomain" + + if [ "" = "$omg_address" ]; then + _err "omg.lol base address not provided. Exiting" + return 1 + fi + + if [ "" = "$omg_apikey" ]; then + _err "omg.lol API key not provided. Exiting" + return 1 + fi + + _endswith "$fulldomain" "omg.lol" + if [ ! $? ]; then + _err "Domain name requested is not under omg.lol" + return 1 + fi + + _endswith "$fulldomain" "$omg_address.omg.lol" + if [ ! $? ]; then + _err "Domain name is not a subdomain of provided omg.lol address $omg_address" + return 1 + fi + + _debug "Required environment parameters are all present" +} + +# Add (or modify) an entry for a new ACME query +omg_add() { + address=$1 + authHeader=$2 + dnsName=$3 + txtvalue=$4 + + _info "Creating DNS entry for $dnsName" + _debug2 "omg_add()" + _debug2 "omg.lol Address: " "$address" + _secure_debug2 "omg.lol authorization header: " "$authHeader" + _debug2 "Full Domain name:" "$dnsName.$address.omg.lol" + _debug2 "TXT value to set:" "$txtvalue" + + export _H1="$authHeader" + + endpoint="https://api.omg.lol/address/$address/dns" + _debug2 "Endpoint" "$endpoint" + + payload='{"type": "TXT", "name":"'"$dnsName"'", "data":"'"$txtvalue"'", "ttl":30}' + _debug2 "Payload" "$payload" + + response=$(_post "$payload" "$endpoint" "" "POST" "application/json") + + omg_validate_add "$response" "$dnsName.$address" "$txtvalue" +} + +omg_validate_add() { + response=$1 + name=$2 + content=$3 + + _debug "Validating DNS record addition" + _debug2 "omg_validate_add()" + _debug2 "Response" "$response" + _debug2 "DNS Name" "$name" + _debug2 "DNS value" "$content" + + _jsonResponseCheck "$response" "success" "true" + if [ "1" = "$?" ]; then + _err "Response did not report success" + return 1 + fi + + _jsonResponseCheck "$response" "message" "Your DNS record was created successfully." + if [ "1" = "$?" ]; then + _err "Response message did not indicate DNS record was successfully created" + return 1 + fi + + _jsonResponseCheck "$response" "name" "$name" + if [ "1" = "$?" ]; then + _err "Response DNS Name did not match the response received" + return 1 + fi + + _jsonResponseCheck "$response" "content" "$content" + if [ "1" = "$?" ]; then + _err "Response DNS Name did not match the response received" + return 1 + fi + + _info "Record Created successfully" + return 0 +} + +omg_getRecords() { + address=$1 + authHeader=$2 + dnsName=$3 + txtValue=$4 + + _debug2 "omg_getRecords()" + _debug2 "omg.lol Address: " "$address" + _secure_debug2 "omg.lol Auth Header: " "$authHeader" + _debug2 "omg.lol DNS name:" "$dnsName" + _debug2 "txt Value" "$txtValue" + + export _H1="$authHeader" + + endpoint="https://api.omg.lol/address/$address/dns" + _debug2 "Endpoint" "$endpoint" + + payload=$(_get "$endpoint") + + _debug2 "Received Payload:" "$payload" + + # Reformat the JSON to be more parseable + recordID=$(echo "$payload" | _stripWhitespace) + recordID=$(echo "$recordID" | _exposeJsonArray) + + # Now find the one with the right value, and caputre its ID + recordID=$(echo "$recordID" | grep -- "$txtValue" | grep -i -- "$dnsName.$address") + _getJsonElement "$recordID" "id" +} + +omg_delete() { + address=$1 + authHeader=$2 + dnsName=$3 + txtValue=$4 + + _info "Deleting DNS entry for $dnsName with value $txtValue" + _debug2 "omg_delete()" + _debug2 "omg.lol Address: " "$address" + _secure_debug2 "omg.lol Auth Header: " "$authHeader" + _debug2 "Full Domain name:" "$dnsName.$address.omg.lol" + _debug2 "txt Value" "$txtValue" + + record=$(omg_getRecords "$address" "$authHeader" "$dnsName" "$txtvalue") + if [ "" = "$record" ]; then + _err "DNS record $address not found!" + return 1 + fi + + endpoint="https://api.omg.lol/address/$address/dns/$record" + _debug2 "Endpoint" "$endpoint" + + export _H1="$authHeader" + output=$(_post "" "$endpoint" "" "DELETE") + + _debug2 "Response" "$output" + + omg_validate_delete "$output" +} + +# Validate the response on request to delete. +# Confirm status is success and message indicates deletion was successful. +# Input: Response - HTTP response received from delete request +omg_validate_delete() { + response=$1 + + _info "Validating DNS record deletion" + _debug2 "omg_validate_delete()" + _debug2 "Response" "$response" + + _jsonResponseCheck "$output" "success" "true" + if [ "1" = "$?" ]; then + _err "Response did not report success" + return 1 + fi + + _jsonResponseCheck "$output" "message" "OK, your DNS record has been deleted." + if [ "1" = "$?" ]; then + _err "Response message did not indicate DNS record was successfully deleted" + return 1 + fi + + _info "Record deleted successfully" + return 0 +} + +########## Utility Functions ##################################### +# All utility functions only log at debug3 +_jsonResponseCheck() { + response=$1 + field=$2 + correct=$3 + + correct=$(echo "$correct" | _lower_case) + + _debug3 "jsonResponseCheck()" + _debug3 "Response to parse" "$response" + _debug3 "Field to get response from" "$field" + _debug3 "What is the correct response" "$correct" + + responseValue=$(_jsonGetLastResponse "$response" "$field") + + if [ "$responseValue" != "$correct" ]; then + _debug3 "Expected: $correct" + _debug3 "Actual: $responseValue" + return 1 + else + _debug3 "Matched: $responseValue" + fi + return 0 +} + +_jsonGetLastResponse() { + response=$1 + field=$2 + + _debug3 "jsonGetLastResponse()" + _debug3 "Response provided" "$response" + _debug3 "Field to get responses for" "$field" + + responseValue=$(echo "$response" | grep -- "\"$field\"" | cut -f2 -d":") + + _debug3 "Response lines found:" "$responseValue" + + responseValue=$(echo "$responseValue" | sed 's/^ //g' | sed 's/^"//g' | sed 's/\\"//g') + responseValue=$(echo "$responseValue" | sed 's/,$//g' | sed 's/"$//g') + responseValue=$(echo "$responseValue" | _lower_case) + + _debug3 "Responses found" "$responseValue" + _debug3 "Response Selected" "$(echo "$responseValue" | tail -1)" + + echo "$responseValue" | tail -1 +} + +_stripWhitespace() { + tr -d '\n' | tr -d '\r' | tr -d '\t' | sed -r 's/ +/ /g' | sed 's/\\"//g' +} + +_exposeJsonArray() { + sed -r 's/.*\[//g' | tr '}' '|' | tr '{' '|' | sed 's/|, |/|/g' | tr '|' '\n' +} + +_getJsonElement() { + content=$1 + field=$2 + + _debug3 "_getJsonElement()" + _debug3 "Input JSON element" "$content" + _debug3 "JSON element to isolate" "$field" + + # With a single JSON entry to parse, convert commas to newlines puts each element on + # its own line - which then allows us to just grep teh name, remove the key, and + # isolate the value + output=$(echo "$content" | tr ',' '\n' | grep -- "\"$field\":" | sed 's/.*: //g') + + _debug3 "String before unquoting: $output" + + _unquoteString "$output" +} + +_createAuthHeader() { + apikey=$1 + + _debug3 "_createAuthHeader()" + _secure_debug3 "Provided API Key" "$apikey" + + authheader="Authorization: Bearer $apikey" + _secure_debug3 "Authorization Header" "$authheader" + echo "$authheader" +} + +_getDnsRecordName() { + fqdn=$1 + address=$2 + + _debug3 "_getDnsRecordName()" + _debug3 "FQDN" "$fqdn" + _debug3 "omg.lol Address" "$address" + + echo "$fqdn" | sed 's/\.omg\.lol//g' | sed 's/\.'"$address"'$//g' +} + +_unquoteString() { + output=$1 + quotes=0 + + _debug3 "_unquoteString()" + _debug3 "Possibly quoted string" "$output" + + _startswith "$output" "\"" + if [ $? ]; then + quotes=$((quotes + 1)) + fi + + _endswith "$output" "\"" + if [ $? ]; then + quotes=$((quotes + 1)) + fi + + _debug3 "Original String: $output" + _debug3 "Quotes found: $quotes" + + if [ $((quotes)) -gt 1 ]; then + output=$(echo "$output" | sed 's/^"//g' | sed 's/"$//g') + _debug3 "Quotes removed: $output" + fi + + echo "$output" +} diff --git a/dnsapi/dns_one.sh b/dnsapi/dns_one.sh index 1565b767..d258ecc1 100644 --- a/dnsapi/dns_one.sh +++ b/dnsapi/dns_one.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh -# one.com ui wrapper for acme.sh - -# -# export ONECOM_User="username" -# export ONECOM_Password="password" +# shellcheck disable=SC2034 +dns_one_info='one.com +Site: one.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_one +Options: + ONECOM_User Username + ONECOM_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2103 +' dns_one_add() { fulldomain=$1 @@ -90,7 +94,7 @@ _get_root() { i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid @@ -100,7 +104,7 @@ _get_root() { response="$(_get "https://www.one.com/admin/api/domains/$h/dns/custom_records")" if ! _contains "$response" "CRMRST_000302"; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_online.sh b/dnsapi/dns_online.sh index 9158c268..7ec27d71 100755 --- a/dnsapi/dns_online.sh +++ b/dnsapi/dns_online.sh @@ -1,9 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_online_info='online.net +Domains: scaleway.com +Site: online.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_online +Options: + ONLINE_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/2093 +' # Online API # https://console.online.net/en/api/ -# -# Requires Online API key set in ONLINE_API_KEY ######## Public functions ##################### @@ -117,7 +124,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -126,7 +133,7 @@ _get_root() { _online_rest GET "domain/$h/version/active" if ! _contains "$response" "Domain not found" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" _real_dns_version=$(echo "$response" | _egrep_o '"uuid_ref":.*' | cut -d ':' -f 2 | cut -d '"' -f 2) return 0 diff --git a/dnsapi/dns_openprovider.sh b/dnsapi/dns_openprovider.sh index 0a9e5ade..b584fad2 100755 --- a/dnsapi/dns_openprovider.sh +++ b/dnsapi/dns_openprovider.sh @@ -1,15 +1,14 @@ #!/usr/bin/env sh - -# This is the OpenProvider API wrapper for acme.sh -# -# Author: Sylvia van Os -# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2104 -# -# export OPENPROVIDER_USER="username" -# export OPENPROVIDER_PASSWORDHASH="hashed_password" -# -# Usage: -# acme.sh --issue --dns dns_openprovider -d example.com +# shellcheck disable=SC2034 +dns_openprovider_info='OpenProvider.eu +Site: OpenProvider.eu +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_openprovider +Options: + OPENPROVIDER_USER Username + OPENPROVIDER_PASSWORDHASH Password hash +Issues: github.com/acmesh-official/acme.sh/issues/2104 +Author: Sylvia van Os +' OPENPROVIDER_API="https://api.openprovider.eu/" #OPENPROVIDER_API="https://api.cte.openprovider.eu/" # Test API @@ -69,7 +68,7 @@ dns_openprovider_add() { new_item="$(echo "$item" | sed -n 's/.*.*\(\(.*\)'"$_domain_name"'\.'"$_domain_extension"'<\/name>.*\(.*<\/type>\).*\(.*<\/value>\).*\(.*<\/prio>\).*\(.*<\/ttl>\)\).*<\/item>.*/\2<\/name>\3\4\5\6<\/item>/p')" fi - if [ -z "$(echo "$new_item" | _egrep_o ".*(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA|NS)<\/type>.*")" ]; then + if [ -z "$(echo "$new_item" | _egrep_o ".*(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA)<\/type>.*")" ]; then _debug "not an allowed record type, skipping" "$new_item" continue fi @@ -153,7 +152,7 @@ dns_openprovider_rm() { new_item="$(echo "$item" | sed -n 's/.*.*\(\(.*\)'"$_domain_name"'\.'"$_domain_extension"'<\/name>.*\(.*<\/type>\).*\(.*<\/value>\).*\(.*<\/prio>\).*\(.*<\/ttl>\)\).*<\/item>.*/\2<\/name>\3\4\5\6<\/item>/p')" fi - if [ -z "$(echo "$new_item" | _egrep_o ".*(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA|NS)<\/type>.*")" ]; then + if [ -z "$(echo "$new_item" | _egrep_o ".*(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA)<\/type>.*")" ]; then _debug "not an allowed record type, skipping" "$new_item" continue fi @@ -187,7 +186,7 @@ _get_root() { results_retrieved=0 while true; do - h=$(echo "$domain" | cut -d . -f $i-100) + h=$(echo "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid diff --git a/dnsapi/dns_openstack.sh b/dnsapi/dns_openstack.sh index fcc1dc2e..fa38bc0b 100755 --- a/dnsapi/dns_openstack.sh +++ b/dnsapi/dns_openstack.sh @@ -1,14 +1,21 @@ #!