arabezar
2 months ago
222 changed files with 18608 additions and 4408 deletions
-
2.github/FUNDING.yml
-
40.github/auto-comment.yml
-
726.github/workflows/DNS.yml
-
71.github/workflows/DragonFlyBSD.yml
-
76.github/workflows/FreeBSD.yml
-
116.github/workflows/LetsEncrypt.yml
-
48.github/workflows/Linux.yml
-
60.github/workflows/MacOS.yml
-
71.github/workflows/NetBSD.yml
-
75.github/workflows/Omnios.yml
-
76.github/workflows/OpenBSD.yml
-
49.github/workflows/PebbleStrict.yml
-
75.github/workflows/Solaris.yml
-
103.github/workflows/Ubuntu.yml
-
78.github/workflows/Windows.yml
-
40.github/workflows/dockerhub.yml
-
19.github/workflows/issue.yml
-
30.github/workflows/pr_dns.yml
-
30.github/workflows/pr_notify.yml
-
15.github/workflows/shellcheck.yml
-
20Dockerfile
-
104README.md
-
2896acme.sh
-
88deploy/ali_cdn.sh
-
88deploy/ali_dcdn.sh
-
92deploy/cleverreach.sh
-
98deploy/consul.sh
-
185deploy/cpanel_uapi.sh
-
28deploy/docker.sh
-
1deploy/exim4.sh
-
52deploy/fritzbox.sh
-
26deploy/gcore_cdn.sh
-
2deploy/gitlab.sh
-
166deploy/haproxy.sh
-
2deploy/kong.sh
-
280deploy/lighttpd.sh
-
19deploy/mailcow.sh
-
156deploy/openmediavault.sh
-
177deploy/panos.sh
-
123deploy/peplink.sh
-
132deploy/proxmoxve.sh
-
4deploy/qiniu.sh
-
123deploy/routeros.sh
-
416deploy/ssh.sh
-
111deploy/strongswan.sh
-
483deploy/synology_dsm.sh
-
272deploy/truenas.sh
-
272deploy/unifi.sh
-
88deploy/vault.sh
-
55deploy/vault_cli.sh
-
2deploy/vsftpd.sh
-
238dnsapi/dns_1984hosting.sh
-
69dnsapi/dns_acmedns.sh
-
18dnsapi/dns_acmeproxy.sh
-
17dnsapi/dns_active24.sh
-
21dnsapi/dns_ad.sh
-
153dnsapi/dns_ali.sh
-
185dnsapi/dns_alviy.sh
-
20dnsapi/dns_anx.sh
-
177dnsapi/dns_artfiles.sh
-
69dnsapi/dns_arvan.sh
-
177dnsapi/dns_aurora.sh
-
27dnsapi/dns_autodns.sh
-
107dnsapi/dns_aws.sh
-
208dnsapi/dns_azion.sh
-
255dnsapi/dns_azure.sh
-
88dnsapi/dns_bookmyname.sh
-
245dnsapi/dns_bunny.sh
-
46dnsapi/dns_cf.sh
-
17dnsapi/dns_clouddns.sh
-
43dnsapi/dns_cloudns.sh
-
17dnsapi/dns_cn.sh
-
15dnsapi/dns_conoha.sh
-
79dnsapi/dns_constellix.sh
-
160dnsapi/dns_cpanel.sh
-
165dnsapi/dns_curanet.sh
-
185dnsapi/dns_cx.sh
-
30dnsapi/dns_cyon.sh
-
41dnsapi/dns_da.sh
-
27dnsapi/dns_ddnss.sh
-
49dnsapi/dns_desec.sh
-
25dnsapi/dns_df.sh
-
31dnsapi/dns_dgon.sh
-
188dnsapi/dns_dnsexit.sh
-
86dnsapi/dns_dnshome.sh
-
20dnsapi/dns_dnsimple.sh
-
251dnsapi/dns_dnsservices.sh
-
148dnsapi/dns_do.sh
-
22dnsapi/dns_doapi.sh
-
13dnsapi/dns_domeneshop.sh
-
20dnsapi/dns_dp.sh
-
34dnsapi/dns_dpi.sh
-
14dnsapi/dns_dreamhost.sh
-
26dnsapi/dns_duckdns.sh
-
16dnsapi/dns_durabledns.sh
-
25dnsapi/dns_dyn.sh
-
25dnsapi/dns_dynu.sh
-
36dnsapi/dns_dynv6.sh
-
23dnsapi/dns_easydns.sh
-
473dnsapi/dns_edgedns.sh
@ -1,40 +0,0 @@ |
|||
# Comment to a new issue. |
|||
issuesOpened: > |
|||
If this is a bug report, please upgrade to the latest code and try again: |
|||
|
|||
如果有 bug, 请先更新到最新版试试: |
|||
|
|||
``` |
|||
acme.sh --upgrade |
|||
``` |
|||
|
|||
please also provide the log with `--debug 2`. |
|||
|
|||
同时请提供调试输出 `--debug 2` |
|||
|
|||
see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh |
|||
|
|||
Without `--debug 2` log, your issue will NEVER get replied. |
|||
|
|||
没有调试输出, 你的 issue 不会得到任何解答. |
|||
|
|||
|
|||
pullRequestOpened: > |
|||
First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead. |
|||
|
|||
If this is a PR to support new DNS API or new notification API, please read this guide first: |
|||
https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|||
|
|||
Please check the guide items one by one. |
|||
|
|||
Then add your usage here: |
|||
https://github.com/acmesh-official/acme.sh/wiki/dnsapi |
|||
|
|||
Or some other wiki pages: |
|||
|
|||
https://github.com/acmesh-official/acme.sh/wiki/deployhooks |
|||
|
|||
https://github.com/acmesh-official/acme.sh/wiki/notify |
|||
|
|||
|
|||
|
@ -1,211 +1,515 @@ |
|||
name: DNS |
|||
on: |
|||
push: |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
- '.github/workflows/DNS.yml' |
|||
pull_request: |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
- '.github/workflows/DNS.yml' |
|||
|
|||
|
|||
jobs: |
|||
CheckToken: |
|||
runs-on: ubuntu-latest |
|||
outputs: |
|||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|||
steps: |
|||
- name: Set the value |
|||
id: step_one |
|||
run: | |
|||
if [ "${{secrets.TokenName1}}" ] ; then |
|||
echo "::set-output name=hasToken::true" |
|||
else |
|||
echo "::set-output name=hasToken::false" |
|||
fi |
|||
- name: Check the value |
|||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|||
|
|||
Fail: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'false')" |
|||
steps: |
|||
- name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
|||
run: | |
|||
echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
|||
if [ "${{github.actor}}" != "Neilpang" ]; then |
|||
false |
|||
fi |
|||
|
|||
Docker: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Set env file |
|||
run: | |
|||
cd ../acmetest |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> env.list |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> env.list |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> env.list |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list |
|||
fi |
|||
echo "TEST_DNS_NO_WILDCARD" >> env.list |
|||
echo "TEST_DNS_SLEEP" >> env.list |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && ./rundocker.sh testall |
|||
|
|||
MacOS: |
|||
runs-on: macos-latest |
|||
needs: Docker |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: brew install socat |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
Windows: |
|||
runs-on: windows-latest |
|||
needs: MacOS |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v2 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|||
shell: cmd |
|||
- name: Set ENV |
|||
run: | |
|||
echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: bash |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
FreeBSD: |
|||
runs-on: macos-latest |
|||
needs: Windows |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/freebsd-vm@v0.0.7 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: pkg install -y socat curl |
|||
usesh: true |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
name: DNS |
|||
on: |
|||
workflow_dispatch: |
|||
push: |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
- '.github/workflows/DNS.yml' |
|||
pull_request: |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
- '.github/workflows/DNS.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
jobs: |
|||
CheckToken: |
|||
runs-on: ubuntu-latest |
|||
outputs: |
|||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|||
steps: |
|||
- name: Set the value |
|||
id: step_one |
|||
run: | |
|||
if [ "${{secrets.TokenName1}}" ] ; then |
|||
echo "::set-output name=hasToken::true" |
|||
else |
|||
echo "::set-output name=hasToken::false" |
|||
fi |
|||
- name: Check the value |
|||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|||
|
|||
Fail: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'false')" |
|||
steps: |
|||
- name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
|||
run: | |
|||
echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
|||
if [ "${{github.repository_owner}}" != "acmesh-official" ]; then |
|||
false |
|||
fi |
|||
|
|||
Docker: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Set env file |
|||
run: | |
|||
cd ../acmetest |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env |
|||
fi |
|||
|
|||
- name: Run acmetest |
|||
run: cd ../acmetest && ./rundocker.sh testall |
|||
|
|||
|
|||
|
|||
|
|||
MacOS: |
|||
runs-on: macos-latest |
|||
needs: Docker |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Install tools |
|||
run: brew install socat |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
Windows: |
|||
runs-on: windows-latest |
|||
needs: MacOS |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v4 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s https://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|||
shell: cmd |
|||
- name: Set ENV |
|||
shell: cmd |
|||
run: | |
|||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: bash |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
FreeBSD: |
|||
runs-on: ubuntu-latest |
|||
needs: Windows |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/freebsd-vm@v1 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: pkg install -y socat curl |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
OpenBSD: |
|||
runs-on: ubuntu-latest |
|||
needs: FreeBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/openbsd-vm@v1 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: pkg_add socat curl libiconv |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
NetBSD: |
|||
runs-on: ubuntu-latest |
|||
needs: OpenBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/netbsd-vm@v1 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: | |
|||
/usr/sbin/pkg_add curl socat |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
DragonFlyBSD: |
|||
runs-on: ubuntu-latest |
|||
needs: NetBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/dragonflybsd-vm@v1 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
prepare: | |
|||
pkg install -y curl socat libnghttp2 |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Solaris: |
|||
runs-on: ubuntu-latest |
|||
needs: DragonFlyBSD |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Solaris doesn't accept the expired ISRG X1 root |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/solaris-vm@v1 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
copyback: false |
|||
prepare: pkgutil -y -i socat |
|||
run: | |
|||
pkg set-mediator -v -I default@1.1 openssl |
|||
export PATH=/usr/gnu/bin:$PATH |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
|||
Omnios: |
|||
runs-on: ubuntu-latest |
|||
needs: Solaris |
|||
env: |
|||
TEST_DNS : ${{ secrets.TEST_DNS }} |
|||
TestingDomain: ${{ secrets.TestingDomain }} |
|||
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
|||
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} |
|||
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
|||
CASE: le_test_dnsapi |
|||
TEST_LOCAL: 1 |
|||
DEBUG: ${{ secrets.DEBUG }} |
|||
http_proxy: ${{ secrets.http_proxy }} |
|||
https_proxy: ${{ secrets.https_proxy }} |
|||
HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Omnios doesn't accept the expired ISRG X1 root |
|||
TokenName1: ${{ secrets.TokenName1}} |
|||
TokenName2: ${{ secrets.TokenName2}} |
|||
TokenName3: ${{ secrets.TokenName3}} |
|||
TokenName4: ${{ secrets.TokenName4}} |
|||
TokenName5: ${{ secrets.TokenName5}} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/omnios-vm@v1 |
|||
with: |
|||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
|||
copyback: false |
|||
prepare: pkg install socat |
|||
run: | |
|||
if [ "${{ secrets.TokenName1}}" ] ; then |
|||
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName2}}" ] ; then |
|||
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName3}}" ] ; then |
|||
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName4}}" ] ; then |
|||
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" |
|||
fi |
|||
if [ "${{ secrets.TokenName5}}" ] ; then |
|||
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" |
|||
fi |
|||
cd ../acmetest |
|||
./letest.sh |
|||
|
|||
|
@ -0,0 +1,71 @@ |
|||
name: DragonFlyBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/DragonFlyBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/DragonFlyBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
DragonFlyBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/dragonflybsd-vm@v1 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: | |
|||
pkg install -y curl socat libnghttp2 |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,76 @@ |
|||
name: FreeBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/FreeBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/FreeBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
FreeBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/freebsd-vm@v1 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkg install -y socat curl wget |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -1,116 +0,0 @@ |
|||
name: LetsEncrypt |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
|
|||
|
|||
jobs: |
|||
CheckToken: |
|||
runs-on: ubuntu-latest |
|||
outputs: |
|||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
steps: |
|||
- name: Set the value |
|||
id: step_one |
|||
run: | |
|||
if [ "$NGROK_TOKEN" ] ; then |
|||
echo "::set-output name=hasToken::true" |
|||
else |
|||
echo "::set-output name=hasToken::false" |
|||
fi |
|||
- name: Check the value |
|||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|||
|
|||
Ubuntu: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: sudo apt-get install -y socat |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|||
|
|||
MacOS: |
|||
runs-on: macos-latest |
|||
needs: Ubuntu |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: brew install socat |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|||
|
|||
Windows: |
|||
runs-on: windows-latest |
|||
needs: MacOS |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
#The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port. |
|||
Le_HTTPPort: 8888 |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v2 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|||
shell: cmd |
|||
- name: Set ENV |
|||
run: | |
|||
echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' |
|||
- name: Clone acmetest |
|||
shell: cmd |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: cmd |
|||
run: cd ../acmetest && bash.exe -c ./letest.sh |
|||
|
|||
FreeBSD: |
|||
runs-on: macos-latest |
|||
needs: Windows |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/freebsd-vm@v0.0.7 |
|||
with: |
|||
envs: 'NGROK_TOKEN TEST_LOCAL' |
|||
prepare: pkg install -y socat curl |
|||
usesh: true |
|||
run: | |
|||
cd ../acmetest && ./letest.sh |
|||
|
@ -0,0 +1,48 @@ |
|||
name: Linux |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Linux.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Linux.yml' |
|||
|
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
|
|||
jobs: |
|||
Linux: |
|||
strategy: |
|||
matrix: |
|||
os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Clone acmetest |
|||
run: | |
|||
cd .. \ |
|||
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ |
|||
&& cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./rundocker.sh testplat ${{ matrix.os }} |
|||
|
|||
|
|||
|
@ -0,0 +1,60 @@ |
|||
name: MacOS |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/MacOS.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/MacOS.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
MacOS: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: macos-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Install tools |
|||
run: brew install socat |
|||
- name: Clone acmetest |
|||
run: | |
|||
cd .. \ |
|||
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ |
|||
&& cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& sudo --preserve-env ./letest.sh |
|||
|
|||
|
@ -0,0 +1,71 @@ |
|||
name: NetBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/NetBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/NetBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
NetBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/netbsd-vm@v1 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: | |
|||
/usr/sbin/pkg_add curl socat |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,75 @@ |
|||
name: Omnios |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Omnios.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Omnios.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
Omnios: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/omnios-vm@v1 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkg install socat wget |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,76 @@ |
|||
name: OpenBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/OpenBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/OpenBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
OpenBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/openbsd-vm@v1 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkg_add socat curl wget libnghttp2 |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,75 @@ |
|||
name: Solaris |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Solaris.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Solaris.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
Solaris: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/solaris-vm@v1 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkgutil -y -i socat curl wget |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,103 @@ |
|||
name: Ubuntu |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Ubuntu.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Ubuntu.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
Ubuntu: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
ACME_USE_WGET: 1 |
|||
- TEST_ACME_Server: "ZeroSSL.com" |
|||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
CA_EMAIL: "githubtest@acme.sh" |
|||
TEST_PREFERRED_CHAIN: "" |
|||
- TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" |
|||
CA_ECDSA: "Smallstep Intermediate CA" |
|||
CA: "Smallstep Intermediate CA" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: "" |
|||
NO_REVOKE: 1 |
|||
- TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" |
|||
CA_ECDSA: "Smallstep Intermediate CA" |
|||
CA: "Smallstep Intermediate CA" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: "" |
|||
NO_REVOKE: 1 |
|||
TEST_IPCERT: 1 |
|||
TestingDomain: "172.17.0.1" |
|||
|
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
NO_ECC_384: ${{ matrix.NO_ECC_384 }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
NO_REVOKE: ${{ matrix.NO_REVOKE }} |
|||
TEST_IPCERT: ${{ matrix.TEST_IPCERT }} |
|||
TestingDomain: ${{ matrix.TestingDomain }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- name: Install tools |
|||
run: sudo apt-get install -y socat wget |
|||
- name: Start StepCA |
|||
if: ${{ matrix.TEST_ACME_Server=='https://localhost:9000/acme/acme/directory' }} |
