Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

update to actual version

pull/1895/head
Зяблицкий Михаил Владимирович 6 years ago
parent
45fcee132a
commit
89fa046c1a
26 changed files with 1585 additions and 61 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      Dockerfile
  2. 32
      README.md
  3. 124
      acme.sh
  4. 8
      deploy/gcore_cdn.sh
  5. 14
      dnsapi/dns_aws.sh
  6. 8
      dnsapi/dns_freedns.sh
  7. 149
      dnsapi/dns_leaseweb.sh
  8. 210
      dnsapi/dns_miab.sh
  9. 185
      dnsapi/dns_nic.sh
  10. 414
      dnsapi/dns_pleskxml.sh
  11. 224
      dnsapi/dns_rcode0.sh
  12. 147
      dnsapi/dns_variomedia.sh
  13. 2
      dnsapi/dns_vscale.sh
  14. 10
      dnsapi/dns_vultr.sh
  15. 68
      notify/dingtalk.sh
  16. 2
      notify/mailgun.sh

1
Dockerfile
View File

@ -3,6 +3,7 @@ FROM alpine:3.10
RUN apk update -f \
&& apk --no-cache add -f \
openssl \
openssh-client \
coreutils \
bind-tools \
curl \

32
README.md
View File

@ -1,6 +1,6 @@
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)
<img src="https://opencollective.com/acmesh/tiers/backers/badge.svg?label=backer&color=brightgreen" /> [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
- An ACME protocol client written purely in Shell (Unix shell) language.
- Full ACME protocol implementation.
- Support ACME v1 and ACME v2
@ -451,6 +451,36 @@ TODO:
2. ACME protocol: https://github.com/ietf-wg-acme/acme
## Contributors
### Code Contributors
This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
<a href="https://github.com/Neilpang/acme.sh/graphs/contributors"><img src="https://opencollective.com/acmesh/contributors.svg?width=890&button=false" /></a>
### Financial Contributors
Become a financial contributor and help us sustain our community. [[Contribute](https://opencollective.com/acmesh/contribute)]
#### Individuals
<a href="https://opencollective.com/acmesh"><img src="https://opencollective.com/acmesh/individuals.svg?width=890"></a>
#### Organizations
Support this project with your organization. Your logo will show up here with a link to your website. [[Contribute](https://opencollective.com/acmesh/contribute)]
<a href="https://opencollective.com/acmesh/organization/0/website"><img src="https://opencollective.com/acmesh/organization/0/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/1/website"><img src="https://opencollective.com/acmesh/organization/1/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/2/website"><img src="https://opencollective.com/acmesh/organization/2/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/3/website"><img src="https://opencollective.com/acmesh/organization/3/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/4/website"><img src="https://opencollective.com/acmesh/organization/4/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/5/website"><img src="https://opencollective.com/acmesh/organization/5/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/6/website"><img src="https://opencollective.com/acmesh/organization/6/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/7/website"><img src="https://opencollective.com/acmesh/organization/7/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/8/website"><img src="https://opencollective.com/acmesh/organization/8/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/9/website"><img src="https://opencollective.com/acmesh/organization/9/avatar.svg"></a>
# 19. License & Others
License is GPLv3

124
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh
VER=2.8.3
VER=2.8.4
PROJECT_NAME="acme.sh"
@ -90,6 +90,9 @@ DEBUG_LEVEL_3=3
DEBUG_LEVEL_DEFAULT=$DEBUG_LEVEL_1
DEBUG_LEVEL_NONE=0
DOH_CLOUDFLARE=1
DOH_GOOGLE=2
HIDDEN_VALUE="[hidden](please add '--output-insecure' to see this value)"
SYSLOG_ERROR="user.error"
@ -150,7 +153,7 @@ fi
__green() {
if [ "${__INTERACTIVE}${ACME_NO_COLOR:-0}" = "10" -o "${ACME_FORCE_COLOR}" = "1" ]; then
printf '\033[1;31;32m%b\033[0m' "$1"
printf '\33[1;32m%b\33[0m' "$1"
return
fi
printf -- "%b" "$1"
@ -158,7 +161,7 @@ __green() {
__red() {
if [ "${__INTERACTIVE}${ACME_NO_COLOR:-0}" = "10" -o "${ACME_FORCE_COLOR}" = "1" ]; then
printf '\033[1;31;40m%b\033[0m' "$1"
printf '\33[1;31m%b\33[0m' "$1"
return
fi
printf -- "%b" "$1"
@ -262,6 +265,37 @@ _usage() {
printf "\n" >&2
}
__debug_bash_helper() {
# At this point only do for --debug 3
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -lt "$DEBUG_LEVEL_3" ]; then
return
fi
# Return extra debug info when running with bash, otherwise return empty
# string.
if [ -z "${BASH_VERSION}" ]; then
return
fi
# We are a bash shell at this point, return the filename, function name, and
# line number as a string
_dbh_saveIFS=$IFS
IFS=" "
# Must use eval or syntax error happens under dash. The eval should use
# single quotes as older versions of busybox had a bug with double quotes and
# eval.
# Use 'caller 1' as we want one level up the stack as we should be called
# by one of the _debug* functions
eval '_dbh_called=($(caller 1))'
IFS=$_dbh_saveIFS
eval '_dbh_file=${_dbh_called[2]}'
if [ -n "${_script_home}" ]; then
# Trim off the _script_home directory name
eval '_dbh_file=${_dbh_file#$_script_home/}'
fi
eval '_dbh_function=${_dbh_called[1]}'
eval '_dbh_lineno=${_dbh_called[0]}'
printf "%-40s " "$_dbh_file:${_dbh_function}:${_dbh_lineno}"
}
_debug() {
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_1" ]; then
_log "$@"
@ -270,7 +304,8 @@ _debug() {
_syslog "$SYSLOG_DEBUG" "$@"
fi
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_1" ]; then
_printargs "$@" >&2
_bash_debug=$(__debug_bash_helper)
_printargs "${_bash_debug}$@" >&2
fi
}
@ -303,7 +338,8 @@ _debug2() {
_syslog "$SYSLOG_DEBUG" "$@"
fi
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then
_printargs "$@" >&2
_bash_debug=$(__debug_bash_helper)
_printargs "${_bash_debug}$@" >&2
fi
}
@ -335,7 +371,8 @@ _debug3() {
_syslog "$SYSLOG_DEBUG" "$@"
fi
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_3" ]; then
_printargs "$@" >&2
_bash_debug=$(__debug_bash_helper)
_printargs "${_bash_debug}$@" >&2
fi
}
@ -3328,7 +3365,7 @@ _on_issue_success() {
fi
fi
if _hasfield "$Le_Webroot" "$W_DNS"; then
if _hasfield "$Le_Webroot" "$W_DNS" && [ -z "$FORCE_DNS_MANUAL" ]; then
_err "$_DNS_MANUAL_WARN"
fi
@ -3636,7 +3673,7 @@ __trigger_validation() {
}
#endpoint domain type
_ns_lookup() {
_ns_lookup_impl() {
_ns_ep="$1"
_ns_domain="$2"
_ns_type="$3"
@ -3660,7 +3697,7 @@ _ns_lookup_cf() {
_cf_ld="$1"
_cf_ld_type="$2"
_cf_ep="https://cloudflare-dns.com/dns-query"
_ns_lookup "$_cf_ep" "$_cf_ld" "$_cf_ld_type"
_ns_lookup_impl "$_cf_ep" "$_cf_ld" "$_cf_ld_type"
}
#domain, type
@ -3673,6 +3710,44 @@ _ns_purge_cf() {
_debug2 response "$response"
}
#checks if cf server is available
_ns_is_available_cf() {
if _get "https://cloudflare-dns.com" >/dev/null 2>&1; then
return 0
else
return 1
fi
}
#domain, type
_ns_lookup_google() {
_cf_ld="$1"
_cf_ld_type="$2"
_cf_ep="https://dns.google/resolve"
_ns_lookup_impl "$_cf_ep" "$_cf_ld" "$_cf_ld_type"
}
#domain, type
_ns_lookup() {
if [ -z "$DOH_USE" ]; then
_debug "Detect dns server first."
if _ns_is_available_cf; then
_debug "Use cloudflare doh server"
export DOH_USE=$DOH_CLOUDFLARE
else
_debug "Use google doh server"
export DOH_USE=$DOH_GOOGLE
fi
fi
if [ "$DOH_USE" = "$DOH_CLOUDFLARE" ] || [ -z "$DOH_USE" ]; then
_ns_lookup_cf "$@"
else
_ns_lookup_google "$@"
fi
}
#txtdomain, alias, txt
__check_txt() {
_c_txtdomain="$1"
@ -3681,7 +3756,7 @@ __check_txt() {
_debug "_c_txtdomain" "$_c_txtdomain"
_debug "_c_aliasdomain" "$_c_aliasdomain"
_debug "_c_txt" "$_c_txt"
_answers="$(_ns_lookup_cf "$_c_aliasdomain" TXT)"
_answers="$(_ns_lookup "$_c_aliasdomain" TXT)"
_contains "$_answers" "$_c_txt"
}
@ -3690,7 +3765,13 @@ __check_txt() {
__purge_txt() {
_p_txtdomain="$1"
_debug _p_txtdomain "$_p_txtdomain"
if [ "$DOH_USE" = "$DOH_CLOUDFLARE" ] || [ -z "$DOH_USE" ]; then
_ns_purge_cf "$_p_txtdomain" "TXT"
else
_debug "no purge api for google dns api, just sleep 5 secs"
_sleep 5
fi
}
#wait and check each dns entries
@ -4000,7 +4081,18 @@ $_authorizations_map"
fi
if [ "$ACME_VERSION" = "2" ]; then
response="$(echo "$_authorizations_map" | grep "^$(_idn "$d")," | sed "s/$d,//")"
_idn_d="$(_idn "$d")"
_candindates="$(echo "$_authorizations_map" | grep "^$_idn_d,")"
_debug2 _candindates "$_candindates"
if [ "$(echo "$_candindates" | wc -l)" -gt 1 ]; then
for _can in $_candindates; do
if _startswith "$(echo "$_can" | tr '.' '|')" "$(echo "$_idn_d" | tr '.' '|'),"; then
_candindates="$_can"
break
fi
done
fi
response="$(echo "$_candindates" | sed "s/$_idn_d,//")"
_debug2 "response" "$response"
if [ -z "$response" ]; then
_err "get to authz error."
@ -4974,18 +5066,14 @@ list() {
if [ "$_raw" ]; then
printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew"
for di in "${CERT_HOME}"/*.*/; do
if ! [ -d "$di" ]; then
_debug "Not directory, skip: $di"
continue
fi
d=$(basename "$di")
_debug d "$d"
(
if _endswith "$d" "$ECC_SUFFIX"; then
_isEcc=$(echo "$d" | cut -d "$ECC_SEP" -f 2)
_isEcc="ecc"
d=$(echo "$d" | cut -d "$ECC_SEP" -f 1)
fi
_initpath "$d" "$_isEcc"
DOMAIN_CONF="$di/$d.conf"
if [ -f "$DOMAIN_CONF" ]; then
. "$DOMAIN_CONF"
printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr"
@ -6016,7 +6104,7 @@ _send_notify() {
_set_notify_hook() {
_nhooks="$1"
_test_subject="Hello, this is notification from $PROJECT_NAME"
_test_subject="Hello, this is a notification from $PROJECT_NAME"
_test_content="If you receive this message, your notification works."
_send_notify "$_test_subject" "$_test_content" "$_nhooks" 0