/usr/bin/env sh - -# OpenStack Designate API plugin -# -# This requires you to have OpenStackClient and python-desginateclient -# installed. -# -# You will require Keystone V3 credentials loaded into your environment, which -# could be either password or v3applicationcredential type. -# -# Author: Andy Botting +# shellcheck disable=SC2034 +dns_openstack_info='OpenStack Designate API + Depends on OpenStackClient and python-desginateclient. + You will require Keystone V3 credentials loaded into your environment, + which could be either password or v3 application credential type. +Site: docs.openstack.org/api-ref/dns/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_openstack +Options: + OS_AUTH_URL Auth URL. E.g. "https://keystone.example.com:5000/" + OS_USERNAME Username + OS_PASSWORD Password + OS_PROJECT_NAME Project name + OS_PROJECT_DOMAIN_NAME Project domain name. E.g. "Default" + OS_USER_DOMAIN_NAME User domain name. E.g. "Default" +Issues: github.com/acmesh-official/acme.sh/issues/3054 +Author: Andy Botting +' ######## Public functions ##################### diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index d40cbe28..d1e9c0ac 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -1,16 +1,16 @@ #!/usr/bin/env sh - -#OPNsense Bind API -#https://docs.opnsense.org/development/api.html -# -#OPNs_Host="opnsense.example.com" -#OPNs_Port="443" -# optional, defaults to 443 if unset -#OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA" -#OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv" -#OPNs_Api_Insecure=0 -# optional, defaults to 0 if unset -# Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1) +# shellcheck disable=SC2034 +dns_opnsense_info='OPNsense Server +Site: docs.opnsense.org/development/api.html +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_opnsense +Options: + OPNs_Host Server Hostname. E.g. "opnsense.example.com" + OPNs_Port Port. Default: "443". + OPNs_Key API Key + OPNs_Token API Token + OPNs_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept +Issues: github.com/acmesh-official/acme.sh/issues/2480 +' ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000" @@ -144,7 +144,7 @@ _get_root() { fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -153,13 +153,13 @@ _get_root() { id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"primary\",\"domainname\":\"${h}\"" | cut -d ':' -f 2 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" - _host=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _host=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="${h}" _domainid="${id}" return 0 fi p=$i - i=$(_math $i + 1) + i=$(_math "$i" + 1) done _debug "$domain not found" diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index e1a958f6..24ad0904 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -1,13 +1,15 @@ #!/usr/bin/env sh - -#Application Key -#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#Application Secret -#OVH_AS="sdfsafsdfsdfdsfsdfsa" -# -#Consumer Key -#OVH_CK="sdfsdfsdfsdfsdfdsf" +# shellcheck disable=SC2034 +dns_ovh_info='OVH.com +Domains: kimsufi.com soyoustart.com +Site: OVH.com +Docs: github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api +Options: + OVH_END_POINT Endpoint. "ovh-eu", "ovh-us", "ovh-ca", "kimsufi-eu", "kimsufi-ca", "soyoustart-eu", "soyoustart-ca" or raw URL. Default: "ovh-eu". + OVH_AK Application Key + OVH_AS Application Secret + OVH_CK Consumer Key +' #OVH_END_POINT=ovh-eu @@ -111,7 +113,7 @@ _initAuth() { _saveaccountconf_mutable OVH_END_POINT "$OVH_END_POINT" fi - OVH_API="$(_ovh_get_api $OVH_END_POINT)" + OVH_API="$(_ovh_get_api "$OVH_END_POINT")" _debug OVH_API "$OVH_API" OVH_CK="${OVH_CK:-$(_readaccountconf_mutable OVH_CK)}" @@ -258,7 +260,7 @@ _get_root() { i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -271,7 +273,7 @@ _get_root() { if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "This call has not been granted" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 6aa2e953..2478e19f 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -1,12 +1,14 @@ #!/usr/bin/env sh - -#PowerDNS Embedded API -#https://doc.powerdns.com/md/httpapi/api_spec/ -# -#PDNS_Url="http://ns.example.com:8081" -#PDNS_ServerId="localhost" -#PDNS_Token="0123456789ABCDEF" -#PDNS_Ttl=60 +# shellcheck disable=SC2034 +dns_pdns_info='PowerDNS Server API +Site: PowerDNS.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_pdns +Options: + PDNS_Url API URL. E.g. "http://ns.example.com:8081" + PDNS_ServerId Server ID. E.g. "localhost" + PDNS_Token API Token + PDNS_Ttl=60 Domain TTL. Default: "60". +' DEFAULT_PDNS_TTL=60 @@ -18,6 +20,11 @@ dns_pdns_add() { fulldomain=$1 txtvalue=$2 + PDNS_Url="${PDNS_Url:-$(_readaccountconf_mutable PDNS_Url)}" + PDNS_ServerId="${PDNS_ServerId:-$(_readaccountconf_mutable PDNS_ServerId)}" + PDNS_Token="${PDNS_Token:-$(_readaccountconf_mutable PDNS_Token)}" + PDNS_Ttl="${PDNS_Ttl:-$(_readaccountconf_mutable PDNS_Ttl)}" + if [ -z "$PDNS_Url" ]; then PDNS_Url="" _err "You don't specify PowerDNS address." @@ -44,12 +51,12 @@ dns_pdns_add() { fi #save the api addr and key to the account conf file. - _saveaccountconf PDNS_Url "$PDNS_Url" - _saveaccountconf PDNS_ServerId "$PDNS_ServerId" - _saveaccountconf PDNS_Token "$PDNS_Token" + _saveaccountconf_mutable PDNS_Url "$PDNS_Url" + _saveaccountconf_mutable PDNS_ServerId "$PDNS_ServerId" + _saveaccountconf_mutable PDNS_Token "$PDNS_Token" if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ]; then - _saveaccountconf PDNS_Ttl "$PDNS_Ttl" + _saveaccountconf_mutable PDNS_Ttl "$PDNS_Ttl" fi _debug "Detect root zone" @@ -71,6 +78,11 @@ dns_pdns_rm() { fulldomain=$1 txtvalue=$2 + PDNS_Url="${PDNS_Url:-$(_readaccountconf_mutable PDNS_Url)}" + PDNS_ServerId="${PDNS_ServerId:-$(_readaccountconf_mutable PDNS_ServerId)}" + PDNS_Token="${PDNS_Token:-$(_readaccountconf_mutable PDNS_Token)}" + PDNS_Ttl="${PDNS_Ttl:-$(_readaccountconf_mutable PDNS_Ttl)}" + if [ -z "$PDNS_Ttl" ]; then PDNS_Ttl="$DEFAULT_PDNS_TTL" fi @@ -179,7 +191,7 @@ _get_root() { fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if _contains "$_zones_response" "\"name\":\"$h.\""; then _domain="$h." @@ -192,7 +204,7 @@ _get_root() { if [ -z "$h" ]; then return 1 fi - i=$(_math $i + 1) + i=$(_math "$i" + 1) done _debug "$domain not found" diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index 81973e07..6b38abcb 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -1,10 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_pleskxml_info='Plesk Server API +Site: Plesk.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_pleskxml +Options: + pleskxml_uri Plesk server API URL. E.g. "https://your-plesk-server.net:8443/enterprise/control/agent.php" + pleskxml_user Username + pleskxml_pass Password +Issues: github.com/acmesh-official/acme.sh/issues/2577 +Author: Stilez, +' -## Name: dns_pleskxml.sh -## Created by Stilez. -## Also uses some code from PR#1832 by @romanlum (https://github.com/acmesh-official/acme.sh/pull/1832/files) - -## This DNS-01 method uses the Plesk XML API described at: +## Plesk XML API described at: ## https://docs.plesk.com/en-US/12.5/api-rpc/about-xml-api.28709 ## and more specifically: https://docs.plesk.com/en-US/12.5/api-rpc/reference.28784 @@ -16,21 +23,6 @@ ## For ACME v2 purposes, new TXT records are appended when added, and removing one TXT record will not affect any other TXT records. ## The user credentials (username+password) and URL/URI for the Plesk XML API must be set by the user -## before this module is called (case sensitive): -## -## ``` -## export pleskxml_uri="https://address-of-my-plesk-server.net:8443/enterprise/control/agent.php" -## (or probably something similar) -## export pleskxml_user="my plesk username" -## export pleskxml_pass="my plesk password" -## ``` - -## Ok, let's issue a cert now: -## ``` -## acme.sh --issue --dns dns_pleskxml -d example.com -d www.example.com -## ``` -## -## The `pleskxml_uri`, `pleskxml_user` and `pleskxml_pass` will be saved in `~/.acme.sh/account.conf` and reused when needed. #################### INTERNAL VARIABLES + NEWLINE + API TEMPLATES ################################## diff --git a/dnsapi/dns_pointhq.sh b/dnsapi/dns_pointhq.sh index 62313109..0abc087b 100644 --- a/dnsapi/dns_pointhq.sh +++ b/dnsapi/dns_pointhq.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -#PointHQ_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#PointHQ_Email="xxxx@sss.com" +# shellcheck disable=SC2034 +dns_pointhq_info='pointhq.com PointDNS +Site: pointhq.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_pointhq +Options: + PointHQ_Key API Key + PointHQ_Email Email +Issues: github.com/acmesh-official/acme.sh/issues/2060 +' PointHQ_Api="https://api.pointhq.com" @@ -114,7 +118,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -126,7 +130,7 @@ _get_root() { fi if _contains "$response" "\"name\":\"$h\"" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh index ad4455b6..1681ca9a 100644 --- a/dnsapi/dns_porkbun.sh +++ b/dnsapi/dns_porkbun.sh @@ -1,10 +1,15 @@ #!/usr/bin/env sh - -# -#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" -#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" - -PORKBUN_Api="https://porkbun.com/api/json/v3" +# shellcheck disable=SC2034 +dns_porkbun_info='Porkbun.com +Site: Porkbun.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_porkbun +Options: + PORKBUN_API_KEY API Key + PORKBUN_SECRET_API_KEY API Secret +Issues: github.com/acmesh-official/acme.sh/issues/3450 +' + +PORKBUN_Api="https://api.porkbun.com/api/json/v3" ######## Public functions ##################### @@ -88,7 +93,7 @@ dns_porkbun_rm() { _err "Delete record error." return 1 fi - echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null + echo "$response" | tr -d " " | grep '"status":"SUCCESS"' >/dev/null fi } @@ -102,7 +107,7 @@ _get_root() { domain=$1 i=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then return 1 @@ -134,7 +139,7 @@ _porkbun_rest() { api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"') secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"') - test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1)," + test -z "$data" && data="{" || data="$(echo "$data" | cut -d'}' -f1)," data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}" export _H1="Content-Type: application/json" diff --git a/dnsapi/dns_rackcorp.sh b/dnsapi/dns_rackcorp.sh index 6aabfddc..b8fc73ab 100644 --- a/dnsapi/dns_rackcorp.sh +++ b/dnsapi/dns_rackcorp.sh @@ -1,16 +1,14 @@ #!/usr/bin/env sh - -# Provider: RackCorp (www.rackcorp.com) -# Author: Stephen Dendtler (sdendtler@rackcorp.com) -# Report Bugs here: https://github.com/senjoo/acme.sh -# Alternate email contact: support@rackcorp.com -# -# You'll need an API key (Portal: ADMINISTRATION -> API) -# Set the environment variables as below: -# -# export RACKCORP_APIUUID="UUIDHERE" -# export RACKCORP_APISECRET="SECRETHERE" -# +# shellcheck disable=SC2034 +dns_rackcorp_info='RackCorp.com +Site: RackCorp.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_rackcorp +Options: + RACKCORP_APIUUID API UUID. See Portal: ADMINISTRATION -> API + RACKCORP_APISECRET API Secret +Issues: github.com/acmesh-official/acme.sh/issues/3351 +Author: Stephen Dendtler +' RACKCORP_API_ENDPOINT="https://api.rackcorp.net/api/rest/v2.4/json.php" @@ -85,7 +83,7 @@ _get_root() { return 1 fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug searchhost "$h" if [ -z "$h" ]; then _err "Could not find domain for record $domain in RackCorp using the provided credentials" @@ -97,7 +95,7 @@ _get_root() { if _contains "$response" "\"matches\":1"; then if _contains "$response" "\"name\":\"$h\""; then - _lookup=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _lookup=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_rackspace.sh b/dnsapi/dns_rackspace.sh index b50d9168..05ec14a6 100644 --- a/dnsapi/dns_rackspace.sh +++ b/dnsapi/dns_rackspace.