|||
run: | |
|||
docker run --rm -d \ |
|||
-p 9000:9000 \ |
|||
-e "DOCKER_STEPCA_INIT_NAME=Smallstep" \ |
|||
-e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \ |
|||
-e "DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true" \ |
|||
-e "DOCKER_STEPCA_INIT_PASSWORD=test" \ |
|||
--name stepca \ |
|||
smallstep/step-ca:0.23.1 |
|||
|
|||
sleep 5 |
|||
docker exec stepca bash -c "echo test >test" \ |
|||
&& docker exec stepca step ca provisioner add acme --type ACME --admin-subject step --admin-password-file=/home/step/test \ |
|||
&& docker exec stepca kill -1 1 \ |
|||
&& docker exec stepca cat /home/step/certs/root_ca.crt | sudo bash -c "cat - >>/etc/ssl/certs/ca-certificates.crt" |
|||
- name: Clone acmetest |
|||
run: | |
|||
cd .. \ |
|||
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ |
|||
&& cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& sudo --preserve-env ./letest.sh |
|||
|
|||
|
@ -0,0 +1,78 @@ |
|||
name: Windows |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Windows.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Windows.yml' |
|||
|
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
jobs: |
|||
Windows: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: windows-latest |
|||
env: |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_LOCAL: 1 |
|||
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. |
|||
Le_HTTPPort: 8888 |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v4 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s https://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git,xxd |
|||
shell: cmd |
|||
- name: Set ENV |
|||
shell: cmd |
|||
run: | |
|||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin;%PATH% >> %GITHUB_ENV% |
|||
- name: Check ENV |
|||
shell: cmd |
|||
run: | |
|||
echo "PATH=%PATH%" |
|||
- name: Clone acmetest |
|||
shell: cmd |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: cmd |
|||
run: cd ../acmetest && bash.exe -c ./letest.sh |
|||
|
|||
|
|||
|
@ -0,0 +1,19 @@ |
|||
name: "Update issues" |
|||
on: |
|||
issues: |
|||
types: [opened] |
|||
|
|||
jobs: |
|||
comment: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: "Please upgrade to the latest code and try again first. Maybe it's already fixed. ```acme.sh --upgrade``` If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you." |
|||
|
|||
}) |
@ -0,0 +1,30 @@ |
|||
name: Check dns api |
|||
|
|||
on: |
|||
pull_request_target: |
|||
types: |
|||
- opened |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
|
|||
|
|||
jobs: |
|||
welcome: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
await github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: `**Welcome** |
|||
First thing: don't send PR to the master branch, please send to the dev branch instead. |
|||
Please make sure you've read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). |
|||
Then reply on this message, otherwise, your code will not be reviewed or merged. |
|||
We look forward to reviewing your Pull request shortly ✨ |
|||
注意: 必须通过了 [DNS-API-Test](../wiki/DNS-API-Test) 才会被 review. 无论是修改, 还是新加的 dns api, 都必须确保通过这个测试. |
|||
` |
|||
}) |
|||
|
@ -0,0 +1,30 @@ |
|||
name: Check notify api |
|||
|
|||
on: |
|||
pull_request_target: |
|||
types: |
|||
- opened |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'notify/*.sh' |
|||
|
|||
|
|||
jobs: |
|||
welcome: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
await github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: `**Welcome** |
|||
Please make sure you've read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify). |
|||
Then reply on this message, otherwise, your code will not be reviewed or merged. |
|||
We look forward to reviewing your Pull request shortly ✨ |
|||
` |
|||
}) |
|||
|
2896
acme.sh
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,88 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034,SC2154 |
|||
|
|||
# Script to create certificate to Alibaba Cloud CDN |
|||
# |
|||
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun |
|||
# |
|||
# This deployment required following variables |
|||
# export Ali_Key="ALIACCESSKEY" |
|||
# export Ali_Secret="ALISECRETKEY" |
|||
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi |
|||
# |
|||
# To specify the CDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates |
|||
# export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com" |
|||
# If you have multiple CDN domains using the same certificate, just |
|||
# export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com" |
|||
# |
|||
# For DCDN, see ali_dcdn deploy hook |
|||
|
|||
Ali_CDN_API="https://cdn.aliyuncs.com/" |
|||
|
|||
ali_cdn_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# Load dnsapi/dns_ali.sh to reduce the duplicated codes |
|||
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 |
|||
dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)" |
|||
# shellcheck source=/dev/null |
|||
if ! . "$dnsapi_ali"; then |
|||
_err "Error loading file $dnsapi_ali. Please check your API file and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_prepare_ali_credentials || return 1 |
|||
|
|||
_getdeployconf DEPLOY_ALI_CDN_DOMAIN |
|||
if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then |
|||
_savedeployconf DEPLOY_ALI_CDN_DOMAIN "$DEPLOY_ALI_CDN_DOMAIN" |
|||
else |
|||
DEPLOY_ALI_CDN_DOMAIN="$_cdomain" |
|||
fi |
|||
|
|||
# read cert and key files and urlencode both |
|||
_cert=$(_url_encode upper-hex <"$_cfullchain") |
|||
_key=$(_url_encode upper-hex <"$_ckey") |
|||
|
|||
_debug2 _cert "$_cert" |
|||
_debug2 _key "$_key" |
|||
|
|||
## update domain ssl config |
|||
for domain in $DEPLOY_ALI_CDN_DOMAIN; do |
|||
_set_cdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key" |
|||
if _ali_rest "Set CDN domain SSL certificate for $domain" "" POST; then |
|||
_info "Domain $domain certificate has been deployed successfully" |
|||
fi |
|||
done |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# domain pub pri |
|||
_set_cdn_domain_ssl_certificate_query() { |
|||
endpoint=$Ali_CDN_API |
|||
query='' |
|||
query=$query'AccessKeyId='$Ali_Key |
|||
query=$query'&Action=SetCdnDomainSSLCertificate' |
|||
query=$query'&CertType=upload' |
|||
query=$query'&DomainName='$1 |
|||
query=$query'&Format=json' |
|||
query=$query'&SSLPri='$3 |
|||
query=$query'&SSLProtocol=on' |
|||
query=$query'&SSLPub='$2 |
|||
query=$query'&SignatureMethod=HMAC-SHA1' |
|||
query=$query"&SignatureNonce=$(_ali_nonce)" |
|||
query=$query'&SignatureVersion=1.0' |
|||
query=$query'&Timestamp='$(_timestamp) |
|||
query=$query'&Version=2018-05-10' |
|||
} |
@ -0,0 +1,88 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034,SC2154 |
|||
|
|||
# Script to create certificate to Alibaba Cloud DCDN |
|||
# |
|||
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun |
|||
# |
|||
# This deployment required following variables |
|||
# export Ali_Key="ALIACCESSKEY" |
|||
# export Ali_Secret="ALISECRETKEY" |
|||
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi |
|||
# |
|||
# To specify the DCDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates |
|||
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn.example.com" |
|||
# If you have multiple CDN domains using the same certificate, just |
|||
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn1.example.com dcdn2.example.com" |
|||
# |
|||
# For regular CDN, see ali_cdn deploy hook |
|||
|
|||
Ali_DCDN_API="https://dcdn.aliyuncs.com/" |
|||
|
|||
ali_dcdn_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# Load dnsapi/dns_ali.sh to reduce the duplicated codes |
|||
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 |
|||
dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)" |
|||
# shellcheck source=/dev/null |
|||
if ! . "$dnsapi_ali"; then |
|||
_err "Error loading file $dnsapi_ali. Please check your API file and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_prepare_ali_credentials || return 1 |
|||
|
|||
_getdeployconf DEPLOY_ALI_DCDN_DOMAIN |
|||
if [ "$DEPLOY_ALI_DCDN_DOMAIN" ]; then |
|||
_savedeployconf DEPLOY_ALI_DCDN_DOMAIN "$DEPLOY_ALI_DCDN_DOMAIN" |
|||
else |
|||
DEPLOY_ALI_DCDN_DOMAIN="$_cdomain" |
|||
fi |
|||
|
|||
# read cert and key files and urlencode both |
|||
_cert=$(_url_encode upper-hex <"$_cfullchain") |
|||
_key=$(_url_encode upper-hex <"$_ckey") |
|||
|
|||
_debug2 _cert "$_cert" |
|||
_debug2 _key "$_key" |
|||
|
|||
## update domain ssl config |
|||
for domain in $DEPLOY_ALI_DCDN_DOMAIN; do |
|||
_set_dcdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key" |
|||
if _ali_rest "Set DCDN domain SSL certificate for $domain" "" POST; then |
|||
_info "Domain $domain certificate has been deployed successfully" |
|||
fi |
|||
done |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# domain pub pri |
|||
_set_dcdn_domain_ssl_certificate_query() { |
|||
endpoint=$Ali_DCDN_API |
|||
query='' |
|||
query=$query'AccessKeyId='$Ali_Key |
|||
query=$query'&Action=SetDcdnDomainSSLCertificate' |
|||
query=$query'&CertType=upload' |
|||
query=$query'&DomainName='$1 |
|||
query=$query'&Format=json' |
|||
query=$query'&SSLPri='$3 |
|||
query=$query'&SSLProtocol=on' |
|||
query=$query'&SSLPub='$2 |
|||
query=$query'&SignatureMethod=HMAC-SHA1' |
|||
query=$query"&SignatureNonce=$(_ali_nonce)" |
|||
query=$query'&SignatureVersion=1.0' |
|||
query=$query'&Timestamp='$(_timestamp) |
|||
query=$query'&Version=2018-01-15' |
|||
} |
@ -0,0 +1,92 @@ |
|||
#!/usr/bin/env sh |
|||
# Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API. |
|||
# Your OAuth needs the right scope, please contact CleverReach support for that. |
|||
# |
|||
# Written by Jan-Philipp Benecke <github@bnck.me> |
|||
# Public domain, 2020 |
|||
# |
|||
# Following environment variables must be set: |
|||
# |
|||
#export DEPLOY_CLEVERREACH_CLIENT_ID=myid |
|||
#export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret |
|||
|
|||
cleverreach_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_rest_endpoint="https://rest.cleverreach.com" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID |
|||
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET |
|||
_getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID |
|||
|
|||
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then |
|||
_err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." |
|||
return 1 |
|||
fi |
|||
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then |
|||
_err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET." |
|||
return 1 |
|||
fi |
|||
|
|||
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}" |
|||
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" |
|||
_savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
|||
|
|||
_info "Obtaining a CleverReach access token" |
|||
|
|||
_data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}" |
|||
_auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")" |
|||
|
|||
_debug _data "$_data" |
|||
_debug _auth_result "$_auth_result" |
|||
|
|||
_regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$" |
|||
_debug _regex "$_regex" |
|||
_access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") |
|||
|
|||
_debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
|||
|
|||
if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then |
|||
_info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
|||
export _H1="Authorization: Bearer ${_access_token}" |
|||
_subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")" |
|||
_access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p") |
|||
|
|||
_debug _subclient_token_result "$_access_token" |
|||
|
|||
_info "Destroying parent token at CleverReach, as it not needed anymore" |
|||
_destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" |
|||
_debug _destroy_result "$_destroy_result" |
|||
fi |
|||
|
|||
_info "Uploading certificate and key to CleverReach" |
|||
|
|||
_certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" |
|||
export _H1="Authorization: Bearer ${_access_token}" |
|||
_add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")" |
|||
|
|||
if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then |
|||
_info "Destroying token at CleverReach, as it not needed anymore" |
|||
_destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" |
|||
_debug _destroy_result "$_destroy_result" |
|||
fi |
|||
|
|||
if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then |
|||
_info "Uploaded certificate successfully" |
|||
return 0 |
|||
else |
|||
_debug _add_cert_result "$_add_cert_result" |
|||
_err "Unable to update certificate" |
|||
return 1 |
|||
fi |
|||
} |
@ -0,0 +1,98 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Here is a script to deploy cert to hashicorp consul using curl |
|||
# (https://www.consul.io/) |
|||
# |
|||
# it requires following environment variables: |
|||
# |
|||
# CONSUL_PREFIX - this contains the prefix path in consul |
|||
# CONSUL_HTTP_ADDR - consul requires this to find your consul server |
|||
# |
|||
# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available |
|||
# to access the consul server |
|||
|
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
consul_deploy() { |
|||
|
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# validate required env vars |
|||
_getdeployconf CONSUL_PREFIX |
|||
if [ -z "$CONSUL_PREFIX" ]; then |
|||
_err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)" |
|||
return 1 |
|||
fi |
|||
_savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX" |
|||
|
|||
_getdeployconf CONSUL_HTTP_ADDR |
|||
if [ -z "$CONSUL_HTTP_ADDR" ]; then |
|||
_err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)" |
|||
return 1 |
|||
fi |
|||
_savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR" |
|||
|
|||
CONSUL_CMD=$(command -v consul) |
|||
|
|||
# force CLI, but the binary does not exist => error |
|||
if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then |
|||
_err "Cannot find the consul binary!" |
|||
return 1 |
|||
fi |
|||
|
|||
# use the CLI first |
|||
if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then |
|||
_info "Found consul binary, deploying with CLI" |
|||
consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX" |
|||
else |
|||
_info "Did not find consul binary, deploying with API" |
|||
consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN" |
|||
fi |
|||
} |
|||
|
|||
consul_deploy_api() { |
|||
CONSUL_HTTP_ADDR="$1" |
|||
CONSUL_PREFIX="$2" |
|||
CONSUL_HTTP_TOKEN="$3" |
|||
|
|||
URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX" |
|||
export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN" |
|||
|
|||
if [ -n "$FABIO" ]; then |
|||
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1 |
|||
_post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1 |
|||
else |
|||
_post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1 |
|||
_post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1 |
|||
_post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1 |
|||
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1 |
|||
fi |
|||
} |
|||
|
|||
consul_deploy_cli() { |
|||
CONSUL_CMD="$1" |
|||
CONSUL_PREFIX="$2" |
|||
|
|||
if [ -n "$FABIO" ]; then |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1 |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1 |
|||
else |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 |
|||
fi |
|||
} |
@ -0,0 +1,280 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Script for acme.sh to deploy certificates to lighttpd |
|||
# |
|||
# The following variables can be exported: |
|||
# |
|||
# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem" |
|||
# |
|||
# Defines the name of the PEM file. |
|||
# Defaults to "<domain>.pem" |
|||
# |
|||
# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd" |
|||
# |
|||
# Defines location of PEM file for Lighttpd. |
|||
# Defaults to /etc/lighttpd |
|||
# |
|||
# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd" |
|||
# |
|||
# OPTIONAL: Reload command used post deploy |
|||
# This defaults to be a no-op (ie "true"). |
|||
# It is strongly recommended to set this something that makes sense |
|||
# for your distro. |
|||
# |
|||
# export DEPLOY_LIGHTTPD_ISSUER="yes" |
|||
# |
|||
# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer" |
|||
# Note: Required for OCSP stapling to work |
|||
# |
|||
# export DEPLOY_LIGHTTPD_BUNDLE="no" |
|||
# |
|||
# OPTIONAL: Deploy this certificate as part of a multi-cert bundle |
|||
# This adds a suffix to the certificate based on the certificate type |
|||
# eg RSA certificates will have .rsa as a suffix to the file name |
|||
# Lighttpd will load all certificates and provide one or the other |
|||
# depending on client capabilities |
|||
# Note: This functionality requires Lighttpd was compiled against |
|||
# a version of OpenSSL that supports this. |
|||
# |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
lighttpd_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
# Some defaults |
|||
DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd" |
|||
DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem" |
|||
DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no" |
|||
DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes" |
|||
DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true" |
|||
|
|||
_debug _cdomain "${_cdomain}" |
|||
_debug _ckey "${_ckey}" |
|||
_debug _ccert "${_ccert}" |
|||
_debug _cca "${_cca}" |
|||
_debug _cfullchain "${_cfullchain}" |
|||
|
|||
# PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_PEM_PATH |
|||
_debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then |
|||
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}" |
|||
_savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}" |
|||
elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then |
|||
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
|||
fi |
|||
|
|||
# Ensure PEM_PATH exists |
|||
if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then |
|||
_debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists" |
|||
else |
|||
_err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist" |
|||
return 1 |
|||
fi |
|||
|
|||
# PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_PEM_NAME |
|||
_debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then |
|||
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}" |
|||
_savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}" |
|||
elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then |
|||
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
|||
fi |
|||
|
|||
# BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_BUNDLE |
|||
_debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then |
|||
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}" |
|||
_savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}" |
|||
elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then |
|||
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
|||
fi |
|||
|
|||
# ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_ISSUER |
|||
_debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then |
|||
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}" |
|||
_savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}" |
|||
elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then |
|||
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
|||
fi |
|||
|
|||
# RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_RELOAD |
|||
_debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then |
|||
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}" |
|||
_savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}" |
|||
elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then |
|||
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
|||
fi |
|||
|
|||
# Set the suffix depending if we are creating a bundle or not |
|||
if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then |
|||
_info "Bundle creation requested" |
|||
# Initialise $Le_Keylength if its not already set |
|||
if [ -z "${Le_Keylength}" ]; then |
|||
Le_Keylength="" |
|||
fi |
|||
if _isEccKey "${Le_Keylength}"; then |
|||
_info "ECC key type detected" |
|||
_suffix=".ecdsa" |
|||
else |
|||
_info "RSA key type detected" |
|||
_suffix=".rsa" |
|||
fi |
|||
else |
|||
_suffix="" |
|||
fi |
|||
_debug _suffix "${_suffix}" |
|||
|
|||
# Set variables for later |
|||
_pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}" |
|||
_issuer="${_pem}.issuer" |
|||
_ocsp="${_pem}.ocsp" |
|||
_reload="${Le_Deploy_lighttpd_reload}" |
|||
|
|||
_info "Deploying PEM file" |
|||
# Create a temporary PEM file |
|||
_temppem="$(_mktemp)" |
|||
_debug _temppem "${_temppem}" |
|||
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}" |
|||
_ret="$?" |
|||
|
|||
# Check that we could create the temporary file |
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Error code ${_ret} returned during PEM file creation" |
|||
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
|||
return ${_ret} |
|||
fi |
|||
|
|||
# Move PEM file into place |
|||
_info "Moving new certificate into place" |
|||
_debug _pem "${_pem}" |
|||
cat "${_temppem}" >"${_pem}" |
|||
_ret=$? |
|||
|
|||
# Clean up temp file |
|||
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
|||
|
|||
# Deal with any failure of moving PEM file into place |
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Error code ${_ret} returned while moving new certificate into place" |
|||
return ${_ret} |
|||
fi |
|||
|
|||
# Update .issuer file if requested |
|||
if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then |
|||
_info "Updating .issuer file" |
|||
_debug _issuer "${_issuer}" |
|||
cat "${_cca}" >"${_issuer}" |
|||
_ret="$?" |
|||
|
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Error code ${_ret} returned while copying issuer/CA certificate into place" |
|||
return ${_ret} |
|||
fi |
|||
else |
|||
[ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists" |
|||
fi |
|||
|
|||
# Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option |
|||
if [ -z "${Le_OCSP_Staple}" ]; then |
|||
Le_OCSP_Staple="0" |
|||
fi |
|||
if [ "${Le_OCSP_Staple}" = "1" ]; then |
|||
_info "Updating OCSP stapling info" |
|||
_debug _ocsp "${_ocsp}" |
|||
_info "Extracting OCSP URL" |
|||
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}") |
|||
_debug _ocsp_url "${_ocsp_url}" |
|||
|
|||
# Only process OCSP if URL was present |
|||
if [ "${_ocsp_url}" != "" ]; then |
|||
# Extract the hostname from the OCSP URL |
|||
_info "Extracting OCSP URL" |
|||
_ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3) |
|||
_debug _ocsp_host "${_ocsp_host}" |
|||
|
|||
# Only process the certificate if we have a .issuer file |
|||
if [ -r "${_issuer}" ]; then |
|||
# Check if issuer cert is also a root CA cert |
|||
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
|||
_debug _subjectdn "${_subjectdn}" |
|||
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
|||
_debug _issuerdn "${_issuerdn}" |
|||
_info "Requesting OCSP response" |
|||
# If the issuer is a CA cert then our command line has "-CAfile" added |
|||
if [ "${_subjectdn}" = "${_issuerdn}" ]; then |
|||
_cafile_argument="-CAfile \"${_issuer}\"" |
|||
else |
|||
_cafile_argument="" |
|||
fi |
|||
_debug _cafile_argument "${_cafile_argument}" |
|||
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed |
|||
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2) |
|||
_debug _openssl_version "${_openssl_version}" |
|||
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) |
|||
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) |
|||
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then |
|||
_header_sep="=" |
|||
else |
|||
_header_sep=" " |
|||
fi |
|||
# Request the OCSP response from the issuer and store it |
|||
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \ |
|||
-issuer \"${_issuer}\" \ |
|||
-cert \"${_pem}\" \ |
|||
-url \"${_ocsp_url}\" \ |
|||
-header Host${_header_sep}\"${_ocsp_host}\" \ |
|||
-respout \"${_ocsp}\" \ |
|||
-verify_other \"${_issuer}\" \ |
|||
${_cafile_argument} \ |
|||
| grep -q \"${_pem}: good\"" |
|||
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}" |
|||
eval "${_openssl_ocsp_cmd}" |
|||
_ret=$? |
|||
else |
|||
# Non fatal: No issuer file was present so no OCSP stapling file created |
|||
_err "OCSP stapling in use but no .issuer file was present" |
|||
fi |
|||
else |
|||
# Non fatal: No OCSP url was found int the certificate |
|||
_err "OCSP update requested but no OCSP URL was found in certificate" |
|||
fi |
|||
|
|||
# Non fatal: Check return code of openssl command |
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Updating OCSP stapling failed with return code ${_ret}" |
|||
fi |
|||
else |
|||
# An OCSP file was already present but certificate did not have OCSP extension |
|||
if [ -f "${_ocsp}" ]; then |
|||
_err "OCSP was not requested but .ocsp file exists." |
|||
# Could remove the file at this step, although Lighttpd just ignores it in this case |
|||
# rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file" |
|||
fi |
|||
fi |
|||
|
|||
# Reload Lighttpd |
|||
_debug _reload "${_reload}" |
|||
eval "${_reload}" |
|||
_ret=$? |
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Error code ${_ret} during reload" |
|||
return ${_ret} |
|||
else |
|||
_info "Reload successful" |
|||
fi |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,156 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment. |
|||
# The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert. |
|||
# |
|||
# DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command. |
|||
# DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh. |
|||
# |
|||
# returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
openmediavault_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
_getdeployconf DEPLOY_OMV_WEBUI_ADMIN |
|||
|
|||
if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then |
|||
DEPLOY_OMV_WEBUI_ADMIN="admin" |
|||
fi |
|||
|
|||
_savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN" |
|||
|
|||
_getdeployconf DEPLOY_OMV_HOST |
|||
_getdeployconf DEPLOY_OMV_SSH_USER |
|||
|
|||
if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then |
|||
_info "[OMV deploy-hook] Deploy certificate remotely through ssh." |
|||
_savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST" |
|||
_savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER" |
|||
else |
|||
_info "[OMV deploy-hook] Deploy certificate locally." |
|||
fi |
|||
|
|||
if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then |
|||
|
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" |
|||
# shellcheck disable=SC2029 |
|||
_uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
_debug _command "$_command" |
|||
|
|||
if [ -z "$_uuid" ]; then |
|||
_info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" |
|||
# shellcheck disable=SC2029 |
|||
_uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
_debug _command "$_command" |
|||
|
|||
if [ -z "$_uuid" ]; then |
|||
_err "[OMV deploy-hook] An error occured while creating the certificate" |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" |
|||
_fullchain=$(jq <"$_cfullchain" -aRs .) |
|||
_key=$(jq <"$_ckey" -aRs .) |
|||
|
|||
_debug _fullchain "$_fullchain" |
|||
_debug _key "$_key" |
|||
|
|||
_info "[OMV deploy-hook] Updating key and certificate in openmediavault" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" |
|||
# shellcheck disable=SC2029 |
|||
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" |
|||
# shellcheck disable=SC2029 |
|||
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" |
|||
# shellcheck disable=SC2029 |
|||
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_info "[OMV deploy-hook] Asking nginx to reload" |
|||
_command="nginx -s reload" |
|||
# shellcheck disable=SC2029 |
|||
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
else |
|||
|
|||
# shellcheck disable=SC2086 |
|||
_uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq -r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid') |
|||
if [ -z "$_uuid" ]; then |
|||
_info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" |
|||
# shellcheck disable=SC2086 |
|||
_uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq -r '.uuid') |
|||
|
|||
if [ -z "$_uuid" ]; then |
|||
_err "[OMB deploy-hook] An error occured while creating the certificate" |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" |
|||
_fullchain=$(jq <"$_cfullchain" -aRs .) |
|||
_key=$(jq <"$_ckey" -aRs .) |
|||
|
|||
_debug _fullchain "$_fullchain" |
|||
_debug _key "$_key" |
|||
|
|||
_info "[OMV deploy-hook] Updating key and certificate in openmediavault" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" |
|||
_result=$(eval "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" |
|||
_result=$(eval "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" |
|||
_result=$(eval "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_info "[OMV deploy-hook] Asking nginx to reload" |
|||
_command="nginx -s reload" |
|||
_result=$(eval "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
fi |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,123 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Script to deploy cert to Peplink Routers |
|||
# |
|||
# The following environment variables must be set: |
|||
# |
|||
# PEPLINK_Hostname - Peplink hostname |
|||
# PEPLINK_Username - Peplink username to login |
|||
# PEPLINK_Password - Peplink password to login |
|||
# |
|||
# The following environmental variables may be set if you don't like their |
|||
# default values: |
|||
# |
|||
# PEPLINK_Certtype - Certificate type to target for replacement |
|||
# defaults to "webadmin", can be one of: |
|||
# * "chub" (ContentHub) |
|||
# * "openvpn" (OpenVPN CA) |
|||
# * "portal" (Captive Portal SSL) |
|||
# * "webadmin" (Web Admin SSL) |
|||
# * "webproxy" (Proxy Root CA) |
|||
# * "wwan_ca" (Wi-Fi WAN CA) |
|||
# * "wwan_client" (Wi-Fi WAN Client) |
|||
# PEPLINK_Scheme - defaults to "https" |
|||
# PEPLINK_Port - defaults to "443" |
|||
# |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
_peplink_get_cookie_data() { |
|||
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
|||
} |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
peplink_deploy() { |
|||
|
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _cfullchain "$_cfullchain" |
|||
_debug _ckey "$_ckey" |
|||
|
|||
# Get Hostname, Username and Password, but don't save until we successfully authenticate |
|||
_getdeployconf PEPLINK_Hostname |
|||
_getdeployconf PEPLINK_Username |
|||
_getdeployconf PEPLINK_Password |
|||
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then |
|||
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" |
|||
return 1 |
|||
fi |
|||
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname" |
|||
_debug2 PEPLINK_Username "$PEPLINK_Username" |
|||
_secure_debug2 PEPLINK_Password "$PEPLINK_Password" |
|||
|
|||
# Optional certificate type, scheme, and port for Peplink |
|||
_getdeployconf PEPLINK_Certtype |
|||
_getdeployconf PEPLINK_Scheme |
|||
_getdeployconf PEPLINK_Port |
|||
|
|||
# Don't save the certificate type until we verify it exists and is supported |
|||
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" |
|||
_savedeployconf PEPLINK_Port "$PEPLINK_Port" |
|||
|
|||
# Default vaules for certificate type, scheme, and port |
|||
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" |
|||
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" |
|||
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" |
|||
|
|||
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype" |
|||
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme" |
|||
_debug2 PEPLINK_Port "$PEPLINK_Port" |
|||
|
|||
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" |
|||
_debug _base_url "$_base_url" |
|||
|
|||
# Login, get the auth token from the cookie |
|||
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" |
|||
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" |
|||
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" |
|||
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") |
|||
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") |
|||
_debug3 response "$response" |
|||
_debug auth_token "$auth_token" |
|||
|
|||
if [ -z "$auth_token" ]; then |
|||
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." |
|||
_err "Check your username and password." |
|||
return 1 |
|||
fi |
|||
|
|||
_H1="Cookie: $auth_token" |
|||
export _H1 |
|||
_debug2 H1 "${_H1}" |
|||
|
|||
# Now that we know the hostnameusername and password are good, save them |
|||
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" |
|||
_savedeployconf PEPLINK_Username "$PEPLINK_Username" |
|||
_savedeployconf PEPLINK_Password "$PEPLINK_Password" |
|||
|
|||
_info "Generate form POST request" |
|||
|
|||
encoded_key="$(_url_encode <"$_ckey")" |
|||
encoded_fullchain="$(_url_encode <"$_cfullchain")" |
|||
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" |
|||
_debug3 body "$body" |
|||
|
|||
_info "Upload $PEPLINK_Certtype certificate to the Peplink" |
|||
|
|||
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") |
|||
_debug3 response "$response" |
|||
|
|||
if echo "$response" | grep 'Success' >/dev/null; then |
|||
# We've verified this certificate type is valid, so save it |
|||
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" |
|||
_info "Certificate was updated" |
|||
return 0 |
|||
else |
|||
_err "Unable to update certificate, error code $response" |
|||
return 1 |
|||
fi |
|||
} |
@ -0,0 +1,132 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Deploy certificates to a proxmox virtual environment node using the API. |
|||
# |
|||
# Environment variables that can be set are: |
|||
# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to |
|||
# _cdomain. |
|||
# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on. |
|||
# Defaults to 8006. |
|||
# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to. |
|||
# Defaults to the host portion of the server |
|||
# domain name. |
|||
# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root. |
|||
# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates |
|||
# with. Defaults to pam. |
|||
# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the |
|||
# user account. Defaults to acme. |
|||
# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. |
|||
|
|||
proxmoxve_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug2 _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# "Sane" defaults. |
|||
_getdeployconf DEPLOY_PROXMOXVE_SERVER |
|||
if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then |
|||
_target_hostname="$_cdomain" |
|||
else |
|||
_target_hostname="$DEPLOY_PROXMOXVE_SERVER" |
|||
_savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT |
|||
if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then |
|||
_target_port="8006" |
|||
else |
|||
_target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" |
|||
_savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_NODE_NAME |
|||
if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then |
|||
_node_name=$(echo "$_target_hostname" | cut -d. -f1) |
|||
else |
|||
_node_name="$DEPLOY_PROXMOXVE_NODE_NAME" |
|||
_savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" |
|||
|
|||
# Complete URL. |
|||
_target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" |
|||
_debug TARGET_URL "$_target_url" |
|||
|
|||
# More "sane" defaults. |
|||
_getdeployconf DEPLOY_PROXMOXVE_USER |
|||
if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then |
|||
_proxmoxve_user="root" |
|||
else |
|||
_proxmoxve_user="$DEPLOY_PROXMOXVE_USER" |
|||
_savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_USER_REALM |
|||
if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then |
|||
_proxmoxve_user_realm="pam" |
|||
else |
|||
_proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" |
|||
_savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME |
|||
if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then |
|||
_proxmoxve_api_token_name="acme" |
|||
else |
|||
_proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" |
|||
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" |
|||
|
|||
# This is required. |
|||
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY |
|||
if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then |
|||
_err "API key not provided." |
|||
return 1 |
|||
else |
|||
_proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" |
|||
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY "$_proxmoxve_api_token_key" |
|||
|
|||
# PVE API Token header value. Used in "Authorization: PVEAPIToken". |
|||
_proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" |
|||
_debug2 "Auth Header" "$_proxmoxve_header_api_token" |
|||
|
|||
# Ugly. I hate putting heredocs inside functions because heredocs don't |
|||
# account for whitespace correctly but it _does_ work and is several times |
|||
# cleaner than anything else I had here. |
|||
# |
|||
# This dumps the json payload to a variable that should be passable to the |
|||
# _psot function. |
|||
_json_payload=$( |
|||
cat <<HEREDOC |
|||
{ |
|||
"certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')", |
|||
"key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')", |
|||
"node":"$_node_name", |
|||
"restart":"1", |
|||
"force":"1" |
|||
} |
|||
HEREDOC |
|||
) |
|||
_debug2 Payload "$_json_payload" |
|||
|
|||
_info "Push certificates to server" |
|||
export HTTPS_INSECURE=1 |
|||
export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" |
|||
_post "$_json_payload" "$_target_url" "" POST "application/json" |
|||
|
|||
} |
@ -0,0 +1,272 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Here is a scipt to deploy the cert to your TrueNAS using the REST API. |
|||
# https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html |
|||
# |
|||
# Written by Frank Plass github@f-plass.de |
|||
# https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py |
|||
# Thanks to danb35 for your template! |
|||
# |
|||
# Following environment variables must be set: |
|||
# |
|||
# export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI>" |
|||
# |
|||
# The following environmental variables may be set if you don't like their |
|||
# default values: |
|||
# |
|||
# DEPLOY_TRUENAS_HOSTNAME - defaults to localhost |
|||
# DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https |
|||
# |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
truenas_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
_getdeployconf DEPLOY_TRUENAS_APIKEY |
|||
|
|||
if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then |
|||
_err "TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable." |
|||
return 1 |
|||
fi |
|||
_secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" |
|||
|
|||
# Optional hostname, scheme for TrueNAS |
|||
_getdeployconf DEPLOY_TRUENAS_HOSTNAME |
|||
_getdeployconf DEPLOY_TRUENAS_SCHEME |
|||
|
|||
# default values for hostname and scheme |
|||
[ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME="localhost" |
|||
[ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME="http" |
|||
|
|||
_debug2 DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" |
|||
_debug2 DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
|||
|
|||
_api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0" |
|||
_debug _api_url "$_api_url" |
|||
|
|||
_H1="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY" |
|||
_secure_debug3 _H1 "$_H1" |
|||
|
|||
_info "Testing Connection TrueNAS" |
|||
_response=$(_get "$_api_url/system/state") |
|||
_info "TrueNAS system state: $_response." |
|||
|
|||
_info "Getting TrueNAS version" |
|||
_response=$(_get "$_api_url/system/version") |
|||
|
|||
if echo "$_response" | grep -q "SCALE"; then |
|||
_truenas_os=$(echo "$_response" | cut -d '-' -f 2) |
|||
_truenas_version=$(echo "$_response" | cut -d '-' -f 3 | tr -d '"' | cut -d '.' -f 1,2) |
|||
else |
|||
_truenas_os="unknown" |
|||
_truenas_version="unknown" |
|||
fi |
|||
|
|||
_info "Detected TrueNAS system os: $_truenas_os" |
|||
_info "Detected TrueNAS system version: $_truenas_version" |
|||
|
|||
if [ -z "$_response" ]; then |
|||
_err "Unable to authenticate to $_api_url." |
|||
_err 'Check your connection settings are correct, e.g.' |
|||
_err 'DEPLOY_TRUENAS_HOSTNAME="192.168.x.y" or DEPLOY_TRUENAS_HOSTNAME="truenas.example.com".' |
|||
_err 'DEPLOY_TRUENAS_SCHEME="https" or DEPLOY_TRUENAS_SCHEME="http".' |
|||
_err "Verify your TrueNAS API key is valid and set correctly, e.g. DEPLOY_TRUENAS_APIKEY=xxxx...." |
|||
return 1 |
|||
fi |
|||
|
|||
_savedeployconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" |
|||
_savedeployconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" |
|||
_savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
|||
|
|||
_info "Getting current active certificate from TrueNAS" |
|||
_response=$(_get "$_api_url/system/general") |
|||
_active_cert_id=$(echo "$_response" | grep -B2 '"name":' | grep 'id' | tr -d -- '"id: ,') |
|||
_active_cert_name=$(echo "$_response" | grep '"name":' | sed -n 's/.*: "\(.\{1,\}\)",$/\1/p') |
|||
_param_httpsredirect=$(echo "$_response" | grep '"ui_httpsredirect":' | sed -n 's/.*": \(.\{1,\}\),$/\1/p') |
|||
_debug Active_UI_Certificate_ID "$_active_cert_id" |
|||
_debug Active_UI_Certificate_Name "$_active_cert_name" |
|||
_debug Active_UI_http_redirect "$_param_httpsredirect" |
|||
|
|||
if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then |
|||
_info "HTTP->HTTPS redirection is enabled" |
|||
_info "Setting DEPLOY_TRUENAS_SCHEME to 'https'" |
|||
DEPLOY_TRUENAS_SCHEME="https" |
|||
_api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0" |
|||
_savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
|||
fi |
|||
|
|||
_info "Uploading new certificate to TrueNAS" |
|||
_certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')" |
|||
_debug3 _certname "$_certname" |
|||
|
|||
_certData="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}" |
|||
_add_cert_result="$(_post "$_certData" "$_api_url/certificate" "" "POST" "application/json")" |
|||
|
|||
_debug3 _add_cert_result "$_add_cert_result" |
|||
|
|||
_info "Fetching list of installed certificates" |
|||
_cert_list=$(_get "$_api_url/system/general/ui_certificate_choices") |
|||
_cert_id=$(echo "$_cert_list" | grep "$_certname" | sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p') |
|||
|
|||
_debug3 _cert_id "$_cert_id" |
|||
|
|||
_info "Current activate certificate ID: $_cert_id" |
|||
_activateData="{\"ui_certificate\": \"${_cert_id}\"}" |
|||
_activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")" |
|||
|
|||
_debug3 _activate_result "$_activate_result" |
|||
|
|||
_truenas_version_23_10="23.10" |
|||
_truenas_version_24_10="24.10" |
|||
|
|||
_check_version=$(printf "%s\n%s" "$_truenas_version_23_10" "$_truenas_version" | sort -V | head -n 1) |
|||
if [ "$_truenas_os" != "SCALE" ] || [ "$_check_version" != "$_truenas_version_23_10" ]; then |
|||
_info "Checking if WebDAV certificate is the same as the TrueNAS web UI" |
|||
_webdav_list=$(_get "$_api_url/webdav") |
|||
_webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,') |
|||
|
|||
if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then |
|||
_info "Updating the WebDAV certificate" |
|||
_debug _webdav_cert_id "$_webdav_cert_id" |
|||
_webdav_data="{\"certssl\": \"${_cert_id}\"}" |
|||
_activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")" |
|||
_webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | grep '"certssl":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
|||
if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then |
|||
_info "WebDAV certificate updated successfully" |
|||
else |
|||
_err "Unable to set WebDAV certificate" |
|||
_debug3 _activate_webdav_cert "$_activate_webdav_cert" |
|||
_debug3 _webdav_new_cert_id "$_webdav_new_cert_id" |
|||
return 1 |
|||
fi |
|||
_debug3 _webdav_new_cert_id "$_webdav_new_cert_id" |
|||
else |
|||
_info "WebDAV certificate is not configured or is not the same as TrueNAS web UI" |
|||
fi |
|||
|
|||
_info "Checking if S3 certificate is the same as the TrueNAS web UI" |
|||
_s3_list=$(_get "$_api_url/s3") |
|||
_s3_cert_id=$(echo "$_s3_list" | grep '"certificate":' | tr -d -- '"certifa:_ ,') |
|||
|
|||
if [ "$_s3_cert_id" = "$_active_cert_id" ]; then |
|||
_info "Updating the S3 certificate" |
|||
_debug _s3_cert_id "$_s3_cert_id" |
|||
_s3_data="{\"certificate\": \"${_cert_id}\"}" |
|||
_activate_s3_cert="$(_post "$_s3_data" "$_api_url/s3" "" "PUT" "application/json")" |
|||
_s3_new_cert_id=$(echo "$_activate_s3_cert" | _json_decode | grep '"certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
|||
if [ "$_s3_new_cert_id" -eq "$_cert_id" ]; then |
|||
_info "S3 certificate updated successfully" |
|||
else |
|||
_err "Unable to set S3 certificate" |
|||
_debug3 _activate_s3_cert "$_activate_s3_cert" |
|||
_debug3 _s3_new_cert_id "$_s3_new_cert_id" |
|||
return 1 |
|||
fi |
|||
_debug3 _activate_s3_cert "$_activate_s3_cert" |
|||
else |
|||
_info "S3 certificate is not configured or is not the same as TrueNAS web UI" |
|||
fi |
|||
fi |
|||
|
|||
if [ "$_truenas_os" = "SCALE" ]; then |
|||
_check_version=$(printf "%s\n%s" "$_truenas_version_24_10" "$_truenas_version" | sort -V | head -n 1) |
|||
if [ "$_check_version" != "$_truenas_version_24_10" ]; then |
|||
_info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required" |
|||
if _exists jq; then |
|||
_info "Query all chart release" |
|||
_release_list=$(_get "$_api_url/chart/release") |
|||
_related_name_list=$(printf "%s" "$_release_list" | jq -r "[.[] | {name,certId: .config.ingress?.main.tls[]?.scaleCert} | select(.certId==$_active_cert_id) | .name ] | unique") |
|||
_release_length=$(printf "%s" "$_related_name_list" | jq -r "length") |
|||
_info "Found $_release_length related chart release in list: $_related_name_list" |
|||
for i in $(seq 0 $((_release_length - 1))); do |
|||
_release_name=$(echo "$_related_name_list" | jq -r ".[$i]") |
|||
_info "Updating certificate from $_active_cert_id to $_cert_id for chart release: $_release_name" |
|||
#Read the chart release configuration |
|||
_chart_config=$(printf "%s" "$_release_list" | jq -r ".[] | select(.name==\"$_release_name\")") |
|||
#Replace the old certificate id with the new one in path .config.ingress.main.tls[].scaleCert. Then update .config.ingress |
|||
_updated_chart_config=$(printf "%s" "$_chart_config" | jq "(.config.ingress?.main.tls[]? | select(.scaleCert==$_active_cert_id) | .scaleCert ) |= $_cert_id | .config.ingress ") |
|||
_update_chart_result="$(_post "{\"values\" : { \"ingress\" : $_updated_chart_config } }" "$_api_url/chart/release/id/$_release_name" "" "PUT" "application/json")" |
|||
_debug3 _update_chart_result "$_update_chart_result" |
|||
done |
|||
else |
|||
_info "Tool 'jq' does not exists, skip chart release checking" |
|||
fi |
|||
else |
|||
_info "Checking if any app is using the same certificate as TrueNAS web UI. Tool 'jq' is required" |
|||
if _exists jq; then |
|||
_info "Query all apps" |
|||
_app_list=$(_get "$_api_url/app") |
|||
_app_id_list=$(printf "%s" "$_app_list" | jq -r '.[].name') |
|||
_app_length=$(echo "$_app_id_list" | wc -l) |
|||
_info "Found $_app_length apps" |
|||
_info "Checking for each app if an update is needed" |
|||
for i in $(seq 1 "$_app_length"); do |
|||
_app_id=$(echo "$_app_id_list" | sed -n "${i}p") |
|||
_app_config="$(_post "\"$_app_id\"" "$_api_url/app/config" "" "POST" "application/json")" |
|||
# Check if the app use the same certificate TrueNAS web UI |
|||
_app_active_cert_config=$(echo "$_app_config" | _json_decode | jq -r ".ix_certificates[\"$_active_cert_id\"]") |
|||
if [ "$_app_active_cert_config" != "null" ]; then |
|||
_info "Updating certificate from $_active_cert_id to $_cert_id for app: $_app_id" |
|||
#Replace the old certificate id with the new one in path |
|||
_update_app_result="$(_post "{\"values\" : { \"network\": { \"certificate_id\": $_cert_id } } }" "$_api_url/app/id/$_app_id" "" "PUT" "application/json")" |
|||
_debug3 _update_app_result "$_update_app_result" |
|||
fi |
|||
done |
|||
else |
|||
_info "Tool 'jq' does not exists, skip app checking" |
|||
fi |
|||
fi |
|||
fi |
|||
|
|||
_info "Checking if FTP certificate is the same as the TrueNAS web UI" |
|||
_ftp_list=$(_get "$_api_url/ftp") |
|||
_ftp_cert_id=$(echo "$_ftp_list" | grep '"ssltls_certificate":' | tr -d -- '"certislfa:_ ,') |
|||
|
|||
if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then |
|||
_info "Updating the FTP certificate" |
|||
_debug _ftp_cert_id "$_ftp_cert_id" |
|||
_ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}" |
|||
_activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")" |
|||
_ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | grep '"ssltls_certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
|||
if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then |
|||
_info "FTP certificate updated successfully" |
|||
else |
|||
_err "Unable to set FTP certificate" |
|||
_debug3 _activate_ftp_cert "$_activate_ftp_cert" |
|||
_debug3 _ftp_new_cert_id "$_ftp_new_cert_id" |
|||
return 1 |
|||
fi |
|||
_debug3 _activate_ftp_cert "$_activate_ftp_cert" |
|||
else |
|||
_info "FTP certificate is not configured or is not the same as TrueNAS web UI" |
|||
fi |
|||
|
|||
_info "Deleting old certificate" |
|||
_delete_result="$(_post "" "$_api_url/certificate/id/$_active_cert_id" "" "DELETE" "application/json")" |
|||
|
|||
_debug3 _delete_result "$_delete_result" |
|||
|
|||
_info "Reloading TrueNAS web UI" |
|||
_restart_UI=$(_get "$_api_url/system/general/ui_restart") |
|||
_debug2 _restart_UI "$_restart_UI" |
|||
|
|||
if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then |
|||
return 0 |
|||
else |
|||
_err "Certificate update was not succesful, please try again with --debug" |
|||
return 1 |
|||
fi |
|||
} |
@ -0,0 +1,185 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_alviy_info='Alviy.com |
|||
Site: Alviy.com |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_alviy |
|||
Options: |
|||
Alviy_token API token. Get it from the https://cloud.alviy.com/token |
|||
Issues: github.com/acmesh-official/acme.sh/issues/5115 |
|||
' |
|||
|
|||
Alviy_Api="https://cloud.alviy.com/api/v1" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_alviy_add _acme-challenge.www.domain.com "content" |
|||
dns_alviy_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}" |
|||
if [ -z "$Alviy_token" ]; then |
|||
Alviy_token="" |
|||
_err "Please specify Alviy token." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable Alviy_token "$Alviy_token" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting existing records" |
|||
if _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then |
|||
_info "This record already exists, skipping" |
|||
return 0 |
|||
fi |
|||
|
|||
_add_data="{\"content\":\"$txtvalue\",\"type\":\"TXT\"}" |
|||
_debug2 _add_data "$_add_data" |
|||
_info "Adding record" |
|||
if _alviy_rest POST "zone/$_domain/domain/$fulldomain/" "$_add_data"; then |
|||
_debug "Checking updated records of '${fulldomain}'" |
|||
|
|||
if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then |
|||
_err "TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!" |
|||
return 1 |
|||
fi |
|||
|
|||
else |
|||
_err "Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set." |
|||
return 1 |
|||
fi |
|||
|
|||
_sleep 10 |
|||
_info "Added TXT record '${txtvalue}' for '${fulldomain}'." |
|||
return 0 |
|||
} |
|||
|
|||
#fulldomain |
|||
dns_alviy_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then |
|||
_info "The record does not exist, skip" |
|||
return 0 |
|||
fi |
|||
|
|||
_add_data="" |
|||
uuid=$(echo "$response" | tr "{" "\n" | grep "$txtvalue" | tr "," "\n" | grep uuid | cut -d \" -f4) |
|||
# delete record |
|||
_debug "Delete TXT record for '${fulldomain}'" |
|||
if ! _alviy_rest DELETE "zone/$_domain/record/$uuid" "{\"confirm\":1}"; then |
|||
_err "Cannot delete empty TXT record for '$fulldomain'" |
|||
return 1 |
|||
fi |
|||
_info "The record '$fulldomain'='$txtvalue' deleted" |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=3 |
|||
a="init" |
|||
while [ -n "$a" ]; do |
|||
a=$(printf "%s" "$domain" | cut -d . -f $i-) |
|||
i=$((i + 1)) |
|||
done |
|||
n=$((i - 3)) |
|||
h=$(printf "%s" "$domain" | cut -d . -f $n-) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
_alviy_rest GET "zone/$domain/" |
|||
_debug "can't get host from $domain" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _alviy_rest GET "zone/$h/"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" '"code":"NOT_FOUND"'; then |
|||
_debug "$h not found" |
|||
else |
|||
s=$((n - 1)) |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f -$s) |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_alviy_txt_exists() { |
|||
zone=$1 |
|||
domain=$2 |
|||
content_data=$3 |
|||
_debug "Getting existing records" |
|||
|
|||
if ! _alviy_rest GET "zone/$zone/domain/$domain/TXT/"; then |
|||
_info "The record does not exist" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "$3"; then |
|||
_info "The record has other value" |
|||
return 1 |
|||
fi |
|||
# GOOD code return - TRUE function |
|||
return 0 |
|||
} |
|||
|
|||
_alviy_rest() { |
|||
method=$1 |
|||
path="$2" |
|||
content_data="$3" |
|||
_debug "$path" |
|||
|
|||
export _H1="Authorization: Bearer $Alviy_token" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
if [ "$content_data" ] || [ "$method" = "DELETE" ]; then |
|||
_debug "data ($method): " "$content_data" |
|||
response="$(_post "$content_data" "$Alviy_Api/$path" "" "$method")" |
|||
else |
|||
response="$(_get "$Alviy_Api/$path")" |
|||
fi |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
if [ "$_code" = "401" ]; then |
|||
_err "It seems that your api key or secret is not correct." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ "$_code" != "200" ]; then |
|||
_err "API call error ($method): $path Response code $_code" |
|||
fi |
|||
if [ "$?" != "0" ]; then |
|||
_err "error on rest call ($method): $path. Response:" |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,177 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_artfiles_info='ArtFiles.de |
|||
Site: ArtFiles.de |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_artfiles |
|||
Options: |
|||
AF_API_USERNAME API Username |
|||