8
deploy/gcore_cdn.sh
View File

@ -77,15 +77,15 @@ gcore_cdn_deploy() {
_debug _regex "$_regex"
_resource=$(echo "$_response" | sed 's/},{/},\n{/g' | _egrep_o "$_regex")
_debug _resource "$_resource"
_regex=".*\"id\":\([0-9]*\),.*$"
_regex=".*\"id\":\([0-9]*\).*\"rules\".*$"
_debug _regex "$_regex"
_resourceId=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _resourceId "$_resourceId"
_regex=".*\"sslData\":\([0-9]*\)}.*$"
_regex=".*\"sslData\":\([0-9]*\).*$"
_debug _regex "$_regex"
_sslDataOld=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _sslDataOld "$_sslDataOld"
_regex=".*\"originGroup\":\([0-9]*\),.*$"
_regex=".*\"originGroup\":\([0-9]*\).*$"
_debug _regex "$_regex"
_originGroup=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _originGroup "$_originGroup"
@ -101,7 +101,7 @@ gcore_cdn_deploy() {
_debug _request "$_request"
_response=$(_post "$_request" "https://api.gcdn.co/sslData")
_debug _response "$_response"
_regex=".*\"id\":\([0-9]*\),.*$"
_regex=".*\"id\":\([0-9]*\).*$"
_debug _regex "$_regex"
_sslDataAdd=$(echo "$_response" | sed -n "s/$_regex/\1/p")
_debug _sslDataAdd "$_sslDataAdd"

14
dnsapi/dns_aws.sh
View File

@ -6,6 +6,8 @@
#AWS_SECRET_ACCESS_KEY="xxxxxxx"
#This is the Amazon Route53 api wrapper for acme.sh
#All `_sleep` commands are included to avoid Route53 throttling, see
#https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests
AWS_HOST="route53.amazonaws.com"
AWS_URL="https://$AWS_HOST"
@ -43,6 +45,7 @@ dns_aws_add() {
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
_sleep 1
return 1
fi
_debug _domain_id "$_domain_id"
@ -51,6 +54,7 @@ dns_aws_add() {
_info "Getting existing records for $fulldomain"
if ! aws_rest GET "2013-04-01$_domain_id/rrset" "name=$fulldomain&type=TXT"; then
_sleep 1
return 1
fi
@ -63,6 +67,7 @@ dns_aws_add() {
if [ "$_resource_record" ] && _contains "$response" "$txtvalue"; then
_info "The TXT record already exists. Skipping."
_sleep 1
return 0
fi
@ -72,9 +77,10 @@ dns_aws_add() {
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
_info "TXT record updated successfully."
_sleep 1
return 0
fi
_sleep 1
return 1
}
@ -93,6 +99,7 @@ dns_aws_rm() {
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
_sleep 1
return 1
fi
_debug _domain_id "$_domain_id"
@ -101,6 +108,7 @@ dns_aws_rm() {
_info "Getting existing records for $fulldomain"
if ! aws_rest GET "2013-04-01$_domain_id/rrset" "name=$fulldomain&type=TXT"; then
_sleep 1
return 1
fi
@ -109,6 +117,7 @@ dns_aws_rm() {
_debug "_resource_record" "$_resource_record"
else
_debug "no records exist, skip"
_sleep 1
return 0
fi
@ -116,9 +125,10 @@ dns_aws_rm() {
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
_info "TXT record deleted successfully."
_sleep 1
return 0
fi
_sleep 1
return 1
}

8
dnsapi/dns_freedns.sh
View File

@ -303,9 +303,9 @@ _freedns_domain_id() {
return 1
fi
domain_id="$(echo "$htmlpage" | tr -d "[:space:]" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
| grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" \
| _egrep_o "edit\.php\?edit_domain_id=[0-9a-zA-Z]+" \
| sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' \
| cut -d = -f 2)"
# The above beauty extracts domain ID from the html page...
# strip out all blank space and new lines. Then insert newlines
@ -349,10 +349,10 @@ _freedns_data_id() {
return 1
fi
data_id="$(echo "$htmlpage" | tr -d "[:space:]" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
| grep "<td[a-zA-Z=#]*>$record_type</td>" \
| grep "<ahref.*>$search_domain</a>" \
| _egrep_o "edit\.php\?data_id=[0-9a-zA-Z]+" \
| sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' \
| cut -d = -f 2)"
# The above beauty extracts data ID from the html page...
# strip out all blank space and new lines. Then insert newlines