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh -# -# -#RACKSPACE_Username="" -# -#RACKSPACE_Apikey="" +# shellcheck disable=SC2034 +dns_rackspace_info='RackSpace.com +Site: RackSpace.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_rackspace +Options: + RACKSPACE_Apikey API Key + RACKSPACE_Username Username +Issues: github.com/acmesh-official/acme.sh/issues/2091 +' RACKSPACE_Endpoint="https://dns.api.rackspacecloud.com/v1.0" @@ -68,7 +72,7 @@ _get_root_zone() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -84,7 +88,7 @@ _get_root_zone() { _domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\"\([^,]*\)\",\"accountId\":\"[0-9]*\",\"name\":\"$h\",.*/\1/p") _debug2 domain_id "$_domain_id" if [ -n "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_rage4.sh b/dnsapi/dns_rage4.sh index 4af4541d..ad312759 100755 --- a/dnsapi/dns_rage4.sh +++ b/dnsapi/dns_rage4.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -#RAGE4_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#RAGE4_USERNAME="xxxx@sss.com" +# shellcheck disable=SC2034 +dns_rage4_info='rage4.com +Site: rage4.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_rage4 +Options: + RAGE4_TOKEN API Key + RAGE4_USERNAME Username +Issues: github.com/acmesh-official/acme.sh/issues/4306 +' RAGE4_Api="https://rage4.com/rapi/" diff --git a/dnsapi/dns_rcode0.sh b/dnsapi/dns_rcode0.sh index d3f7f219..4ffdf572 100755 --- a/dnsapi/dns_rcode0.sh +++ b/dnsapi/dns_rcode0.sh @@ -1,14 +1,20 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_rcode0_info='Rcode0 rcodezero.at +Site: rcodezero.at +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_rcode0 +Options: + RCODE0_URL API URL. E.g. "https://my.rcodezero.at" + RCODE0_API_TOKEN API Token + RCODE0_TTL TTL. Default: "60". +Issues: github.com/acmesh-official/acme.sh/issues/2490 +' #Rcode0 API Integration #https://my.rcodezero.at/api-doc # # log into https://my.rcodezero.at/enableapi and get your ACME API Token (the ACME API token has limited # access to the REST calls needed for acme.sh only) -# -#RCODE0_URL="https://my.rcodezero.at" -#RCODE0_API_TOKEN="0123456789ABCDEF" -#RCODE0_TTL=60 DEFAULT_RCODE0_URL="https://my.rcodezero.at" DEFAULT_RCODE0_TTL=60 @@ -165,7 +171,7 @@ _get_root() { i=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug "try to find: $h" if _rcode0_rest "GET" "/api/v1/acme/zones/$h"; then @@ -183,7 +189,7 @@ _get_root() { if [ -z "$h" ]; then return 1 fi - i=$(_math $i + 1) + i=$(_math "$i" + 1) done _debug "no matching domain for $domain found" diff --git a/dnsapi/dns_regru.sh b/dnsapi/dns_regru.sh index 8ff380f0..be5ae117 100644 --- a/dnsapi/dns_regru.sh +++ b/dnsapi/dns_regru.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh - -# -# REGRU_API_Username="test" -# -# REGRU_API_Password="test" -# +# shellcheck disable=SC2034 +dns_regru_info='reg.ru +Site: reg.ru +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_regru +Options: + REGRU_API_Username Username + REGRU_API_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2336 +' REGRU_API_URL="https://api.reg.ru/api/regru2" diff --git a/dnsapi/dns_scaleway.sh b/dnsapi/dns_scaleway.sh index a0a0f318..4cbf68d2 100755 --- a/dnsapi/dns_scaleway.sh +++ b/dnsapi/dns_scaleway.sh @@ -1,9 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_scaleway_info='ScaleWay.com +Site: ScaleWay.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_scaleway +Options: + SCALEWAY_API_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/3295 +' # Scaleway API # https://developers.scaleway.com/en/products/domain/dns/api/ -# -# Requires Scaleway API token set in SCALEWAY_API_TOKEN ######## Public functions ##################### @@ -35,9 +41,7 @@ dns_scaleway_add() { _err error "$response" return 1 fi - _info "Record added." - return 0 } dns_scaleway_rm() { @@ -65,9 +69,7 @@ dns_scaleway_rm() { _err error "$response" return 1 fi - _info "Record deleted." - return 0 } #################### Private functions below ################################## @@ -98,7 +100,7 @@ _get_root() { i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -107,7 +109,7 @@ _get_root() { _scaleway_rest GET "dns-zones/$h/records" if ! _contains "$response" "subdomain not found" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_schlundtech.sh b/dnsapi/dns_schlundtech.sh index 399c50e0..6d2930a2 100644 --- a/dnsapi/dns_schlundtech.sh +++ b/dnsapi/dns_schlundtech.sh @@ -1,16 +1,14 @@ #!/usr/bin/env sh -# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*- - -# Schlundtech DNS API -# Author: mod242 -# Created: 2019-40-29 -# Completly based on the autoDNS xml api wrapper by auerswald@gmail.com -# -# export SCHLUNDTECH_USER="username" -# export SCHLUNDTECH_PASSWORD="password" -# -# Usage: -# acme.sh --issue --dns dns_schlundtech -d example.com +# shellcheck disable=SC2034 +dns_schlundtech_info='SchlundTech.de +Site: SchlundTech.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_schlundtech +Options: + SCHLUNDTECH_USER Username + SCHLUNDTECH_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/2246 +Author: +' SCHLUNDTECH_API="https://gateway.schlundtech.de" @@ -108,7 +106,7 @@ _get_autodns_zone() { p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then @@ -126,7 +124,7 @@ _get_autodns_zone() { if _contains "$autodns_response" "1" >/dev/null; then _zone="$(echo "$autodns_response" | _egrep_o '[^<]*' | cut -d '>' -f 2 | cut -d '<' -f 1)" _system_ns="$(echo "$autodns_response" | _egrep_o '[^<]*' | cut -d '>' -f 2 | cut -d '<' -f 1)" - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") return 0 fi diff --git a/dnsapi/dns_selectel.sh b/dnsapi/dns_selectel.sh index 1b09882d..8b52b24e 100644 --- a/dnsapi/dns_selectel.sh +++ b/dnsapi/dns_selectel.sh @@ -1,8 +1,12 @@ #!/usr/bin/env sh - -# -#SL_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# +# shellcheck disable=SC2034 +dns_selectel_info='Selectel.com +Domains: Selectel.ru +Site: Selectel.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_selectel +Options: + SL_Key API Key +' SL_Api="https://api.selectel.ru/domains/v1" @@ -113,7 +117,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -121,7 +125,7 @@ _get_root() { fi if _contains "$response" "\"name\" *: *\"$h\","; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h _debug "Getting domain id for $h" if ! _sl_rest GET "/$h"; then diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index a6ef1f94..4912dfdf 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -1,8 +1,15 @@ #!/usr/bin/env sh -# -# Author: Marvin Edeler -# Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 -# Last Edit: 17.02.2022 +# shellcheck disable=SC2034 +dns_selfhost_info='SelfHost.de +Site: SelfHost.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_selfhost +Options: + SELFHOSTDNS_USERNAME Username + SELFHOSTDNS_PASSWORD Password + SELFHOSTDNS_MAP Subdomain name +Issues: github.com/acmesh-official/acme.sh/issues/4291 +Author: Marvin Edeler +' dns_selfhost_add() { fulldomain=$1 diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index 52137905..d6994681 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -1,19 +1,14 @@ #!/usr/bin/env sh - -########## -# Custom servercow.de DNS API v1 for use with [acme.sh](https://github.com/acmesh-official/acme.sh) -# -# Usage: -# export SERVERCOW_API_Username=username -# export SERVERCOW_API_Password=password -# acme.sh --issue -d example.com --dns dns_servercow -# -# Issues: -# Any issues / questions / suggestions can be posted here: -# https://github.com/jhartlep/servercow-dns-api/issues -# -# Author: Jens Hartlep -########## +# shellcheck disable=SC2034 +dns_servercow_info='ServerCow.de +Site: ServerCow.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_servercow +Options: + SERVERCOW_API_Username Username + SERVERCOW_API_Password Password +Issues: github.com/jhartlep/servercow-dns-api/issues +Author: Jens Hartlep +' SERVERCOW_API="https://api.servercow.de/dns/v1/domains" @@ -86,7 +81,6 @@ dns_servercow_add() { return 1 fi - return 1 } # Usage fulldomain txtvalue @@ -142,7 +136,7 @@ _get_root() { p=1 while true; do - _domain=$(printf "%s" "$fulldomain" | cut -d . -f $i-100) + _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-100) _debug _domain "$_domain" if [ -z "$_domain" ]; then @@ -155,7 +149,7 @@ _get_root() { fi if ! _contains "$response" '"error":"no such domain in user context"' >/dev/null; then - _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$p") if [ -z "$_sub_domain" ]; then # not valid return 1 diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 6a8d0e18..e0ad16e2 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_simply_info='Simply.com +Site: Simply.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_simply +Options: + SIMPLY_AccountName Account name + SIMPLY_ApiKey API Key +' -# API-integration for Simply.com (https://www.simply.com) - -#SIMPLY_AccountName="accountname" -#SIMPLY_ApiKey="apikey" -# #SIMPLY_Api="https://api.simply.com/2/" SIMPLY_Api_Default="https://api.simply.com/2" @@ -163,7 +166,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -176,7 +179,7 @@ _get_root() { if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then _debug "$h not found" else - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_technitium.sh b/dnsapi/dns_technitium.sh new file mode 100755 index 00000000..a50db97c --- /dev/null +++ b/dnsapi/dns_technitium.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_Technitium_info='Technitium DNS Server + +Site: https://technitium.com/dns/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_technitium +Options: + Technitium_Server Server Address + Technitium_Token API Token +Issues:https://github.com/acmesh-official/acme.sh/issues/6116 +Author: Henning Reich +' + +dns_technitium_add() { + _info "add txt Record using Technitium" + _Technitium_account + fulldomain=$1 + txtvalue=$2 + response="$(_get "$Technitium_Server/api/zones/records/add?token=$Technitium_Token&domain=$fulldomain&type=TXT&text=${txtvalue}")" + if _contains "$response" '"status":"ok"'; then + return 0 + fi + _err "Could not add txt record." + return 1 +} + +dns_technitium_rm() { + _info "remove txt record using Technitium" + _Technitium_account + fulldomain=$1 + txtvalue=$2 + response="$(_get "$Technitium_Server/api/zones/records/delete?token=$Technitium_Token&domain=$fulldomain&type=TXT&text=${txtvalue}")" + if _contains "$response" '"status":"ok"'; then + return 0 + fi + _err "Could not remove txt record" + return 1 +} + +#################### Private functions below ################################## + +_Technitium_account() { + Technitium_Server="${Technitium_Server:-$(_readaccountconf_mutable Technitium_Server)}" + Technitium_Token="${Technitium_Token:-$(_readaccountconf_mutable Technitium_Token)}" + if [ -z "$Technitium_Server" ] || [ -z "$Technitium_Token" ]; then + Technitium_Server="" + Technitium_Token="" + _err "You don't specify Technitium Server and Token yet." + _err "Please create your Token and add server address and try again." + return 1 + fi + + #save the credentials to the account conf file. + _saveaccountconf_mutable Technitium_Server "$Technitium_Server" + _saveaccountconf_mutable Technitium_Token "$Technitium_Token" +} diff --git a/dnsapi/dns_tele3.sh b/dnsapi/dns_tele3.sh index 76c90913..e5974951 100644 --- a/dnsapi/dns_tele3.sh +++ b/dnsapi/dns_tele3.sh @@ -1,14 +1,13 @@ #!