AF_API_PASSWORD API Password |
|||
Issues: github.com/acmesh-official/acme.sh/issues/4718 |
|||
Author: Martin Arndt <https://troublezone.net/> |
|||
' |
|||
|
|||
########## API configuration ################################################### |
|||
|
|||
AF_API_SUCCESS='status":"OK' |
|||
AF_URL_DCP='https://dcp.c.artfiles.de/api/' |
|||
AF_URL_DNS=${AF_URL_DCP}'dns/{*}_dns.html?domain=' |
|||
AF_URL_DOMAINS=${AF_URL_DCP}'domain/get_domains.html' |
|||
|
|||
########## Public functions #################################################### |
|||
|
|||
# Adds a new TXT record for given ACME challenge value & domain. |
|||
# Usage: dns_artfiles_add _acme-challenge.www.example.com "ACME challenge value" |
|||
dns_artfiles_add() { |
|||
domain="$1" |
|||
txtValue="$2" |
|||
_info 'Using ArtFiles.de DNS addition API…' |
|||
_debug 'Domain' "$domain" |
|||
_debug 'txtValue' "$txtValue" |
|||
|
|||
_set_credentials |
|||
_saveaccountconf_mutable 'AF_API_USERNAME' "$AF_API_USERNAME" |
|||
_saveaccountconf_mutable 'AF_API_PASSWORD' "$AF_API_PASSWORD" |
|||
|
|||
_set_headers |
|||
_get_zone "$domain" |
|||
_dns 'GET' |
|||
if ! _contains "$response" 'TXT'; then |
|||
_err 'Retrieving TXT records failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_clean_records |
|||
_dns 'SET' "$(printf -- '%s\n_acme-challenge "%s"' "$response" "$txtValue")" |
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err 'Adding ACME challenge value failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Removes the existing TXT record for given ACME challenge value & domain. |
|||
# Usage: dns_artfiles_rm _acme-challenge.www.example.com "ACME challenge value" |
|||
dns_artfiles_rm() { |
|||
domain="$1" |
|||
txtValue="$2" |
|||
_info 'Using ArtFiles.de DNS removal API…' |
|||
_debug 'Domain' "$domain" |
|||
_debug 'txtValue' "$txtValue" |
|||
|
|||
_set_credentials |
|||
_set_headers |
|||
_get_zone "$domain" |
|||
if ! _dns 'GET'; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "$txtValue"; then |
|||
_err 'Retrieved TXT records are missing given ACME challenge value.' |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_clean_records |
|||
response="$(printf -- '%s' "$response" | sed '/_acme-challenge "'"$txtValue"'"/d')" |
|||
_dns 'SET' "$response" |
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err 'Removing ACME challenge value failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
########## Private functions ################################################### |
|||
|
|||
# Cleans awful TXT records response of ArtFiles's API & pretty prints it. |
|||
# Usage: _clean_records |
|||
_clean_records() { |
|||
_info 'Cleaning TXT records…' |
|||
# Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid |
|||
# usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\' |
|||
# from '\"' & turn '\n' into real LF characters. |
|||
# Yup, awful API to use - but that's all we got to get this working, so… ;) |
|||
_debug2 'Raw ' "$response" |
|||
response="$(printf -- '%s' "$response" | sed 's/^.*TXT":"\([^}]*\).*$/\1/;s/,".*$//;s/.$//;s/\\"/"/g;s/\\n/\n/g')" |
|||
_debug2 'Clean' "$response" |
|||
} |
|||
|
|||
# Executes an HTTP GET or POST request for getting or setting DNS records, |
|||
# containing given payload upon POST. |
|||
# Usage: _dns [GET | SET] [payload] |
|||
_dns() { |
|||
_info 'Executing HTTP request…' |
|||
action="$1" |
|||
payload="$(printf -- '%s' "$2" | _url_encode)" |
|||
url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" |
|||
|
|||
if [ "$action" = 'SET' ]; then |
|||
_debug2 'Payload' "$payload" |
|||
response="$(_post '' "$url&TXT=$payload" '' 'POST' 'application/x-www-form-urlencoded')" |
|||
else |
|||
response="$(_get "$url" '' 10)" |
|||
fi |
|||
|
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err "DNS API error: $response" |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'Response' "$response" |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# Gets the root domain zone for given domain. |
|||
# Usage: _get_zone _acme-challenge.www.example.com |
|||
_get_zone() { |
|||
fqdn="$1" |
|||
domains="$(_get "$AF_URL_DOMAINS" '' 10)" |
|||
_info 'Getting domain zone…' |
|||
_debug2 'FQDN' "$fqdn" |
|||
_debug2 'Domains' "$domains" |
|||
|
|||
while _contains "$fqdn" "."; do |
|||
if _contains "$domains" "$fqdn"; then |
|||
domain="$fqdn" |
|||
_info "Found root domain zone: $domain" |
|||
break |
|||
else |
|||
fqdn="${fqdn#*.}" |
|||
_debug2 'FQDN' "$fqdn" |
|||
fi |
|||
done |
|||
|
|||
if [ "$domain" = "$fqdn" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
_err 'Couldn'\''t find root domain zone.' |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
# Sets the credentials for accessing ArtFiles's API |
|||
# Usage: _set_credentials |
|||
_set_credentials() { |
|||
_info 'Setting credentials…' |
|||
AF_API_USERNAME="${AF_API_USERNAME:-$(_readaccountconf_mutable AF_API_USERNAME)}" |
|||
AF_API_PASSWORD="${AF_API_PASSWORD:-$(_readaccountconf_mutable AF_API_PASSWORD)}" |
|||
if [ -z "$AF_API_USERNAME" ] || [ -z "$AF_API_PASSWORD" ]; then |
|||
_err 'Missing ArtFiles.de username and/or password.' |
|||
_err 'Please ensure both are set via export command & try again.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Adds the HTTP Authorization & Content-Type headers to a follow-up request. |
|||
# Usage: _set_headers |
|||
_set_headers() { |
|||
_info 'Setting headers…' |
|||
encoded="$(printf -- '%s:%s' "$AF_API_USERNAME" "$AF_API_PASSWORD" | _base64)" |
|||
export _H1="Authorization: Basic $encoded" |
|||
export _H2='Content-Type: application/json' |
|||
} |
@ -0,0 +1,177 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_aurora_info='versio.nl AuroraDNS |
|||
Domains: pcextreme.nl |
|||
Site: versio.nl |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_aurora |
|||
Options: |
|||
AURORA_Key API Key |
|||
AURORA_Secret API Secret |
|||
Issues: github.com/acmesh-official/acme.sh/issues/3459 |
|||
Author: Jasper Zonneveld |
|||
' |
|||
|
|||
AURORA_Api="https://api.auroradns.eu" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_aurora_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" |
|||
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" |
|||
|
|||
if [ -z "$AURORA_Key" ] || [ -z "$AURORA_Secret" ]; then |
|||
AURORA_Key="" |
|||
AURORA_Secret="" |
|||
_err "You didn't specify an Aurora api key and secret yet." |
|||
_err "You can get yours from here https://cp.pcextreme.nl/auroradns/users." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and secret to the account conf file. |
|||
_saveaccountconf_mutable AURORA_Key "$AURORA_Key" |
|||
_saveaccountconf_mutable AURORA_Secret "$AURORA_Secret" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_info "Adding record" |
|||
if _aurora_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":300}"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
elif _contains "$response" "RecordExistsError"; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
|
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_aurora_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" |
|||
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting records" |
|||
_aurora_rest GET "zones/${_domain_id}/records" |
|||
|
|||
if ! _contains "$response" "$txtvalue"; then |
|||
_info "Don't need to remove." |
|||
else |
|||
records=$(echo "$response" | _normalizeJson | tr -d "[]" | sed "s/},{/}|{/g" | tr "|" "\n") |
|||
if [ "$(echo "$records" | wc -l)" -le 2 ]; then |
|||
_err "Can not parse records." |
|||
return 1 |
|||
fi |
|||
record_id=$(echo "$records" | grep "\"type\": *\"TXT\"" | grep "\"name\": *\"$_sub_domain\"" | grep "\"content\": *\"$txtvalue\"" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
|||
_debug "record_id" "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id to remove." |
|||
return 1 |
|||
fi |
|||
if ! _aurora_rest DELETE "zones/$_domain_id/records/$record_id"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
return 0 |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _aurora_rest GET "zones/$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\": \"$h\""; then |
|||
_domain_id=$(echo "$response" | _normalizeJson | tr -d "{}" | tr "," "\n" | grep "\"id\": *\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
|||
_debug _domain_id "$_domain_id" |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_aurora_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
key_trimmed=$(echo "$AURORA_Key" | tr -d '"') |
|||
secret_trimmed=$(echo "$AURORA_Secret" | tr -d '"') |
|||
|
|||
timestamp=$(date -u +"%Y%m%dT%H%M%SZ") |
|||
signature=$(printf "%s/%s%s" "$m" "$ep" "$timestamp" | _hmac sha256 "$(printf "%s" "$secret_trimmed" | _hex_dump | tr -d " ")" | _base64) |
|||
authorization=$(printf "AuroraDNSv1 %s" "$(printf "%s:%s" "$key_trimmed" "$signature" | _base64)") |
|||
|
|||
export _H1="Content-Type: application/json; charset=UTF-8" |
|||
export _H2="X-AuroraDNS-Date: $timestamp" |
|||
export _H3="Authorization: $authorization" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$AURORA_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$AURORA_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,208 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_azion_info='Azion.om |
|||
Site: Azion.com |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_azion |
|||
Options: |
|||
AZION_Email Email |
|||
AZION_Password Password |
|||
Issues: github.com/acmesh-official/acme.sh/issues/3555 |
|||
' |
|||
|
|||
AZION_Api="https://api.azionapi.net" |
|||
|
|||
######## Public functions ######## |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
dns_azion_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_debug "Detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Domain not found" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
_info "Add or update record" |
|||
_get_record "$_domain_id" "$_sub_domain" |
|||
if [ "$record_id" ]; then |
|||
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}" |
|||
if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Record updated." |
|||
return 0 |
|||
fi |
|||
fi |
|||
else |
|||
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}" |
|||
if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Record added." |
|||
return 0 |
|||
fi |
|||
fi |
|||
fi |
|||
_err "Failed to add or update record." |
|||
return 1 |
|||
} |
|||
|
|||
# Usage: fulldomain txtvalue |
|||
# Used to remove the txt record after validation |
|||
dns_azion_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_debug "Detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Domain not found" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
_info "Removing record" |
|||
_get_record "$_domain_id" "$_sub_domain" |
|||
if [ "$record_id" ]; then |
|||
if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then |
|||
_info "Record removed." |
|||
return 0 |
|||
else |
|||
_err "Failed to remove record." |
|||
return 1 |
|||
fi |
|||
else |
|||
_info "Record not found or already removed." |
|||
return 0 |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
# Usage: _acme-challenge.www.domain.com |
|||
# returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
if ! _azion_rest GET "intelligent_dns"; then |
|||
return 1 |
|||
fi |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
# not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"domain\":\"$h\""; then |
|||
_domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
|||
_debug _domain_id "$_domain_id" |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_get_record() { |
|||
_domain_id=$1 |
|||
_record=$2 |
|||
|
|||
if ! _azion_rest GET "intelligent_dns/$_domain_id/records"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"entry\":\"$_record\""; then |
|||
_json_record=$(echo "$response" | tr '{' "\n" | grep "\"entry\":\"$_record\"") |
|||
if [ "$_json_record" ]; then |
|||
record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
|||
answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\]) |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_get_token() { |
|||
AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}" |
|||
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}" |
|||
|
|||
if ! _contains "$AZION_Email" "@"; then |
|||
_err "It seems that the AZION_Email is not a valid email address. Revalidate your environments." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then |
|||
_err "You didn't specified a AZION_Email/AZION_Password to generate Azion token." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable AZION_Email "$AZION_Email" |
|||
_saveaccountconf_mutable AZION_Password "$AZION_Password" |
|||
|
|||
_basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64) |
|||
_debug _basic_auth "$_basic_auth" |
|||
|
|||
export _H1="Accept: application/json; version=3" |
|||
export _H2="Content-Type: application/json" |
|||
export _H3="Authorization: Basic $_basic_auth" |
|||
|
|||
response="$(_post "" "$AZION_Api/tokens" "" "POST")" |
|||
if _contains "$response" "\"token\":\"" >/dev/null; then |
|||
_azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") |
|||
export AZION_Token="$_azion_token" |
|||
else |
|||
_err "Failed to generate Azion token" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
_azion_rest() { |
|||
_method=$1 |
|||
_uri="$2" |
|||
_data="$3" |
|||
|
|||
if [ -z "$AZION_Token" ]; then |
|||
_get_token |
|||
fi |
|||
_debug2 token "$AZION_Token" |
|||
|
|||
export _H1="Accept: application/json; version=3" |
|||
export _H2="Content-Type: application/json" |
|||
export _H3="Authorization: token $AZION_Token" |
|||
|
|||
if [ "$_method" != "GET" ]; then |
|||
_debug _data "$_data" |
|||
response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")" |
|||
else |
|||
response="$(_get "$AZION_Api/$_uri")" |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $_method $_uri $_data" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
@ -0,0 +1,88 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_bookmyname_info='BookMyName.com |
|||
Site: BookMyName.com |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bookmyname |
|||
Options: |
|||
BOOKMYNAME_USERNAME Username |
|||
BOOKMYNAME_PASSWORD Password |
|||
Issues: github.com/acmesh-official/acme.sh/issues/3209 |
|||
Author: Neilpang |
|||
' |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# BookMyName urls: |
|||
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' |
|||
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' |
|||
|
|||
# Output: |
|||
#good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX |
|||
#good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX |
|||
|
|||
# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised. |
|||
|
|||
# Usage: |
|||
# export BOOKMYNAME_USERNAME="ABCDE-FREE" |
|||
# export BOOKMYNAME_PASSWORD="MyPassword" |
|||
# /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld |
|||
|
|||
#Usage: dns_bookmyname_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_bookmyname_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using bookmyname" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
|||
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
|||
|
|||
if [ -z "$BOOKMYNAME_USERNAME" ] || [ -z "$BOOKMYNAME_PASSWORD" ]; then |
|||
BOOKMYNAME_USERNAME="" |
|||
BOOKMYNAME_PASSWORD="" |
|||
_err "You didn't specify BookMyName username and password yet." |
|||
_err "Please specify them and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable BOOKMYNAME_USERNAME "$BOOKMYNAME_USERNAME" |
|||
_saveaccountconf_mutable BOOKMYNAME_PASSWORD "$BOOKMYNAME_PASSWORD" |
|||
|
|||
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
|||
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}" |
|||
result="$(_get "${uri}${data}")" |
|||
_debug "Result: $result" |
|||
|
|||
if ! _startswith "$result" 'good: update done, cid '; then |
|||
_err "Can't add $fulldomain" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_bookmyname_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using bookmyname" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
|||
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
|||
|
|||
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
|||
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}" |
|||
result="$(_get "${uri}${data}")" |
|||
_debug "Result: $result" |
|||
|
|||
if ! _startswith "$result" 'good: remove done 1, cid '; then |
|||
_info "Can't remove $fulldomain" |
|||
fi |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
@ -0,0 +1,245 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_bunny_info='Bunny.net |
|||
Site: Bunny.net/dns/ |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bunny |
|||
Options: |
|||
BUNNY_API_KEY API Key |
|||
Issues: github.com/acmesh-official/acme.sh/issues/4296 |
|||
Author: <nosilver4u@ewww.io> |
|||
' |
|||
|
|||
##################### Public functions ##################### |
|||
|
|||
## Create the text record for validation. |
|||
## Usage: fulldomain txtvalue |
|||
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" |
|||
dns_bunny_add() { |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
txtvalue=$2 |
|||
|
|||
BUNNY_API_KEY="${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}" |
|||
# Check if API Key is set |
|||
if [ -z "$BUNNY_API_KEY" ]; then |
|||
BUNNY_API_KEY="" |
|||
_err "You did not specify Bunny.net API key." |
|||
_err "Please export BUNNY_API_KEY and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Using Bunny.net dns validation - add record" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## save the env vars (key and domain split location) for later automated use |
|||
_saveaccountconf_mutable BUNNY_API_KEY "$BUNNY_API_KEY" |
|||
|
|||
## split the domain for Bunny API |
|||
if ! _get_base_domain "$fulldomain"; then |
|||
_err "domain not found in your account for addition" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
## Set the header with our post type and auth key |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
export _H3="Content-Type: application/json" |
|||
PURL="https://api.bunny.net/dnszone/$_domain_id/records" |
|||
PBODY='{"Id":'$_domain_id',"Type":3,"Name":"'$_sub_domain'","Value":"'$txtvalue'","ttl":120}' |