149
dnsapi/dns_leaseweb.sh
View File

@ -0,0 +1,149 @@
#!/usr/bin/env sh
#Author: Rolph Haspers <r.haspers@global.leaseweb.com>
#Utilize leaseweb.com API to finish dns-01 verifications.
#Requires a Leaseweb API Key (export LSW_Key="Your Key")
#See http://developer.leaseweb.com for more information.
######## Public functions #####################
LSW_API="https://api.leaseweb.com/hosting/v2/domains/"
#Usage: dns_leaseweb_add _acme-challenge.www.domain.com
dns_leaseweb_add() {
fulldomain=$1
txtvalue=$2
LSW_Key="${LSW_Key:-$(_readaccountconf_mutable LSW_Key)}"
if [ -z "$LSW_Key" ]; then
LSW_Key=""
_err "You don't specify Leaseweb api key yet."
_err "Please create your key and try again."
return 1
fi
#save the api key to the account conf file.
_saveaccountconf_mutable LSW_Key "$LSW_Key"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _root_domain "$_domain"
_debug _domain "$fulldomain"
if _lsw_api "POST" "$_domain" "$fulldomain" "$txtvalue"; then
if [ "$_code" = "201" ]; then
_info "Added, OK"
return 0
else
_err "Add txt record error, invalid code. Code: $_code"
return 1
fi
fi
_err "Add txt record error."
return 1
}
#Usage: fulldomain txtvalue
#Remove the txt record after validation.
dns_leaseweb_rm() {
fulldomain=$1
txtvalue=$2
LSW_Key="${LSW_Key:-$(_readaccountconf_mutable LSW_Key)}"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _root_domain "$_domain"
_debug _domain "$fulldomain"
if _lsw_api "DELETE" "$_domain" "$fulldomain" "$txtvalue"; then
if [ "$_code" = "204" ]; then
_info "Deleted, OK"
return 0
else
_err "Delete txt record error."
return 1
fi
fi
_err "Delete txt record error."
return 1
}
#################### Private functions below ##################################
# _acme-challenge.www.domain.com
# returns
# _domain=domain.com
_get_root() {
rdomain=$1
i="$(echo "$rdomain" | tr '.' ' ' | wc -w)"
i=$(_math "$i" - 1)
while true; do
h=$(printf "%s" "$rdomain" | cut -d . -f "$i"-100)
_debug h "$h"
if [ -z "$h" ]; then
return 1 #not valid domain
fi
#Check API if domain exists
if _lsw_api "GET" "$h"; then
if [ "$_code" = "200" ]; then
_domain="$h"
return 0
fi
fi
i=$(_math "$i" - 1)
if [ "$i" -lt 2 ]; then
return 1 #not found, no need to check _acme-challenge.sub.domain in leaseweb api.
fi
done
return 1
}
_lsw_api() {
cmd=$1
d=$2
fd=$3
tvalue=$4
# Construct the HTTP Authorization header
export _H2="Content-Type: application/json"
export _H1="X-Lsw-Auth: ${LSW_Key}"
if [ "$cmd" = "GET" ]; then
response="$(_get "$LSW_API/$d")"
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
_debug "http response code $_code"
_debug response "$response"
return 0
fi
if [ "$cmd" = "POST" ]; then
data="{\"name\": \"$fd.\",\"type\": \"TXT\",\"content\": [\"$tvalue\"],\"ttl\": 60}"
response="$(_post "$data" "$LSW_API/$d/resourceRecordSets" "$data" "POST")"
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
_debug "http response code $_code"
_debug response "$response"
return 0
fi
if [ "$cmd" = "DELETE" ]; then
response="$(_post "" "$LSW_API/$d/resourceRecordSets/$fd/TXT" "" "DELETE")"
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
_debug "http response code $_code"
_debug response "$response"
return 0
fi
return 1
}

210
dnsapi/dns_miab.sh
View File

@ -0,0 +1,210 @@
#!/usr/bin/env sh
# Name: dns_miab.sh
#
# Authors:
# Darven Dissek 2018
# William Gertz 2019
#
# Thanks to Neil Pang and other developers here for code reused from acme.sh from DNS-01
# used to communicate with the MailinaBox Custom DNS API
# Report Bugs here:
# https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh)
# https://github.com/Neilpang/acme.sh (for acme.sh)
#
######## Public functions #####################
#Usage: dns_miab_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_miab_add() {
fulldomain=$1
txtvalue=$2
_info "Using miab challange add"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
#retrieve MIAB environemt vars
if ! _retrieve_miab_env; then
return 1
fi
#check domain and seperate into doamin and host
if ! _get_root "$fulldomain"; then
_err "Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}"
return 1
fi
_debug2 _sub_domain "$_sub_domain"
_debug2 _domain "$_domain"
#add the challenge record
_api_path="custom/${fulldomain}/txt"
_miab_rest "$txtvalue" "$_api_path" "POST"
#check if result was good
if _contains "$response" "updated DNS"; then
_info "Successfully created the txt record"
return 0
else
_err "Error encountered during record add"
_err "$response"
return 1
fi
}
#Usage: dns_miab_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_miab_rm() {
fulldomain=$1
txtvalue=$2
_info "Using miab challage delete"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
#retrieve MIAB environemt vars
if ! _retrieve_miab_env; then
return 1
fi
#check domain and seperate into doamin and host
if ! _get_root "$fulldomain"; then
_err "Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}"
return 1
fi
_debug2 _sub_domain "$_sub_domain"
_debug2 _domain "$_domain"
#Remove the challenge record
_api_path="custom/${fulldomain}/txt"
_miab_rest "$txtvalue" "$_api_path" "DELETE"
#check if result was good
if _contains "$response" "updated DNS"; then
_info "Successfully removed the txt record"
return 0
else
_err "Error encountered during record remove"
_err "$response"
return 1
fi
}
#################### Private functions below ##################################
#
#Usage: _get_root _acme-challenge.www.domain.com
#Returns:
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
_passed_domain=$1
_debug _passed_domain "$_passed_domain"
_i=2
_p=1
#get the zones hosed on MIAB server, must be a json stream
_miab_rest "" "zones" "GET"
if ! _is_json "$response"; then
_err "ERROR fetching domain list"
_err "$response"
return 1
fi
#cycle through the passed domain seperating out a test domain discarding
# the subdomain by marching thorugh the dots
while true; do
_test_domain=$(printf "%s" "$_passed_domain" | cut -d . -f ${_i}-100)
_debug _test_domain "$_test_domain"
if [ -z "$_test_domain" ]; then
return 1
fi
#report found if the test domain is in the json response and
# report the subdomain
if _contains "$response" "\"$_test_domain\""; then
_sub_domain=$(printf "%s" "$_passed_domain" | cut -d . -f 1-${_p})
_domain=${_test_domain}
return 0
fi
#cycle to the next dot in the passed domain
_p=${_i}
_i=$(_math "$_i" + 1)
done
return 1
}
#Usage: _retrieve_miab_env
#Returns (from store or environment variables):
# MIAB_Username
# MIAB_Password
# MIAB_Server
#retrieve MIAB environment variables, report errors and quit if problems
_retrieve_miab_env() {
MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}"
MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}"
MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}"
#debug log the environmental variables
_debug MIAB_Username "$MIAB_Username"
_debug MIAB_Password "$MIAB_Password"
_debug MIAB_Server "$MIAB_Server"
#check if MIAB environemt vars set and quit if not
if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then
_err "You didn't specify one or more of MIAB_Username, MIAB_Password or MIAB_Server."
_err "Please check these environment variables and try again."
return 1
fi
#save the credentials to the account conf file.
_saveaccountconf_mutable MIAB_Username "$MIAB_Username"
_saveaccountconf_mutable MIAB_Password "$MIAB_Password"
_saveaccountconf_mutable MIAB_Server "$MIAB_Server"
}
#Useage: _miab_rest "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" "custom/_acme-challenge.www.domain.com/txt "POST"
#Returns: "updated DNS: domain.com"
#rest interface MIAB dns
_miab_rest() {
_data="$1"
_api_path="$2"
_httpmethod="$3"
#encode username and password for basic authentication
_credentials="$(printf "%s" "$MIAB_Username:$MIAB_Password" | _base64)"
export _H1="Authorization: Basic $_credentials"
_url="https://${MIAB_Server}/admin/dns/${_api_path}"
_debug2 _data "$_data"
_debug _api_path "$_api_path"
_debug2 _url "$_url"
_debug2 _credentails "$_credentials"
_debug _httpmethod "$_httpmethod"
if [ "$_httpmethod" = "GET" ]; then
response="$(_get "$_url")"
else
response="$(_post "$_data" "$_url" "" "$_httpmethod")"
fi
_retcode="$?"
if [ "$_retcode" != "0" ]; then
_err "MIAB REST authentication failed on $_httpmethod"
return 1
fi
_debug response "$response"
return 0
}
#Usage: _is_json "\[\n "mydomain.com"\n]"
#Reurns "\[\n "mydomain.com"\n]"
#returns the string if it begins and ends with square braces
_is_json() {
_str="$(echo "$1" | _normalizeJson)"
echo "$_str" | grep '^\[.*\]$' >/dev/null 2>&1
}