/usr/bin/env sh -# -# tele3.cz DNS API -# -# Author: Roman Blizik -# Report Bugs here: https://github.com/par-pa/acme.sh -# -# -- -# export TELE3_Key="MS2I4uPPaI..." -# export TELE3_Secret="kjhOIHGJKHg" -# -- +# shellcheck disable=SC2034 +dns_tele3_info='tele3.cz +Site: tele3.cz +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#tele3 +Options: + TELE3_Key API Key + TELE3_Secret API Secret +Author: Roman Blizik +' TELE3_API="https://www.tele3.cz/acme/" diff --git a/dnsapi/dns_tencent.sh b/dnsapi/dns_tencent.sh index 2f8d3b67..d82768b9 100644 --- a/dnsapi/dns_tencent.sh +++ b/dnsapi/dns_tencent.sh @@ -1,9 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_tencent_info='Tencent.com +Site: cloud.Tencent.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_tencent +Options: + Tencent_SecretId Secret ID + Tencent_SecretKey Secret Key +Issues: github.com/acmesh-official/acme.sh/issues/4781 +' Tencent_API="https://dnspod.tencentcloudapi.com" -#Tencent_SecretId="AKIDz81d2cd22cdcdc2dcd1cc1d1A" -#Tencent_SecretKey="Gu5t9abcabcaabcbabcbbbcbcbbccbbcb" - #Usage: dns_tencent_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_tencent_add() { fulldomain=$1 diff --git a/dnsapi/dns_timeweb.sh b/dnsapi/dns_timeweb.sh new file mode 100644 index 00000000..544564ea --- /dev/null +++ b/dnsapi/dns_timeweb.sh @@ -0,0 +1,403 @@ +#!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_timeweb_info='Timeweb.Cloud +Site: Timeweb.Cloud +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_timeweb +Options: + TW_Token API JWT token. Get it from the control panel at https://timeweb.cloud/my/api-keys +Issues: github.com/acmesh-official/acme.sh/issues/5140 +Author: Nikolay Pronchev +' + +TW_Api="https://api.timeweb.cloud/api/v1" + +################ Public functions ################ + +# Adds an ACME DNS-01 challenge DNS TXT record via the Timeweb Cloud API. +# +# Param1: The ACME DNS-01 challenge FQDN. +# Param2: The value of the ACME DNS-01 challenge TXT record. +# +# Example: dns_timeweb_add "_acme-challenge.sub.domain.com" "D-52Wm...4uYM" +dns_timeweb_add() { + _debug "$(__green "Timeweb DNS API"): \"dns_timeweb_add\" started." + + _timeweb_set_acme_fqdn "$1" || return 1 + _timeweb_set_acme_txt "$2" || return 1 + _timeweb_check_token || return 1 + _timeweb_split_acme_fqdn || return 1 + _timeweb_dns_txt_add || return 1 + + _debug "$(__green "Timeweb DNS API"): \"dns_timeweb_add\" finished." +} + +# Removes a DNS TXT record via the Timeweb Cloud API. +# +# Param1: The ACME DNS-01 challenge FQDN. +# Param2: The value of the ACME DNS-01 challenge TXT record. +# +# Example: dns_timeweb_rm "_acme-challenge.sub.domain.com" "D-52Wm...4uYM" +dns_timeweb_rm() { + _debug "$(__green "Timeweb DNS API"): \"dns_timeweb_rm\" started." + + _timeweb_set_acme_fqdn "$1" || return 1 + _timeweb_set_acme_txt "$2" || return 1 + _timeweb_check_token || return 1 + _timeweb_split_acme_fqdn || return 1 + _timeweb_get_dns_txt || return 1 + _timeweb_dns_txt_remove || return 1 + + _debug "$(__green "Timeweb DNS API"): \"dns_timeweb_rm\" finished." +} + +################ Private functions ################ + +# Checks and sets the ACME DNS-01 challenge FQDN. +# +# Param1: The ACME DNS-01 challenge FQDN. +# +# Example: _timeweb_set_acme_fqdn "_acme-challenge.sub.domain.com" +# +# Sets the "Acme_Fqdn" variable (_acme-challenge.sub.domain.com) +_timeweb_set_acme_fqdn() { + Acme_Fqdn=$1 + _debug "Setting ACME DNS-01 challenge FQDN \"$Acme_Fqdn\"." + [ -z "$Acme_Fqdn" ] && { + _err "ACME DNS-01 challenge FQDN is empty." + return 1 + } + return 0 +} + +# Checks and sets the value of the ACME DNS-01 challenge TXT record. +# +# Param1: Value of the ACME DNS-01 challenge TXT record. +# +# Example: _timeweb_set_acme_txt "D-52Wm...4uYM" +# +# Sets the "Acme_Txt" variable to the provided value (D-52Wm...4uYM) +_timeweb_set_acme_txt() { + Acme_Txt=$1 + _debug "Setting the value of the ACME DNS-01 challenge TXT record to \"$Acme_Txt\"." + [ -z "$Acme_Txt" ] && { + _err "ACME DNS-01 challenge TXT record value is empty." + return 1 + } + return 0 +} + +# Checks if the Timeweb Cloud API JWT token is present (refer to the script description). +# Adds or updates the token in the acme.sh account configuration. +_timeweb_check_token() { + _debug "Checking for the presence of the Timeweb Cloud API JWT token." + + TW_Token="${TW_Token:-$(_readaccountconf_mutable TW_Token)}" + + [ -z "$TW_Token" ] && { + _err "Timeweb Cloud API JWT token was not found." + return 1 + } + + _saveaccountconf_mutable TW_Token "$TW_Token" +} + +# Divides the ACME DNS-01 challenge FQDN into its main domain and subdomain components. +_timeweb_split_acme_fqdn() { + _debug "Trying to divide \"$Acme_Fqdn\" into its main domain and subdomain components." + + TW_Page_Limit=100 + TW_Page_Offset=0 + TW_Domains_Returned="" + + while [ -z "$TW_Domains_Returned" ] || [ "$TW_Domains_Returned" -ge "$TW_Page_Limit" ]; do + + _timeweb_list_domains "$TW_Page_Limit" "$TW_Page_Offset" || return 1 + + # Remove the 'subdomains' subarray to prevent confusion with FQDNs. + + TW_Domains=$( + echo "$TW_Domains" | + sed 's/"subdomains":\[[^]]*]//g' + ) + + [ -z "$TW_Domains" ] && { + _err "Failed to parse the list of domains." + return 1 + } + + while + TW_Domain=$( + echo "$TW_Domains" | + sed -n 's/.*{[^{]*"fqdn":"\([^"]*\)"[^}]*}.*/\1/p' + ) + + [ -n "$TW_Domain" ] && { + _timeweb_is_main_domain "$TW_Domain" && return 0 + + TW_Domains=$( + echo "$TW_Domains" | + sed 's/{\([^{]*"fqdn":"'"$TW_Domain"'"[^}]*\)}//' + ) + continue + } + do :; done + + TW_Page_Offset=$(_math "$TW_Page_Offset" + "$TW_Page_Limit") + done + + _err "Failed to divide \"$Acme_Fqdn\" into its main domain and subdomain components." + return 1 +} + +# Searches for a previously added DNS TXT record. +# +# Sets the "TW_Dns_Txt_Id" variable. +_timeweb_get_dns_txt() { + _debug "Trying to locate a DNS TXT record with the value \"$Acme_Txt\"." + + TW_Page_Limit=100 + TW_Page_Offset=0 + TW_Dns_Records_Returned="" + + while [ -z "$TW_Dns_Records_Returned" ] || [ "$TW_Dns_Records_Returned" -ge "$TW_Page_Limit" ]; do + + _timeweb_list_dns_records "$TW_Page_Limit" "$TW_Page_Offset" || return 1 + + while + Dns_Record=$( + echo "$TW_Dns_Records" | + sed -n 's/.*{\([^{]*{[^{]*'"$Acme_Txt"'[^}]*}[^}]*\)}.*/\1/p' + ) + + [ -n "$Dns_Record" ] && { + _timeweb_is_added_txt "$Dns_Record" && return 0 + + TW_Dns_Records=$( + echo "$TW_Dns_Records" | + sed 's/{\([^{]*{[^{]*'"$Acme_Txt"'[^}]*}[^}]*\)}//' + ) + continue + } + do :; done + + TW_Page_Offset=$(_math "$TW_Page_Offset" + "$TW_Page_Limit") + done + + _err "DNS TXT record was not found." + return 1 +} + +# Lists domains via the Timeweb Cloud API. +# +# Param 1: Limit for listed domains. +# Param 2: Offset for domains list. +# +# Sets the "TW_Domains" variable. +# Sets the "TW_Domains_Returned" variable. +_timeweb_list_domains() { + _debug "Listing domains via Timeweb Cloud API. Limit: $1, offset: $2." + + export _H1="Authorization: Bearer $TW_Token" + + if ! TW_Domains=$(_get "$TW_Api/domains?limit=$1&offset=$2"); then + _err "The request to the Timeweb Cloud API failed." + return 1 + fi + + [ -z "$TW_Domains" ] && { + _err "Empty response from the Timeweb Cloud API." + return 1 + } + + TW_Domains_Returned=$( + echo "$TW_Domains" | + sed 's/.*"meta":{"total":\([0-9]*\)[^0-9].*/\1/' + ) + + [ -z "$TW_Domains_Returned" ] && { + _err "Failed to extract the total count of domains." + return 1 + } + + [ "$TW_Domains_Returned" -eq "0" ] && { + _err "Domains are missing." + return 1 + } + + _debug "Domains returned by Timeweb Cloud API: $TW_Domains_Returned." +} + +# Lists domain DNS records via the Timeweb Cloud API. +# +# Param 1: Limit for listed DNS records. +# Param 2: Offset for DNS records list. +# +# Sets the "TW_Dns_Records" variable. +# Sets the "TW_Dns_Records_Returned" variable. +_timeweb_list_dns_records() { + _debug "Listing domain DNS records via the Timeweb Cloud API. Limit: $1, offset: $2." + + export _H1="Authorization: Bearer $TW_Token" + + if ! TW_Dns_Records=$(_get "$TW_Api/domains/$TW_Main_Domain/dns-records?limit=$1&offset=$2"); then + _err "The request to the Timeweb Cloud API failed." + return 1 + fi + + [ -z "$TW_Dns_Records" ] && { + _err "Empty response from the Timeweb Cloud API." + return 1 + } + + TW_Dns_Records_Returned=$( + echo "$TW_Dns_Records" | + sed 's/.*"meta":{"total":\([0-9]*\)[^0-9].*/\1/' + ) + + [ -z "$TW_Dns_Records_Returned" ] && { + _err "Failed to extract the total count of DNS records." + return 1 + } + + [ "$TW_Dns_Records_Returned" -eq "0" ] && { + _err "DNS records are missing." + return 1 + } + + _debug "DNS records returned by Timeweb Cloud API: $TW_Dns_Records_Returned." +} + +# Verifies whether the domain is the primary domain for the ACME DNS-01 challenge FQDN. +# The requirement is that the provided domain is the top-level domain +# for the ACME DNS-01 challenge FQDN. +# +# Param 1: Domain object returned by Timeweb Cloud API. +# +# Sets the "TW_Main_Domain" variable (e.g. "_acme-challenge.s1.domain.co.uk" → "domain.co.uk"). +# Sets the "TW_Subdomains" variable (e.g. "_acme-challenge.s1.domain.co.uk" → "_acme-challenge.s1"). +_timeweb_is_main_domain() { + _debug "Checking if \"$1\" is the main domain of the ACME DNS-01 challenge FQDN." + + [ -z "$1" ] && { + _debug "Failed to extract FQDN. Skipping domain." + return 1 + } + + ! echo ".$Acme_Fqdn" | grep -qi "\.$1$" && { + _debug "Domain does not match the ACME DNS-01 challenge FQDN. Skipping domain." + return 1 + } + + TW_Main_Domain=$1 + TW_Subdomains=$( + echo "$Acme_Fqdn" | + sed "s/\.*.\{${#1}\}$//" + ) + + _debug "Matched domain. ACME DNS-01 challenge FQDN split as [$TW_Subdomains].[$TW_Main_Domain]." + return 0 +} + +# Verifies whether a DNS record was previously added based on the following criteria: +# - The value matches the ACME DNS-01 challenge TXT record value; +# - The record type is TXT; +# - The subdomain matches the ACME DNS-01 challenge FQDN. +# +# Param 1: DNS record object returned by Timeweb Cloud API. +# +# Sets the "TW_Dns_Txt_Id" variable. +_timeweb_is_added_txt() { + _debug "Checking if \"$1\" is a previously added DNS TXT record." + + echo "$1" | grep -qv '"type":"TXT"' && { + _debug "Not a TXT record. Skipping the record." + return 1 + } + + if [ -n "$TW_Subdomains" ]; then + echo "$1" | grep -qvi "\"subdomain\":\"$TW_Subdomains\"" && { + _debug "Subdomains do not match. Skipping the record." + return 1 + } + else + echo "$1" | grep -q '"subdomain\":"..*"' && { + _debug "Subdomains do not match. Skipping the record." + return 1 + } + fi + + TW_Dns_Txt_Id=$( + echo "$1" | + sed 's/.*"id":\([0-9]*\)[^0-9].*/\1/' + ) + + [ -z "$TW_Dns_Txt_Id" ] && { + _debug "Failed to extract the DNS record ID. Skipping the record." + return 1 + } + + _debug "Matching DNS TXT record ID is \"$TW_Dns_Txt_Id\"." + return 0 +} + +# Adds a DNS TXT record via the Timeweb Cloud API. +_timeweb_dns_txt_add() { + _debug "Adding a new DNS TXT record via the Timeweb Cloud API." + + export _H1="Authorization: Bearer $TW_Token" + export _H2="Content-Type: application/json" + + if ! TW_Response=$( + _post "{ + \"subdomain\":\"$TW_Subdomains\", + \"type\":\"TXT\", + \"value\":\"$Acme_Txt\" + }" \ + "$TW_Api/domains/$TW_Main_Domain/dns-records" + ); then + _err "The request to the Timeweb Cloud API failed." + return 1 + fi + + [ -z "$TW_Response" ] && { + _err "An unexpected empty response was received from the Timeweb Cloud API." + return 1 + } + + TW_Dns_Txt_Id=$( + echo "$TW_Response" | + sed 's/.*"id":\([0-9]*\)[^0-9].