|||
|
|||
_debug PURL "$PURL" |
|||
_debug PBODY "$PBODY" |
|||
|
|||
## the create request - POST |
|||
## args: BODY, URL, [need64, httpmethod] |
|||
response="$(_post "$PBODY" "$PURL" "" "PUT")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in response: $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
## finished correctly |
|||
return 0 |
|||
} |
|||
|
|||
## Remove the txt record after validation. |
|||
## Usage: fulldomain txtvalue |
|||
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" |
|||
dns_bunny_rm() { |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
txtvalue=$2 |
|||
|
|||
BUNNY_API_KEY="${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}" |
|||
# Check if API Key Exists |
|||
if [ -z "$BUNNY_API_KEY" ]; then |
|||
BUNNY_API_KEY="" |
|||
_err "You did not specify Bunny.net API key." |
|||
_err "Please export BUNNY_API_KEY and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Using Bunny.net dns validation - remove record" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## split the domain for Bunny API |
|||
if ! _get_base_domain "$fulldomain"; then |
|||
_err "Domain not found in your account for TXT record removal" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
## Set the header with our post type and key auth key |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
## get URL for the list of DNS records |
|||
GURL="https://api.bunny.net/dnszone/$_domain_id" |
|||
|
|||
## 1) Get the domain/zone records |
|||
## the fetch request - GET |
|||
## args: URL, [onlyheader, timeout] |
|||
domain_list="$(_get "$GURL")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in domain_list response: $domain_list" |
|||
return 1 |
|||
fi |
|||
_debug2 domain_list "$domain_list" |
|||
|
|||
## 2) search through records |
|||
## check for what we are looking for: "Type":3,"Value":"$txtvalue","Name":"$_sub_domain" |
|||
record="$(echo "$domain_list" | _egrep_o "\"Id\"\s*\:\s*\"*[0-9]+\"*,\s*\"Type\"[^}]*\"Value\"\s*\:\s*\"$txtvalue\"[^}]*\"Name\"\s*\:\s*\"$_sub_domain\"")" |
|||
|
|||
if [ -n "$record" ]; then |
|||
|
|||
## We found records |
|||
rec_ids="$(echo "$record" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug rec_ids "$rec_ids" |
|||
if [ -n "$rec_ids" ]; then |
|||
echo "$rec_ids" | while IFS= read -r rec_id; do |
|||
## delete the record |
|||
## delete URL for removing the one we dont want |
|||
DURL="https://api.bunny.net/dnszone/$_domain_id/records/$rec_id" |
|||
|
|||
## the removal request - DELETE |
|||
## args: BODY, URL, [need64, httpmethod] |
|||
response="$(_post "" "$DURL" "" "DELETE")" |
|||
|
|||
## check response (sort of) |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in remove response: $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
done |
|||
fi |
|||
fi |
|||
|
|||
## finished correctly |
|||
return 0 |
|||
} |
|||
|
|||
##################### Private functions below ##################### |
|||
|
|||
## Split the domain provided into the "base domain" and the "start prefix". |
|||
## This function searches for the longest subdomain in your account |
|||
## for the full domain given and splits it into the base domain (zone) |
|||
## and the prefix/record to be added/removed |
|||
## USAGE: fulldomain |
|||
## EG: "_acme-challenge.two.three.four.domain.com" |
|||
## returns |
|||
## _sub_domain="_acme-challenge.two" |
|||
## _domain="three.four.domain.com" *IF* zone "three.four.domain.com" exists |
|||
## _domain_id=234 |
|||
## if only "domain.com" exists it will return |
|||
## _sub_domain="_acme-challenge.two.three.four" |
|||
## _domain="domain.com" |
|||
## _domain_id=234 |
|||
_get_base_domain() { |
|||
# args |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
_debug fulldomain "$fulldomain" |
|||
|
|||
# domain max legal length = 253 |
|||
MAX_DOM=255 |
|||
page=1 |
|||
|
|||
## get a list of domains for the account to check thru |
|||
## Set the headers |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
_debug BUNNY_API_KEY "$BUNNY_API_KEY" |
|||
## get URL for the list of domains |
|||
## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}} |
|||
DOMURL="https://api.bunny.net/dnszone" |
|||
|
|||
## while we dont have a matching domain we keep going |
|||
while [ -z "$found" ]; do |
|||
## get the domain list (current page) |
|||
domain_list="$(_get "$DOMURL")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in domain_list response: $domain_list" |
|||
return 1 |
|||
fi |
|||
_debug2 domain_list "$domain_list" |
|||
|
|||
i=1 |
|||
while [ "$i" -gt 0 ]; do |
|||
## get next longest domain |
|||
_domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM") |
|||
## check we got something back from our cut (or are we at the end) |
|||
if [ -z "$_domain" ]; then |
|||
break |
|||
fi |
|||
## we got part of a domain back - grep it out |
|||
found="$(echo "$domain_list" | _egrep_o "\"Id\"\s*:\s*\"*[0-9]+\"*,\s*\"Domain\"\s*\:\s*\"$_domain\"")" |
|||
## check if it exists |
|||
if [ -n "$found" ]; then |
|||
## exists - exit loop returning the parts |
|||
sub_point=$(_math "$i" - 1) |
|||
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") |
|||
_domain_id="$(echo "$found" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _domain "$_domain" |
|||
_debug _sub_domain "$_sub_domain" |
|||
found="" |
|||
return 0 |
|||
fi |
|||
## increment cut point $i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
if [ -z "$found" ]; then |
|||
page=$(_math "$page" + 1) |
|||
nextpage="https://api.bunny.net/dnszone?page=$page" |
|||
## Find the next page if we don't have a match. |
|||
hasnextpage="$(echo "$domain_list" | _egrep_o "\"HasMoreItems\"\s*:\s*true")" |
|||
if [ -z "$hasnextpage" ]; then |
|||
_err "No record and no nextpage in Bunny.net domain search." |
|||
found="" |
|||
return 1 |
|||
fi |
|||
_debug2 nextpage "$nextpage" |
|||
DOMURL="$nextpage" |
|||
fi |
|||
|
|||
done |
|||
|
|||
## We went through the entire domain zone list and didn't find one that matched. |
|||
## If we ever get here, something is broken in the code... |
|||
_err "Domain not found in Bunny.net account, but we should never get here!" |
|||
found="" |
|||
return 1 |
|||
} |
@ -0,0 +1,160 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_cpanel_info='cPanel Server API |
|||
Manage DNS via cPanel Dashboard. |
|||
Site: cPanel.net |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_cpanel |
|||
Options: |
|||
cPanel_Username Username |
|||
cPanel_Apitoken API Token |
|||
cPanel_Hostname Server URL. E.g. "https://hostname:port" |
|||
Issues: github.com/acmesh-official/acme.sh/issues/3732 |
|||
Author: Bjarne Saltbaek |
|||
' |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Used to add txt record |
|||
dns_cpanel_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Adding TXT record to cPanel based system" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
_debug cPanel_Username "$cPanel_Username" |
|||
_debug cPanel_Apitoken "$cPanel_Apitoken" |
|||
_debug cPanel_Hostname "$cPanel_Hostname" |
|||
|
|||
if ! _cpanel_login; then |
|||
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "No matching root domain for $fulldomain found" |
|||
return 1 |
|||
fi |
|||
# adding entry |
|||
_info "Adding the entry" |
|||
stripped_fulldomain=$(echo "$fulldomain" | sed "s/.$_domain//") |
|||
_debug "Adding $stripped_fulldomain to $_domain zone" |
|||
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=add_zone_record&domain=$_domain&name=$stripped_fulldomain&type=TXT&txtdata=$txtvalue&ttl=1" |
|||
if _successful_update; then return 0; fi |
|||
_err "Couldn't create entry!" |
|||
return 1 |
|||
} |
|||
|
|||
# Usage: fulldomain txtvalue |
|||
# Used to remove the txt record after validation |
|||
dns_cpanel_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Using cPanel based system" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
if ! _cpanel_login; then |
|||
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root; then |
|||
_err "No matching root domain for $fulldomain found" |
|||
return 1 |
|||
fi |
|||
|
|||
_findentry "$fulldomain" "$txtvalue" |
|||
if [ -z "$_id" ]; then |
|||
_info "Entry doesn't exist, nothing to delete" |
|||
return 0 |
|||
fi |
|||
_debug "Deleting record..." |
|||
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id" |
|||
# removing entry |
|||
_debug "_result is: $_result" |
|||
|
|||
if _successful_update; then return 0; fi |
|||
_err "Couldn't delete entry!" |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_checkcredentials() { |
|||
cPanel_Username="${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}" |
|||
cPanel_Apitoken="${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}" |
|||
cPanel_Hostname="${cPanel_Hostname:-$(_readaccountconf_mutable cPanel_Hostname)}" |
|||
|
|||
if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ] || [ -z "$cPanel_Hostname" ]; then |
|||
cPanel_Username="" |
|||
cPanel_Apitoken="" |
|||
cPanel_Hostname="" |
|||
_err "You haven't specified cPanel username, apitoken and hostname yet." |
|||
_err "Please add credentials and try again." |
|||
return 1 |
|||
fi |
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable cPanel_Username "$cPanel_Username" |
|||
_saveaccountconf_mutable cPanel_Apitoken "$cPanel_Apitoken" |
|||
_saveaccountconf_mutable cPanel_Hostname "$cPanel_Hostname" |
|||
return 0 |
|||
} |
|||
|
|||
_cpanel_login() { |
|||
if ! _checkcredentials; then return 1; fi |
|||
|
|||
if ! _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo"; then |
|||
_err "cPanel login failed for user $cPanel_Username." |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
_myget() { |
|||
#Adds auth header to request |
|||
export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken" |
|||
_result=$(_get "$cPanel_Hostname/$1") |
|||
} |
|||
|
|||
_get_root() { |
|||
_myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' |
|||
_domains=$(echo "$_result" | _egrep_o '"[a-z0-9\.\-]*":\["; cPanel first' | cut -d':' -f1 | sed 's/"//g' | sed 's/{//g') |
|||
_debug "_result is: $_result" |
|||
_debug "_domains is: $_domains" |
|||
if [ -z "$_domains" ]; then |
|||
_err "Primary domain list not found!" |
|||
return 1 |
|||
fi |
|||
for _domain in $_domains; do |
|||
_debug "Checking if $fulldomain ends with $_domain" |
|||
if (_endswith "$fulldomain" "$_domain"); then |
|||
_debug "Root domain: $_domain" |
|||
return 0 |
|||
fi |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_successful_update() { |
|||
if (echo "$_result" | _egrep_o 'data":\[[^]]*]' | grep -q '"newserial":null'); then return 1; fi |
|||
return 0 |
|||
} |
|||
|
|||
_findentry() { |
|||
_debug "In _findentry" |
|||
#returns id of dns entry, if it exists |
|||
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" |
|||
_id=$(echo "$_result" | sed -e "s/},{/},\n{/g" | grep "$fulldomain" | grep "$txtvalue" | _egrep_o 'line":[0-9]+' | cut -d ':' -f 2) |
|||
_debug "_result is: $_result" |
|||
_debug "fulldomain. is $fulldomain." |
|||
_debug "txtvalue is $txtvalue" |
|||
_debug "_id is: $_id" |
|||
if [ -n "$_id" ]; then |
|||
_debug "Entry found with _id=$_id" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
@ -0,0 +1,165 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_curanet_info='Curanet.dk |
|||
Domains: scannet.dk wannafind.dk dandomain.dk |
|||
Site: Curanet.dk |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_curanet |
|||
Options: |
|||
CURANET_AUTHCLIENTID Auth ClientID. Requires scope dns |
|||
CURANET_AUTHSECRET Auth Secret |
|||
Issues: github.com/acmesh-official/acme.sh/issues/3933 |
|||
Author: Peter L. Hansen <peter@r12.dk> |
|||
' |
|||
|
|||
CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" |
|||
CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token" |
|||
CURANET_ACCESS_TOKEN="" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_curanet_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_curanet_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using curanet" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" |
|||
CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" |
|||
if [ -z "$CURANET_AUTHCLIENTID" ] || [ -z "$CURANET_AUTHSECRET" ]; then |
|||
CURANET_AUTHCLIENTID="" |
|||
CURANET_AUTHSECRET="" |
|||
_err "You don't specify curanet api client and secret." |
|||
_err "Please create your auth info and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable CURANET_AUTHCLIENTID "$CURANET_AUTHCLIENTID" |
|||
_saveaccountconf_mutable CURANET_AUTHSECRET "$CURANET_AUTHSECRET" |
|||
|
|||
if ! _get_token; then |
|||
_err "Unable to get token" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
export _H1="Content-Type: application/json-patch+json" |
|||
export _H2="Accept: application/json" |
|||
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
|||
data="{\"name\": \"$fulldomain\",\"type\": \"TXT\",\"ttl\": 60,\"priority\": 0,\"data\": \"$txtvalue\"}" |
|||
response="$(_post "$data" "$CURANET_REST_URL/${_domain}/Records" "" "")" |
|||
|
|||
if _contains "$response" "$txtvalue"; then |
|||
_debug "TXT record added OK" |
|||
else |
|||
_err "Unable to add TXT record" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_curanet_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using curanet" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" |
|||
CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" |
|||
|
|||
if ! _get_token; then |
|||
_err "Unable to get token" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Getting current record list to identify TXT to delete" |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Accept: application/json" |
|||
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
|||
|
|||
response="$(_get "$CURANET_REST_URL/${_domain}/Records" "" "")" |
|||
|
|||
if ! _contains "$response" "$txtvalue"; then |
|||
_err "Unable to delete record (does not contain $txtvalue )" |
|||
return 1 |
|||
fi |
|||
|
|||
recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" | _egrep_o "id\":[0-9]+" | cut -c 5-) |
|||
|
|||
if [ -z "$recordid" ]; then |
|||
_err "Unable to get recordid" |
|||
_debug "regex {\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" |
|||
_debug "response $response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Deleting recordID $recordid" |
|||
response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_get_token() { |
|||
response="$(_post "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" "$CURANET_AUTH_URL" "" "")" |
|||
if ! _contains "$response" "access_token"; then |
|||
_err "Unable get access token" |
|||
return 1 |
|||
fi |
|||
CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+" | cut -c 17-) |
|||
|
|||
if [ -z "$CURANET_ACCESS_TOKEN" ]; then |
|||
_err "Unable to get token" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
|
|||
} |
|||
|
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Accept: application/json" |
|||
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
|||
response="$(_get "$CURANET_REST_URL/$h/Records" "" "")" |
|||
|
|||
if [ ! "$(echo "$response" | _egrep_o "Entity not found")" ]; then |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
|
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
@ -1,185 +0,0 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# CloudXNS Domain api |
|||
# |
|||
#CX_Key="1234" |
|||
# |
|||
#CX_Secret="sADDsdasdgdsf" |
|||
|
|||
CX_Api="https://www.cloudxns.net/api2" |
|||
|
|||
#REST_API |
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_cx_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
CX_Key="${CX_Key:-$(_readaccountconf_mutable CX_Key)}" |
|||
CX_Secret="${CX_Secret:-$(_readaccountconf_mutable CX_Secret)}" |
|||
if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then |
|||
CX_Key="" |
|||
CX_Secret="" |
|||
_err "You don't specify cloudxns.net api key or secret yet." |
|||
_err "Please create you key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
REST_API="$CX_Api" |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable CX_Key "$CX_Key" |
|||
_saveaccountconf_mutable CX_Secret "$CX_Secret" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
add_record "$_domain" "$_sub_domain" "$txtvalue" |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_cx_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
CX_Key="${CX_Key:-$(_readaccountconf_mutable CX_Key)}" |
|||
CX_Secret="${CX_Secret:-$(_readaccountconf_mutable CX_Secret)}" |
|||
REST_API="$CX_Api" |
|||
if _get_root "$fulldomain"; then |
|||
record_id="" |
|||
existing_records "$_domain" "$_sub_domain" "$txtvalue" |
|||
if [ "$record_id" ]; then |
|||
_rest DELETE "record/$record_id/$_domain_id" "{}" |
|||
_info "Deleted record ${fulldomain}" |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
#usage: root sub |
|||
#return if the sub record already exists. |
|||
#echos the existing records count. |
|||
# '0' means doesn't exist |
|||
existing_records() { |
|||
_debug "Getting txt records" |
|||
root=$1 |
|||
sub=$2 |
|||
if ! _rest GET "record/$_domain_id?:domain_id?host_id=0&offset=0&row_num=100"; then |
|||
return 1 |
|||
fi |
|||
|
|||
seg=$(printf "%s\n" "$response" | _egrep_o '"record_id":[^{]*host":"'"$_sub_domain"'"[^}]*\}') |
|||
_debug seg "$seg" |
|||
if [ -z "$seg" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
if printf "%s" "$response" | grep '"type":"TXT"' >/dev/null; then |
|||
record_id=$(printf "%s\n" "$seg" | _egrep_o '"record_id":"[^"]*"' | cut -d : -f 2 | tr -d \" | _head_n 1) |
|||
_debug record_id "$record_id" |
|||
return 0 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#add the txt record. |
|||
#usage: root sub txtvalue |
|||
add_record() { |
|||
root=$1 |
|||
sub=$2 |
|||
txtvalue=$3 |
|||
fulldomain="$sub.$root" |
|||
|
|||
_info "Adding record" |
|||
|
|||
if ! _rest POST "record" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}"; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
p=1 |
|||
|
|||
if ! _rest GET "domain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "$h."; then |
|||
seg=$(printf "%s\n" "$response" | _egrep_o '"id":[^{]*"'"$h"'."[^}]*}') |
|||
_debug seg "$seg" |
|||
_domain_id=$(printf "%s\n" "$seg" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") |