185
dnsapi/dns_nic.sh
View File

@ -0,0 +1,185 @@
#!/usr/bin/env sh
#
#NIC_Token="sdfsdfsdfljlbjkljlkjsdfoiwjedfglgkdlfgkfgldfkg"
#
#NIC_Username="000000/NIC-D"
#NIC_Password="xxxxxxx"
NIC_Api="https://api.nic.ru"
dns_nic_add() {
fulldomain="${1}"
txtvalue="${2}"
NIC_Token="${NIC_Token:-$(_readaccountconf_mutable NIC_Token)}"
NIC_Username="${NIC_Username:-$(_readaccountconf_mutable NIC_Username)}"
NIC_Password="${NIC_Password:-$(_readaccountconf_mutable NIC_Password)}"
if [ -z "$NIC_Token" ] || [ -z "$NIC_Username" ] || [ -z "$NIC_Password" ]; then
NIC_Token=""
NIC_Username=""
NIC_Password=""
_err "You must export variables: NIC_Token, NIC_Username and NIC_Password"
return 1
fi
_saveaccountconf_mutable NIC_Customer "$NIC_Token"
_saveaccountconf_mutable NIC_Username "$NIC_Username"
_saveaccountconf_mutable NIC_Password "$NIC_Password"
if ! _nic_get_authtoken "$NIC_Username" "$NIC_Password" "$NIC_Token"; then
_err "get NIC auth token failed"
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "Invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug _service "$_service"
_info "Adding record"
if ! _nic_rest PUT "services/$_service/zones/$_domain/records" "<?xml version=\"1.0\" encoding=\"UTF-8\" ?><request><rr-list><rr><name>$_sub_domain</name><type>TXT</type><txt><string>$txtvalue</string></txt></rr></rr-list></request>"; then
_err "Add TXT record error"
return 1
fi
if ! _nic_rest POST "services/$_service/zones/$_domain/commit" ""; then
return 1
fi
_info "Added, OK"
}
dns_nic_rm() {
fulldomain="${1}"
txtvalue="${2}"
NIC_Token="${NIC_Token:-$(_readaccountconf_mutable NIC_Token)}"
NIC_Username="${NIC_Username:-$(_readaccountconf_mutable NIC_Username)}"
NIC_Password="${NIC_Password:-$(_readaccountconf_mutable NIC_Password)}"
if [ -z "$NIC_Token" ] || [ -z "$NIC_Username" ] || [ -z "$NIC_Password" ]; then
NIC_Token=""
NIC_Username=""
NIC_Password=""
_err "You must export variables: NIC_Token, NIC_Username and NIC_Password"
return 1
fi
if ! _nic_get_authtoken "$NIC_Username" "$NIC_Password" "$NIC_Token"; then
_err "get NIC auth token failed"
return 1
fi
if ! _get_root "$fulldomain"; then
_err "Invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug _service "$_service"
if ! _nic_rest GET "services/$_service/zones/$_domain/records"; then
_err "Get records error"
return 1
fi
_domain_id=$(printf "%s" "$response" | grep "$_sub_domain" | grep -- "$txtvalue" | sed -r "s/.*<rr id=\"(.*)\".*/\1/g")
if ! _nic_rest DELETE "services/$_service/zones/$_domain/records/$_domain_id"; then
_err "Delete record error"
return 1
fi
if ! _nic_rest POST "services/$_service/zones/$_domain/commit" ""; then
return 1
fi
}
#################### Private functions below ##################################
_nic_get_authtoken() {
username="$1"
password="$2"
token="$3"
_info "Getting NIC auth token"
export _H1="Authorization: Basic $token"
export _H2="Content-Type: application/x-www-form-urlencoded"
res=$(_post "grant_type=password&username=$username&password=$password&scope=%28GET%7CPUT%7CPOST%7CDELETE%29%3A%2Fdns-master%2F.%2B" "$NIC_Api/oauth/token" "" "POST")
if _contains "$res" "access_token"; then
_auth_token=$(printf "%s" "$res" | cut -d , -f2 | tr -d "\"" | sed "s/access_token://")
_info "Token received"
_debug _auth_token "$_auth_token"
return 0
fi
return 1
}
_get_root() {
domain="$1"
i=1
p=1
if ! _nic_rest GET "zones"; then
return 1
fi
_all_domains=$(printf "%s" "$response" | grep "idn-name" | sed -r "s/.*idn-name=\"(.*)\" name=.*/\1/g")
_debug2 _all_domains "$_all_domains"
while true; do
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h"
if [ -z "$h" ]; then
return 1
fi
if _contains "$_all_domains" "^$h$"; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h
_service=$(printf "%s" "$response" | grep "$_domain" | sed -r "s/.*service=\"(.*)\".*$/\1/")
return 0
fi
p="$i"
i=$(_math "$i" + 1)
done
return 1
}
_nic_rest() {
m="$1"
ep="$2"
data="$3"
_debug "$ep"
export _H1="Content-Type: application/xml"
export _H2="Authorization: Bearer $_auth_token"
if [ "$m" != "GET" ]; then
_debug data "$data"
response=$(_post "$data" "$NIC_Api/dns-master/$ep" "" "$m")
else
response=$(_get "$NIC_Api/dns-master/$ep")
fi
if _contains "$response" "<errors>"; then
error=$(printf "%s" "$response" | grep "error code" | sed -r "s/.*<error code=.*>(.*)<\/error>/\1/g")
_err "Error: $error"
return 1
fi
if ! _contains "$response" "<status>success</status>"; then
return 1
fi
_debug2 response "$response"
return 0
}