*/\1/' + ) + + [ -z "$TW_Dns_Txt_Id" ] && { + _err "Failed to extract the DNS TXT Record ID." + return 1 + } + + _debug "DNS TXT record has been added. ID: \"$TW_Dns_Txt_Id\"." +} + +# Removes a DNS record via the Timeweb Cloud API. +_timeweb_dns_txt_remove() { + _debug "Removing DNS record via the Timeweb Cloud API." + + export _H1="Authorization: Bearer $TW_Token" + + if ! TW_Response=$( + _post \ + "" \ + "$TW_Api/domains/$TW_Main_Domain/dns-records/$TW_Dns_Txt_Id" \ + "" \ + "DELETE" + ); then + _err "The request to the Timeweb Cloud API failed." + return 1 + fi + + [ -n "$TW_Response" ] && { + _err "Received an unexpected response body from the Timeweb Cloud API." + return 1 + } + + _debug "DNS TXT record with ID \"$TW_Dns_Txt_Id\" has been removed." +} diff --git a/dnsapi/dns_transip.sh b/dnsapi/dns_transip.sh index 64a256ec..2abbe34d 100644 --- a/dnsapi/dns_transip.sh +++ b/dnsapi/dns_transip.sh @@ -1,4 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_transip_info='TransIP.nl +Site: TransIP.nl +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_transip +Options: + TRANSIP_Username Username + TRANSIP_Key_File Private key file path +Issues: github.com/acmesh-official/acme.sh/issues/2949 +' + TRANSIP_Api_Url="https://api.transip.nl/v6" TRANSIP_Token_Read_Only="false" TRANSIP_Token_Expiration="30 minutes" @@ -45,14 +55,14 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 fi - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" if _transip_rest GET "domains/$h/dns" && _contains "$response" "dnsEntries"; then diff --git a/dnsapi/dns_udr.sh b/dnsapi/dns_udr.sh index caada826..f9772e10 100644 --- a/dnsapi/dns_udr.sh +++ b/dnsapi/dns_udr.sh @@ -1,14 +1,14 @@ #!/usr/bin/env sh - -# united-domains Reselling (https://www.ud-reselling.com/) DNS API -# Author: Andreas Scherer (https://github.com/andischerer) -# Created: 2021-02-01 -# -# Set the environment variables as below: -# -# export UDR_USER="your_username_goes_here" -# export UDR_PASS="some_password_goes_here" -# +# shellcheck disable=SC2034 +dns_udr_info='united-domains Reselling +Site: ud-reselling.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_udr +Options: + UDR_USER Username + UDR_PASS Password +Issues: github.com/acmesh-official/acme.sh/issues/3923 +Author: Andreas Scherer +' UDR_API="https://api.domainreselling.de/api/call.cgi" UDR_TTL="30" @@ -115,7 +115,7 @@ _get_root() { fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then diff --git a/dnsapi/dns_ultra.sh b/dnsapi/dns_ultra.sh index 0f26bd97..e8da431c 100644 --- a/dnsapi/dns_ultra.sh +++ b/dnsapi/dns_ultra.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -# ULTRA_USR="your_user_goes_here" -# -# ULTRA_PWD="some_password_goes_here" +# shellcheck disable=SC2034 +dns_ultra_info='UltraDNS.com +Site: UltraDNS.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ultra +Options: + ULTRA_USR Username + ULTRA_PWD Password +Issues: github.com/acmesh-official/acme.sh/issues/2118 +' ULTRA_API="https://api.ultradns.com/v3/" ULTRA_AUTH_API="https://api.ultradns.com/v2/" @@ -111,7 +115,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" _debug response "$response" if [ -z "$h" ]; then @@ -124,7 +128,7 @@ _get_root() { if _contains "${response}" "${h}." >/dev/null; then _domain_id=$(echo "$response" | _egrep_o "${h}" | head -1) if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="${h}" _debug sub_domain "${_sub_domain}" _debug domain "${_domain}" diff --git a/dnsapi/dns_unoeuro.sh b/dnsapi/dns_unoeuro.sh index 13ba8a00..ff70c8b6 100644 --- a/dnsapi/dns_unoeuro.sh +++ b/dnsapi/dns_unoeuro.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -#UNO_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#UNO_User="UExxxxxx" +# shellcheck disable=SC2034 +dns_unoeuro_info='unoeuro.com + Deprecated. The unoeuro.com is now simply.com +Site: unoeuro.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_unoeuro +Options: + UNO_Key API Key + UNO_User Username +' Uno_Api="https://api.simply.com/1" @@ -129,7 +133,7 @@ _get_root() { i=2 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -143,7 +147,7 @@ _get_root() { if _contains "$response" "\"status\": 200"; then _domain_id=$h if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_variomedia.sh b/dnsapi/dns_variomedia.sh index aa743807..fa38bbb6 100644 --- a/dnsapi/dns_variomedia.sh +++ b/dnsapi/dns_variomedia.sh @@ -1,7 +1,12 @@ #!/usr/bin/env sh - -# -#VARIOMEDIA_API_TOKEN=000011112222333344445555666677778888 +# shellcheck disable=SC2034 +dns_variomedia_info='variomedia.de +Site: variomedia.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_variomedia +Options: + VARIOMEDIA_API_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/2564 +' VARIOMEDIA_API="https://api.variomedia.de" @@ -97,7 +102,7 @@ _get_root() { i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then return 1 fi @@ -107,7 +112,7 @@ _get_root() { fi if _contains "$response" "\"id\":\"$h\""; then - _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_veesp.sh b/dnsapi/dns_veesp.sh index b8a41d00..1afeeb30 100644 --- a/dnsapi/dns_veesp.sh +++ b/dnsapi/dns_veesp.sh @@ -1,10 +1,14 @@ #!/usr/bin/env sh - -# bug reports to stepan@plyask.in - -# -# export VEESP_User="username" -# export VEESP_Password="password" +# shellcheck disable=SC2034 +dns_veesp_info='veesp.com +Site: veesp.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_veesp +Options: + VEESP_User Username + VEESP_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/3712 +Author: +' VEESP_Api="https://secure.veesp.com/api" @@ -108,7 +112,7 @@ _get_root() { return 1 fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -121,7 +125,7 @@ _get_root() { _service_id=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$h\",\"service_id\":[^}]*" | cut -d : -f 3 | cut -d '"' -f 2) _debug _service_id "$_service_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 fi diff --git a/dnsapi/dns_vercel.sh b/dnsapi/dns_vercel.sh index 7bf6b0e5..469f7670 100644 --- a/dnsapi/dns_vercel.sh +++ b/dnsapi/dns_vercel.sh @@ -1,11 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_vercel_info='Vercel.com +Site: Vercel.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_vercel +Options: + VERCEL_TOKEN API Token +' -# Vercel DNS API -# # This is your API token which can be acquired on the account page. # https://vercel.com/account/tokens -# -# VERCEL_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" VERCEL_API="https://api.vercel.com" @@ -91,7 +94,7 @@ _get_root() { i=1 p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then #not valid return 1 @@ -102,7 +105,7 @@ _get_root() { fi if _contains "$response" "\"name\":\"$h\"" >/dev/null; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_vscale.sh b/dnsapi/dns_vscale.sh index d717d6e2..c3915c69 100755 --- a/dnsapi/dns_vscale.sh +++ b/dnsapi/dns_vscale.sh @@ -1,11 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_vscale_info='vscale.io +Site: vscale.io +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_vscale +Options: + VSCALE_API_KEY API Key +Author: Alex Loban +' -#This is the vscale.io api wrapper for acme.sh -# -#Author: Alex Loban -#Report Bugs here: https://github.com/LAV45/acme.sh - -#VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" VSCALE_API_URL="https://api.vscale.io/v1" ######## Public functions ##################### @@ -95,7 +97,7 @@ _get_root() { if _vscale_rest GET "domains/"; then response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -106,7 +108,7 @@ _get_root() { if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_vultr.sh b/dnsapi/dns_vultr.sh index 54e5b6ce..61ec3f60 100644 --- a/dnsapi/dns_vultr.sh +++ b/dnsapi/dns_vultr.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh - -# -#VULTR_API_KEY=000011112222333344445555666677778888 +# shellcheck disable=SC2034 +dns_vultr_info='vultr.com +Site: vultr.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_vultr +Options: + VULTR_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/2374 +Author: +' VULTR_Api="https://api.vultr.com/v2" @@ -106,7 +112,7 @@ _get_root() { domain=$1 i=1 while true; do - _domain=$(printf "%s" "$domain" | cut -d . -f $i-100) + _domain=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$_domain" if [ -z "$_domain" ]; then return 1 diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index e824c9c0..bfc4b23a 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -1,18 +1,16 @@ #!/usr/bin/env sh - -# Acme.sh DNS API wrapper for websupport.sk -# -# Original author: trgo.sk (https://github.com/trgosk) -# Tweaks by: akulumbeg (https://github.com/akulumbeg) -# Report Bugs here: https://github.com/akulumbeg/acme.sh +# shellcheck disable=SC2034 +dns_websupport_info='Websupport.sk +Site: Websupport.sk +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_websupport +Options: + WS_ApiKey API Key. Called "Identifier" in the WS Admin + WS_ApiSecret API Secret. Called "Secret key" in the WS Admin +Issues: github.com/acmesh-official/acme.sh/issues/3486 +Author: trgo.sk , akulumbeg +' # Requirements: API Key and Secret from https://admin.websupport.sk/en/auth/apiKey -# -# WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -# (called "Identifier" in the WS Admin) -# -# WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -# (called "Secret key" in the WS Admin) WS_Api="https://rest.websupport.sk" @@ -123,7 +121,7 @@ _get_root() { p=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -137,7 +135,7 @@ _get_root() { if _contains "$response" "\"name\":\"$h\""; then _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_west_cn.sh b/dnsapi/dns_west_cn.sh new file mode 100644 index 00000000..d0bb7d49 --- /dev/null +++ b/dnsapi/dns_west_cn.sh @@ -0,0 +1,105 @@ +#!/usr/bin/env sh + +# West.cn Domain api +#WEST_Username="username" +#WEST_Key="sADDsdasdgdsf" +#Set key at https://www.west.cn/manager/API/APIconfig.asp + +REST_API="https://api.west.cn/API/v2" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_west_cn_add() { + fulldomain=$1 + txtvalue=$2 + + WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}" + WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}" + if [ -z "$WEST_Username" ] || [ -z "$WEST_Key" ]; then + WEST_Username="" + WEST_Key="" + _err "You don't specify west api key and username yet." + _err "Please set you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf_mutable WEST_Username "$WEST_Username" + _saveaccountconf_mutable WEST_Key "$WEST_Key" + + add_record "$fulldomain" "$txtvalue" +} + +#Usage: rm _acme-challenge.www.domain.com +dns_west_cn_rm() { + fulldomain=$1 + txtvalue=$2 + + WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}" + WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}" + + if ! _rest POST "domain/dns/" "act=dnsrec.list&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT"; then + _err "dnsrec.list error." + return 1 + fi + + if _contains "$response" 'no records'; then + _info "Don't need to remove." + return 0 + fi + + record_id=$(echo "$response" | tr "{" "\n" | grep -- "$txtvalue" | grep '^"record_id"' | cut -d : -f 2 | cut -d ',' -f 1) + _debug record_id "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id." + return 1 + fi + + if ! _rest POST "domain/dns/" "act=dnsrec.remove&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_id=$record_id"; then + _err "dnsrec.remove error." + return 1 + fi + + _contains "$response" "success" +} + +#add the txt record. +#usage: add fulldomain txtvalue +add_record() { + fulldomain=$1 + txtvalue=$2 + + _info "Adding record" + + if ! _rest POST "domain/dns/" "act=dnsrec.add&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT&record_value=$txtvalue"; then + return 1 + fi + + _contains "$response" "success" +} + +#Usage: method URI data +_rest() { + m="$1" + ep="$2" + data="$3" + _debug "$ep" + url="$REST_API/$ep" + + _debug url "$url" + + if [ "$m" = "GET" ]; then + response="$(_get "$url" | tr -d '\r')" + else + _debug2 data "$data" + response="$(_post "$data" "$url" | tr -d '\r')" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index dfda4efd..0febbad9 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -1,7 +1,14 @@ #!/usr/bin/env sh - -# World4You - www.world4you.com -# Lorenz Stechauner, 2020 - https://www.github.com/NerLOR +# shellcheck disable=SC2034 +dns_world4you_info='World4You.com +Site: World4You.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_world4you +Options: + WORLD4YOU_USERNAME Username + WORLD4YOU_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/3269 +Author: Lorenz Stechauner +' WORLD4YOU_API="https://my.world4you.com/en" PAKETNR='' @@ -108,7 +115,7 @@ dns_world4you_rm() { _resethttp export ACME_HTTP_NO_REDIRECTS=1 - body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[_token]=$form_token" + body="DeleteDnsRecordForm[id]=$recordid&DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[_token]=$form_token" _info "Removing record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns/record/delete" '' POST 'application/x-www-form-urlencoded') _resethttp @@ -196,6 +203,7 @@ _get_paketnr() { form="$2" domains=$(echo "$form" | grep '