|||
_debug _domain_id "$_domain_id" |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_debug _sub_domain "$_sub_domain" |
|||
_domain="$h" |
|||
_debug _domain "$_domain" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: method URI data |
|||
_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
_debug ep "$ep" |
|||
url="$REST_API/$ep" |
|||
_debug url "$url" |
|||
|
|||
cdate=$(date -u "+%Y-%m-%d %H:%M:%S UTC") |
|||
_debug cdate "$cdate" |
|||
|
|||
data="$3" |
|||
_debug data "$data" |
|||
|
|||
sec="$CX_Key$url$data$cdate$CX_Secret" |
|||
_debug sec "$sec" |
|||
hmac=$(printf "%s" "$sec" | _digest md5 hex) |
|||
_debug hmac "$hmac" |
|||
|
|||
export _H1="API-KEY: $CX_Key" |
|||
export _H2="API-REQUEST-DATE: $cdate" |
|||
export _H3="API-HMAC: $hmac" |
|||
export _H4="Content-Type: application/json" |
|||
|
|||
if [ "$data" ]; then |
|||
response="$(_post "$data" "$url" "" "$m")" |
|||
else |
|||
response="$(_get "$url")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
_contains "$response" '"code":1' |
|||
|
|||
} |
@ -0,0 +1,188 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_dnsexit_info='DNSExit.com |
|||
Site: DNSExit.com |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsexit |
|||
Options: |
|||
DNSEXIT_API_KEY API Key |
|||
DNSEXIT_AUTH_USER Username |
|||
DNSEXIT_AUTH_PASS Password |
|||
Issues: github.com/acmesh-official/acme.sh/issues/4719 |
|||
Author: Samuel Jimenez |
|||
' |
|||
|
|||
DNSEXIT_API_URL="https://api.dnsexit.com/dns/" |
|||
DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp" |
|||
|
|||
######## Public functions ##################### |
|||
#Usage: dns_dnsexit_add _acme-challenge.*.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dnsexit_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using DNSExit.com" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug 'Load account auth' |
|||
if ! get_account_info; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"add\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":0,\"overwrite\":false}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_dnsexit_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using DNSExit.com" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug 'Load account auth' |
|||
if ! get_account_info; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"delete\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\"}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
while true; do |
|||
_domain=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
_debug h "$_domain" |
|||
if [ -z "$_domain" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug login "$DNSEXIT_AUTH_USER" |
|||
_debug password "$DNSEXIT_AUTH_PASS" |
|||
_debug domain "$_domain" |
|||
|
|||
_dnsexit_http "login=$DNSEXIT_AUTH_USER&password=$DNSEXIT_AUTH_PASS&domain=$_domain" |
|||
|
|||
if _contains "$response" "0=$_domain"; then |
|||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" |
|||
return 0 |
|||
else |
|||
_debug "Go to next level of $_domain" |
|||
fi |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_dnsexit_rest() { |
|||
m=POST |
|||
ep="" |
|||
data="$1" |
|||
_debug _dnsexit_rest "$ep" |
|||
_debug data "$data" |
|||
|
|||
api_key_trimmed=$(echo "$DNSEXIT_API_KEY" | tr -d '"') |
|||
|
|||
export _H1="apikey: $api_key_trimmed" |
|||
export _H2='Content-Type: application/json' |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$DNSEXIT_API_URL/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$DNSEXIT_API_URL/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $ep" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_dnsexit_http() { |
|||
m=GET |
|||
param="$1" |
|||
_debug param "$param" |
|||
_debug get "$DNSEXIT_HOSTS_URL?$param" |
|||
|
|||
response="$(_get "$DNSEXIT_HOSTS_URL?$param")" |
|||
|
|||
_debug response "$response" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $param" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
get_account_info() { |
|||
|
|||
DNSEXIT_API_KEY="${DNSEXIT_API_KEY:-$(_readaccountconf_mutable DNSEXIT_API_KEY)}" |
|||
if test -z "$DNSEXIT_API_KEY"; then |
|||
DNSEXIT_API_KEY='' |
|||
_err 'DNSEXIT_API_KEY was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_API_KEY "$DNSEXIT_API_KEY" |
|||
|
|||
DNSEXIT_AUTH_USER="${DNSEXIT_AUTH_USER:-$(_readaccountconf_mutable DNSEXIT_AUTH_USER)}" |
|||
if test -z "$DNSEXIT_AUTH_USER"; then |
|||
DNSEXIT_AUTH_USER="" |
|||
_err 'DNSEXIT_AUTH_USER was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_AUTH_USER "$DNSEXIT_AUTH_USER" |
|||
|
|||
DNSEXIT_AUTH_PASS="${DNSEXIT_AUTH_PASS:-$(_readaccountconf_mutable DNSEXIT_AUTH_PASS)}" |
|||
if test -z "$DNSEXIT_AUTH_PASS"; then |
|||
DNSEXIT_AUTH_PASS="" |
|||
_err 'DNSEXIT_AUTH_PASS was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_AUTH_PASS "$DNSEXIT_AUTH_PASS" |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,86 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_dnshome_info='dnsHome.de |
|||
Site: dnsHome.de |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnshome |
|||
Options: |
|||
DNSHOME_Subdomain Subdomain |
|||
DNSHOME_SubdomainPassword Subdomain Password |
|||
Issues: github.com/acmesh-official/acme.sh/issues/3819 |
|||
Author: dnsHome.de https://github.com/dnsHome-de |
|||
' |
|||
|
|||
# Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
dns_dnshome_add() { |
|||
txtvalue=$2 |
|||
|
|||
DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}" |
|||
DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}" |
|||
|
|||
if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then |
|||
DNSHOME_Subdomain="" |
|||
DNSHOME_SubdomainPassword="" |
|||
_err "Please specify/export your dnsHome.de Subdomain and Password" |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_savedomainconf DNSHOME_Subdomain "$DNSHOME_Subdomain" |
|||
_savedomainconf DNSHOME_SubdomainPassword "$DNSHOME_SubdomainPassword" |
|||
|
|||
DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php" |
|||
|
|||
_DNSHOME_rest POST "acme=add&txt=$txtvalue" |
|||
if ! echo "$response" | grep 'successfully' >/dev/null; then |
|||
_err "Error" |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# Usage: txtvalue |
|||
# Used to remove the txt record after validation |
|||
dns_dnshome_rm() { |
|||
txtvalue=$2 |
|||
|
|||
DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}" |
|||
DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}" |
|||
|
|||
DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php" |
|||
|
|||
if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then |
|||
DNSHOME_Subdomain="" |
|||
DNSHOME_SubdomainPassword="" |
|||
_err "Please specify/export your dnsHome.de Subdomain and Password" |
|||
return 1 |
|||
fi |
|||
|
|||
_DNSHOME_rest POST "acme=rm&txt=$txtvalue" |
|||
if ! echo "$response" | grep 'successfully' >/dev/null; then |
|||
_err "Error" |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
_DNSHOME_rest() { |
|||
method=$1 |
|||
data="$2" |
|||
_debug "$data" |
|||
|
|||
_debug data "$data" |
|||
response="$(_post "$data" "$DNSHOME_Api" "" "$method")" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $data" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,251 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_dnsservices_info='DNS.Services |
|||
Site: DNS.Services |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsservices |
|||
Options: |
|||
DnsServices_Username Username |
|||
DnsServices_Password Password |
|||
Issues: github.com/acmesh-official/acme.sh/issues/4152 |
|||
Author: Bjarke Bruun <bbruun@gmail.com> |
|||
' |
|||
|
|||
DNSServices_API=https://dns.services/api |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dnsservices_add() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_info "Using dns.services to create ACME DNS challenge" |
|||
_debug2 add_fulldomain "$fulldomain" |
|||
_debug2 add_txtvalue "$txtvalue" |
|||
|
|||
# Read username/password from environment or .acme.sh/accounts.conf |
|||
DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" |
|||
DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" |
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
DnsServices_Username="" |
|||
DnsServices_Password="" |
|||
_err "You didn't specify dns.services api username and password yet." |
|||
_err "Set environment variables DnsServices_Username and DnsServices_Password" |
|||
return 1 |
|||
fi |
|||
|
|||
# Setup GET/POST/DELETE headers |
|||
_setup_headers |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" |
|||
_saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" |
|||
|
|||
if ! _contains "$DnsServices_Username" "@"; then |
|||
_err "It seems that the username variable DnsServices_Username has not been set/left blank" |
|||
_err "or is not a valid email. Please correct and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "${fulldomain}"; then |
|||
_err "Invalid domain ${fulldomain}" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! createRecord "$fulldomain" "${txtvalue}"; then |
|||
_err "Error creating TXT record in domain $fulldomain in $rootZoneName" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 challenge-created "Created $fulldomain" |
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Description: Remove the txt record after validation. |
|||
dns_dnsservices_rm() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_info "Using dns.services to remove DNS record $fulldomain TXT $txtvalue" |
|||
_debug rm_fulldomain "$fulldomain" |
|||
_debug rm_txtvalue "$txtvalue" |
|||
|
|||
# Read username/password from environment or .acme.sh/accounts.conf |
|||
DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" |
|||
DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" |
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
DnsServices_Username="" |
|||
DnsServices_Password="" |
|||
_err "You didn't specify dns.services api username and password yet." |
|||
_err "Set environment variables DnsServices_Username and DnsServices_Password" |
|||
return 1 |
|||
fi |
|||
|
|||
# Setup GET/POST/DELETE headers |
|||
_setup_headers |
|||
|
|||
if ! _get_root "${fulldomain}"; then |
|||
_err "Invalid domain ${fulldomain}" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" |
|||
|
|||
if ! deleteRecord "${fulldomain}" "${txtvalue}"; then |
|||
_err "Error removing record: $fulldomain TXT ${txtvalue}" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_setup_headers() { |
|||
# Set up API Headers for _get() and _post() |
|||
# The <function>_add or <function>_rm must have been called before to work |
|||
|
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
_err "Could not setup BASIC authentication headers, they are missing" |
|||
return 1 |
|||
fi |
|||
|
|||
DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" |
|||
export _H1="Authorization: Basic $DnsServiceCredentials" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
# Just return if headers are set |
|||
return 0 |
|||
} |
|||
|
|||
_get_root() { |
|||
domain="$1" |
|||
_debug2 _get_root "Get the root domain of ${domain} for DNS API" |
|||
|
|||
# Setup _get() and _post() headers |
|||
#_setup_headers |
|||
|
|||
result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") |
|||
result2="$(printf "%s\n" "$result" | tr '[' '\n' | grep '"name"')" |
|||
result3="$(printf "%s\n" "$result2" | tr '}' '\n' | grep '"name"' | sed "s,^\,,,g" | sed "s,$,},g")" |
|||
useResult="" |
|||
_debug2 _get_root "Got the following root domain(s) $result" |
|||
_debug2 _get_root "- JSON: $result" |
|||
|
|||
if [ "$(printf "%s\n" "$result" | tr '}' '\n' | grep -c '"name"')" -gt "1" ]; then |
|||
checkMultiZones="true" |
|||
_debug2 _get_root "- multiple zones found" |
|||
else |
|||
checkMultiZones="false" |
|||
_debug2 _get_root "- single zone found" |
|||
fi |
|||
|
|||
# Find/isolate the root zone to work with in createRecord() and deleteRecord() |
|||
rootZone="" |
|||
if [ "$checkMultiZones" = "true" ]; then |
|||
#rootZone=$(for x in $(printf "%s" "${result3}" | tr ',' '\n' | sed -n 's/.*"name":"\(.*\)",.*/\1/p'); do if [ "$(echo "$domain" | grep "$x")" != "" ]; then echo "$x"; fi; done) |
|||
rootZone=$(for x in $(printf "%s\n" "${result3}" | tr ',' '\n' | grep name | cut -d'"' -f4); do if [ "$(echo "$domain" | grep "$x")" != "" ]; then echo "$x"; fi; done) |
|||
if [ "$rootZone" != "" ]; then |
|||
_debug2 _rootZone "- root zone for $domain is $rootZone" |
|||
else |
|||
_err "Could not find root zone for $domain, is it correctly typed?" |
|||
return 1 |
|||
fi |
|||
else |
|||
rootZone=$(echo "$result" | tr '}' '\n' | _egrep_o '"name":"[^"]*' | cut -d'"' -f4) |
|||
_debug2 _get_root "- only found 1 domain in API: $rootZone" |
|||
fi |
|||
|
|||
if [ -z "$rootZone" ]; then |
|||
_err "Could not find root domain for $domain - is it correctly typed?" |
|||
return 1 |
|||
fi |
|||
|
|||
# Make sure we use the correct API zone data |
|||
useResult="$(printf "%s\n" "${result3}" tr ',' '\n' | grep "$rootZone")" |
|||
_debug2 _useResult "useResult=$useResult" |
|||
|
|||
# Setup variables used by other functions to communicate with DNS.Services API |
|||
#zoneInfo=$(printf "%s\n" "$useResult" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g') |
|||
zoneInfo=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep '"name"' | cut -d'"' -f4) |
|||
rootZoneName="$rootZone" |
|||
subDomainName="$(printf "%s\n" "$domain" | sed "s,\.$rootZone,,g")" |
|||
subDomainNameClean="$(printf "%s\n" "$domain" | sed "s,_acme-challenge.,,g")" |
|||
rootZoneDomainID=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) |
|||
rootZoneServiceID=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep service_id | cut -d'"' -f4) |
|||
|
|||
_debug2 _zoneInfo "Zone info from API : $zoneInfo" |
|||
_debug2 _get_root "Root zone name : $rootZoneName" |
|||
_debug2 _get_root "Root zone domain ID : $rootZoneDomainID" |
|||
_debug2 _get_root "Root zone service ID: $rootZoneServiceID" |
|||
_debug2 _get_root "Sub domain : $subDomainName" |
|||
|
|||
_debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" |
|||
return 0 |
|||
} |
|||
|
|||
createRecord() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
# Get root domain information - needed for DNS.Services API communication |
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_get_root "$fulldomain" |
|||
fi |
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_err "Something happend - could not get the API zone information" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 createRecord "CNAME TXT value is: $txtvalue" |
|||
|
|||
# Prepare data to send to API |
|||
data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" |
|||
|
|||
_debug2 createRecord "data to API: $data" |
|||
result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") |
|||
_debug2 createRecord "result from API: $result" |
|||
|
|||
if [ "$(echo "$result" | _egrep_o "\"success\":true")" = "" ]; then |
|||
_err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" |
|||
_err "$result" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Record \"$fulldomain TXT $txtvalue\" has been created" |
|||
return 0 |
|||
} |
|||
|
|||
deleteRecord() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_log deleteRecord "Deleting $fulldomain TXT $txtvalue record" |
|||
|
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_get_root "$fulldomain" |
|||
fi |
|||
|
|||
result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" |
|||
#recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" |
|||
#recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" |
|||
recordID="$(printf "%s\n" "$result" | tr '}' '\n' | grep -- "$txtvalue" | tr ',' '\n' | grep '"id"' | cut -d'"' -f4)" |
|||
_debug2 _recordID "recordID used for deletion of record: $recordID" |
|||
|
|||
if [ -z "$recordID" ]; then |
|||
_info "Record $fulldomain TXT $txtvalue not found or already deleted" |
|||
return 0 |
|||
else |
|||
_debug2 deleteRecord "Found recordID=$recordID" |
|||
fi |
|||
|
|||
_debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" |
|||
_log "curl DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" |
|||
result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" |
|||
_debug2 deleteRecord "API Delete result \"$result\"" |
|||
_log "curl API Delete result \"$result\"" |
|||
|
|||
# Return OK regardless |
|||
return 0 |
|||
} |
@ -1,148 +0,0 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# DNS API for Domain-Offensive / Resellerinterface / Domainrobot |
|||
|
|||
# Report bugs at https://github.com/seidler2547/acme.sh/issues |
|||
|
|||
# set these environment variables to match your customer ID and password: |
|||
# DO_PID="KD-1234567" |
|||
# DO_PW="cdfkjl3n2" |
|||
|
|||
DO_URL="https://soap.resellerinterface.de/" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_do_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
if _dns_do_authenticate; then |
|||
_info "Adding TXT record to ${_domain} as ${fulldomain}" |
|||
_dns_do_soap createRR origin "${_domain}" name "${fulldomain}" type TXT data "${txtvalue}" ttl 300 |
|||
if _contains "${response}" '>success<'; then |
|||
return 0 |
|||
fi |
|||
_err "Could not create resource record, check logs" |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
#fulldomain |
|||
dns_do_rm() { |
|||
fulldomain=$1 |
|||
if _dns_do_authenticate; then |
|||
if _dns_do_list_rrs; then |
|||
_dns_do_had_error=0 |
|||
for _rrid in ${_rr_list}; do |
|||
_info "Deleting resource record $_rrid for $_domain" |
|||
_dns_do_soap deleteRR origin "${_domain}" rrid "${_rrid}" |
|||
if ! _contains "${response}" '>success<'; then |
|||
_dns_do_had_error=1 |
|||
_err "Could not delete resource record for ${_domain}, id ${_rrid}" |
|||
fi |
|||
done |
|||
return $_dns_do_had_error |
|||
fi |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
_dns_do_authenticate() { |
|||
_info "Authenticating as ${DO_PID}" |
|||
_dns_do_soap authPartner partner "${DO_PID}" password "${DO_PW}" |
|||
if _contains "${response}" '>success<'; then |
|||
_get_root "$fulldomain" |
|||
_debug "_domain $_domain" |
|||
return 0 |
|||
else |
|||
_err "Authentication failed, are DO_PID and DO_PW set correctly?" |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_dns_do_list_rrs() { |