414
dnsapi/dns_pleskxml.sh
View File

@ -0,0 +1,414 @@
#!/usr/bin/env sh
## Name: dns_pleskxml.sh
## Created by Stilez.
## Also uses some code from PR#1832 by @romanlum (https://github.com/Neilpang/acme.sh/pull/1832/files)
## This DNS-01 method uses the Plesk XML API described at:
## https://docs.plesk.com/en-US/12.5/api-rpc/about-xml-api.28709
## and more specifically: https://docs.plesk.com/en-US/12.5/api-rpc/reference.28784
## Note: a DNS ID with host = empty string is OK for this API, see
## https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-dns/managing-dns-records/adding-dns-record.34798
## For example, to add a TXT record to DNS alias domain "acme-alias.com" would be a valid Plesk action.
## So this API module can handle such a request, if needed.
## For ACME v2 purposes, new TXT records are appended when added, and removing one TXT record will not affect any other TXT records.
## The user credentials (username+password) and URL/URI for the Plesk XML API must be set by the user
## before this module is called (case sensitive):
##
## ```
## export pleskxml_uri="https://address-of-my-plesk-server.net:8443/enterprise/control/agent.php"
## (or probably something similar)
## export pleskxml_user="my plesk username"
## export pleskxml_pass="my plesk password"
## ```
## Ok, let's issue a cert now:
## ```
## acme.sh --issue --dns dns_pleskxml -d example.com -d www.example.com
## ```
##
## The `pleskxml_uri`, `pleskxml_user` and `pleskxml_pass` will be saved in `~/.acme.sh/account.conf` and reused when needed.
#################### INTERNAL VARIABLES + NEWLINE + API TEMPLATES ##################################
pleskxml_init_checks_done=0
# Variable containing bare newline - not a style issue
# shellcheck disable=SC1004
NEWLINE='\
'
pleskxml_tplt_get_domains="<packet><customer><get-domain-list><filter/></get-domain-list></customer></packet>"
# Get a list of domains that PLESK can manage, so we can check root domain + host for acme.sh
# Also used to test credentials and URI.
# No params.
pleskxml_tplt_get_dns_records="<packet><dns><get_rec><filter><site-id>%s</site-id></filter></get_rec></dns></packet>"
# Get all DNS records for a Plesk domain ID.
# PARAM = Plesk domain id to query
pleskxml_tplt_add_txt_record="<packet><dns><add_rec><site-id>%s</site-id><type>TXT</type><host>%s</host><value>%s</value></add_rec></dns></packet>"
# Add a TXT record to a domain.
# PARAMS = (1) Plesk internal domain ID, (2) "hostname" for the new record, eg '_acme_challenge', (3) TXT record value
pleskxml_tplt_rmv_dns_record="<packet><dns><del_rec><filter><id>%s</id></filter></del_rec></dns></packet>"
# Delete a specific TXT record from a domain.
# PARAM = the Plesk internal ID for the DNS record to be deleted
#################### Public functions ##################################
#Usage: dns_pleskxml_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_pleskxml_add() {
fulldomain=$1
txtvalue=$2
_info "Entering dns_pleskxml_add() to add TXT record '$txtvalue' to domain '$fulldomain'..."
# Get credentials if not already checked, and confirm we can log in to Plesk XML API
if ! _credential_check; then
return 1
fi
# Get root and subdomain details, and Plesk domain ID
if ! _pleskxml_get_root_domain "$fulldomain"; then
return 1
fi
_debug 'Credentials OK, and domain identified. Calling Plesk XML API to add TXT record'
# printf using template in a variable - not a style issue
# shellcheck disable=SC2059
request="$(printf "$pleskxml_tplt_add_txt_record" "$root_domain_id" "$sub_domain_name" "$txtvalue")"
if ! _call_api "$request"; then
return 1
fi
# OK, we should have added a TXT record. Let's check and return success if so.
# All that should be left in the result, is one section, containing <result><status>ok</status><id>NEW_DNS_RECORD_ID</id></result>
results="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>')"
if ! _value "$results" | grep '<status>ok</status>' | grep '<id>[0-9]\{1,\}</id>' >/dev/null; then
# Error - doesn't contain expected string. Something's wrong.
_err 'Error when calling Plesk XML API.'
_err 'The result did not contain the expected <id>XXXXX</id> section, or contained other values as well.'
_err 'This is unexpected: something has gone wrong.'
_err 'The full response was:'
_err "$pleskxml_prettyprint_result"
return 1
fi
recid="$(_value "$results" | grep '<id>[0-9]\{1,\}</id>' | sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/')"
_info "Success. TXT record appears to be correctly added (Plesk record ID=$recid). Exiting dns_pleskxml_add()."
return 0
}
#Usage: dns_pleskxml_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_pleskxml_rm() {
fulldomain=$1
txtvalue=$2
_info "Entering dns_pleskxml_rm() to remove TXT record '$txtvalue' from domain '$fulldomain'..."
# Get credentials if not already checked, and confirm we can log in to Plesk XML API
if ! _credential_check; then
return 1
fi
# Get root and subdomain details, and Plesk domain ID
if ! _pleskxml_get_root_domain "$fulldomain"; then
return 1
fi
_debug 'Credentials OK, and domain identified. Calling Plesk XML API to get list of TXT records and their IDs'
# printf using template in a variable - not a style issue
# shellcheck disable=SC2059
request="$(printf "$pleskxml_tplt_get_dns_records" "$root_domain_id")"
if ! _call_api "$request"; then
return 1
fi
# Reduce output to one line per DNS record, filtered for TXT records with a record ID only (which they should all have)
# Also strip out spaces between tags, redundant <data> and </data> group tags and any <self-closing/> tags
reclist="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' \
| sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' \
| grep "<site-id>${root_domain_id}</site-id>" \
| grep '<id>[0-9]\{1,\}</id>' \
| grep '<type>TXT</type>'
)"
if [ -z "$reclist" ]; then
_err "No TXT records found for root domain ${root_domain_name} (Plesk domain ID ${root_domain_id}). Exiting."
return 1
fi
_debug "Got list of DNS TXT records for root domain '$root_domain_name':"
_debug "$reclist"
recid="$(_value "$reclist" \
| grep "<host>${fulldomain}.</host>" \
| grep "<value>${txtvalue}</value>" \
| sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
)"
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
_err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'"
_err "Cannot delete TXT record. Exiting."
return 1
fi
_debug "Found Plesk record ID for target text string '${txtvalue}': ID=${recid}"
_debug 'Calling Plesk XML API to remove TXT record'
# printf using template in a variable - not a style issue
# shellcheck disable=SC2059
request="$(printf "$pleskxml_tplt_rmv_dns_record" "$recid")"
if ! _call_api "$request"; then
return 1
fi
# OK, we should have removed a TXT record. Let's check and return success if so.
# All that should be left in the result, is one section, containing <result><status>ok</status><id>PLESK_DELETED_DNS_RECORD_ID</id></result>
results="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>')"
if ! _value "$results" | grep '<status>ok</status>' | grep '<id>[0-9]\{1,\}</id>' >/dev/null; then
# Error - doesn't contain expected string. Something's wrong.
_err 'Error when calling Plesk XML API.'
_err 'The result did not contain the expected <id>XXXXX</id> section, or contained other values as well.'
_err 'This is unexpected: something has gone wrong.'
_err 'The full response was:'
_err "$pleskxml_prettyprint_result"
return 1
fi
_info "Success. TXT record appears to be correctly removed. Exiting dns_pleskxml_rm()."
return 0
}
#################### Private functions below (utility functions) ##################################
# Outputs value of a variable without additional newlines etc
_value() {
printf '%s' "$1"
}
# Outputs value of a variable (FQDN) and cuts it at 2 specified '.' delimiters, returning the text in between
# $1, $2 = where to cut
# $3 = FQDN
_valuecut() {
printf '%s' "$3" | cut -d . -f "${1}-${2}"
}
# Counts '.' present in a domain name or other string
# $1 = domain name
_countdots() {