    ' | sed 's/
  • ]*>/ /g' | sed 's/^.*>\([^>]*\)$/\1/') + _debug domains "$domains" domain='' for domain in $domains; do if _contains "$fqdn" "$domain\$"; then @@ -210,7 +218,7 @@ _get_paketnr() { TLD="$domain" _debug domain "$domain" RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") - PAKETNR=$(echo "$domains" | grep "$domain" | sed 's/^[^,]*, *\([0-9]*\).*$/\1/') + PAKETNR=$(echo "$domains" | grep -o " $domain.*" | sed 's/^[^,]*, *\([0-9]*\).*$/\1/') return 0 } diff --git a/dnsapi/dns_yandex.sh b/dnsapi/dns_yandex.sh deleted file mode 100755 index 0a2c3330..00000000 --- a/dnsapi/dns_yandex.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/usr/bin/env sh -# Author: non7top@gmail.com -# 07 Jul 2017 -# report bugs at https://github.com/non7top/acme.sh - -# Values to export: -# export PDD_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - -# Sometimes cloudflare / google doesn't pick new dns records fast enough. -# You can add --dnssleep XX to params as workaround. - -######## Public functions ##################### - -#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_yandex_add() { - fulldomain="${1}" - txtvalue="${2}" - _debug "Calling: dns_yandex_add() '${fulldomain}' '${txtvalue}'" - - _PDD_credentials || return 1 - - _PDD_get_domain || return 1 - _debug "Found suitable domain: $domain" - - _PDD_get_record_ids || return 1 - _debug "Record_ids: $record_ids" - - if [ -n "$record_ids" ]; then - _info "All existing $subdomain records from $domain will be removed at the very end." - fi - - data="domain=${domain}&type=TXT&subdomain=${subdomain}&ttl=300&content=${txtvalue}" - uri="https://pddimp.yandex.ru/api2/admin/dns/add" - result="$(_post "${data}" "${uri}" | _normalizeJson)" - _debug "Result: $result" - - if ! _contains "$result" '"success":"ok"'; then - if _contains "$result" '"success":"error"' && _contains "$result" '"error":"record_exists"'; then - _info "Record already exists." - else - _err "Can't add $subdomain to $domain." - return 1 - fi - fi -} - -#Usage: dns_myapi_rm _acme-challenge.www.domain.com -dns_yandex_rm() { - fulldomain="${1}" - _debug "Calling: dns_yandex_rm() '${fulldomain}'" - - _PDD_credentials || return 1 - - _PDD_get_domain "$fulldomain" || return 1 - _debug "Found suitable domain: $domain" - - _PDD_get_record_ids "${domain}" "${subdomain}" || return 1 - _debug "Record_ids: $record_ids" - - for record_id in $record_ids; do - data="domain=${domain}&record_id=${record_id}" - uri="https://pddimp.yandex.ru/api2/admin/dns/del" - result="$(_post "${data}" "${uri}" | _normalizeJson)" - _debug "Result: $result" - - if ! _contains "$result" '"success":"ok"'; then - _info "Can't remove $subdomain from $domain." - fi - done -} - -#################### Private functions below ################################## - -_PDD_get_domain() { - subdomain_start=1 - while true; do - domain_start=$(_math $subdomain_start + 1) - domain=$(echo "$fulldomain" | cut -d . -f "$domain_start"-) - subdomain=$(echo "$fulldomain" | cut -d . -f -"$subdomain_start") - - _debug "Checking domain $domain" - if [ -z "$domain" ]; then - return 1 - fi - - uri="https://pddimp.yandex.ru/api2/admin/dns/list?domain=$domain" - result="$(_get "${uri}" | _normalizeJson)" - _debug "Result: $result" - - if _contains "$result" '"success":"ok"'; then - return 0 - fi - subdomain_start=$(_math $subdomain_start + 1) - done -} - -_PDD_credentials() { - if [ -z "${PDD_Token}" ]; then - PDD_Token="" - _err "You need to export PDD_Token=xxxxxxxxxxxxxxxxx." - _err "You can get it at https://pddimp.yandex.ru/api2/admin/get_token." - return 1 - else - _saveaccountconf PDD_Token "${PDD_Token}" - fi - export _H1="PddToken: $PDD_Token" -} - -_PDD_get_record_ids() { - _debug "Check existing records for $subdomain" - - uri="https://pddimp.yandex.ru/api2/admin/dns/list?domain=${domain}" - result="$(_get "${uri}" | _normalizeJson)" - _debug "Result: $result" - - if ! _contains "$result" '"success":"ok"'; then - return 1 - fi - - record_ids=$(echo "$result" | _egrep_o "{[^{]*\"subdomain\":\"${subdomain}\"[^}]*}" | sed -n -e 's#.*"record_id": \([0-9]*\).*#\1#p') -} diff --git a/dnsapi/dns_yandex360.sh b/dnsapi/dns_yandex360.sh new file mode 100644 index 00000000..c6b6053d --- /dev/null +++ b/dnsapi/dns_yandex360.sh @@ -0,0 +1,352 @@ +#!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_yandex360_info='Yandex 360 for Business DNS API. +Yandex 360 for Business is a digital environment for effective collaboration. +Site: https://360.yandex.com/ +Docs: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yandex360 +Options: + YANDEX360_CLIENT_ID OAuth 2.0 ClientID + YANDEX360_CLIENT_SECRET OAuth 2.0 Client secret +OptionsAlt: + YANDEX360_ORG_ID Organization ID. Optional. + YANDEX360_ACCESS_TOKEN OAuth 2.0 Access token. Optional. +Issues: https://github.com/acmesh-official/acme.sh/issues/5213 +Author: +' + +YANDEX360_API_BASE='https://api360.yandex.net/directory/v1' +YANDEX360_OAUTH_BASE='https://oauth.yandex.ru' + +######## Public functions ##################### + +dns_yandex360_add() { + fulldomain="$(_idn "$1")" + txtvalue=$2 + _info 'Using Yandex 360 DNS API' + + if ! _check_variables; then + return 1 + fi + + if ! _get_root "$fulldomain"; then + return 1 + fi + + sub_domain=$(echo "$fulldomain" | sed "s/\.$root_domain$//") + + _debug 'Adding Yandex 360 DNS record for subdomain' "$sub_domain" + dns_api_url="${YANDEX360_API_BASE}/org/${YANDEX360_ORG_ID}/domains/${root_domain}/dns" + data='{"name":"'"$sub_domain"'","type":"TXT","ttl":60,"text":"'"$txtvalue"'"}' + + response="$(_post "$data" "$dns_api_url" '' 'POST' 'application/json')" + + if _contains "$response" 'recordId'; then + return 0 + else + _debug 'Response' "$response" + return 1 + fi +} + +dns_yandex360_rm() { + fulldomain="$(_idn "$1")" + txtvalue=$2 + _info 'Using Yandex 360 DNS API' + + if ! _check_variables; then + return 1 + fi + + if ! _get_root "$fulldomain"; then + return 1 + fi + + _debug 'Retrieving 100 records from Yandex 360 DNS' + dns_api_url="${YANDEX360_API_BASE}/org/${YANDEX360_ORG_ID}/domains/${root_domain}/dns?perPage=100" + response="$(_get "$dns_api_url" '' '')" + + if ! _contains "$response" "$txtvalue"; then + _info 'DNS record not found. Nothing to remove.' + _debug 'Response' "$response" + return 1 + fi + + response="$(echo "$response" | _normalizeJson)" + + record_id=$( + echo "$response" | + _egrep_o '\{[^}]*'"${txtvalue}"'[^}]*\}' | + _egrep_o '"recordId":[0-9]*' | + cut -d':' -f2 + ) + + if [ -z "$record_id" ]; then + _err 'Unable to get record ID to remove' + return 1 + fi + + _debug 'Removing DNS record' "$record_id" + delete_url="${YANDEX360_API_BASE}/org/${YANDEX360_ORG_ID}/domains/${root_domain}/dns/${record_id}" + + response="$(_post '' "$delete_url" '' 'DELETE')" + + if _contains "$response" '{}'; then + return 0 + else + _debug 'Response' "$response" + return 1 + fi +} + +#################### Private functions below ################################## + +_check_variables() { + YANDEX360_CLIENT_ID="${YANDEX360_CLIENT_ID:-$(_readaccountconf_mutable YANDEX360_CLIENT_ID)}" + YANDEX360_CLIENT_SECRET="${YANDEX360_CLIENT_SECRET:-$(_readaccountconf_mutable YANDEX360_CLIENT_SECRET)}" + YANDEX360_ORG_ID="${YANDEX360_ORG_ID:-$(_readaccountconf_mutable YANDEX360_ORG_ID)}" + YANDEX360_ACCESS_TOKEN="${YANDEX360_ACCESS_TOKEN:-$(_readaccountconf_mutable YANDEX360_ACCESS_TOKEN)}" + YANDEX360_REFRESH_TOKEN="${YANDEX360_REFRESH_TOKEN:-$(_readaccountconf_mutable YANDEX360_REFRESH_TOKEN)}" + + if [ -n "$YANDEX360_ACCESS_TOKEN" ]; then + _info '=========================================' + _info ' ATTENTION' + _info '=========================================' + _info 'A manually provided Yandex 360 access token has been detected, which is not recommended.' + _info 'Please note that this token is valid for a limited time after issuance.' + _info 'It is recommended to obtain the token interactively using acme.sh for one-time setup.' + _info 'Subsequent token renewals will be handled automatically.' + _info 'For more details, please visit: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yandex360' + _info '=========================================' + + _saveaccountconf_mutable YANDEX360_ACCESS_TOKEN "$YANDEX360_ACCESS_TOKEN" + export _H1="Authorization: OAuth $YANDEX360_ACCESS_TOKEN" + + elif [ -z "$YANDEX360_CLIENT_ID" ] || [ -z "$YANDEX360_CLIENT_SECRET" ]; then + _err '=========================================' + _err ' ERROR' + _err '=========================================' + _err 'The required environment variables YANDEX360_CLIENT_ID and YANDEX360_CLIENT_SECRET are not set.' + _err 'Alternatively, you can set YANDEX360_ACCESS_TOKEN environment variable.' + _err 'For more details, please visit: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yandex360' + _err '=========================================' + return 1 + + else + _saveaccountconf_mutable YANDEX360_CLIENT_ID "$YANDEX360_CLIENT_ID" + _saveaccountconf_mutable YANDEX360_CLIENT_SECRET "$YANDEX360_CLIENT_SECRET" + + if [ -n "$YANDEX360_REFRESH_TOKEN" ]; then + _debug 'Refresh token found. Attempting to refresh access token.' + fi + + _refresh_token || _get_token || return 1 + fi + + if [ -z "$YANDEX360_ORG_ID" ]; then + org_response="$(_get "${YANDEX360_API_BASE}/org" '' '')" + + if _contains "$org_response" '"organizations"'; then + org_response="$(echo "$org_response" | _normalizeJson)" + YANDEX360_ORG_ID=$( + echo "$org_response" | + _egrep_o '"id":[[:space:]]*[0-9]+' | + cut -d':' -f2 + ) + _debug 'Automatically retrieved YANDEX360_ORG_ID' "$YANDEX360_ORG_ID" + else + _err '=========================================' + _err ' ERROR' + _err '=========================================' + _err "Failed to retrieve YANDEX360_ORG_ID automatically." + _err 'For more details, please visit: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yandex360' + _err '=========================================' + _debug 'Response' "$org_response" + return 1 + fi + fi + + return 0 +} + +_get_token() { + _info "$(__red '=========================================')" + _info "$(__red ' NOTICE')" + _info "$(__red '=========================================')" + _info "$(__red 'Before using the Yandex 360 API, you need to complete an authorization procedure.')" + _info "$(__red 'The initial access token is obtained interactively and is a one-time operation.')" + _info "$(__red 'Subsequent API requests will be handled