|||
_dns_do_soap getRRList origin "${_domain}" |
|||
if ! _contains "${response}" 'SOAP-ENC:Array'; then |
|||
_err "getRRList origin ${_domain} failed" |
|||
return 1 |
|||
fi |
|||
_rr_list="$(echo "${response}" | |
|||
tr -d "\n\r\t" | |
|||
sed -e 's/<item xsi:type="ns2:Map">/\n/g' | |
|||
grep ">$(_regexcape "$fulldomain")</value>" | |
|||
sed -e 's/<\/item>/\n/g' | |
|||
grep '>id</key><value' | |
|||
_egrep_o '>[0-9]{1,16}<' | |
|||
tr -d '><')" |
|||
[ "${_rr_list}" ] |
|||
} |
|||
|
|||
_dns_do_soap() { |
|||
func="$1" |
|||
shift |
|||
# put the parameters to xml |
|||
body="<tns:${func} xmlns:tns=\"${DO_URL}\">" |
|||
while [ "$1" ]; do |
|||
_k="$1" |
|||
shift |
|||
_v="$1" |
|||
shift |
|||
body="$body<$_k>$_v</$_k>" |
|||
done |
|||
body="$body</tns:${func}>" |
|||
_debug2 "SOAP request ${body}" |
|||
|
|||
# build SOAP XML |
|||
_xml='<?xml version="1.0" encoding="UTF-8"?> |
|||
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> |
|||
<env:Body>'"$body"'</env:Body> |
|||
</env:Envelope>' |
|||
|
|||
# set SOAP headers |
|||
export _H1="SOAPAction: ${DO_URL}#${func}" |
|||
|
|||
if ! response="$(_post "${_xml}" "${DO_URL}")"; then |
|||
_err "Error <$1>" |
|||
return 1 |
|||
fi |
|||
_debug2 "SOAP response $response" |
|||
|
|||
# retrieve cookie header |
|||
_H2="$(_egrep_o 'Cookie: [^;]+' <"$HTTP_HEADER" | _head_n 1)" |
|||
export _H2 |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
|
|||
_dns_do_soap getDomainList |
|||
_all_domains="$(echo "${response}" | |
|||
tr -d "\n\r\t " | |
|||
_egrep_o 'domain</key><value[^>]+>[^<]+' | |
|||
sed -e 's/^domain<\/key><value[^>]*>//g')" |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "${_all_domains}" "^$(_regexcape "$h")\$"; then |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
|
|||
i=$(_math $i + 1) |
|||
done |
|||
_debug "$domain not found" |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_regexcape() { |
|||
echo "$1" | sed -e 's/\([]\.$*^[]\)/\\\1/g' |
|||
} |
@ -0,0 +1,473 @@ |
|||
#!/usr/bin/env sh |
|||
# shellcheck disable=SC2034 |
|||
dns_edgedns_info='Akamai.com Edge DNS |
|||
Site: techdocs.Akamai.com/edge-dns/reference/edge-dns-api |
|||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_edgedns |
|||
Options: Specify individual credentials |
|||
AKAMAI_HOST Host |
|||
AKAMAI_ACCESS_TOKEN Access token |
|||
AKAMAI_CLIENT_TOKEN Client token |
|||
AKAMAI_CLIENT_SECRET Client secret |
|||
Issues: github.com/acmesh-official/acme.sh/issues/3157 |
|||
' |
|||
|
|||
# Akamai Edge DNS v2 API |
|||
# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to |
|||
# Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization |
|||
|
|||
# Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support |
|||
|
|||
# *** TBD. NOT IMPLEMENTED YET *** |
|||
# Specify Edgegrid credentials file and section. |
|||
# AKAMAI_EDGERC Edge RC. Full file path |
|||
# AKAMAI_EDGERC_SECTION Edge RC Section. E.g. "default" |
|||
|
|||
ACME_EDGEDNS_VERSION="0.1.0" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: dns_edgedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
# |
|||
dns_edgedns_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug "ENTERING DNS_EDGEDNS_ADD" |
|||
_debug2 "fulldomain" "$fulldomain" |
|||
_debug2 "txtvalue" "$txtvalue" |
|||
|
|||
if ! _EDGEDNS_credentials; then |
|||
_err "$@" |
|||
return 1 |
|||
fi |
|||
if ! _EDGEDNS_getZoneInfo "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 "Add: zone" "$zone" |
|||
acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") |
|||
_debug3 "Add URL" "$acmeRecordURI" |
|||
# Get existing TXT record |
|||
_edge_result=$(_edgedns_rest GET "$acmeRecordURI") |
|||
_api_status="$?" |
|||
_debug3 "_edge_result" "$_edge_result" |
|||
if [ "$_api_status" -ne 0 ]; then |
|||
if [ "$curResult" = "FATAL" ]; then |
|||
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
|||
fi |
|||
if [ "$_edge_result" != "404" ]; then |
|||
_err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" |
|||
return 1 |
|||
fi |
|||
fi |
|||
rdata="\"${txtvalue}\"" |
|||
record_op="POST" |
|||
if [ "$_api_status" -eq 0 ]; then |
|||
# record already exists. Get existing record data and update |
|||
record_op="PUT" |
|||
rdlist="${_edge_result#*\"rdata\":[}" |
|||
rdlist="${rdlist%%]*}" |
|||
rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") |
|||
_debug3 "existing TXT found" |
|||
_debug3 "record data" "$rdlist" |
|||
# value already there? |
|||
if _contains "$rdlist" "$txtvalue"; then |
|||
return 0 |
|||
fi |
|||
_txt_val="" |
|||
while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do |
|||
_txt_val="${rdlist%%,*}" |
|||
rdlist="${rdlist#*,}" |
|||
rdata="${rdata},\"${_txt_val}\"" |
|||
done |
|||
fi |
|||
# Add the txtvalue TXT Record |
|||
body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" |
|||
_debug3 "Add body '${body}'" |
|||
_edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") |
|||
_api_status="$?" |
|||
if [ "$_api_status" -eq 0 ]; then |
|||
_log "$(printf "Text value %s added to recordset %s" "$txtvalue" "$fulldomain")" |
|||
return 0 |
|||
else |
|||
_err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Usage: dns_edgedns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to delete txt record |
|||
# |
|||
dns_edgedns_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug "ENTERING DNS_EDGEDNS_RM" |
|||
_debug2 "fulldomain" "$fulldomain" |
|||
_debug2 "txtvalue" "$txtvalue" |
|||
|
|||
if ! _EDGEDNS_credentials; then |
|||
_err "$@" |
|||
return 1 |
|||
fi |
|||
if ! _EDGEDNS_getZoneInfo "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug2 "RM: zone" "${zone}" |
|||
acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "${edge_endpoint}" "$zone" "$fulldomain") |
|||
_debug3 "RM URL" "$acmeRecordURI" |
|||
# Get existing TXT record |
|||
_edge_result=$(_edgedns_rest GET "$acmeRecordURI") |
|||
_api_status="$?" |
|||
if [ "$_api_status" -ne 0 ]; then |
|||
if [ "$curResult" = "FATAL" ]; then |
|||
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
|||
fi |
|||
if [ "$_edge_result" != "404" ]; then |
|||
_err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" |
|||
return 1 |
|||
fi |
|||
fi |
|||
_debug3 "_edge_result" "$_edge_result" |
|||
record_op="DELETE" |
|||
body="" |
|||
if [ "$_api_status" -eq 0 ]; then |
|||
# record already exists. Get existing record data and update |
|||
rdlist="${_edge_result#*\"rdata\":[}" |
|||
rdlist="${rdlist%%]*}" |
|||
rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") |
|||
_debug3 "rdlist" "$rdlist" |
|||
if [ -n "$rdlist" ]; then |
|||
record_op="PUT" |
|||
comma="" |
|||
rdata="" |
|||
_txt_val="" |
|||
while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do |
|||
_txt_val="${rdlist%%,*}" |
|||
rdlist="${rdlist#*,}" |
|||
_debug3 "_txt_val" "$_txt_val" |
|||
_debug3 "txtvalue" "$txtvalue" |
|||
if ! _contains "$_txt_val" "$txtvalue"; then |
|||
rdata="${rdata}${comma}\"${_txt_val}\"" |
|||
comma="," |
|||
fi |
|||
done |
|||
if [ -z "$rdata" ]; then |
|||
record_op="DELETE" |
|||
else |
|||
# Recreate the txtvalue TXT Record |
|||
body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" |
|||
_debug3 "body" "$body" |
|||
fi |
|||
fi |
|||
fi |
|||
_edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") |
|||
_api_status="$?" |
|||
if [ "$_api_status" -eq 0 ]; then |
|||
_log "$(printf "Text value %s removed from recordset %s" "$txtvalue" "$fulldomain")" |
|||
return 0 |
|||
else |
|||
_err "$(printf "error removing TXT record for validation. Error: %s" "$_edge_result")" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_EDGEDNS_credentials() { |
|||
_debug "GettingEdge DNS credentials" |
|||
_log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" |
|||
args_missing=0 |
|||
AKAMAI_ACCESS_TOKEN="${AKAMAI_ACCESS_TOKEN:-$(_readaccountconf_mutable AKAMAI_ACCESS_TOKEN)}" |
|||
if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then |
|||
AKAMAI_ACCESS_TOKEN="" |
|||
AKAMAI_CLIENT_TOKEN="" |
|||
AKAMAI_HOST="" |
|||
AKAMAI_CLIENT_SECRET="" |
|||
_err "AKAMAI_ACCESS_TOKEN is missing" |
|||
args_missing=1 |
|||
fi |
|||
AKAMAI_CLIENT_TOKEN="${AKAMAI_CLIENT_TOKEN:-$(_readaccountconf_mutable AKAMAI_CLIENT_TOKEN)}" |
|||
if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then |
|||
AKAMAI_ACCESS_TOKEN="" |
|||
AKAMAI_CLIENT_TOKEN="" |
|||
AKAMAI_HOST="" |
|||
AKAMAI_CLIENT_SECRET="" |
|||
_err "AKAMAI_CLIENT_TOKEN is missing" |
|||
args_missing=1 |
|||
fi |
|||
AKAMAI_HOST="${AKAMAI_HOST:-$(_readaccountconf_mutable AKAMAI_HOST)}" |
|||
if [ -z "$AKAMAI_HOST" ]; then |
|||
AKAMAI_ACCESS_TOKEN="" |
|||
AKAMAI_CLIENT_TOKEN="" |
|||
AKAMAI_HOST="" |
|||
AKAMAI_CLIENT_SECRET="" |
|||
_err "AKAMAI_HOST is missing" |
|||
args_missing=1 |
|||
fi |
|||
AKAMAI_CLIENT_SECRET="${AKAMAI_CLIENT_SECRET:-$(_readaccountconf_mutable AKAMAI_CLIENT_SECRET)}" |
|||
if [ -z "$AKAMAI_CLIENT_SECRET" ]; then |
|||
AKAMAI_ACCESS_TOKEN="" |
|||
AKAMAI_CLIENT_TOKEN="" |
|||
AKAMAI_HOST="" |
|||
AKAMAI_CLIENT_SECRET="" |
|||
_err "AKAMAI_CLIENT_SECRET is missing" |
|||
args_missing=1 |
|||
fi |
|||
|
|||
if [ "$args_missing" = 1 ]; then |
|||
_err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again." |
|||
return 1 |
|||
else |
|||
_saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "$AKAMAI_ACCESS_TOKEN" |
|||
_saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "$AKAMAI_CLIENT_TOKEN" |
|||
_saveaccountconf_mutable AKAMAI_HOST "$AKAMAI_HOST" |
|||
_saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET" |
|||
# Set whether curl should use secure or insecure mode |
|||
fi |
|||
export HTTPS_INSECURE=0 # All Edgegrid API calls are secure |
|||
edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST") |
|||
_debug3 "Edge API Endpoint:" "$edge_endpoint" |
|||
|
|||
} |
|||
|
|||
_EDGEDNS_getZoneInfo() { |
|||
_debug "Getting Zoneinfo" |
|||
zoneEnd=false |
|||
curZone=$1 |
|||
while [ -n "$zoneEnd" ]; do |
|||
# we can strip the first part of the fulldomain, since its just the _acme-challenge string |
|||
curZone="${curZone#*.}" |
|||
# suffix . needed for zone -> domain.tld. |
|||
# create zone get url |
|||
get_zone_url=$(printf "%s/%s" "$edge_endpoint" "$curZone") |
|||
_debug3 "Zone Get: " "${get_zone_url}" |
|||
curResult=$(_edgedns_rest GET "$get_zone_url") |
|||
retVal=$? |
|||
if [ "$retVal" -ne 0 ]; then |
|||
if [ "$curResult" = "FATAL" ]; then |
|||
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
|||
fi |
|||
if [ "$curResult" != "404" ]; then |
|||
_err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" |
|||
return 1 |
|||
fi |
|||
fi |
|||
if _contains "$curResult" "\"zone\":"; then |
|||
_debug2 "Zone data" "${curResult}" |
|||
zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") |
|||
_debug3 "Zone" "${zone}" |
|||
zoneEnd="" |
|||
return 0 |
|||
fi |
|||
|
|||
if [ "${curZone#*.}" != "$curZone" ]; then |
|||
_debug3 "$(printf "%s still contains a '.' - so we can check next higher level" "$curZone")" |
|||
else |
|||
zoneEnd=true |
|||
_err "Couldn't retrieve zone data." |
|||
return 1 |
|||
fi |
|||
done |
|||
_err "Failed to retrieve zone data." |
|||
return 2 |
|||
} |
|||
|
|||
_edgedns_headers="" |
|||
|
|||
_edgedns_rest() { |
|||
_debug "Handling API Request" |
|||
m=$1 |
|||
# Assume endpoint is complete path, including query args if applicable |
|||
ep=$2 |
|||
body_data=$3 |
|||
_edgedns_content_type="" |
|||
_request_url_path="$ep" |
|||
_request_body="$body_data" |
|||
_request_method="$m" |
|||
_edgedns_headers="" |
|||
tab="" |
|||
_edgedns_headers="${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}" |
|||
tab="\t" |
|||
# Set in acme.sh _post/_get |
|||
#_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" |
|||
_edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*" |
|||
if [ "$m" != "GET" ] && [ "$m" != "DELETE" ]; then |
|||
_edgedns_content_type="application/json" |
|||
_debug3 "_request_body" "$_request_body" |
|||
_body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}') |
|||
_edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_body_len}" |
|||
fi |
|||
_edgedns_make_auth_header |
|||
_edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}" |
|||
_secure_debug2 "Made Auth Header" "$_signed_auth_header" |
|||
hdr_indx=1 |
|||
work_header="${_edgedns_headers}${tab}" |
|||
_debug3 "work_header" "$work_header" |
|||
while [ "$work_header" ]; do |
|||
entry="${work_header%%\\t*}" |
|||
work_header="${work_header#*\\t}" |
|||
export "$(printf "_H%s=%s" "$hdr_indx" "$entry")" |
|||
_debug2 "Request Header " "$entry" |
|||
hdr_indx=$((hdr_indx + 1)) |
|||
done |
|||
|
|||
# clear headers from previous request to avoid getting wrong http code on timeouts |
|||
: >"$HTTP_HEADER" |
|||
_debug2 "$ep" |
|||
if [ "$m" != "GET" ]; then |
|||
_debug3 "Method data" "$data" |
|||
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
|||
response=$(_post "$_request_body" "$ep" false "$m" "$_edgedns_content_type") |
|||
else |
|||
response=$(_get "$ep") |
|||
fi |
|||
_ret="$?" |
|||
if [ "$_ret" -ne 0 ]; then |
|||
_err "$(printf "acme.sh API function call failed. Error: %s" "$_ret")" |
|||
echo "FATAL" |
|||
return "$_ret" |
|||
fi |
|||
_debug2 "response" "${response}" |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
_debug2 "http response code" "$_code" |
|||
if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then |
|||
# All good |
|||
response="$(echo "${response}" | _normalizeJson)" |
|||
echo "$response" |
|||
return 0 |
|||
fi |
|||
|
|||
if [ "$_code" = "204" ]; then |
|||
# Success, no body |
|||
echo "$_code" |
|||
return 0 |
|||
fi |
|||
|
|||
if [ "$_code" = "400" ]; then |
|||
_err "Bad request presented" |
|||
_log "$(printf "Headers: %s" "$_edgedns_headers")" |
|||
_log "$(printf "Method: %s" "$_request_method")" |
|||
_log "$(printf "URL: %s" "$ep")" |
|||
_log "$(printf "Data: %s" "$data")" |
|||
fi |
|||
|
|||
if [ "$_code" = "403" ]; then |
|||
_err "access denied make sure your Edgegrid cedentials are correct." |
|||
fi |
|||
|
|||
echo "$_code" |
|||
return 1 |
|||
} |
|||
|
|||
_edgedns_eg_timestamp() { |
|||
_debug "Generating signature Timestamp" |
|||
_debug3 "Retriving ntp time" |
|||
_timeheaders="$(_get "https://www.ntp.org" "onlyheader")" |
|||
_debug3 "_timeheaders" "$_timeheaders" |
|||
_ntpdate="$(echo "$_timeheaders" | grep -i "Date:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")" |
|||
_debug3 "_ntpdate" "$_ntpdate" |
|||
_ntpdate="$(echo "${_ntpdate}" | sed -e 's/^[[:space:]]*//')" |
|||
_debug3 "_NTPDATE" "$_ntpdate" |
|||
_ntptime="$(echo "${_ntpdate}" | _head_n 1 | cut -d " " -f 5 | tr -d "\r\n")" |
|||
_debug3 "_ntptime" "$_ntptime" |
|||
_eg_timestamp=$(date -u "+%Y%m%dT") |
|||
_eg_timestamp="$(printf "%s%s+0000" "$_eg_timestamp" "$_ntptime")" |
|||
_debug "_eg_timestamp" "$_eg_timestamp" |
|||
} |
|||
|
|||
_edgedns_new_nonce() { |
|||
_debug "Generating Nonce" |
|||
_nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) |
|||
_debug3 "_nonce" "$_nonce" |
|||
} |
|||
|
|||
_edgedns_make_auth_header() { |
|||
_debug "Constructing Auth Header" |
|||
_edgedns_new_nonce |
|||
_edgedns_eg_timestamp |
|||
# "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" |
|||
_auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" |
|||
_secure_debug2 "Unsigned Auth Header: " "$_auth_header" |
|||
|
|||
_edgedns_sign_request |
|||
_signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")" |
|||
_secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" |
|||
} |
|||
|
|||
_edgedns_sign_request() { |
|||
_debug2 "Signing http request" |
|||
_edgedns_make_data_to_sign "$_auth_header" |
|||
_secure_debug2 "Returned signed data" "$_mdata" |
|||
_edgedns_make_signing_key "$_eg_timestamp" |
|||
_edgedns_base64_hmac_sha256 "$_mdata" "$_signing_key" |
|||
_signed_req="$_hmac_out" |
|||
_secure_debug2 "Signed Request" "$_signed_req" |
|||
} |
|||
|
|||
_edgedns_make_signing_key() { |
|||
_debug2 "Creating sigining key" |
|||
ts=$1 |
|||
_edgedns_base64_hmac_sha256 "$ts" "$AKAMAI_CLIENT_SECRET" |
|||
_signing_key="$_hmac_out" |
|||
_secure_debug2 "Signing Key" "$_signing_key" |
|||
|
|||
} |
|||
|
|||
_edgedns_make_data_to_sign() { |
|||
_debug2 "Processing data to sign" |
|||
hdr=$1 |
|||
_secure_debug2 "hdr" "$hdr" |
|||
_edgedns_make_content_hash |
|||
path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')" |
|||
path=${path#*"$AKAMAI_HOST"} |
|||
_debug "hier path" "$path" |
|||
# dont expose headers to sign so use MT string |
|||
_mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")" |
|||
_secure_debug2 "Data to Sign" "$_mdata" |
|||
} |
|||
|
|||
_edgedns_make_content_hash() { |
|||
_debug2 "Generating content hash" |
|||
_hash="" |
|||
_debug2 "Request method" "${_request_method}" |
|||
if [ "$_request_method" != "POST" ] || [ -z "$_request_body" ]; then |
|||
return 0 |
|||
fi |
|||
_debug2 "Req body" "$_request_body" |
|||
_edgedns_base64_sha256 "$_request_body" |
|||
_hash="$_sha256_out" |
|||
_debug2 "Content hash" "$_hash" |
|||
} |
|||
|
|||
_edgedns_base64_hmac_sha256() { |
|||
_debug2 "Generating hmac" |
|||
data=$1 |
|||
key=$2 |
|||
encoded_data="$(echo "$data" | iconv -t utf-8)" |
|||
encoded_key="$(echo "$key" | iconv -t utf-8)" |
|||
_secure_debug2 "encoded data" "$encoded_data" |
|||
_secure_debug2 "encoded key" "$encoded_key" |
|||
|
|||
encoded_key_hex=$(printf "%s" "$encoded_key" | _hex_dump | tr -d ' ') |
|||
data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 "$encoded_key_hex" | _base64)" |
|||
|
|||
_secure_debug2 "data_sig:" "$data_sig" |
|||
_hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)" |
|||
_secure_debug2 "hmac" "$_hmac_out" |
|||
} |
|||
|
|||
_edgedns_base64_sha256() { |
|||
_debug2 "Creating sha256 digest" |
|||
trg=$1 |
|||
_secure_debug2 "digest data" "$trg" |
|||
digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" |
|||
_sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" |
|||
_secure_debug2 "digest decode" "$_sha256_out" |
|||
} |
|||
|
|||
#_edgedns_parse_edgerc() { |
|||
# filepath=$1 |
|||
# section=$2 |
|||
#} |
Some files were not shown because too many files changed in this diff
Write
Preview
Loading…
Cancel
Save
Reference in new issue