_value "$1" | tr -dc '.' | wc -c | sed 's/ //g'
}
# Cleans up an API response, splits it "one line per item in the response" and greps for a string that in the context, identifies "useful" lines
# $1 - result string from API
# $2 - plain text tag to resplit on (usually "result" or "domain"). NOT REGEX
# $3 - basic regex to recognise useful return lines
# note: $3 matches via basic NOT extended regex (BRE), as extended regex capabilities not needed at the moment.
# Last line could change to <sed -n '/.../p'> instead, with suitable escaping of ['"/$],
# if future Plesk XML API changes ever require extended regex
_api_response_split() {
printf '%s' "$1" \
| sed 's/^ +//;s/ +$//' \
| tr -d '\n\r' \
| sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" \
| grep "$3"
}
#################### Private functions below (DNS functions) ##################################
# Calls Plesk XML API, and checks results for obvious issues
_call_api() {
request="$1"
errtext=''
_debug 'Entered _call_api(). Calling Plesk XML API with request:'
_debug "'$request'"
export _H1="HTTP_AUTH_LOGIN: $pleskxml_user"
export _H2="HTTP_AUTH_PASSWD: $pleskxml_pass"
export _H3="content-Type: text/xml"
export _H4="HTTP_PRETTY_PRINT: true"
pleskxml_prettyprint_result="$(_post "${request}" "$pleskxml_uri" "" "POST")"
pleskxml_retcode="$?"
_debug 'The responses from the Plesk XML server were:'
_debug "retcode=$pleskxml_retcode. Literal response:"
_debug "'$pleskxml_prettyprint_result'"
# Detect any <status> that isn't "ok". None of the used calls should fail if the API is working correctly.
# Also detect if there simply aren't any status lines (null result?) and report that, as well.
statuslines_count_total="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *<status>[^<]*</status> *$')"
statuslines_count_okay="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *<status>ok</status> *$')"
if [ -z "$statuslines_count_total" ]; then
# We have no status lines at all. Results are empty
errtext='The Plesk XML API unexpectedly returned an empty set of results for this call.'
elif [ "$statuslines_count_okay" -ne "$statuslines_count_total" ]; then
# We have some status lines that aren't "ok". Any available details are in API response fields "status" "errcode" and "errtext"
# Workaround for basic regex:
# - filter output to keep only lines like this: "SPACES<TAG>text</TAG>SPACES" (shouldn't be necessary with prettyprint but guarantees subsequent code is ok)
# - then edit the 3 "useful" error tokens individually and remove closing tags on all lines
# - then filter again to remove all lines not edited (which will be the lines not starting A-Z)
errtext="$(_value "$pleskxml_prettyprint_result" \
| grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' \
| sed 's/^ *<status>/Status: /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' \
| grep '^[A-Z]'
)"
fi
if [ "$pleskxml_retcode" -ne 0 ] || [ "$errtext" != "" ]; then
# Call failed, for reasons either in the retcode or the response text...
if [ "$pleskxml_retcode" -eq 0 ]; then
_err "The POST request was successfully sent to the Plesk server."
else
_err "The return code for the POST request was $pleskxml_retcode (non-zero = failure in submitting request to server)."
fi
if [ "$errtext" != "" ]; then
_err 'The error responses received from the Plesk server were:'
_err "$errtext"
else
_err "No additional error messages were received back from the Plesk server"
fi
_err "The Plesk XML API call failed."
return 1
fi
_debug "Leaving _call_api(). Successful call."
return 0
}
# Startup checks (credentials, URI)
_credential_check() {
_debug "Checking Plesk XML API login credentials and URI..."
if [ "$pleskxml_init_checks_done" -eq 1 ]; then
_debug "Initial checks already done, no need to repeat. Skipped."
return 0
fi
pleskxml_user="${pleskxml_user:-$(_readaccountconf_mutable pleskxml_user)}"
pleskxml_pass="${pleskxml_pass:-$(_readaccountconf_mutable pleskxml_pass)}"
pleskxml_uri="${pleskxml_uri:-$(_readaccountconf_mutable pleskxml_uri)}"
if [ -z "$pleskxml_user" ] || [ -z "$pleskxml_pass" ] || [ -z "$pleskxml_uri" ]; then
pleskxml_user=""
pleskxml_pass=""
pleskxml_uri=""
_err "You didn't specify one or more of the Plesk XML API username, password, or URI."
_err "Please create these and try again."
_err "Instructions are in the 'dns_pleskxml' plugin source code or in the acme.sh documentation."
return 1
fi
# Test the API is usable, by trying to read the list of managed domains...
_call_api "$pleskxml_tplt_get_domains"
if [ "$pleskxml_retcode" -ne 0 ]; then
_err 'Failed to access Plesk XML API.'
_err "Please check your login credentials and Plesk URI, and that the URI is reachable, and try again."
return 1
fi
_saveaccountconf_mutable pleskxml_uri "$pleskxml_uri"
_saveaccountconf_mutable pleskxml_user "$pleskxml_user"
_saveaccountconf_mutable pleskxml_pass "$pleskxml_pass"
_debug "Test login to Plesk XML API successful. Login credentials and URI successfully saved to the acme.sh configuration file for future use."
pleskxml_init_checks_done=1
return 0
}
# For a FQDN, identify the root domain managed by Plesk, its domain ID in Plesk, and the host if any.
# IMPORTANT NOTE: a result with host = empty string is OK for this API, see
# https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-dns/managing-dns-records/adding-dns-record.34798
# See notes at top of this file
_pleskxml_get_root_domain() {
original_full_domain_name="$1"
_debug "Identifying DNS root domain for '$original_full_domain_name' that is managed by the Plesk account."
# test if the domain as provided is valid for splitting.
if [ "$(_countdots "$original_full_domain_name")" -eq 0 ]; then
_err "Invalid domain. The ACME domain must contain at least two parts (aa.bb) to identify a domain and tld for the TXT record."
return 1
fi
_debug "Querying Plesk server for list of managed domains..."
_call_api "$pleskxml_tplt_get_domains"
if [ "$pleskxml_retcode" -ne 0 ]; then
return 1
fi
# Generate a crude list of domains known to this Plesk account.
# We convert <ascii-name> tags to <name> so it'll flag on a hit with either <name> or <ascii-name> fields,
# for non-Western character sets.
# Output will be one line per known domain, containing 2 <name> tages and a single <id> tag
# We don't actually need to check for type, name, *and* id, but it guarantees only usable lines are returned.
output="$(_api_response_split "$pleskxml_prettyprint_result" 'domain' '<type>domain</type>' | sed 's/<ascii-name>/<name>/g;s/<\/ascii-name>/<\/name>/g' | grep '<name>' | grep '<id>')"
_debug 'Domains managed by Plesk server are (ignore the hacked output):'
_debug "$output"
# loop and test if domain, or any parent domain, is managed by Plesk
# Loop until we don't have any '.' in the string we're testing as a candidate Plesk-managed domain
root_domain_name="$original_full_domain_name"
while true; do
_debug "Checking if '$root_domain_name' is managed by the Plesk server..."
root_domain_id="$(_value "$output" | grep "<name>$root_domain_name</name>" | _head_n 1 | sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/')"
if [ -n "$root_domain_id" ]; then
# Found a match
# SEE IMPORTANT NOTE ABOVE - THIS FUNCTION CAN RETURN HOST='', AND THAT'S OK FOR PLESK XML API WHICH ALLOWS IT.
# SO WE HANDLE IT AND DON'T PREVENT IT
sub_domain_name="$(_value "$original_full_domain_name" | sed "s/\.\{0,1\}${root_domain_name}"'$//')"
_info "Success. Matched host '$original_full_domain_name' to: DOMAIN '${root_domain_name}' (Plesk ID '${root_domain_id}'), HOST '${sub_domain_name}'. Returning."
return 0
fi
# No match, try next parent up (if any)...
root_domain_name="$(_valuecut 2 1000 "$root_domain_name")"
if [ "$(_countdots "$root_domain_name")" -eq 0 ]; then
_debug "No match, and next parent would be a TLD..."
_err "Cannot find '$original_full_domain_name' or any parent domain of it, in Plesk."
_err "Are you sure that this domain is managed by this Plesk server?"
return 1
fi
_debug "No match, trying next parent up..."
done
}