automatically.')" + _info "$(__red '=========================================')" + + _info 'Initiating device authorization flow' + device_code_url="${YANDEX360_OAUTH_BASE}/device/code" + + hostname=$(uname -n) + data="client_id=$YANDEX360_CLIENT_ID&device_id=acme.sh ${hostname}&device_name=acme.sh ${hostname}" + + response="$(_post "$data" "$device_code_url" '' 'POST')" + + if ! _contains "$response" 'device_code'; then + _err 'Failed to get device code' + _debug 'Response' "$response" + return 1 + fi + + response="$(echo "$response" | _normalizeJson)" + + device_code=$( + echo "$response" | + _egrep_o '"device_code":"[^"]*"' | + cut -d'"' -f4 + ) + _debug 'Device code' "$device_code" + + user_code=$( + echo "$response" | + _egrep_o '"user_code":"[^"]*"' | + cut -d'"' -f4 + ) + _debug 'User code' "$user_code" + + verification_url=$( + echo "$response" | + _egrep_o '"verification_url":"[^"]*"' | + cut -d'"' -f4 + ) + _debug 'Verification URL' "$verification_url" + + interval=$( + echo "$response" | + _egrep_o '"interval":[[:space:]]*[0-9]+' | + cut -d':' -f2 + ) + _debug 'Polling interval' "$interval" + + _info "$(__red 'Please visit '"$verification_url"' and log in as an organization administrator')" + _info "$(__red 'Once logged in, enter the code: '"$user_code"' on the page from the previous step')" + _info "$(__red 'Waiting for authorization...')" + + _debug 'Polling for token' + token_url="${YANDEX360_OAUTH_BASE}/token" + + while true; do + data="grant_type=device_code&code=$device_code&client_id=$YANDEX360_CLIENT_ID&client_secret=$YANDEX360_CLIENT_SECRET" + + response="$(_post "$data" "$token_url" '' 'POST')" + + if _contains "$response" 'access_token'; then + response="$(echo "$response" | _normalizeJson)" + YANDEX360_ACCESS_TOKEN=$( + echo "$response" | + _egrep_o '"access_token":"[^"]*"' | + cut -d'"' -f4 + ) + YANDEX360_REFRESH_TOKEN=$( + echo "$response" | + _egrep_o '"refresh_token":"[^"]*"' | + cut -d'"' -f4 + ) + + _secure_debug 'Obtained access token' "$YANDEX360_ACCESS_TOKEN" + _secure_debug 'Obtained refresh token' "$YANDEX360_REFRESH_TOKEN" + + _saveaccountconf_mutable YANDEX360_REFRESH_TOKEN "$YANDEX360_REFRESH_TOKEN" + + export _H1="Authorization: OAuth $YANDEX360_ACCESS_TOKEN" + + _info 'Access token obtained successfully' + return 0 + elif _contains "$response" 'authorization_pending'; then + _debug 'Response' "$response" + _debug "Authorization pending. Waiting $interval seconds before next attempt." + _sleep "$interval" + else + _debug 'Response' "$response" + _err 'Failed to get access token' + return 1 + fi + done +} + +_refresh_token() { + token_url="${YANDEX360_OAUTH_BASE}/token" + + data="grant_type=refresh_token&refresh_token=$YANDEX360_REFRESH_TOKEN&client_id=$YANDEX360_CLIENT_ID&client_secret=$YANDEX360_CLIENT_SECRET" + + response="$(_post "$data" "$token_url" '' 'POST')" + + if _contains "$response" 'access_token'; then + response="$(echo "$response" | _normalizeJson)" + YANDEX360_ACCESS_TOKEN=$( + echo "$response" | + _egrep_o '"access_token":"[^"]*"' | + cut -d'"' -f4 + ) + YANDEX360_REFRESH_TOKEN=$( + echo "$response" | + _egrep_o '"refresh_token":"[^"]*"' | + cut -d'"' -f4 + ) + + _secure_debug 'Received access token' "$YANDEX360_ACCESS_TOKEN" + _secure_debug 'Received refresh token' "$YANDEX360_REFRESH_TOKEN" + + _saveaccountconf_mutable YANDEX360_REFRESH_TOKEN "$YANDEX360_REFRESH_TOKEN" + + export _H1="Authorization: OAuth $YANDEX360_ACCESS_TOKEN" + + _info 'Access token refreshed successfully' + return 0 + else + _info 'Failed to refresh token. Will attempt to obtain a new one.' + _debug 'Response' "$response" + return 1 + fi +} + +_get_root() { + domain="$1" + + for org_id in $YANDEX360_ORG_ID; do + _debug 'Checking organization ID' "$org_id" + domains_api_url="${YANDEX360_API_BASE}/org/${org_id}/domains" + + domains_response="$(_get "$domains_api_url" '' '')" + + if ! _contains "$domains_response" '"domains"'; then + _debug 'No domains found for organization' "$org_id" + _debug 'Response' "$domains_response" + continue + fi + + domains_response="$(echo "$domains_response" | _normalizeJson)" + domain_names=$( + echo "$domains_response" | + _egrep_o '"name":"[^"]*"' | + cut -d'"' -f4 + ) + + for d in $domain_names; do + d="$(_idn "$d")" + _debug 'Checking domain' "$d" + + if _endswith "$domain" "$d"; then + root_domain="$d" + break + fi + done + + if [ -n "$root_domain" ]; then + _debug "Root domain found: $root_domain in organization $org_id" + + YANDEX360_ORG_ID="$org_id" + _saveaccountconf_mutable YANDEX360_ORG_ID "$YANDEX360_ORG_ID" + + return 0 + fi + done + + if [ -z "$root_domain" ]; then + _err "Could not find a matching root domain for $domain in any organization" + return 1 + fi +} diff --git a/dnsapi/dns_yc.sh b/dnsapi/dns_yc.sh index ec3bbc87..36c49ce4 100644 --- a/dnsapi/dns_yc.sh +++ b/dnsapi/dns_yc.sh @@ -1,11 +1,18 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_yc_info='Yandex Cloud DNS +Site: Cloud.Yandex.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yc +Options: + YC_Zone_ID DNS Zone ID + YC_Folder_ID YC Folder ID + YC_SA_ID Service Account ID + YC_SA_Key_ID Service Account IAM Key ID + YC_SA_Key_File_Path Private key file path. Optional. + YC_SA_Key_File_PEM_b64 Base64 content of private key file. Use instead of Path to private key file. Optional. +Issues: github.com/acmesh-official/acme.sh/issues/4210 +' -#YC_Zone_ID="" # DNS Zone ID -#YC_Folder_ID="" # YC Folder ID -#YC_SA_ID="" # Service Account ID -#YC_SA_Key_ID="" # Service Account IAM Key ID -#YC_SA_Key_File_Path="/path/to/private.key" # Path to private.key use instead of YC_SA_Key_File_PEM_b64 -#YC_SA_Key_File_PEM_b64="" # Base64 content of private.key use instead of YC_SA_Key_File_Path YC_Api="https://dns.api.cloud.yandex.net/dns/v1" ######## Public functions ##################### @@ -172,7 +179,7 @@ _get_root() { fi while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid @@ -190,7 +197,7 @@ _get_root() { _domain_id=$(echo "$response" | _normalizeJson | _egrep_o "[^{]*\"zone\":\"$h\"[^}]*" | _egrep_o "\"id\"[^,]*" | _egrep_o "[^:]*$" | tr -d '"') _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain=$h return 0 fi diff --git a/dnsapi/dns_zilore.sh b/dnsapi/dns_zilore.sh index 42111025..a4bacac5 100644 --- a/dnsapi/dns_zilore.sh +++ b/dnsapi/dns_zilore.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_zilore_info='Zilore.com +Site: Zilore.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_zilore +Options: + Zilore_Key API Key +' Zilore_API="https://api.zilore.com/dns/v1" -# Zilore_Key="YOUR-ZILORE-API-KEY" ######## Public functions ##################### @@ -92,9 +98,9 @@ dns_zilore_rm() { _get_root() { domain=$1 - i=2 + i=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then #not valid diff --git a/dnsapi/dns_zone.sh b/dnsapi/dns_zone.sh index 176fc494..cf82e5f4 100755 --- a/dnsapi/dns_zone.sh +++ b/dnsapi/dns_zone.sh @@ -1,8 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_zone_info='Zone.eu +Site: Zone.eu +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_zone +Options: + ZONE_Username Username + ZONE_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2146 +' # Zone.ee dns API # https://help.zone.eu/kb/zoneid-api-v2/ -# required ZONE_Username and ZONE_Key ZONE_Api="https://api.zone.eu/v2" ######## Public functions ##################### @@ -129,9 +137,9 @@ _zone_rest() { _get_root() { domain=$1 - i=2 + i=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) _debug h "$h" if [ -z "$h" ]; then return 1 diff --git a/dnsapi/dns_zoneedit.sh b/dnsapi/dns_zoneedit.sh new file mode 100644 index 00000000..df01d8cf --- /dev/null +++ b/dnsapi/dns_zoneedit.sh @@ -0,0 +1,145 @@ +#!/usr/bin/env sh + +# https://github.com/blueslow/sslcertzoneedit + +# Only need to export the credentials once, acme.sh will save for automatic renewal. +# export ZONEEDIT_ID="Your id" +# export ZONEEDIT_Token="Your token" +# acme.sh --issue --dns dns_zoneedit -d example.com -d www.example.com + +######## Public functions ##################### + +# Usage: dns_zoneedit_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_zoneedit_add() { + fulldomain=$1 + txtvalue=$2 + _info "Using Zoneedit" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + # Load the credentials from the account conf file + ZONEEDIT_ID="${ZONEEDIT_ID:-$(_readaccountconf_mutable ZONEEDIT_ID)}" + ZONEEDIT_Token="${ZONEEDIT_Token:-$(_readaccountconf_mutable ZONEEDIT_Token)}" + if [ -z "$ZONEEDIT_ID" ] || [ -z "$ZONEEDIT_Token" ]; then + ZONEEDIT_ID="" + ZONEEDIT_Token="" + _err "Please specify ZONEEDIT_ID and _Token." + _err "Please export as ZONEEDIT_ID and ZONEEDIT_Token then try again." + return 1 + fi + + # Save the credentials to the account conf file + _saveaccountconf_mutable ZONEEDIT_ID "$ZONEEDIT_ID" + _saveaccountconf_mutable ZONEEDIT_Token "$ZONEEDIT_Token" + + if _zoneedit_api "CREATE" "$fulldomain" "$txtvalue"; then + _info "Added, OK" + return 0 + else + _err "Add txt record error." + return 1 + fi +} + +# Usage: dns_zoneedit_rm fulldomain txtvalue +dns_zoneedit_rm() { + fulldomain=$1 + txtvalue=$2 + _info "Using Zoneedit" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + # Load the credentials from the account conf file + ZONEEDIT_ID="${ZONEEDIT_ID:-$(_readaccountconf_mutable ZONEEDIT_ID)}" + ZONEEDIT_Token="${ZONEEDIT_Token:-$(_readaccountconf_mutable ZONEEDIT_Token)}" + if [ -z "$ZONEEDIT_ID" ] || [ -z "$ZONEEDIT_Token" ]; then + ZONEEDIT_ID="" + ZONEEDIT_Token="" + _err "Please specify ZONEEDIT_ID and _Token." + _err "Please export as ZONEEDIT_ID and ZONEEDIT_Token then try again." + return 1 + fi + + if _zoneedit_api "DELETE" "$fulldomain" "$txtvalue"; then + _info "Deleted, OK" + return 0 + else + _err "Delete txt record error." + return 1 + fi +} + +#################### Private functions below ################################## + +#Usage: _zoneedit_api fulldomain txtvalue +_zoneedit_api() { + cmd=$1 + fulldomain=$2 + txtvalue=$3 + + # Construct basic authorization header + credentials=$(printf "%s:%s" "$ZONEEDIT_ID" "$ZONEEDIT_Token" | _base64) + export _H1="Authorization: Basic ${credentials}" + + # Generate request URL + case "$cmd" in + "CREATE") + # https://dynamic.zoneedit.com/txt-create.php?host=_acme-challenge.example.com&rdata=depE1VF_xshMm1IVY1Y56Kk9Zb_7jA2VFkP65WuNgu8W + geturl="https://dynamic.zoneedit.com/txt-create.php?host=${fulldomain}&rdata=${txtvalue}" + ;; + "DELETE") + # https://dynamic.zoneedit.com/txt-delete.php?host=_acme-challenge.example.com&rdata=depE1VF_xshMm1IVY1Y56Kk9Zb_7jA2VFkP65WuNgu8W + geturl="https://dynamic.zoneedit.com/txt-delete.php?host=${fulldomain}&rdata=${txtvalue}" + ze_sleep=2 + ;; + *) + _err "Unknown parameter : $cmd" + return 1 + ;; + esac + + # Execute request + i=3 # Tries + while [ "$i" -gt 0 ]; do + i=$(_math "$i" - 1) + + if ! response=$(_get "$geturl"); then + _err "_get() failed ($response)" + return 1 + fi + _debug2 response "$response" + if _contains "$response" "SUCCESS.*200"; then + # Sleep (when needed) to work around a Zonedit API bug + # https://forum.zoneedit.com/threads/automating-changes-of-txt-records-in-dns.7394/page-2#post-23855 + if [ "$ze_sleep" ]; then _sleep "$ze_sleep"; fi + return 0 + elif _contains "$response" "ERROR.*Minimum.*seconds"; then + _info "Zoneedit responded with a rate limit of..." + ze_ratelimit=$(echo "$response" | sed -n 's/.*Minimum \([0-9]\+\) seconds.