224
dnsapi/dns_rcode0.sh
View File

@ -0,0 +1,224 @@
#!/usr/bin/env sh
#Rcode0 API Integration
#https://my.rcodezero.at/api-doc
#
# log into https://my.rcodezero.at/enableapi and get your ACME API Token (the ACME API token has limited
# access to the REST calls needed for acme.sh only)
#
#RCODE0_URL="https://my.rcodezero.at"
#RCODE0_API_TOKEN="0123456789ABCDEF"
#RCODE0_TTL=60
DEFAULT_RCODE0_URL="https://my.rcodezero.at"
DEFAULT_RCODE0_TTL=60
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
#fulldomain
#txtvalue
dns_rcode0_add() {
fulldomain=$1
txtvalue=$2
RCODE0_API_TOKEN="${RCODE0_API_TOKEN:-$(_readaccountconf_mutable RCODE0_API_TOKEN)}"
RCODE0_URL="${RCODE0_URL:-$(_readaccountconf_mutable RCODE0_URL)}"
RCODE0_TTL="${RCODE0_TTL:-$(_readaccountconf_mutable RCODE0_TTL)}"
if [ -z "$RCODE0_URL" ]; then
RCODE0_URL="$DEFAULT_RCODE0_URL"
fi
if [ -z "$RCODE0_API_TOKEN" ]; then
RCODE0_API_TOKEN=""
_err "Missing Rcode0 ACME API Token."
_err "Please login and create your token at httsp://my.rcodezero.at/enableapi and try again."
return 1
fi
if [ -z "$RCODE0_TTL" ]; then
RCODE0_TTL="$DEFAULT_RCODE0_TTL"
fi
#save the token to the account conf file.
_saveaccountconf_mutable RCODE0_API_TOKEN "$RCODE0_API_TOKEN"
if [ "$RCODE0_URL" != "$DEFAULT_RCODE0_URL" ]; then
_saveaccountconf_mutable RCODE0_URL "$RCODE0_URL"
fi
if [ "$RCODE0_TTL" != "$DEFAULT_RCODE0_TTL" ]; then
_saveaccountconf_mutable RCODE0_TTL "$RCODE0_TTL"
fi
_debug "Detect root zone"
if ! _get_root "$fulldomain"; then
_err "No 'MASTER' zone for $fulldomain found at RcodeZero Anycast."
return 1
fi
_debug _domain "$_domain"
_debug "Adding record"
_record_string=""
_build_record_string "$txtvalue"
_list_existingchallenges
for oldchallenge in $_existing_challenges; do
_build_record_string "$oldchallenge"
done
_debug "Challenges: $_existing_challenges"
if [ -z "$_existing_challenges" ]; then
if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"add\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then
_err "Add txt record error."
return 1
fi
else
# try update in case a records exists (need for wildcard certs)
if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"update\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then
_err "Set txt record error."
return 1
fi
fi
return 0
}
#fulldomain txtvalue
dns_rcode0_rm() {
fulldomain=$1
txtvalue=$2
RCODE0_API_TOKEN="${RCODE0_API_TOKEN:-$(_readaccountconf_mutable RCODE0_API_TOKEN)}"
RCODE0_URL="${RCODE0_URL:-$(_readaccountconf_mutable RCODE0_URL)}"
RCODE0_TTL="${RCODE0_TTL:-$(_readaccountconf_mutable RCODE0_TTL)}"
if [ -z "$RCODE0_URL" ]; then
RCODE0_URL="$DEFAULT_RCODE0_URL"
fi
if [ -z "$RCODE0_API_TOKEN" ]; then
RCODE0_API_TOKEN=""
_err "Missing Rcode0 API Token."
_err "Please login and create your token at httsp://my.rcodezero.at/enableapi and try again."
return 1
fi
#save the api addr and key to the account conf file.
_saveaccountconf_mutable RCODE0_URL "$RCODE0_URL"
_saveaccountconf_mutable RCODE0_API_TOKEN "$RCODE0_API_TOKEN"
if [ "$RCODE0_TTL" != "$DEFAULT_RCODE0_TTL" ]; then
_saveaccountconf_mutable RCODE0_TTL "$RCODE0_TTL"
fi
if [ -z "$RCODE0_TTL" ]; then
RCODE0_TTL="$DEFAULT_RCODE0_TTL"
fi
_debug "Detect root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug "Remove record"
#Enumerate existing acme challenges
_list_existingchallenges
if _contains "$_existing_challenges" "$txtvalue"; then
#Delete all challenges (PowerDNS API does not allow to delete content)
if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"delete\", \"name\": \"$fulldomain.\", \"type\": \"TXT\"}]"; then
_err "Delete txt record error."
return 1
fi
_record_string=""
#If the only existing challenge was the challenge to delete: nothing to do
if ! [ "$_existing_challenges" = "$txtvalue" ]; then
for oldchallenge in $_existing_challenges; do
#Build up the challenges to re-add, ommitting the one what should be deleted
if ! [ "$oldchallenge" = "$txtvalue" ]; then
_build_record_string "$oldchallenge"
fi
done
#Recreate the existing challenges
if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"update\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then
_err "Set txt record error."
return 1
fi
fi
else
_info "Record not found, nothing to remove"
fi
return 0
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _domain=domain.com
_get_root() {
domain=$1
i=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug "try to find: $h"
if _rcode0_rest "GET" "/api/v1/acme/zones/$h"; then
if [ "$response" = "[\"found\"]" ]; then
_domain="$h"
if [ -z "$h" ]; then
_domain="=2E"
fi
return 0
elif [ "$response" = "[\"not a master domain\"]" ]; then
return 1
fi
fi
if [ -z "$h" ]; then
return 1
fi
i=$(_math $i + 1)
done
_debug "no matching domain for $domain found"
return 1
}
_rcode0_rest() {
method=$1
ep=$2
data=$3
export _H1="Authorization: Bearer $RCODE0_API_TOKEN"
if [ ! "$method" = "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$RCODE0_URL$ep" "" "$method")"
else
response="$(_get "$RCODE0_URL$ep")"
fi
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
return 0
}
_build_record_string() {
_record_string="${_record_string:+${_record_string}, }{\"content\": \"\\\"${1}\\\"\", \"disabled\": false}"
}
_list_existingchallenges() {
_rcode0_rest "GET" "/api/v1/acme/zones/$_domain/rrsets"
_existing_challenges=$(echo "$response" | _normalizeJson | _egrep_o "\"name\":\"${fulldomain}[^]]*}" | _egrep_o 'content\":\"\\"[^\\]*' | sed -n 's/^content":"\\"//p')
_debug2 "$_existing_challenges"
}

147
dnsapi/dns_variomedia.sh
View File

@ -0,0 +1,147 @@
#!/usr/bin/env sh
#
#VARIOMEDIA_API_TOKEN=000011112222333344445555666677778888
VARIOMEDIA_API="https://api.variomedia.de"
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_variomedia_add() {
fulldomain=$1
txtvalue=$2
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
VARIOMEDIA_API_TOKEN="${VARIOMEDIA_API_TOKEN:-$(_readaccountconf_mutable VARIOMEDIA_API_TOKEN)}"
if test -z "$VARIOMEDIA_API_TOKEN"; then
VARIOMEDIA_API_TOKEN=""
_err 'VARIOMEDIA_API_TOKEN was not exported'
return 1
fi
_saveaccountconf_mutable VARIOMEDIA_API_TOKEN "$VARIOMEDIA_API_TOKEN"
_debug 'First detect the root zone'
if ! _get_root "$fulldomain"; then
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
if ! _variomedia_rest POST "dns-records" "{\"data\": {\"type\": \"dns-record\", \"attributes\": {\"record_type\": \"TXT\", \"name\": \"$_sub_domain\", \"domain\": \"$_domain\", \"data\": \"$txtvalue\", \"ttl\":300}}}"; then
_err "$response"
return 1
fi
_debug2 _response "$response"
return 0
}
#fulldomain txtvalue
dns_variomedia_rm() {
fulldomain=$1
txtvalue=$2
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
VARIOMEDIA_API_TOKEN="${VARIOMEDIA_API_TOKEN:-$(_readaccountconf_mutable VARIOMEDIA_API_TOKEN)}"
if test -z "$VARIOMEDIA_API_TOKEN"; then
VARIOMEDIA_API_TOKEN=""
_err 'VARIOMEDIA_API_TOKEN was not exported'
return 1
fi
_saveaccountconf_mutable VARIOMEDIA_API_TOKEN "$VARIOMEDIA_API_TOKEN"
_debug 'First detect the root zone'
if ! _get_root "$fulldomain"; then
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug 'Getting txt records'
if ! _variomedia_rest GET "dns-records?filter[domain]=$_domain"; then
_err 'Error'
return 1
fi
_record_id="$(echo "$response" | cut -d '[' -f2 | cut -d']' -f1 | sed 's/},[ \t]*{/\},§\{/g' | tr § '\n' | grep "$_sub_domain" | grep "$txtvalue" | sed 's/^{//;s/}[,]?$//' | tr , '\n' | tr -d '\"' | grep ^id | cut -d : -f2 | tr -d ' ')"
_debug _record_id "$_record_id"
if [ "$_record_id" ]; then
_info "Successfully retrieved the record id for ACME challenge."
else
_info "Empty record id, it seems no such record."
return 0
fi
if ! _variomedia_rest DELETE "/dns-records/$_record_id"; then
_err "$response"
return 1
fi
_debug2 _response "$response"
return 0
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
fulldomain=$1
i=1
while true; do
h=$(printf "%s" "$fulldomain" | cut -d . -f $i-100)
_debug h "$h"
if [ -z "$h" ]; then
return 1
fi
if ! _variomedia_rest GET "domains/$h"; then
return 1
fi
if _startswith "$response" "\{\"data\":"; then
if _contains "$response" "\"id\": \"$h\""; then
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$h\$//")"
_domain=$h
return 0
fi
fi
i=$(_math "$i" + 1)
done
_debug "root domain not found"
return 1
}
_variomedia_rest() {
m=$1
ep="$2"
data="$3"
_debug "$ep"
export _H1="Authorization: token $VARIOMEDIA_API_TOKEN"
export _H2="Content-Type: application/vnd.api+json"
export _H3="Accept: application/vnd.variomedia.v1+json"
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$VARIOMEDIA_API/$ep" "" "$m")"
else
response="$(_get "$VARIOMEDIA_API/$ep")"
fi
if [ "$?" != "0" ]; then
_err "Error $ep"
return 1
fi
_debug2 response "$response"
return 0
}

2
dnsapi/dns_vscale.sh
View File

@ -102,7 +102,7 @@ _get_root() {
return 1
fi
hostedzone="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$h\".*}")"
hostedzone="$(echo "$response" | tr "{" "\n" | _egrep_o "\"name\":\s*\"$h\".*}")"
if [ "$hostedzone" ]; then
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
if [ "$_domain_id" ]; then

10
dnsapi/dns_vultr.sh
View File

@ -106,9 +106,9 @@ _get_root() {
domain=$1
i=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug h "$h"
if [ -z "$h" ]; then
_domain=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug h "$_domain"
if [ -z "$_domain" ]; then
return 1
fi
@ -119,11 +119,9 @@ _get_root() {
if printf "%s\n" "$response" | grep '^\[.*\]' >/dev/null; then
if _contains "$response" "\"domain\":\"$_domain\""; then
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")"
_domain=$_domain
return 0
else
_err 'Invalid domain'
return 1
_debug "Go to next level of $_domain"
fi
else
_err "$response"

68
notify/dingtalk.sh
View File

@ -0,0 +1,68 @@
#!/usr/bin/env sh
#Support dingtalk webhooks api
#DINGTALK_WEBHOOK="xxxx"
#optional
#DINGTALK_KEYWORD="yyyy"
#DINGTALK_SIGNING_KEY="SEC08ffdbd403cbc3fc8a65xxxxxxxxxxxxxxxxxxxx"
# subject content statusCode
dingtalk_send() {
_subject="$1"
_content="$2"
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
_debug "_subject" "$_subject"
_debug "_content" "$_content"
_debug "_statusCode" "$_statusCode"
DINGTALK_WEBHOOK="${DINGTALK_WEBHOOK:-$(_readaccountconf_mutable DINGTALK_WEBHOOK)}"
if [ -z "$DINGTALK_WEBHOOK" ]; then
DINGTALK_WEBHOOK=""
_err "You didn't specify a dingtalk webhooks DINGTALK_WEBHOOK yet."
_err "You can get yours from https://dingtalk.com"
return 1
fi
_saveaccountconf_mutable DINGTALK_WEBHOOK "$DINGTALK_WEBHOOK"
DINGTALK_KEYWORD="${DINGTALK_KEYWORD:-$(_readaccountconf_mutable DINGTALK_KEYWORD)}"
if [ "$DINGTALK_KEYWORD" ]; then
_saveaccountconf_mutable DINGTALK_KEYWORD "$DINGTALK_KEYWORD"
fi
# DINGTALK_SIGNING_KEY="${DINGTALK_SIGNING_KEY:-$(_readaccountconf_mutable DINGTALK_SIGNING_KEY)}"
# if [ -z "$DINGTALK_SIGNING_KEY" ]; then
# DINGTALK_SIGNING_KEY="value1"
# _info "The DINGTALK_SIGNING_KEY is not set, so use the default value1 as key."
# elif ! _hasfield "$_IFTTT_AVAIL_MSG_KEYS" "$DINGTALK_SIGNING_KEY"; then
# _err "The DINGTALK_SIGNING_KEY \"$DINGTALK_SIGNING_KEY\" is not available, should be one of $_IFTTT_AVAIL_MSG_KEYS"
# DINGTALK_SIGNING_KEY=""
# return 1
# else
# _saveaccountconf_mutable DINGTALK_SIGNING_KEY "$DINGTALK_SIGNING_KEY"
# fi
# if [ "$DINGTALK_SIGNING_KEY" = "$IFTTT_CONTENT_KEY" ]; then
# DINGTALK_SIGNING_KEY=""
# IFTTT_CONTENT_KEY=""
# _err "The DINGTALK_SIGNING_KEY must not be same as IFTTT_CONTENT_KEY."
# return 1
# fi
_content=$(echo "$_content" | _json_encode)
_subject=$(echo "$_subject" | _json_encode)
_data="{\"msgtype\": \"text\", \"text\": {\"content\": \"[$DINGTALK_KEYWORD]\n$_subject\n$_content\"}}"
response="$(_post "$_data" "$DINGTALK_WEBHOOK" "" "POST" "application/json")"
if [ "$?" = "0" ] && _contains "$response" "errmsg\":\"ok"; then
_info "dingtalk webhooks event fired success."
return 0
fi
_err "dingtalk webhooks event fired error."
_err "$response"
return 1
}

2
notify/mailgun.sh
View File

@ -7,7 +7,7 @@
#MAILGUN_REGION="us|eu" #optional, use "us" as default
#MAILGUN_API_DOMAIN="xxxxxx.com" #optional, use the default sandbox domain
#MAILGUN_FROM="xxx@xxxxx.com" #optional, use the default sendbox account
#MAILGUN_FROM="xxx@xxxxx.com" #optional, use the default sandbox account
_MAILGUN_BASE_US="https://api.mailgun.net/v3"
_MAILGUN_BASE_EU="https://api.eu.mailgun.net/v3"

Write Preview
Loading…
Cancel
Save