*/\1/p') + if [ "$ze_ratelimit" ] && [ ! "$(echo "$ze_ratelimit" | tr -d '0-9')" ]; then + _info "$ze_ratelimit seconds." + else + _err "$response" + _err "not a number, or blank ($ze_ratelimit), API change?" + unset ze_ratelimit + fi + else + _err "$response" + _err "Unknown response, API change?" + fi + + # Retry + if [ "$i" -lt 1 ]; then + _err "Tries exceeded, giving up." + return 1 + fi + if [ "$ze_ratelimit" ]; then + _info "Waiting $ze_ratelimit seconds..." + _sleep "$ze_ratelimit" + else + _err "Going to retry after 10 seconds..." + _sleep 10 + fi + done + return 1 +} diff --git a/dnsapi/dns_zonomi.sh b/dnsapi/dns_zonomi.sh index 52a889ea..ee817381 100644 --- a/dnsapi/dns_zonomi.sh +++ b/dnsapi/dns_zonomi.sh @@ -1,9 +1,11 @@ #!/usr/bin/env sh - -# -#ZM_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#https://zonomi.com dns api +# shellcheck disable=SC2034 +dns_zonomi_info='zonomi.com +Site: zonomi.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_zonomi +Options: + ZM_Key API Key +' ZM_Api="https://zonomi.com/app/dns/dyndns.jsp" diff --git a/notify/bark.sh b/notify/bark.sh index bbd5bf34..fd9ebd76 100644 --- a/notify/bark.sh +++ b/notify/bark.sh @@ -1,32 +1,40 @@ #!/usr/bin/env sh -#Support iOS Bark Notification +# Support iOS Bark Notification -#BARK_API_URL="https://api.day.app/xxxx" -#BARK_SOUND="yyyy" -#BARK_GROUP="zzzz" +# Every parameter explained: https://github.com/Finb/bark-server/blob/master/docs/API_V2.md#push -# subject content statusCode +# BARK_API_URL="https://api.day.app/xxxx" (required) +# BARK_GROUP="ACME" (optional) +# BARK_SOUND="alarm" (optional) +# BARK_LEVEL="active" (optional) +# BARK_BADGE=0 (optional) +# BARK_AUTOMATICALLYCOPY="1" (optional) +# BARK_COPY="My clipboard Content" (optional) +# BARK_ICON="https://example.com/icon.png" (optional) +# BARK_ISARCHIVE="1" (optional) +# BARK_URL="https://example.com" (optional) + +# subject content statusCode bark_send() { _subject="$1" _content="$2" - _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _statusCode="$3" # 0: success, 1: error, 2: skipped _debug "_subject" "$_subject" _debug "_content" "$_content" _debug "_statusCode" "$_statusCode" + _content=$(echo "$_content" | _url_encode) + _subject=$(echo "$_subject" | _url_encode) + BARK_API_URL="${BARK_API_URL:-$(_readaccountconf_mutable BARK_API_URL)}" if [ -z "$BARK_API_URL" ]; then - BARK_API_URL="" _err "You didn't specify a Bark API URL BARK_API_URL yet." _err "You can download Bark from App Store and get yours." return 1 fi _saveaccountconf_mutable BARK_API_URL "$BARK_API_URL" - BARK_SOUND="${BARK_SOUND:-$(_readaccountconf_mutable BARK_SOUND)}" - _saveaccountconf_mutable BARK_SOUND "$BARK_SOUND" - BARK_GROUP="${BARK_GROUP:-$(_readaccountconf_mutable BARK_GROUP)}" if [ -z "$BARK_GROUP" ]; then BARK_GROUP="ACME" @@ -35,10 +43,79 @@ bark_send() { _saveaccountconf_mutable BARK_GROUP "$BARK_GROUP" fi - _content=$(echo "$_content" | _url_encode) - _subject=$(echo "$_subject" | _url_encode) + BARK_SOUND="${BARK_SOUND:-$(_readaccountconf_mutable BARK_SOUND)}" + if [ -n "$BARK_SOUND" ]; then + _saveaccountconf_mutable BARK_SOUND "$BARK_SOUND" + fi + + BARK_LEVEL="${BARK_LEVEL:-$(_readaccountconf_mutable BARK_LEVEL)}" + if [ -n "$BARK_LEVEL" ]; then + _saveaccountconf_mutable BARK_LEVEL "$BARK_LEVEL" + fi + + BARK_BADGE="${BARK_BADGE:-$(_readaccountconf_mutable BARK_BADGE)}" + if [ -n "$BARK_BADGE" ]; then + _saveaccountconf_mutable BARK_BADGE "$BARK_BADGE" + fi + + BARK_AUTOMATICALLYCOPY="${BARK_AUTOMATICALLYCOPY:-$(_readaccountconf_mutable BARK_AUTOMATICALLYCOPY)}" + if [ -n "$BARK_AUTOMATICALLYCOPY" ]; then + _saveaccountconf_mutable BARK_AUTOMATICALLYCOPY "$BARK_AUTOMATICALLYCOPY" + fi + + BARK_COPY="${BARK_COPY:-$(_readaccountconf_mutable BARK_COPY)}" + if [ -n "$BARK_COPY" ]; then + _saveaccountconf_mutable BARK_COPY "$BARK_COPY" + fi + + BARK_ICON="${BARK_ICON:-$(_readaccountconf_mutable BARK_ICON)}" + if [ -n "$BARK_ICON" ]; then + _saveaccountconf_mutable BARK_ICON "$BARK_ICON" + fi + + BARK_ISARCHIVE="${BARK_ISARCHIVE:-$(_readaccountconf_mutable BARK_ISARCHIVE)}" + if [ -n "$BARK_ISARCHIVE" ]; then + _saveaccountconf_mutable BARK_ISARCHIVE "$BARK_ISARCHIVE" + fi + + BARK_URL="${BARK_URL:-$(_readaccountconf_mutable BARK_URL)}" + if [ -n "$BARK_URL" ]; then + _saveaccountconf_mutable BARK_URL "$BARK_URL" + fi + + _params="" + + if [ -n "$BARK_SOUND" ]; then + _params="$_params&sound=$BARK_SOUND" + fi + if [ -n "$BARK_GROUP" ]; then + _params="$_params&group=$BARK_GROUP" + fi + if [ -n "$BARK_LEVEL" ]; then + _params="$_params&level=$BARK_LEVEL" + fi + if [ -n "$BARK_BADGE" ]; then + _params="$_params&badge=$BARK_BADGE" + fi + if [ -n "$BARK_AUTOMATICALLYCOPY" ]; then + _params="$_params&automaticallyCopy=$BARK_AUTOMATICALLYCOPY" + fi + if [ -n "$BARK_COPY" ]; then + _params="$_params©=$BARK_COPY" + fi + if [ -n "$BARK_ICON" ]; then + _params="$_params&icon=$BARK_ICON" + fi + if [ -n "$BARK_ISARCHIVE" ]; then + _params="$_params&isArchive=$BARK_ISARCHIVE" + fi + if [ -n "$BARK_URL" ]; then + _params="$_params&url=$BARK_URL" + fi + + _params=$(echo "$_params" | sed 's/^&//') # remove leading '&' if exists - response="$(_get "$BARK_API_URL/$_subject/$_content?sound=$BARK_SOUND&group=$BARK_GROUP")" + response="$(_get "$BARK_API_URL/$_subject/$_content?$_params")" if [ "$?" = "0" ] && _contains "$response" "success"; then _info "Bark API fired success." diff --git a/notify/mattermost.sh b/notify/mattermost.sh new file mode 100644 index 00000000..f13f6ebc --- /dev/null +++ b/notify/mattermost.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env sh + +# Support mattermost bots + +#MATTERMOST_API_URL="" +#MATTERMOST_CHANNEL_ID="" +#MATTERMOST_BOT_TOKEN="" + +mattermost_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_statusCode" "$_statusCode" + + MATTERMOST_API_URL="${MATTERMOST_API_URL:-$(_readaccountconf_mutable MATTERMOST_API_URL)}" + if [ -z "$MATTERMOST_API_URL" ]; then + _err "You didn't specify a Mattermost API URL MATTERMOST_API_URL yet." + return 1 + fi + _saveaccountconf_mutable MATTERMOST_API_URL "$MATTERMOST_API_URL" + + MATTERMOST_CHANNEL_ID="${MATTERMOST_CHANNEL_ID:-$(_readaccountconf_mutable MATTERMOST_CHANNEL_ID)}" + if [ -z "$MATTERMOST_CHANNEL_ID" ]; then + _err "You didn't specify a Mattermost channel id MATTERMOST_CHANNEL_ID yet." + return 1 + fi + _saveaccountconf_mutable MATTERMOST_CHANNEL_ID "$MATTERMOST_CHANNEL_ID" + + MATTERMOST_BOT_TOKEN="${MATTERMOST_BOT_TOKEN:-$(_readaccountconf_mutable MATTERMOST_BOT_TOKEN)}" + if [ -z "$MATTERMOST_BOT_TOKEN" ]; then + _err "You didn't specify a Mattermost bot API token MATTERMOST_BOT_TOKEN yet." + return 1 + fi + _saveaccountconf_mutable MATTERMOST_BOT_TOKEN "$MATTERMOST_BOT_TOKEN" + + _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" + _data="{\"channel_id\": \"$MATTERMOST_CHANNEL_ID\", " + _data="$_data\"message\": \"$_content\"}" + + export _H1="Authorization: Bearer $MATTERMOST_BOT_TOKEN" + response="" + if _post "$_data" "$MATTERMOST_API_URL" "" "POST" "application/json; charset=utf-8"; then + MATTERMOST_RESULT_OK=$(echo "$response" | _egrep_o 'create_at') + if [ "$?" = "0" ] && [ "$MATTERMOST_RESULT_OK" ]; then + _info "mattermost send success." + return 0 + fi + fi + _err "mattermost send error." + _err "$response" + return 1 +} diff --git a/notify/ntfy.sh b/notify/ntfy.sh new file mode 100644 index 00000000..650d1c74 --- /dev/null +++ b/notify/ntfy.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env sh + +# support ntfy + +#NTFY_URL="https://ntfy.sh" +#NTFY_TOPIC="xxxxxxxxxxxxx" + +ntfy_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_subject" "$_subject" + _debug "_content" "$_content" + _debug "_statusCode" "$_statusCode" + + NTFY_URL="${NTFY_URL:-$(_readaccountconf_mutable NTFY_URL)}" + if [ "$NTFY_URL" ]; then + _saveaccountconf_mutable NTFY_URL "$NTFY_URL" + fi + + NTFY_TOPIC="${NTFY_TOPIC:-$(_readaccountconf_mutable NTFY_TOPIC)}" + if [ "$NTFY_TOPIC" ]; then + _saveaccountconf_mutable NTFY_TOPIC "$NTFY_TOPIC" + fi + + _data="${_subject}. $_content" + response="$(_post "$_data" "$NTFY_URL/$NTFY_TOPIC" "" "POST" "")" + + if [ "$?" = "0" ] && _contains "$response" "expires"; then + _info "ntfy event fired success." + return 0 + fi + + _err "ntfy event fired error." + _err "$response" + return 1 +} diff --git a/notify/teams.sh b/notify/teams.sh old mode 100644 new mode 100755 index 1bc5ed08..5e8fe6c0 --- a/notify/teams.sh +++ b/notify/teams.sh @@ -3,10 +3,6 @@ #Support Microsoft Teams webhooks #TEAMS_WEBHOOK_URL="" -#TEAMS_THEME_COLOR="" -#TEAMS_SUCCESS_COLOR="" -#TEAMS_ERROR_COLOR="" -#TEAMS_SKIP_COLOR="" teams_send() { _subject="$1" @@ -14,9 +10,9 @@ teams_send() { _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped _debug "_statusCode" "$_statusCode" - _color_success="2cbe4e" # green - _color_danger="cb2431" # red - _color_muted="586069" # gray + _color_success="Good" + _color_danger="Attention" + _color_muted="Accent" TEAMS_WEBHOOK_URL="${TEAMS_WEBHOOK_URL:-$(_readaccountconf_mutable TEAMS_WEBHOOK_URL)}" if [ -z "$TEAMS_WEBHOOK_URL" ]; then @@ -26,26 +22,6 @@ teams_send() { fi _saveaccountconf_mutable TEAMS_WEBHOOK_URL "$TEAMS_WEBHOOK_URL" - TEAMS_THEME_COLOR="${TEAMS_THEME_COLOR:-$(_readaccountconf_mutable TEAMS_THEME_COLOR)}" - if [ -n "$TEAMS_THEME_COLOR" ]; then - _saveaccountconf_mutable TEAMS_THEME_COLOR "$TEAMS_THEME_COLOR" - fi - - TEAMS_SUCCESS_COLOR="${TEAMS_SUCCESS_COLOR:-$(_readaccountconf_mutable TEAMS_SUCCESS_COLOR)}" - if [ -n "$TEAMS_SUCCESS_COLOR" ]; then - _saveaccountconf_mutable TEAMS_SUCCESS_COLOR "$TEAMS_SUCCESS_COLOR" - fi - - TEAMS_ERROR_COLOR="${TEAMS_ERROR_COLOR:-$(_readaccountconf_mutable TEAMS_ERROR_COLOR)}" - if [ -n "$TEAMS_ERROR_COLOR" ]; then - _saveaccountconf_mutable TEAMS_ERROR_COLOR "$TEAMS_ERROR_COLOR" - fi - - TEAMS_SKIP_COLOR="${TEAMS_SKIP_COLOR:-$(_readaccountconf_mutable TEAMS_SKIP_COLOR)}" - if [ -n "$TEAMS_SKIP_COLOR" ]; then - _saveaccountconf_mutable TEAMS_SKIP_COLOR "$TEAMS_SKIP_COLOR" - fi - export _H1="Content-Type: application/json" _subject=$(echo "$_subject" | _json_encode) @@ -63,16 +39,35 @@ teams_send() { ;; esac - _color=$(echo "$_color" | tr -cd 'a-fA-F0-9') - if [ -z "$_color" ]; then - _color=$(echo "${TEAMS_THEME_COLOR:-$_color_muted}" | tr -cd 'a-fA-F0-9') - fi - - _data="{\"title\": \"$_subject\"," - if [ -n "$_color" ]; then - _data="$_data\"themeColor\": \"$_color\", " - fi - _data="$_data\"text\": \"$_content\"}" + _data="{ + \"type\": \"message\", + \"attachments\": [ + { + \"contentType\": \"application/vnd.microsoft.card.adaptive\", + \"contentUrl\": null, + \"content\": { + \"schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\", + \"type\": \"AdaptiveCard\", + \"version\": \"1.2\", + \"body\": [ + { + \"type\": \"TextBlock\", + \"size\": \"large\", + \"weight\": \"bolder\", + \"wrap\": true, + \"color\": \"$_color\", + \"text\": \"$_subject\" + }, + { + \"type\": \"TextBlock\", + \"text\": \"$_content\", + \"wrap\": true + } + ] + } + } + ] +}" if response=$(_post "$_data" "$TEAMS_WEBHOOK_URL"); then if ! _contains "$response" error; then diff --git a/notify/telegram.sh b/notify/telegram.sh index 454b4146..cca8ee25 100644 --- a/notify/telegram.sh +++ b/notify/telegram.sh @@ -27,11 +27,12 @@ telegram_send() { fi _saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID" - _content="$(printf "%s" "$_content" | sed -e 's/\([_*`\[]\)/\\\\\1/g')" + _subject="$(printf "%s" "$_subject" | sed 's/\\/\\\\\\\\/g' | sed 's/\]/\\\\\]/g' | sed 's/\([_*[()~`>#+--=|{}.!]\)/\\\\\1/g')" + _content="$(printf "%s" "$_content" | sed 's/\\/\\\\\\\\/g' | sed 's/\]/\\\\\]/g' | sed 's/\([_*[()~`>#+--=|{}.!]\)/\\\\\1/g')" _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" _data="{\"text\": \"$_content\", " _data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", " - _data="$_data\"parse_mode\": \"markdown\", " + _data="$_data\"parse_mode\": \"MarkdownV2\", " _data="$_data\"disable_web_page_preview\": \"1\"}" _debug "$_data"